Principles of data processing at the syracom AG


You reached this site via a link because you wanted to find information about our handling of (your) personal data. In order to meet our information duties according to Article 12 et seq. of the EU's General Data Protection Regulation (GDPR), we provide our information concerning data protection:

Who is responsible for data processing?

The data processor as defined in the privacy law is

syracom AG
Otto-von-Guericke-Ring 15
65205 Wiesbaden

You can find further information about our company, the authorized representatives, and further contacts in the imprint of our internet site:

Which of your data do we process? And for what purpose?

If we have received data from you, then we will generally only process it for those purposes for which they were received or collected.

Data processing for other purposes is only possible if the respective required legal conditions of Art. 6 Para. 4 GDPR apply. In this case, we will consider any information duties pursuant to Art. 13 Para. 3 GDPR and Art. 14 Para. 4 GDPR as self-evident.

What is the legal basis for this?

The legal basis for processing personal data is generally Art. 6 GDPR, unless there are other specific legal regulations. The following are in particular possible:

Consent (Art. 6 Para. 1a) GDPR)
Data processing for fulfilling contracts (Art. 6 Para. 1b) GDPR)
Data processing based on a balancing of interests (Art. 6 Para. 1f) GDPR)
Data processing to meet a legal obligation (Art. 6 Para. 1c) GDPR)

If personal data are processed based on your consent, you have the right to withdraw your consent at any time effective for the future.
If we process personal data based on a balancing of interests, then you as the data subject have the right to object to the processing of personal data under consideration of the conditions of Art. 21 GDPR.

How long is the data stored?

We process the data as long as this is necessary for the respective purpose.

If legal archiving duties apply – e.g. based on commercial or tax law – the respective personal data is stored for the duration of the archiving duty. After the expiration of the archiving duty we verify whether the data needs to be stored further for processing purposes. If this is no longer necessary, the data is erased.
In general, we regularly check data in terms of the requirement of further processing. Due to the quantity of data, this verification is based on certain data types or purpose of processing.

Of course, you can at any time (see below) demand information about your personal data that we store and, if storage of the data is no longer required, demand that we erase the data or limit the processing.

To what recipients is the data disclosed?

Your data is generally only disclosed to third parties if this is necessary to implement a contract with you, if the disclosure is justified based on a balancing of interests as defined in Art. 6 Para. 1f GDPR, we are legally obligated to disclose the data, or you have provided your consent.

Where are the data processed?

Cooperation with contractual processors and third parties

If we disclose or transfer data to other persons and companies (contract processors or third parties) as part of our processing or grant them access in any other manner, this occurs only if there is a legal basis (e.g. if it is necessary to transfer the data to third parties, like payment service providers, to fulfil the contract pursuant to Art. 6 Para. 1 lit. b GDPR), if you have granted your consent, if we are legally required to do so, or based on our legitimate legal interests (e.g. when using subcontractors, web hosts, etc.).

If we hire third parties to process data based on a so-called "processing contract", this is based on Art. 28 GDPR.

Transfer to non-EU/EEA countries

If we process data in a non-EU/EEA country (i.e. outside of the European Union (EU) or European Economic Area (EEA)) or if this occurs due to the use of third-party services or if there is any disclosure / transfer of data to third parties, this can only occur if it is necessary to fulfil our (pre-)contractual duties, with your consent, due to a legal requirement, or based on our legitimate interests. Subject to legal or contractual permission, we process or leave the data in a non-EU/EEA country only if specific conditions apply, as specified in Art. 44 et seq. GDPR. I.e. the processing is based on specific guarantees, like the officially recognized determination of a privacy protection level corresponding to that of the EU (e.g. in the USA with the "Privacy Shield") or adherence to officially recognized special contractual obligations (so-called "standard contract clauses").

Your rights as “data subject”

You have the right to receive information about your personal data that we process.
If you do not request information in writing, we ask for your understanding that we may require evidence from you that shows that you are the person you claim to be.
Furthermore, you have the right to correct or erase or restrict the processing if you have the legal right to do so.
Furthermore, you have a right to object to the processing within the legal framework. The same applies to a right for data transferability.

In particular, pursuant to Art. 21 Para. 1 and 2 GDPR, you have a right to object to the processing of your data in connection with direct marketing if it is based on a balancing of interests.

Our Privacy Protection Officer

We have named an external Data Protection Officer in our company. You may reach him at the following address:

syracom AG
Data Protection Officer
Otto-von-Guericke-Ring 15
65205 Wiesbaden
Phone: +49 6122 9176 63

Right to complain

You have the right to complain about our processing of your personal data at a regulatory agency for data protection.

As of: 13.08.2018