Information under Articles 13, 14, and 21 of the European Data Protection Regulation – DPA
Kasuria GmbH hereby informs you about the processing of your personal data (Art. 4 No. 2 DSGVO) by Kasuria GmbH and the claims and rights you are entitled to according to the data protection regulations. Which data is processed and how it is used depends on the services you have requested or agreed with you.
1. Who is responsible for data processing and whom can I contact?
80333 Munich, Germany
2. Which sources and data does Kasuria GmbH use?
Kasuria GmbH processes personal data that it receives from you in the course of the business initiation and business relationship. In addition, Kasuria GmbH processes – as far as necessary for the provision of services – personal data which it has received from third parties (e.g. agents, affiliated companies) in a permissible manner (e.g. to fulfill contracts, or on the basis of your consent). In addition, Kasuria GmbH processes personal data which it has obtained from publicly accessible sources (e.g. commercial and association registers, press, media) and which it is permitted to process. The above also applies to personal data of you in your function as a representative / authorized representative of a legal entity.
a) Relevant personal data in the context of business initiation, in the course of authorization, or the joint obligation can be: Personal data, e.g. name, address, telephone number, e-mail address, date and place of birth, nationality, legal capacity, profession, occupational group code (e.g. dependent / self-employed), advertising, and sales data, tax ID.
b) Relevant personal data in the context of a business relationship and the use of products/services may be: Account and payment transactions: order data (e.g. IBAN, the purpose of payment).
In addition, during the business relationship, in particular through personal, written, or telephone contacts, initiated by you or by Kasuria GmbH, other personal data, e.g. information on the contact channel, date of contact, reason, and the result of the contact, as well as (electronic) copies of correspondence, are processed.
3. What does Kasuria GmbH process your data for (purpose and processing) and on what legal basis?
Kasuria GmbH processes personal data in accordance with the provisions of the DSGVO and the Federal Data Protection Act (BDSG new).
3.1 To fulfill contractual obligations (Art. 6 para. 1 letter b DSGVO)
Personal data is processed for the purpose of providing and procuring products and services, in particular, to carry out pre-contractual measures and the fulfillment of contracts with you and all activities required with Kasuria GmbH. The purposes of data processing are primarily based on the specific product or service.
3.2 Within the scope of the balancing of interests (Art. 6 para. 1 letter f DSGVO)
If necessary, Kasuria GmbH will process your data beyond the actual fulfillment of the contract in order to protect the legitimate interests of Kasuria GmbH or third parties.
Data exchange with intermediaries on the conclusion of contracts or any missing documents and for invoicing purposes,
Direct advertising or market and opinion research, as far as permissible and as long as you have not objected to the use of your data in this respect,
The assertion of legal claims and defense in legal disputes,
Ensuring the IT security and IT operation of Kasuria GmbH,
Prevention and investigation of criminal offenses,
Video surveillance for the collection of evidence in criminal cases, for the protection of customers and employees as well as for the exercise of domestic authority,
Measures for building and plant security (e.g. access controls),
Measures to secure the right to the house,
Measures for business management and further development of services and products
3.3 Based on your consent (Art. 6 para. 1 letter a DSGVO)
If you have given Kasuria GmbH permission to process personal data for specific purposes (e.g. passing on data to cooperation partners, for marketing purposes, or information about new services), the legality of this processing is based on your consent. A given consent is voluntary and can be revoked at any time. Please note that revocation is only effective for the future. Processing that took place before the revocation is therefore not affected.
3.4 Due to legal requirements (Art. 6 para.1 c DSGVO) or public interest (Art. 6 para.1 e DSGVO)
Kasuria GmbH is subject to various legal requirements which must be observed. Therefore, data processing, e.g. due to money laundering, banking, or tax laws, is justified. The purposes of the processing are among others Identity and age verification, fraud and money laundering prevention, tax control, and reporting obligations as well as risk assessment of Kasuria GmbH.
4. Who gets my data?
Within Kasuria GmbH, your data will be passed on to those departments that need it to fulfill our contractual and legal obligations. Processors employed by Kasuria GmbH (Art. 28 DSGVO) may also receive data for the same purposes. These are companies to which Kasuria GmbH outsources services, for example. These can be assigned to the categories of financial services, IT services, logistics, printing services, and debt collection, among others.
5. How long will my data be stored?
If necessary, Kasuria GmbH will process and store your personal data for the duration of the business relationship, which includes, for example, the initiation and execution of a contract. The processing and storage of data of legal entities are carried out for as long as you are authorized to represent the legal entity to Kasuria GmbH. In addition, Kasuria GmbH is subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention and documentation stipulated there are between two and ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§195 ff. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to 30 years.
6. Is data transferred to a third country or to an international organization?
Personal data will only be transferred to third countries (countries outside the European Economic Area (EEA)) if the EU Commission has confirmed that the third country has an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard data protection clauses) have been agreed upon or if you have given your consent to Kasuria GmbH. Kasuria GmbH will inform you separately about the details if required by law.
