Privacy Policy for Customers
We are pleased that you are a customer of our company and would like to inform you about the processing of your personal data in connection with the contract(s) you have entered into with us. Furthermore, below you will also find an overview of your data subject rights and various ways to contact us should you have any questions regarding data protection.
Any changes to the privacy policy will be updated on this page to continuously inform you about the data that mySaveID GmbH stores and uses.
The most important data protection information is provided below, organized by topic.
I. Name and address of the person responsible
The entity responsible for the collection, processing, and use of your personal data under the EU General Data Protection Regulation (GERMAN GDPR) is::
msg mySaveID GmbH
Amelia-Mary-Earhart-Straße 14
60549 Frankfurt
Germany
Phone: +49 69 580045-4000
E-Mail: info@mysaveid.de
If you wish to object to the collection, processing, and use of your data by mySaveID GmbH in accordance with these data protection provisions in whole or for individual measures, you can send your objection via email, fax, or postal mail to the address provided above. Email: datenschutz@mysaveid.de
II. Name and Address of the Data Protection Officer
The Data Protection Officer of the Controller is:
msg mySaveID GmbH
-Data Protection Officer-
Amelia-Mary-Earhart-Straße 14
60549 Frankfurt
Germany
Phone: +49 69 580045-4000
E-Mail: datenschutz@mysaveid.de
III. Provision of Data in the Context of the Customer Relationship as a Private Individual
1. Why We Use Data
We process the data collected in the context of a contract with you for the purpose of contract execution. We process the data necessary for contract performance to provide you with the services agreed upon in the contract with you.
We will also use the data from the order for the necessary processing of warranty claims or other complaints, as well as for general customer care. Data from the contractual relationship will also be shared with other affiliated companies for billing purposes, as well as for potential advisory and auditing purposes. Data from the order will be stored in accordance with legally mandated retention obligations as per §§ 146 ff. of the German Tax Code (Abgabenordnung) or § 257 of the German Commercial Code (Handelsgesetzbuch) and will be deleted after the statutory retention periods have expired.
2. Information About the Processing of Personal Data
Hereinafter, we provide information about the collection of personal data when using our website. Personal data refers to all data that can be related to you personally, such as name, address, email addresses, and contract number.
If you are prompted to provide personal information such as name, address, or telephone number on our pages, this is subject to special provisions, which you will be informed of.
We use this data exclusively for the purposes mentioned above. Disclosure to third parties outside of mySaveID GmbH does not occur, with the exception of companies within the msg Group.
IV. Processing of Data in the Context of Registering an Organization
1. Why We Use Data
We process the data collected in the context of a contract with your organization for the purpose of contract execution. We process the data necessary for contract performance to provide the services agreed upon with the organization.
We will also use the data from the order for the necessary processing of warranty claims or other complaints, as well as for general customer care. Data from the contractual relationship will also be shared with other affiliated companies for billing purposes, as well as for potential advisory and auditing purposes. Data from the order will be stored in accordance with legally mandated retention obligations as per §§ 146 ff. of the German Tax Code (Abgabenordnung) or § 257 of the German Commercial Code (Handelsgesetzbuch) and will be deleted after the statutory retention periods have expired.
In this context, personal data of individuals is collected and processed in two different roles. Firstly, the data of the company contact person, i.e., the individual who initiates the registration of the organization, is collected.
The following personal data of the company contact person are processed:
· First and Last Name
· Work Phone Number
· Work Email Address
In addition, the following personal data of up to 3 legal representatives of the company are processed:
· First and Last Name
· Work Phone Number
· Work Email Address
Important: Please ensure that, as the company contact person, all mentioned company representatives are informed about the registration before completing the process.
2. Information About the Processing of Personal Data During Ongoing Operations
Below, we provide information about the processing of personal data when using our services. Personal data refers to all data that can be related to you personally, such as name, address, email addresses, and contract number.
