Data Subjects according to GDPR

Interested Party

Interested parties are all those persons who are interested in our product and our other services and who are regularly informed about new developments.

Personal data of interested parties will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
providing information To provide information about news, products and services.
event management Planning and organizing training and information events of CALPANA.

The legal basis for processing the personal data of interested parties is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
providing information consent
event management consent

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
providing information interested party data Data includes name, telephone number, e-mail, address, function in the company and additional notes (interest of the interested party - about the product, service or events).
event management contact details for events Data includes name, telephone number, e-mail and address.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
interested party data until recalled. Immediately after recall.
contact details for events until recalled. Immediately after recall.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
interested party data From the datat subject.
contact details for events From the datat subject.

No automated decision making, including profiling, is performed in any of the above processing activities.

Customer

Customers are all those persons who request and purchase products and services from us. 
Personal data of customer will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
order handling Processing of orders and invoicing of services.
marketing Providing information about products and services.
event management Planning and organizing training and information events of CALPANA.

The legal basis for processing the personal data of customers is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
order handling The respective contract with the customer.
marketing Consent or justified interest (direct advertising between the customer and the company).
event management consent

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
order handling, marketing customer data base Data includes name, address, company register number, VAT ID, e-mail and telephone number.
order handling customer properties Data includes sales, payment behaviour, contact persons and offers.
event management contact details for events Data includes name, telephone number, e-mail and address.
order handling project data Data includes backups of CRISAM data.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

e store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
customer data base As long as the business relationship continues and all claims have been settled. Thereafter the processing is limited and the data is stored for 7 years (according to BAO). After the 7 years within a deletion cycle of one year.
customer properties As long as the business relationship continues and all claims have been settled. Thereafter the processing is limited and the data is stored for 7 years (according to BAO). After the 7 years within a deletion cycle of one year.
contact details for events until recalled Immediately after recall.
project data As long as the business relationship continues and all claims have been settled. Thereafter the processing is limited and the data is stored for 7 years (according to BAO). After the 7 years within a deletion cycle of one year.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
customer data base From customer contact or contact with interested parties.
customer properties From customer contact or contact with interested parties.
contact details for events From customer contact or contact with interested parties.
project data From the customer himself.

No automated decision making, including profiling, is performed in any of the above processing activities.

Supplier

Suppliers are all those persons who hand over or provide goods or services to our company by delivery.

Personal data of suppliers will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
service supply In the course of providing the services of suppliers, data of the contact persons is processed.

The legal basis for processing the personal data of suppliers is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
service supply The respective contract with the supplier.

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
service supply supplier contact details Data includes name, telephone number, e-mail and address.

As part of the processing activities we carry out, we transfer personal data to the following recipients or categories of recipients:

DATA TYPES RECIPIENT EU-THIRD COUNTRY [J/N] PURPOSE OF TRANSMISSION
bank details, name bank N Payment of invoices.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
supplier contact details As long as the business relationship continues and all liabilities have been settled. Thereafter the processing is limited and the data stored for 7 years (according to BAO), due to the storage of invoice data. After the 7 years within a deletion cycle of one year.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
supplier contact details From the supplier himself.

No automated decision making, including profiling, is performed in any of the above processing activities.

Training Participant

Training participants are all those persons who take part in our company's training courses and thus receive special or extended qualifications and further training in the use of the software or other subject areas. Customers can also be regarded as training participants.

Personal data of training participants will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
Providing external training Providing external training for further education and obtaining further qualifications.

The legal basis for processing the personal data of training participants is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
Providing external training consent

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
Providing external training training participant data Data includes company name, name, address and evaluation result.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
training participant data until recalled Immediately after recall.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
training participant data From the data subject.

No automated decision making, including profiling, is performed in any of the above processing activities.

Applicant

Applicants are all those persons who apply for an open position or through an initiative application in the company.

Personal data of applicants will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
applicant management Selection of a suitable person for the position.

The legal basis for processing the personal data of applicants is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
applicant management contract initiation

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
applicant management applicant details Data includes master data (name, address, telephone number, date of birth, gender, possibly religion, marital status), proof of occupation, application photo, references, letters of application (personal data and contents of the applicant that he/she reveals). Among other things, Art. 9 data (health data, religious creed) or Art. 10 data (criminal convictions) may be included.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
applicant details 7 months after the job was filled or rejected.  After the 7 months within a deletion cycle of one year.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
applicant details From the applicant or personnel service provider.

No automated decision making, including profiling, is performed in any of the above processing activities.

Website Visitor

Website visitors are all those persons who visit our website within a certain measured time.

Personal data of website visitors will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
Processing of contact requests Processing of requests from the website form to provide support appropriate to the requestor.

The legal basis for processing the personal data of website visitors is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
Processing of contact requests consent

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
Processing of contact requests contact form Data are the subject and the exact description of the request, name, telephone number and e-mail.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it.  Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
contact form until recalled Immediately after recall.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
contact form From the data subject.

No automated decision making, including profiling, is performed in any of the above processing activities.

External Service Provider

External service providers are all those persons who provide services to the company and charge them accordingly.

Personal data of external service providers will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
service performance Checking the performance of the external service provider.
service charging Billing of external service providers.

The legal basis for processing the personal data of external service providers is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
service performance The respective contract with the external service provider.
service charging The respective contract with the external service provider.

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
service performance, service charging data from external service providers Data includes company name, name, telephone number, bank details, service and payment.

As part of the processing activities we carry out, we transfer personal data to the following recipients or categories of recipients:

DATA TYPES RECIPIENT EU-THIRD COUNTRY [J/N] PURPOSE OF TRANSMISSION
bank details, name, payment bank N payment of fees

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
data from external service providers As long as the business relationship continues and all liabilities have been settled. Thereafter the processing is limited and the data stored for 7 years (according to BAO), due to the storage of invoice data. After the 7 years within a deletion cycle of one year.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
data from external service providers From the external service provider itself.

No automated decision making, including profiling, is performed in any of the above processing activities.