We take the protection of your personal rights seriously and hereby inform you how we process your data and what claims and rights you are entitled to.
1. Contact details of the controller
Tyczka GmbH
Managing Directors: Dr. Frank Götzelmann (Spokesman), Frederick Tyczka-Christoph
Blumenstraße 5
82538 Geretsried
Telefon 08171 / 627-0
E-Mail: info@tyczka.com
2. Contact details of the data protection officer
The external data protection officer of the controller is
Digital Compliance Consulting GmbH
Mr Dipl.-Ing. Arnd Fackeldey
Karl-Arnold-Str. 44
52349 Düren
Telephone: 02421 / 5559333
E-mail: fackeldey@digital-compliance-consulting.com
3. What is it about?
This privacy policy serves to fulfil the legal requirements for transparency in the processing of personal data. For the purposes of data protection law, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting websites. Information that we cannot link to your person is not personal data and is therefore generally not subject to data protection laws.
The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose. Below we inform you about the various processing activities as well as the purposes and legal bases assigned to the respective processing.
We regularly delete personal data as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention obligations.
4. Recipient of your data
Your personal data is generally processed by Tyczka. In addition, external service providers are involved for various processes, who may be recipients of your data, e.g. we transmit your data to freight forwarders, installers, architects, planning offices, lecturers of our seminars to the extent necessary in order to reliably fulfill the contract concluded with you.
We may also use service providers for processing within the scope of your consent (e.g. e-mail advertising, meter reading).
If legal requirements are met or on the basis of a legitimate interest, your data may be transmitted to tax authorities, supervisory authorities, auditors, lawyers and approved monitoring bodies (e.g. TÜV) and other authorities. We also use service providers for certain activities (e.g. IT services).
If the recipients of the data are not already subject to a statutory duty of confidentiality, we oblige them to maintain confidentiality and comply with data protection regulations.
For internal administrative purposes, we transfer your data to Tyczka GmbH, Blumenstraße 5, 82538 Geretsried. This is a company within our group of companies that carries out accounts receivable accounting centrally and works for us as an IT service provider.
Data transfer to a third country
In principle, we do not transfer your data to a country outside the EU or outside the European Economic Area. We draw your attention to the fact that we use products and work with service providers (such as Microsoft) for which we cannot rule this out. If personal data is knowingly transferred to a third country by a product or service provider, the person responsible for the area will point this out separately and conclude the contracts required under Art. 44 et seq. GDPR and conclude the necessary contracts.
5. Processing of your data
Purpose, type and scope of processing
Tyczka processes personal data in many different areas. Which personal data we process in which way depends on the requested or agreed contractual services.
This data may include
We process personal data in accordance with the applicable data protection regulations, generally the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).
Purposes for the performance of a contract with you or pre-contractual measures (Article 6 (1) b GDPR)
We process your data in order to fulfill our contract with you and so that we can execute your orders. This includes the services, measures and activities necessary for this.
This also applies to pre-contractual relationships, e.g. with parties interested in our products or training offers.
Processing based on your consent (Art. 6 (1) a GDPR)
If you have given your consent to the processing of your data for certain specified purposes, we will process your data within this framework (e.g. use of your e-mail address for advertising purposes).
You can revoke your consent at any time for the future. To withdraw your consent, please use the contact details of the controller specified in section 1. In addition, we will inform you of your right of withdrawal and your withdrawal options when you give your consent and each time we contact you for advertising purposes.
Processing on the basis of a legitimate interest (Article 6 (1) f GDPR)
Furthermore, we process your data if the processing is necessary to protect our legitimate interests or those of third parties, e.g.
a) for internal administrative purposes, accounts receivable accounting is carried out by Tyczka GmbH, Blumenstraße 5, 82538 Geretsried, Germany.
b) for technical information regarding our products and training courses, for direct advertising, market and opinion research, provided you have not objected to the use for this purpose.
c) to obtain creditworthiness information to hedge an economic risk for us.
d) to assert legal claims, e.g. via debt collection service providers
e) for defense in legal disputes.
f) for the investigation or prevention of criminal offenses.
g) for the purposes of IT and data security.
Processing for the fulfillment of legal requirements (Art. 6 (1) c GDPR)
Like all companies, we are also subject to various legal regulations that oblige us to process or transfer data.
The principle of data minimization is always observed.
Your data will only be processed for purposes other than those mentioned if such processing is permitted under Art. 6 (4) GDPR and is compatible with the original purposes of the business relationship. We will inform you about this processing before processing your data in this way.
We have either received your data directly from you or taken it from publicly accessible sources.
Storage period
We store your data for the duration of our business relationship with you.
In addition, we are subject to various retention obligations, e.g. from the German Commercial Code or Fiscal Code. This leads to storage for up to ten years - possibly even beyond the end of our business relationship.
Further criteria for the storage period may be statutory limitation periods or special statutory regulations for certain processing operations.
There are also retention periods based on our legitimate interests (e.g. test reports, acceptance certificates, product liability).
Provision of your data
You only need to provide us with the data that is necessary for the performance of pre-contractual or contractual business relationships with us. However, we would like to point out that without this data we will generally not be able to enter into or carry out the business relationship with you.
If we request additional data from you, you will be informed of the voluntary nature of the information.
Automated decision-making
We do not use any automated decision-making processes.
6. Rights of data subjects
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us;
erasure pursuant to Art. 17 GDPR of the data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
Restriction of processing pursuant to Art. 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose the erasure of the data because you need it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR.
Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Art. 6 (1) a GDPR or on the basis of a contract pursuant to Art. 6 (1) b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible.
Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is based on Art. 6 (1) e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is for the establishment, exercise or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.
Revocation pursuant to Art. 7 (3) GDPR of your given consent with effect for the future.
Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
7. Contact details of the competent supervisory authority
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Telephone: +49 (0) 981 180093-0
Websites: https://www.lda.bayern.de/de/index.html
8. Notice
This privacy policy to fulfill the information obligations under Art. 13 and 14 GDPR may change from time to time. We will archive all changes.
(Status_ January 2024)