If you are prompted to provide personal information such as name, address, or telephone number on our pages, this is subject to special provisions, which you will be informed of.
We use this data exclusively for the purposes mentioned above. Disclosure to third parties outside of mySaveID GmbH does not occur, with the exception of companies within the msg Group.
V. General Information Regarding the Processing of Personal Data of Our Customers
1. Legal Basis for the Processing of Personal Data
All processing activities of personal data that are necessary to fulfill a contract of which you are a party are based on Article 6(1)(b) of the GERMAN GDPR. This also applies to processing operations required to carry out pre-contractual measures.
To the extent that processing of personal data is necessary to fulfill a legal obligation, such as the statutory retention obligations described earlier, to which our company is subject, Article 6(1)(c) of the GERMAN GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6(1)(f) of the GERMAN GDPR serves as the legal basis for processing.
Where we obtain consent from the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GERMAN GDPR) serves as the legal basis.
2. Data Deletion and Storage Period
Personal data of the data subject will be deleted or blocked as soon as the purpose of processing no longer applies. Furthermore, data processing may take place if this is provided for by the European or national legislator in union regulations, laws, or other regulations to which the controller is subject.
During the operation of msg mySaveID GmbH, the archived data (in paper form and electronically) is archived in accordance with the requirements of VDG § 16.4 and stored over the validity period of the certificates.
Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for contract initiation or contract fulfillment.
VI. Email / Contact Form / Support Form
1. Description and Scope of Data Collection
In the context of customer communication, there are various ways to get in touch. If a user chooses to use the contact form / support form, the data entered in the input mask is transmitted to us and stored. This data includes:
- First Name Last Name (mandatory field)
- Your Email Address (mandatory field)
- mySaveID User Number
- Your Message
At the time of sending the message, the following data is also stored:
- The user's IP address
- Date and time of registration
Alternatively, contact can be made through the provided email address. In this case, the personal data transmitted by the user via email will be stored.
Depending on the internal distribution of tasks, data may be shared with other members of the msg Group in this context. The data will be used exclusively for processing the conversation.
2. Legal Basis for Data Processing
The legal basis for data processing, when the user has provided consent, is Article 6(1)(a) of the GERMAN GDPR.
3. Purpose of Data Processing
The processing of personal data from the input mask is solely for the purpose of handling the contact request. In the case of contact via email, there is also a necessary legitimate interest in processing the data.
The other personal data processed during the submission process is used to prevent misuse of the contact form and ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is terminated. The conversation is considered terminated when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
Personal data additionally collected during the submission process will be deleted no later than seven days after collection.
5. Options for Objection and Removal
The user has the option to revoke their consent for the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
If you wish to revoke your consent or request data removal, please contact the responsible party, mySaveID GmbH, via email at datenschutz@mysaveid.de.
All personal data stored during the contact process will be deleted in this case.
VII. Where Are My Data Processed?
Your data is processed in Germany. Data processing may also occur within the legal framework in European and non-European countries. There are no plans for data transfer to third countries.
VIII. How Secure Are My Data?
mySaveID GmbH has implemented extensive technical and operational security measures in accordance with applicable European law to protect your data from unauthorized access and misuse.
IX. Will my data be shared with third parties?
The transfer of data to third parties, with the exception of companies in the msg group, does not take place.
X. Rights of the data subjects
If your personal data is processed, you are a data subject within the meaning of the GERMAN GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You can request information free of charge about the scope, origin and recipients of the stored data as well as the purpose of the storage.
2. Right of rectification
You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
3. Right to erasure
You may request the controller to erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GERMAN GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Article 21(1) of the GERMAN GDPRand there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GERMAN GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) GERMAN GDPR.
4. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format.
5. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) GERMAN GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
6. Right to complain to the supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GERMAN GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GERMAN GDPR. Due to the registered office of mySaveID GmbH competent supervisory authority:
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: +49 611-1408 0
E-Mail: poststelle@datenschutz.hessen.de
Status: 28.09.2023