Data Protection Notice of DEKRA Certification GmbH for Personnel Certification

DEKRA Certification GmbH takes the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable statutory data protection requirements for the following purposes.
The controller for data processing is
DEKRA Certification GmbH
Handwerkstrasse 15,
70565 Stuttgart, Germany
Phone: +49.711.78 61-25 66
Email: certification.de@dekra.com
You can contact our data protection officer at datenschutz.certification@dekra.com.

Data sources

We primarily process personal data that we have received directly from you.

1.1 Data categories

In particular, we process data belonging to the categories personal data, contact data, payment/cover confirmation for bank card and credit card customer history, data about your use of telemedia offered by us, and data on creditworthiness.

1.2 Purposes and legal bases of processed data

Purposes for the fulfillment of a contract or pre-contractual measures (Article 6 (1)(b) GDPR [General Data Protection Regulation])
The processing of personal data takes place in order to fulfill our contracts with you, to execute your orders and carry out measures and activities in the context of pre-contractual relations. This includes: contract-related communication with you, the corresponding settlement, and the associated payment transactions as well as the contractual transfer of certificate numbers to our education partners.
Purposes as part of a legitimate interest on the part of us or a third party (Article 6 (1) (f) GDPR)
We process your data when it is necessary to protect legitimate interests on the part of us or a third party, in particular for advertising purposes (e.g. customer satisfaction survey, notification of expiration of the certificate) as long as you have not objected to the use of your data or to optimize internal processes and requirements. In addition, we process your data in order to confirm the authenticity and trustworthiness of the certificates issued by us at the request of third parties. The transfer of certificate numbers to our education partners is carried out to protect their interests in optimizing the service they provide.
Purposes for the fulfillment of legal obligations (Article 6 (1)(c) GDPR) or for the public interest (Article 6 (1)(e) GDPR)
We are subject to a number of legal obligations. These are primarily legal requirements (such as commercial and tax laws), but also, if applicable, regulatory or other official obligations. The purposes of processing may include the fulfillment of tax and reporting obligations as well as the archiving of data for privacy and data security purposes and audits by tax or other authorities. In addition, the disclosure of personal data in the context of administrative/judicial action may be required for purposes of gathering evidence, prosecuting, or enforcing civil claims.
Existence of automated decision-making in individual cases (including profiling)
We do not employ any fully automatic decision-making processes pursuant to Article 22 GDPR.

1.3 Consequences of not providing data

In the context of our business relationship, you must provide the personal information necessary to establish, conduct, and complete the transaction and to perform the associated contractual obligations or that we are required by law to collect. Without this data, we will not be able to conduct the transaction with you.

1.4 Recipients of data within the EU

Within our company, those internal bodies or organizational units will receive your data who need it to fulfill our contrac-tual and legal obligations or in the processing and implemen-tation of our legitimate interests. Within our group of companies, your data will be transmitted to specific companies if they perform data processing tasks centrally for the companies associated with the group (such as billing, file disposal, IT support).
We will not forward your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards there as with us. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.
Recipient:
evasys GmbH
Konrad-Zuse-Allee 13
21337 Lüneburg
Germany
Education partner that provided education services for you in the individual case.

1.5 Retention period

If the data is no longer required for the fulfillment of contrac-tual or legal obligations and rights, it is regularly deleted, unless its temporary further processing is required to fulfill an overriding legitimate interest.

1.6 Your rights

Under certain circumstances, you may assert your rights of access, rectification, erasure, restriction, data portability and objection.
You also have the right to submit a complaint to the above-mentioned data protection officer or to a data protection supervisory authority
The data protection supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information (Landesbeauftragter für Datenschutz und Informationsfreiheit) for Baden-Württemberg, box 10 29 32, 70025 Stuttgart.