SEAK logo, part of YUVENDA, with a stylized circular emblem.
SEAK logo, part of YUVENDA, with a stylized circular emblem.
White 'in' letter mark inside a black square, representing the LinkedIn logo.Abstract logo of a teal right-pointing arrow and a lime green left-pointing arrow.

Privacy Notice For Business Partners

Compliance with data protection requirements is of great importance to us. In the following, we would like to inform you, as a business partner or as the contact person responsible for us at a business partner, about the collection and processing of your personal data.

1. Controller

The controller responsible for data processing is

SEAK Software GmbH
Röntgenstraße 31 – 33
21465 Reinbek
Telefon: +49 40 238 348 – 000
E-Mail: info@seak.de

1.1. Contact Details of the Data Protection Officer

We have appointed an external data protection officer for our company. He is available to provide information on data protection matters using the following contact details:

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Web: https://www.dsn-group.de/
E-Mail: office@datenschutz-sued.de

When contacting our Data Protection Officer, please also state the controller named in the legal notice.

2. Type of Data

Within the scope of our business relationship, you must provide the personal data that is required for establishing, conducting and terminating a business relationship and for fulfilling the associated obligations, which we are legally obliged to collect or are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.

If you, as a business partner, or your company enters into a business relationship with us, we therefore generally process the following personal data:

  • Form of address, first name, last name,
  • a valid e-mail address
  • Business telephone number (landline/mobile)
  • Department and position within the company
  • the required offer and contract information (including the subject matter of the business relationship, type of service, price information, service level agreement, execution modalities, execution date, information on due dates),
  • information relating to the performance of the business relationship (correspondence data, service and support requests and their contents, duration of the business relationship),
  • address and company name,
  • where applicable, tax number, commercial register number and business bank details

3. Purpose and Legal Basis of Data Processing

3.1. For the Performance of Concluded and/or Initiated Business Contracts

The processing of your personal data may be necessary for the fulfilment of obligations arising from a contract concluded with you. This may include, for example, the processing of licence agreements, purchase orders, SaaS contracts, deliveries or payments. In addition, we process your data to handle service and support requests within the framework of the service level agreement and to respond to other enquiries from individual persons during the ongoing contractual relationship in order to establish the basis or conditions of the contractual relationship.

The processing of your data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR (for the fulfilment of contractual obligations).

3.2. Verification of Digital Contract Conclusions

If you participate in a contract conclusion offered by us by means of a digital signature (e.g. Adobe Sign), we process your data, in particular your e-mail address, IP address and the times at which you processed the respective contractual document, for example approved, viewed or digitally signed it, including the time and date in each case. Our legitimate interest lies in the efficient and rapid digital processing of the contract signature and the corresponding logging of the signing process for evidentiary purposes. In addition, certain contracts may be signed using a so-called qualified electronic signature. In this case, in addition to the data mentioned above, we also process the certificate data of your signature. Our legitimate interest in doing so is to verify whether you hold a valid qualified electronic signature by which a possible statutory written form requirement can be replaced. The prerequisite for using a qualified electronic signature is registration with a trust service provider (e.g. D-Trust / Bundesdruckerei), which you must carry out independently. However, the respective provider processes the data you provide during registration under its own responsibility and not on our behalf.

The processing of your data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (protection of our legitimate interest).

3.3. For Credit Checks

When concluding a contract, we occasionally collect data about your creditworthiness from credit agencies. We use the creditworthiness data provided by credit agencies to assess creditworthiness. Credit agencies store data that they receive, for example, from banks or companies. This data includes in particular surname, first name, date of birth, address and information on payment behaviour. You can obtain information about the data stored about you directly from the credit agencies.

The processing of your data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (protection of our legitimate interest).

3.4. Conducting Direct Marketing

As part of our business activities, we also process personal data of business partners for direct marketing purposes. This includes, in particular, information about our own products, services, events, webinars, specialist information and comparable content. Direct marketing may be carried out via various communication channels, in particular by e-mail, as well as by telephone or post.

Direct Marketing Based on Consent

If you have given us your express consent, we process your personal data for direct marketing purposes on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. You may withdraw any consent given at any time with effect for the future, for example via the unsubscribe link included in every marketing e-mail or by sending us a corresponding notification. The withdrawal does not affect the lawfulness of the data processing carried out until the withdrawal.

Direct Marketing to Business Partners

For existing business partners, the processing of personal data for direct marketing purposes may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, provided that the statutory requirements of Section 7 para. 3 UWG are met. Our legitimate interest lies in particular in maintaining existing business relationships and providing information about our own similar products and services. You have the right to object at any time to the processing of your personal data for direct marketing purposes.

