genua GmbH
Domagkstrasse 7
85551 Kirchheim, Germany
represented by its managing directors Matthias Ochs and Marc Tesch.
genua GmbH (hereinafter "genua") places a particularly high importance on the protection of your personal data. In this statement we would like to clearly describe the data we process as our web-site is visited.
Personal data is information that can be used either directly or indirectly to identify a person. Typical examples would be a name or a postal address. Personal data may be processed in one of the following cases:
This privacy notice fulfills the requirements laid out in Article 13 ff of the GDPR (General Data Protection Regulations). concerning the information to be provided when personal data is collected. Personal data is information that can be used either directly or indirectly to identify a person. Typical examples would be a name or a postal address. Personal data may be processed under the following conditions:
When consent is granted (in accordance with Art. 6, para. 1 (a) of the GDPR)
The purposes of processing personal data are defined by the consent granted. Once granted, consent can be permanently revoked at any time. Consent granted before the GDPR came into effect can also be revoked. Processes that have occurred before consent is revoked remain unaffected by the revoking of consent. For example: sending a newsletter.
When contractual obligations have to be met (in accordance with Art. 6, para. 1 (b) of the GDPR)
The purposes of the data processing are defined by the introduction of pre-contractual obligations preceding a contractually regulated business relationship or the fulfillment of obligations laid out in a closed contract.
When legal requirements have to be met (in accordance with Art. 6 para.1 (c) of the GDPR) or when it is in the public interest (in accordance with Art. 6 para.1 (e) of the GDPR)
The purposes of processing personal data are defined by the need to meet legal compliance (for example, fulfilling obligations to retain data).
When conflicting interests are to be weighed up (in accordance with Art. 6, para. 1 (f) of the GDPR)
The purposes of the processing are defined by weighing up our legitimate interests. It may be necessary to process user data over and above meeting the original contractual obligations. Our legitimate interests can justify further processing of user data, in so far as the user’s interests or fundamental rights and freedoms do not prevail. Our legitimate interests may include exercising legal claims or defending liability claims.
Data Categories
genua processes the following categories of personal data for the above-mentioned purposes:
- contact information such as first and family names, address, land line and cell/mobile telephone numbers, fax number and e-mail addresses;
- payment details that are necessary for the settlement of payment transactions or are required to prevent fraud;
- information that is required for the completion of a project or the processing of a contractual relationship with genua or that is freely provided by one of our contact persons.
Data Sources
We process personal data that we have acquired within the framework of our business relationship with users. We process personal data that we obtain or are legitimately forwarded by third parties from publicly accessible sources such as lists of debtors, land and real estate registers, commercial and associations registries, the press and the Internet, as far as is necessary for us to render our performance.
The personal data collected when ordering goods or services will be used by genua to manage your customer account and to fulfill and process your order, and if applicable will only be passed on to third parties (e.g. to a transport company commissioned with shipping) for this purpose. In addition, this data will be further used within the scope of legal regulations. genua will inform you by phone, by e-mail or via post about interesting offers concerning the same or similar goods or services as well as a little gesture for special occasions. In addition, genua conducts customer customer feedback surveys from time to time to make the products even better for you. If you do not (or no longer) wish to receive such information or promotions, you can informally object to this at any time with effect for the future to genua (e.g. e-mail: datenschutz@genua.de). Such an objection will not incur any costs beyond the transmission costs according to the prime rates
The processing of your data is based on our legitimate interest in being able to present similar goods and services to you as well as to strengthen our business relationship in various manners, Art. 6 para. 1 p. 1 lit. f) GDPR.
You also have the option of contacting genua by telephone. You may be asked to provide personal data that is required to process your request. In this context, genua regularly collects your name and the reason for the call. The legal basis for data processing is genua's legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. This results from the economic, idealistic and technical interest in answering your inquiry and communicating with you.
a) Purpose and Legal Basis of Processing
We provide contact information at www.genua.de/.well-known/security.txt, which you can use to inform us about security vulnerabilities and weaknesses.
In the context of your contact, we process the following personal data:
- Email address
- Last name, first name (optional)
- Additional personal data that you provide in the content of the report (optional)
We process the data you provide to us in the context of the report for the purpose of resolving the vulnerability and store your report for the purpose of tracing vulnerabilities for the duration of the support period of our products.
The processing of your data is based on our legitimate interest in recognizing and resolving security issues early, Article 6 (1) (f) GDPR.
There is no milder, equally suitable means to achieve this legitimate interest. There are no overriding interests or fundamental rights and freedoms of the affected persons that contradict this.
b) Storage Period
We store your report for reasons of traceability of reported vulnerabilities for 10 years. This duration results from the fact that we have a contractual support period of 5 years for our products. According to the EU Cyber Resilience Act, this support period is extended by 5 years. To comply with this regulation, we set a storage period for security reports of 10 years.
c) Recipients
The storage of your report takes place on our systems. Your personal data will not be transferred to third parties and will not be processed for purposes other than those mentioned above. If we are obliged to report a security vulnerability to an authority, the report will only include technical information and no personal data of the reporting person.
Personal data may be transferred to the following categories of recipients:
- public authorities, as required by statutory regulations;
- associated companies, as required by the company to meet contractual obligations or ensure the provision of services;
- information processors as laid out in Art. 28 of the GDPR for the purpose of order processing;
- third parties as a result of functional transfer.
In general, data is not transferred to countries outside the EU or the European Economic Area ("third countries"). Data transfer to third countries can only occur as part of the administration, development or operation of IT systems. Transfer only occurs in the following situations:
- when such a transfer is generally permitted because a legal requirement has been met or because the user has given their consent for the transfer and
- there is a particular case for transferring the data to a third country.
Personal data is only retained for as long as is required for the purposes described in the current document or as required by statutory regulations. genua is required to retain data until the end of any legally required retention periods. genua deletes such data after legal retention periods – which are primarily determined by commercial and tax regulations – have expired. Particularly relevant here are sections 147 of the German tax code and 257 of the German commercial code.
genua retains personal data for marketing measures until the user revokes their consent for a particular use of this data, for its use in general or until a measure is no longer legal. Any other user data is only retained as long as it is required for the purpose at hand (for example, until a contract has been fulfilled or settled) and delete this data once this purpose has been fulfilled.
Users have the right to the following at all times:
- access to information as laid out in Art. 15 of the GDPR;
- correction of information as laid out in Art. 16 of the GDPR;
- deletion of information as laid out in Art. 17 of the GDPR;
- restriction of processing as laid out in Art. 18 of the GDPR;
- transfer of information as laid out in Art. 20 of the GDPR;
- appeal as laid out in Art. 21 of the GDPR.
Users wishing to exercise any of the above rights should send an e-mail to datenschutz@genua.de or send a letter to the postal address listed under #1 above. In addition, users also have the right to complain to an ombudsman or other regulatory authority as laid out in Art. 77 para. 1 of the GDPR. Further information can be obtained from the relevant ombudsman or other regulatory authority.