The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Smart Access Solutions GmbH
Parkstrasse 17
80339 Muenchen
GermanyPhone: +49 89 21 55 00 00 0
Email: info@smart-access-solutions.com
The data protection officer of the data controller is:
Jörg Hermann
Freibadstr. 30
81543 Munich
GermanyPhone: +49 89 200 033 580
Email: info@jmh-datenschutz.de
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1) (b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies. You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice. Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
As a data subject within the meaning of the GDPR, you have the option to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to deletion (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20). Right of revocation:
Some data processing can only take place with your express consent.You have the option to revoke your consent at any time. However, the lawfulness of the data processing up to the point of revocation is not affected by this. Right of objection:
If the processing is based on Article 6(1)(e) or (f) GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Article 4(4) GDPR. Unless we can prove a legitimate interest for the processing which overrides your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims, we will refrain from processing your data after the objection has been made. If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling associated with direct marketing. Here, too, we will no longer process personal data as soon as you raise an objection. Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, without prejudice to any other administrative or judicial remedy, your place of work or the location of the alleged violation. Right to data portability:
If your data is processed automatically based on consent or fulfilment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another data controller, insofar as this is technically feasible. Right of access, rectification and erasure: You have the right to obtain information about the processing of your personal data with regard to the purpose, categories and recipients of the data processing, as well as the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us using the contact options provided in the legal notice. Right to restriction of processing:
You may assert your right to the restriction of processing of your personal data at any time. To do this, you must meet one of the following requirements: You contest the accuracy of the personal data. While the accuracy of the data is being verified, you have the right to demand that its processing is restricted. If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion. If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request the restriction of processing as an alternative to deletion. If you object to the processing in accordance with Article 21(1) GDPR, we will weigh up your interests against ours. Until this weighing up is completed, you have the right to request the restriction of processing. The effect of restricting processing is that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a member state.
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server. These are:
IP address of the website visitor’s end device device used host name of the accessing computer visitor’s operating system browser type and version name of the retrieved file time of server request amount of data information on whether the retrieval of the data was successful This data is not merged with other data sources. Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website. The legal basis for processing this data is Article 6(1)(f) GDPR . Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.
We use external services on our website. External services are services provided by third parties that are used on our website. This can be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).
We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, the service provider who makes this network available will process your IP address and information about when you visited our website. All further information on data processing by this service provider can be found in the company’s privacy notice. This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.
Our website uses the service CloudFlare. The provider of this service is Cloudflare Germany GmbH, Rosental 7, 80331 München, Germany. The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU- U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://www.cloudflare.com/privacypolicy/.
We use a map service on this website. In order for the map to be used and displayed on the website, the map must be loaded from the provider’s server. This results in your IP address being transmitted to the provider’s server. Depending on the provider, cookies and other technologies, including fonts, are loaded. More information on this can be found in the provider’s privacy policy. Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Our website uses the service OpenStreetMap. The provider of this service is OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, Great Britain. The use of this service may result in data transfer to a third country (Great Britain). The European Commission has confirmed an adequate level of data protection for the country by adequacy decision. Further information can be found in the provider’s privacy policy at the following URL: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
Zendesk We deploy the CRM system Zendesk to process user inquiries. The provider is Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103 USA. We use Zendesk to be able to respond to your inquiries promptly and efficiently. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. In order to be able to submit inquiries, you must provide your e-mail address and name. The messages addressed to us remain with us until you request deletion, or the data storage purpose no longer applies (e.g. after completed processing of your request). Mandatory statutory provisions, in particular retention periods, remain unaffected. Zendesk has Binding Corporate Rules (BCR) which have been approved by the Irish Data Protection Authority. These are binding corporate rules that legitimize the transfer of data within the company to third countries outside the EU and EEA. Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.
For more information, please consult Zendesk’s Data Privacy Declaration at: https://www.zendesk.com/company/customers-partners/privacy-policy/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000TOjeAAG&status=Active
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
We have provided a telephone number and email address on our website in accordance with legal requirements. Data transmitted in this way is automatically stored by us in order to process the corresponding enquiries or to be able to contact the person making the enquiry. We will not pass this data on to third parties without your consent. If contact is made by telephone or via our email address for pre-contractual or contractual purposes, the legal basis for the processing of personal data is Article 6(1)(b) GDPR. For all other contact you make, the legal basis for our processing of your personal data is our legitimate interest in accordance with Article 6(1)(f) GDPR.
You have the option to send us an application (e.g. by post, online application form or by email). We will store and process the personal data obtained in this way in order to process your application. The legal basis for processing is Article 6(1)(b) GDPR as well as Article 6(1)(a) GDPR, provided consent has been given. Insofar as German law is applicable, § 26 of the German Federal Data Protection Act (Bundesschutzgesetz, BDSG) in particular is used as the legal basis for processing. You can revoke your consent at any time. The lawfulness of the processing carried out prior to the revocation of consent remains unaffected. If an employment relationship results from the application, the data collected will be stored for the purpose of processing the employment relationship on the basis of Article 6(1)(b) GDPR. If no employment relationship results from the application, the data will be stored on the basis of Article 6(1)(f) GDPR for the duration of the statutory claims, in particular due to discrimination in the application process. This is necessary to defend against potential legal action or allegations. If consent has been given, the data will be stored for a longer period on the basis of Article 6(1)(a) GDPR. You can revoke your consent at any time. The lawfulness of the processing carried out prior to the revocation of consent remains unaffected. If no employment relationship is established, the person applying may be included in our applicant pool, in which case the details of their application will be saved so that they can be contacted in the event of suitable job vacancies arising. Data is only stored in the applicant pool after consent has been given on the basis of Article 6(1)(a) GDPR. This consent can be revoked at any time, after which the corresponding data will be deleted, provided there are no legal reasons for retention. Deletion takes place automatically no later than two years after consent has been given. The lawfulness of the processing carried out prior to the revocation of consent remains unaffected.