3.5. Within the Scope of Internal Administrative Purposes

Furthermore, legitimate interests include our internal administrative purposes (e.g. accounting or process and workflow optimisation and quality management), the selection of suitable business partners, ensuring our company’s IT infrastructure and conducting compliance investigations, asserting legal claims, defending against liability claims, ensuring building and facility security, preventing criminal offences and regulating damages resulting from the business relationship. Processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

3.6. For the Implementation of Legal Obligations

The purposes of data processing arise in individual cases from statutory requirements. These legal obligations include, for example, the fulfilment of retention and identification obligations, e.g. within the framework of requirements to prevent money laundering, tax control and reporting obligations, commercial and foreign trade law or sanctions law provisions, and data processing in the context of requests from authorities.

The processing of your data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR (for the fulfilment of legal obligations).

4. Obligation to Provide Your Personal Data

Within the scope of our business relationship, you must provide the personal data that is required for establishing, conducting and terminating a business relationship and for fulfilling the associated obligations, which we are legally obliged to collect or are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.

5. Storage Period / Criteria for Determining the Storage Period

The personal data will be retained for as long as this is necessary to fulfil the purposes stated above or statutory or contractual retention obligations exist (in particular, statutory retention obligations are relevant in this regard), or if you have consented to storage beyond this pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

6. Recipients / Categories of Recipients of Your Data

Within the scope of contractual relationships, for the fulfilment of legal obligations and to protect legitimate interests, processors in the areas of hosting and administration, payment processing and invoicing, customer communication, CRM, document and ticket management also receive access to your personal data.

Compliance with data protection requirements is contractually ensured in this regard.

Where permissible, we may transfer your personal data to companies affiliated with us.

In the case of contract conclusions by means of digital signature, your data is also accessible to all persons involved in the contract approval and signing process, as they receive a log after the contract has been signed, in which all processing steps, including e-mail address, IP address, date and time, are visible. Furthermore, your data may be accessible to the respective service providers we use for the corresponding digital signature process. In the case of Adobe Sign, this is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West, Business Campus, Saggart D24, Dublin, Ireland. Where a qualified electronic signature is used for digital contract conclusions, your data is additionally accessible to D-Trust GmbH, Kommandantenstraße 18, 10969 Berlin, as it performs the verification of the validity of the signature.

In addition, in individual cases there may be further statutory obligations to transmit data, for example to authorities; however, these cannot arise generally, but only in the specific individual case.

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the European Commission as providing an adequate level of data protection, if an adequate level of data protection has been agreed with the data recipient (for example by means of EU standard contractual clauses), or if you have given us your consent to do so.

7. Joint Controllership within the YUVENDA Group

Your personal data may be transferred to affiliated companies of the YUVENDA Group.

For the purpose of group-wide, year-round controlling and for carrying out centralised financial accounting, booking data, contract data, tax data and other data required for accounting purposes are transferred to YUVENDA GmbH. Although care is always taken not to transfer data with a personal reference, these data records may in individual cases contain personal data such as your name, your position and, under certain circumstances, your business contact details.

The legal basis for the transfer of data to YUVENDA GmbH is Art. 6 para. 1 lit. f GDPR. The overriding legitimate interests lie in consolidating all controlling processes and financial accounting at a central point within the group, which has the appropriate specialist expertise also for fulfilling commercial and tax law requirements as well as the necessary personnel resources; avoiding friction points; and optimally coordinating figures, reporting and analyses within the group.

With regard to these data processing operations, joint controllership pursuant to Art. 26 GDPR exists between the company contracting with you and YUVENDA GmbH. For further information and the essence of the agreement concluded pursuant to Art. 26 para. 2 GDPR, please contact datenschutz@yuvenda.com.

8. Your Data Protection Rights

Upon request, you have the right to receive information free of charge about the personal data stored concerning you (Art. 15 para. 1 GDPR). In addition, where the statutory requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data, as well as the right to data portability (Art. 20 GDPR).

You have the right to withdraw your consent at any time with effect for the future if the data is processed on the basis of Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a GDPR.

You have the right to object to data processing pursuant to Art. 21 GDPR if the data is processed on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR.

To exercise your rights, please contact the following address: datenschutz@yuvenda.com.

This mailbox is managed by ALVARA Holding GmbH as the central administrative office of the YUVENDA Group for data subject requests. However, data protection rights may also be asserted against the company contracting with you.

Your data subject requests are answered by ALVARA Holding GmbH within the framework of processing on behalf of the other companies pursuant to Art. 28 GDPR.

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection provisions. The right to lodge a complaint may in particular be exercised with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.