Privacy Policy
Privacy Policy
September 2024
We (i.e., the company providing you with this privacy policy or the one named in the imprint as the operator of this site) take the protection of your personal data seriously. This privacy policy describes how we collect, gather, use, disclose, transmit, and store (“process”) your personal data. The personal data collected depends on the context of your interactions with us, the products, services, and features you use, your location and headquarters, as well as applicable law.
1. Processing of personal data in connection with your use of our websites, applications, and online services
Data categories and purpose of processing
In the context of your use of our external and internal websites, applications, or online services (each an “Online Offering”), we process the following categories of personal data:
- Your contact details, such as first and last name, business address, business phone number, business mobile number, and business email address,
- Organizational information, including position and company name,
- Other personal data that you provide yourself in contact and other forms of an Online Offering,
- Information you provide in the context of a support request, survey, comment, or forum post,
- Information that is automatically collected in the context of using an Online Offering, such as your device and user ID, information about your operating system, pages and services you have visited and used during your visit, as well as date and time of a user request.
We process your personal data for the following purposes:
- To enable you to utilize the services and functions of the Online Offerings, including creating and managing your online account, within updates, security, and error correction measures,
- To provide customer support and improve and further develop our Online Offerings,
- To bill the use of an Online Offering, to establish your identity and enable user authentication,
- To process your request or instruction,
- To process your order and provide you with related information and offers,
- To contact you with information and offers about our products and services and to send you further marketing information or to contact you in the context of customer satisfaction surveys as described in section 3,
- To enforce our terms of use, assert legal claims or defend against them, and to prevent and deter fraudulent and similar actions, including attacks on our IT infrastructure.
Online offerings provided by your company
In some cases, our online offerings are provided to you by the company you are employed at. When you use an online offering provided by your company, the processing of personal data that you or your company has uploaded is performed on behalf of and according to your company's instructions under a data processing agreement between your company and us. In this case, your company bears responsibility for data protection. If you have questions about personal data we process as a data processor for your company, please contact your company.
2. Processing of personal data related to your use of our marketplaces
Data categories and purpose of processing
In the context of your use of our marketplaces (each a “Marketplace”), we process the following categories of personal data:
- Your contact details, such as first and last name, business address, business phone number, business mobile number, and business email address,
Organizational information, including position and company name,
Payment information, such as information required for processing payments or fraud prevention,
including credit card information and card verification numbers,
Other personal data that you provide yourself in contact and other forms of a Marketplace,
Information you provide in the context of a support request, survey, comment, or forum post;
Information that is legally required in the context of compliance and export control screenings, such as date of birth,
citizenship, residency, identification numbers, information on relevant legal proceedings, and other legal disputes and
Information that is automatically collected in the context of the use of a Marketplace, such as your device and user ID,
information about your operating system, pages and services you have visited and used during your visit, and
the date and time of a user request.
We process your personal data for the following purposes:
- Communicating with you about our services and products, e.g., to process your inquiries or provide technical information
on products,
- Planning, executing, and managing the (contractual) business relationship, e.g., to process orders for products and
services, collect payments, for accounting and invoicing purposes, and to conduct deliveries,
maintenance activities or repairs,
- Contacting for information and offers concerning our products and services and conducting further
marketing activities and customer satisfaction surveys as detailed in section 4,
- Maintaining and ensuring the security of our products and services and our websites, preventing and detecting
security risks, fraudulent activity, or other criminal or harmful actions,
- Complying with legal requirements (e.g. tax and commercial record-keeping obligations), existing obligations for
conducting compliance screenings (to prevent economic crime or money laundering) along with our policies and
industry standards and
- Settling legal disputes, enforcing existing contracts, and claiming, exercising, and defending legal claims.
3. Processing of Personal Data of Business Partners
Data categories and purpose of processing
In the course of working with business partners, we process personal data of end consumers and contact persons
at customers, prospects, sales partners, suppliers, and partners (each a “Business Partner”):
- Contact information, such as first and last name, business address, business phone number, business mobile number
and business email address,
- Organizational information, including position and company name,
- Payment data, such as information needed for processing payments or fraud prevention, including
credit card information and verification codes,
- Other information required to process a project or fulfill a contractual relationship with us or that is voluntarily
provided by business partners, e.g., in the context of placed orders, inquiries, or project details,
- Personal data from publicly accessible sources (including company- or profession-related social networks
and websites), information databases, or from credit agencies and
- Information legally required in the context of compliance and export control screenings, such as date of birth,
citizenship, residency, identification numbers, information on relevant legal proceedings, and other legal disputes,
involving business partners.