7. What data protection rights do I have?
Every person concerned has the right to information in accordance with Art. 15 DSGVO, the right to correction in accordance with Art. 16 DSGVO, the right to deletion in accordance with Art. 17 DSGVO, the right to restriction of processing in accordance with Art. 18 DSGVO, and the right to data transferability in accordance with Art. 20 DSGVO. In the case of the right of information and the right of deletion, the restrictions under §34 and §35 BDSG now apply.
8. Do I have an obligation to provide data?
Within the scope of the business relationship, you only have to provide personal data that are required for the establishment, execution, and termination of a business relationship with you or the legal entity you represent in relation to Kasuria GmbH or that Kasuria GmbH is legally obliged to collect. Without this data, Kasuria GmbH will normally have to refuse to conclude the contract or will not be able to execute an existing contract and may have to terminate it or reject you as an authorized representative/agent.
9. To what extent will my data be used for profile formation (scoring)?
Kasuria GmbH does not process data with the aim of evaluating personal aspects (profiling).
10. Email newsletter / alpha waitlist
If you actively subscribe to our newsletters, we add your name and email address to our newsletter mailing list, so that we can send you our newsletters on a regular basis. Every newsletter can be unsubscribed at any point in time and we will do so, once we got contacted from you about this. We will then remove you from the mailing list and delete all of your personal information that you provided to us for the subscription of the newsletters. If you want to be unsubscribed from our newsletters or our alpha waitlist please write an email to email@example.com.
11. Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1 lit. b DSGVO, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested. The data entered by you in the contact form will remain with us until you request us to solve the problem, revoke your consent for storage, or the purpose for which the data is stored no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
12. Inquiry by e-mail, telephone, or fax
If you contact us by e-mail, telephone, or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested. The data sent to us by you via contact inquiries will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for storing it no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
13. Use and link to social media
13.1 Use of Twitter
Functions of the Twitter service are integrated into our services. These functions are offered by the:
Twitter International Company,
One Cumberland Place,
D02 AX07, Ireland.
13.2 Use of LinkedIn
Our services use functions of the LinkedIn network. The provider is:
LinkedIn Ireland Unlimited Company,
Dublin 2, Ireland.
When you visit our services and click the LinkedIn plugin (“Recommend button”), a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our services using your IP address. If you click on the LinkedIn “Recommend Button” and are logged into your LinkedIn account, LinkedIn may associate your visit to our services with your account. We expressly point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or of the use of such data by LinkedIn. You can find further information on LinkedIn’s Data Protection Provisions.
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to Kasuria‘s website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or (when used for reaching members across devices) hashed, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.
13.3 Use of Medium
Functions of the Medium service are integrated with our services. These services are offered by:
VeraSafe Ireland Ltd,
Unit 3D North Point House,
North Point Business Park,
New Mallow RoadCork T23AT2P, Ireland.
If you are logged in to your Medium account, you can link the content of our pages to your Medium profile by clicking the Medium button. This allows Medium to associate your visit to our services with your user account. We expressly point out that we, as the provider of the services, have no knowledge of the content of the transmitted data or its use by Medium. Further information on this can be found in the data protection declaration of Medium.
13.4 Use of Google Analytics
We have integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analysis is the gathering, collection, and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed, or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
During your visit to the website the following data, among others, is recorded:
The achievement of “website objectives” (e.g. contact requests and newsletter subscriptions)
Your behavior on the pages (for example clicks, scrolling behavior, and dwell time)
Your approximate location (country and city)
Your IP address (in abbreviated form, so that no clear assignment is possible)
Technical information such as browser, Internet provider, terminal device, and screen resolution
Source of your visit (i.e. which website or advertising medium brought you to us)
This data is transferred to a Google server in the USA.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized during future visits to the website. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 26 months. Other data remain stored in aggregated form for an unlimited period. If you do not agree with the collection, you can prevent this by installing this browser-addon (https://tools.google.com/dlpage/gaoptout?hl=de) once to deactivate Google Analytics.
14. Information on your right of objection under Art. 21 of the Basic Data Protection Regulation (DSGVO)
Right of objection in individual cases:
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 f of the DSGVO (data processing based on a balancing of interests).
If you object, Kasuria GmbH will no longer process your personal data, unless Kasuria GmbH can prove that there are compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
The objection can be made without formality and should be addressed to:
80333 Munich, Germany
15. Retention and deletion periods
As a matter of principle, Kasuria GmbH processes and stores personal data only as long as it is necessary for the fulfillment of contractual and legal obligations. In other words, if the data is no longer necessary for the fulfillment of contractual or legal obligations, it is regularly deleted, unless further processing is necessary for the following purposes, for example:
a) Fulfilment of the retention periods under commercial and tax law, as defined, e.g., by the following laws: Commercial Code (HGB), Fiscal Code (AO), Banking Act (KWG), Money Laundering Act (GWG), and Securities Trading Act (WpHG). The periods of retention or documentation stipulated there are two to ten years.
b) Preservation of evidence within the scope of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years. The legal basis for this arises from Art. 17 para. 3 e DSGVO and Art. 6 para. 1 f DSGVO.