Data Subjects according to GDPR

Interested Party

Interested parties are all those persons who are interested in our product and our other services and who are regularly informed about new developments.

Personal data of interested parties will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
providing information To provide information about news, products and services.
event management Planning and organizing training and information events of CALPANA.

The legal basis for processing the personal data of interested parties is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
providing information consent
event management consent

Within the context of the processing activity "providing information", a joint processing of CALPANA Austria and CALPANA Germany may occur. The object of the processing is the administration of contacts in order to provide cross-border services accordingly.
However, only the contact data (name, e-mail, address and telephone number) are processed.

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
providing information contact management data Data includes name, telephone number, e-mail, address, function in the company and additional notes (interest of the interested party - about the product, service or events).
event management contact details for events Data includes name, telephone number, e-mail and address.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
contact management data until recalled. Immediately after recall.
contact details for events until recalled. Immediately after recall.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
contact management data From the datat subject.
contact details for events From the datat subject.

No automated decision making, including profiling, is performed in any of the above processing activities.

Customer

Customers are all those persons who request and purchase products and services from us. 
Personal data of customer will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
order handling Processing of orders and invoicing of services.
providing information Providing information about products and services.
event management Planning and organizing training and information events of CALPANA.

The legal basis for processing the personal data of customers is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
order handling The respective contract with the customer.
providing information Justified interest (contact management).
event management Consent, justified interest (contact management)

Within the context of the "order processing" processing activity, CALPANA Austria and CALPANA Germany may jointly process orders. The object of the processing is the administration of contacts for the provision of the services to be provided under the joint contracts or agreements.
However, only the contact data (name, e-mail, address and telephone number) will be processed.

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
order handling, providing information customer data base Data includes name, address, company register number, VAT ID, e-mail and telephone number.
order handling customer properties Data includes sales, payment behaviour, contact persons and offers.
event management contact details for events Data includes name, telephone number, e-mail and address.
order handling project data Data includes backups of project files.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

e store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
customer data base Austria: As long as the business relationship continues and all claims were settled. Thereafter, the processing is restricted and the data is stored 7 years after approved annual financial statement (according to BAO).
Germany: As long as the business relationship continues and all claims have been settled. After that the processing will be restricted and the data will be stored for 10 years after approved annual financial statement (according to § 147 para. 3 in conjunction with para. 1 no. 1, 4 and 4a AO, § 14b para. 1 UStG).
After the storage period within a deletion cycle of one year.
customer properties Austria: As long as the business relationship continues and all claims were settled. Thereafter, the processing is restricted and the data is stored 7 years after approved annual financial statement (according to BAO).
Germany: As long as the business relationship continues and all claims have been settled. After that the processing will be restricted and the data will be stored for 10 years after approved annual financial statement (according to § 147 para. 3 in conjunction with para. 1 no. 1, 4 and 4a AO, § 14b para. 1 UStG).
After the storage period within a deletion cycle of one year.
contact details for events Until recalled or after termination of the business relationship. Immediately after the storage period.
project data Austria: As long as the business relationship continues and all claims were settled. Thereafter, the processing is restricted and the data is stored 7 years after approved annual financial statement (according to BAO).
Germany: As long as the business relationship continues and all claims have been settled. After that the processing will be restricted and the data will be stored for 10 years. After approved annual financial statement (according to § 147 para. 3 in conjunction with para. 1 no. 1, 4 and 4a AO, § 14b para. 1 UStG).
Immediately after the storage period.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
customer data base From customer contact or contact with interested parties.
customer properties From customer contact or contact with interested parties.
contact details for events From customer contact or contact with interested parties.
project data From the customer himself.

No automated decision making, including profiling, is performed in any of the above processing activities.

Supplier

Suppliers are all those persons who hand over or provide goods or services to our company by delivery.

Personal data of suppliers will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
service supply In the course of providing the services of suppliers, data of the contact persons is processed.

The legal basis for processing the personal data of suppliers is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
service supply The respective contract with the supplier.

Within the context of the processing activity "service supply", a joint processing of CALPANA Austria and CALPANA Germany may occur. The object of the processing is the administration of contacts for the acquisition and use of uniform services.
However, only the contact data (name, e-mail, address and telephone number) are processed.

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
service supply supplier contact details Data includes name, telephone number, e-mail and address.

As part of the processing activities we carry out, we transfer personal data to the following recipients or categories of recipients:

DATA TYPES RECIPIENT EU-THIRD COUNTRY [J/N] PURPOSE OF TRANSMISSION
bank details, name bank N Payroll accounting.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
supplier contact details Austria: As long as the business relationship continues and all liabilities were settled. Thereafter, the processing is restricted and the data stored 7 years after approved annual financial statement (according to BAO), due to the storage of invoice data.
Germany: As long as the business relationship continues and all liabilities have been settled. After that the processing will be restricted and the data will be stored for 10 years after approved annual financial statement (according to § 147 para. 3 in conjunction with para. 1 no. 1, 4 and 4a AO, § 14b para. 1 UStG), due to the storage of invoice data.
After the storage period within a deletion cycle of one year.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
supplier contact details From the supplier himself.