We process the personal data for the following purposes:
- Communication with business partners about products, services, and projects, e.g., to process inquiries from the business partner
or provide technical information on products,
- Planning, executing, and managing the (contractual) business relationship between the business partner and us,
e.g., to process orders for products and services, collect payments, for accounting
and invoicing purposes, and to conduct deliveries, maintenance activities, or repairs,
- Creating a personal profile with business-related information about interactions between you and us with the aim of
offering you and the company you work for relevant information and appropriate offers of services and products
and to improve our personal communication with you,
- Conducting market analysis, competitions, sweepstakes, or similar actions and events,
- Contacting for information and offers on our products and services and conducting further
marketing activities and customer satisfaction surveys as detailed in section 4,
- Maintaining and ensuring the security of our products and services as well as our websites, preventing and detecting
security risks, fraudulent activity, or other criminal or harmful actions,
- Complying with legal requirements (e.g. tax and commercial record-keeping obligations), current obligations
for conducting compliance screenings (to prevent economic crime or money laundering) along with our policies
and industry standards and
- Settling legal disputes, enforcing existing contracts, and claiming, exercising, and defending
legal claims.
4. Processing of personal data for customer satisfaction surveys and direct marketing
Within the framework of applicable laws, we may use your contact details for the purposes of direct marketing (e.g. trade fair invitations,
newsletters with information and offers about our products and services) and for conducting
customer satisfaction surveys, each also by email. You have the right to object to the use of your
contact details for these purposes at any time by sending an email to info@auctoa.de or by using the
means of objection provided in the message you received.
5. Processing of personal data in connection with your application
If you apply for an open position with us, we process your personal data as described in the
privacy policy of the auctoa Recruiting Portal or the application platform you used.
6. Transmission and sharing of personal data
We only transmit your personal data as described below:
Companies and sales partners
To the extent necessary for the conduct of our business relationship with you, we transmit
your personal data to our companies and other third parties (e.g. sales partners and agents).
We distribute certain products and services, for example, only through local business relationships, and in this
case, we transmit your personal data to our respective local companies or other sales partners,
who handle the business relationship with you.
Transactions on our marketplaces
Through our marketplaces, we also provide products, services, and offers from our companies and other
third parties. We transmit our customers' personal data in connection with these transactions to the respective company and/or other third parties.
Service providers
We engage companies and other entities to perform tasks on our behalf,
e.g. manufacturers, service providers, IT services, or payment processing. These companies and other entities
process personal data solely for the purpose of the commissioned products and services.
Other third parties
We transmit personal data in connection with fulfilling legal obligations or establishing, exercising, or defending rights or claims to other third parties (e.g. for court and arbitration proceedings, to regulatory, law enforcement, and government agencies, to attorneys, and advisors).
Recipients of your personal data may be located outside the country where you reside.
Personal data you publish via online offers (e.g. in chat rooms or forums) may be
accessible worldwide to other registered users of the respective online offer.
7. Retention periods
Unless an explicit retention period is specified at the time of collection (e.g. as part of a consent declaration),
your personal data will be deleted insofar as it is no longer required for fulfilling the purpose of storage,
unless legal retention obligations (e.g. commercial and tax retention obligations) prevent deletion.
8. Your rights
Under applicable data protection law, you may have the right:
- To request confirmation as to whether we process personal data about you and access the personal data we
process about you,
- To request the correction of incorrect personal data,
- To request the deletion of the personal data we process about you,
- To request the restriction of processing of personal data,
- To request the transfer of personal data you have actively provided to us,
- To object to the processing of personal data, for reasons arising from your particular situation, or
- To withdraw a declared consent.
9. Data Security
We take appropriate technical and organizational measures to protect personal data against accidental
or unlawful destruction, use, or alteration and against unauthorized disclosure or unauthorized access.
