Impressum

Data Protection

Data Processing Principles at points Gesellschaft für digitale Informationssysteme mbH

You landed on this page via a link, because you are interested in learning more about our handling of (your) personal data. In fulfilment of our obligation to provide information pursuant to Art. 12 ff. of the General Data Protection Regulation (GDPR), we are pleased to provide this information regarding data protection below.

Who controls data processing?

The data controller in the sense of the General Data Protection Regulation is

points Gesellschaft für digitale Informationssysteme mbH
Landhausstr. 198-200
70188 Stuttgart, Germany

Additional information about the company, details about its authorized representatives and other contact options can also be found in the „Imprint“ section of our website.

What personal data do we process? And for what purposes?

If you provide your data to us, as a matter of principle we will only process them for the purposes for which we have received or collected them.

Data processing for any other purposes will only be considered if the required legal prerequisites pursuant to Art. 6, Sec. 4 GDPR permit this. In this event, we will, of course, comply with the notification requirements under Art. 13, Sec. 3 GDPR and Art. 14, Sec. 4 GDPR.

What is the legal basis?

The legal basis for processing your personal data is generally Art. 6 DSGVO, unless there are specific other applicable legal regulations. These include particularly the following:

  • Consent (Art. 6, Sec. 1, Let. (a) GDPR)
  • Data processing necessary for the performance of a contract (Art. 6, Sec. 1, Let. (b) GDPR)
  • Data processing on the basis of legitimate interests (Art. 6, Sec. 1, Let. (f) GDPR)
  • Data processing necessary for compliance with a legal obligation (Art. 6, Sec. 1, Let. (c) GDPR)

If your personal data is processed by us on the basis of your consent, you have the right to revoke this consent at any time, effective from that time forward.

If your personal data is processed by us on the basis of our legitimate interests, as the data subject, you have the right to object to the processing of your personal data subject to the provisions in Art. 21 GDPR.

How long are the data stored?

We process data for as long as it is necessary to achieve their respective purpose.

If there are legal retention period requirements – such as under commercial laws or tax laws – the respective personal data will be stored for the statutory retention period. When the statutory retention period expires, we will determine whether there is any continuing need to process the data. If this is not the case, the data are deleted.

We regularly review data with respect to any continuing need to process them near the end of each calendar year. Due to the large volume of data, this review is made with regard to specific categories of data or processing purposes.

You can request information about the data about you that we store at any time (see below), and, if it is found that they are no longer needed, request that the data be erased or processing be restricted.

Who do we share your data with?

Sharing your personal data with third parties, as a principle, only occurs if this is necessary for performing our contract with you, if it is permitted based on our legitimate interests in the sense of Art. 6, Sec. 1, Let. (f) GDPR, if we are legally required to forward your data, or if you have given your consent to your data being forwarded.

Where are the data processed?

Your personal data is processed by us exclusively in data centers in the Federal Republic of Germany.

Your rights as „data subject“

You have the right to be provided with information about your personal data that we process.

If we receive a request for such information that is not in writing, we ask for your understanding that we may request documentation from you, if applicable, that proves that you are the person you purport to be.

You also have the right to rectification or erasure, or to restriction of processing, if you are legally entitled to these rights.

You also have a right to object to processing, subject to the applicable legal provisions. The same applies to your right to data portability.

Importantly, you have a right to object to your data being processed for direct marketing purposes, if this is based on the grounds of legitimate interests, pursuant to Art. 21, Sec. 1 and 2 GDPR.

Our Data Protection Officer

We have named a data protection officer for our company. You can contact them in one of the following ways:

points Gesellschaft für digitale Informationssysteme mbH
– Data Protection Officer –
Landhausstr. 198-200
70188 Stuttgart, Germany

E-mail: datenschutz@points.de

Your right to lodge a complaint

You have the right to lodge a complaint about our processing of personal data with a supervisory authority for data protection.