No automated decision making, including profiling, is performed in any of the above processing activities.

Training Participant

Training participants are all those persons who take part in our company's training courses and thus receive special or extended qualifications and further training in the use of the software or other subject areas. Customers can also be regarded as training participants.

Personal data of training participants will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
Providing external training Providing external training for further education and obtaining further qualifications.

The legal basis for processing the personal data of training participants is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
Providing external training contract (service)

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
Providing external training training participant data Data includes company name, name, address, status of the completed trainings and examinations.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
training participant data Until the termination of the business relationship.
With the exception of the examinations, they are kept for a period of 3 years for traceability and, if necessary, issue of a certificate.
Immediately after the storage period.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
training participant data From the data subject.

No automated decision making, including profiling, is performed in any of the above processing activities.

Applicant

Applicants are all those persons who apply for an open position or through an initiative application in the company.

Personal data of applicants will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
applicant management Selection of a suitable person for the position.

The legal basis for processing the personal data of applicants is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
applicant management contract (pre-contractual relationship)

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
applicant management applicant details Data includes master data (name, address, telephone number, date of birth, gender, possibly religion, marital status), proof of occupation, application photo, references, letters of application (personal data and contents of the applicant that he/she reveals). Among other things, Art. 9 data (health data, religious creed) or Art. 10 data (criminal convictions) may be included.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
applicant details Austria: 6 months after the position was filled or rejected (according to GlBG) including a buffer period of one month.
Germany: 2 months after rejection
Immediately after the storage period.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
applicant details From the applicant or personnel service provider.

No automated decision making, including profiling, is performed in any of the above processing activities.

Website Visitor

Website visitors are all those persons who visit our website within a certain measured time.

Personal data of website visitors will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
Processing of contact requests Processing of requests from the website form to provide support appropriate to the requestor.

The legal basis for processing the personal data of website visitors is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
Processing of contact requests legitimate interest (business transaction)

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
Processing of contact requests contact form Data are the subject and the exact description of the request, name, telephone number and e-mail.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it.  Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
contact form until recalled Immediately after recall.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
contact form From the data subject.

No automated decision making, including profiling, is performed in any of the above processing activities.

External Service Provider

External service providers are all those persons who provide services to the company and charge them accordingly.

Personal data of external service providers will be processed within the scope of the following processing activities for the purposes stated below:

PROCESSING ACTIVITY PURPOSE OF PROCESSING
service performance Checking the performance of the external service provider.
service charging Billing of external service providers.

The legal basis for processing the personal data of external service providers is based on the following legal basis or legitimate interests:

PROCESSING ACTIVITY LEGAL BASIS / LEGITIMATE INTEREST
service performance The respective contract with the external service provider.
service charging The respective contract with the external service provider.

The following categories of personal data are processed in the processing activities listed:

PROCESSING ACTIVITY DATA CATEGORY DATA TYPES CONTAINED
service performance, service charging data from external service providers Data includes company name, name, telephone number, bank details, service and payment.

As part of the processing activities we carry out, we transfer personal data to the following recipients or categories of recipients:

DATA TYPES RECIPIENT EU-THIRD COUNTRY [J/N] PURPOSE OF TRANSMISSION
bank details, name, payment bank N Payroll accounting.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

DATA CATEGORY STORAGE DURATION ERASE TIME
data from external service providers Austria: As long as the business relationship continues and all liabilities have been settled. Afterwards the processing is restricted and the data is stored 7 years after approved financial statement (according to BAO), due to the storage of invoice data.
Germany: As long as the business relationship continues and all liabilities have been settled. Thereafter the processing is restricted and the data is stored for 10 years after the approved annual financial statement (§ 147 para. 3 in conjunction with para. 1 no. 1, 4
and 4a AO, § 14b Abs. 1 UStG), due to the storage of invoice data.
Immediately after the storage period.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

DATA CATEGORY SOURCE
data from external service providers From the external service provider itself.

No automated decision making, including profiling, is performed in any of the above processing activities.

Third-parties

Third parties are all those persons who do not belong to one of the other categories of data subjects.

Personal data of third parties will be processed for the following purposes within the scope of the following processing activities:

processing activity purpose of processing
Mistaken contact Processing of mistaken contacts via e-mail.

The legal basis for processing the personal data of third parties is based on the following legal basis or legitimate interests:

processing activity legal basis / legitimate interest
Mistaken contact Legitimate interest (processing of inquiries)

The following categories of personal data are processed in the processing activities listed:

processing activity data category data types contained
mistaken contact third party contact details Data includes name, telephone number and e-mail address.

In the context of the processing activities carried out by us, we do not transfer personal data to any recipients or categories of recipients.

We store your personal data as long as this is required by law, is necessary for the purpose or the use according to the legitimate interest of the company requires it. Subsequent to this storage period, the deletion period listed below applies.

data category storage duration erase time
third party contact details Mistaken e-mails are accepted and stored as long as they have been processed. Immediately after the storage period.

Art. 14 GDPR also requires information on the source of the data that we process for the groups of data subjects:

data category source
third party contact details From the data subject.

No automated decision making, including profiling, is performed in any of the above processing activities.