10. Contact
Our data protection organization assists with all questions regarding data protection. Complaints can also
be addressed to our data protection organization, and the rights named in this privacy policy can be asserted.
Our data protection organization can be contacted at datenschutz@auctoa.de.
Our data protection organization is always striving to address your inquiries and complaints and to remedy them.
Besides contacting the data protection organization, you always have the possibility to contact the competent
data protection supervisory authority.
11. Processing of personal data within the scope of the EU General Data Protection Regulation
This section applies if your personal data is processed by one of our companies based in
the European Economic Area.
Data controller for data processing
Online offers
The controller under the General Data Protection Regulation for the processing operations described in this
privacy policy is the company named in the imprint of the online offering.
Marketplaces
The company designated as the operator of the marketplace is the data controller.
Personal data of business partners in our customer relationship systems
We may share contact information of business partners in the context of your business relationship with us with other companies.
We and these companies are jointly responsible for protecting your personal data
(Art. 26 of the General Data Protection Regulation). To ensure that you can easily and reliably exercise your data protection rights under this
joint responsibility, we have agreed with these companies that you can exercise your data protection rights described in section 6 not only against the respective company but also centrally against SCAILE Technologies GmbH. Contact us at: datenschutz@auctoa.de.
Legal grounds for processing
The General Data Protection Regulation requires auctoa to inform you about the legal basis for data processing.
Unless otherwise expressly stated at the time of collection, the legal basis for data processing is:
- The performance and fulfillment of a contract with you (Article 6 (1) (b) of the General Data Protection Regulation)
(“Contract fulfillment”),
- The fulfillment of legal obligations to which we are subject (Article 6 (1) (c) of the General Data Protection Regulation)
(“Fulfilling legal obligations”), or
- Safeguarding our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation)
(“Legitimate interest in processing”).
Our legitimate interest lies in processing your personal data for the purpose:
(i) of offering and operating the online offers and
(ii) establishing, executing, and processing our business relationship.
Insofar as our Legitimate Interest in processing is specified as the legal basis for processing your personal data according to the table below, we believe that your rights, fundamental freedoms, and interests are adequately considered because:
(i) We regularly review the processing operations and the underlying processes described in this privacy policy,
(ii) We account for the protection of your personal data in our processes, including binding corporate rules
on the protection of personal data (auctoa Binding Corporate Rules),
(iii) We ensure the transparency of our processing activities and
(iv) You have the aforementioned rights relating to our processing activities.
If you would like more information on the described balancing of interests, please contact our
data protection organization at datenschutz@auctoa.de.
If you have expressly given your consent to the processing of your personal data in individual cases, this
consent is the legal basis for processing (Article 6 (1) (a) of the General Data Protection Regulation) (“Consent”).
Processing of personal data in the context of using our online offers - Purpose and legal basis
- Enabling the use of the services and functions of the online offers, including for creating and
administering your online account, within updates, security, and bug-fix measures, providing customer support
and improving and further developing our online offers
- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
- Billing for the use of an online offering
- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
- Establishing identity and user authentication
- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
- Processing your request or instruction
- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
- Processing your order and offering you related information and offers
- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Sending marketing information or contacting as part of customer satisfaction surveys, as described in section 3
- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Enforcing our terms of use, asserting and defending legal claims, deterring and preventing
fraudulent and similar actions, including attacks on our IT infrastructure
- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Processing of Personal Data Related to Your Use of Our Marketplaces and of Business Partners
Communication about products, services, and projects, e.g., to process inquiries from the business partner or
provide technical information on products
- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Planning, executing, and managing the (contractual) business relationship between us, e.g., to process orders for products
and services, collect payments, for accounting and invoicing purposes, and conduct deliveries,
maintenance activities, or repairs
- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)
- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)
Creating a personal profile with business-related information about interactions between you and us with the aim of
offering you and the company you work for relevant information and appropriate offers for services and products
and improving our personal communication with you
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Conducting market analyses, competitions, sweepstakes, or similar actions and events
- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Conducting of customer satisfaction surveys and direct marketing as described in section 4
- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Maintaining and ensuring the security of our products and services as well as our websites, preventing and
detecting security risks, fraudulent behavior, or other criminal or harmful actions
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Complying with legal requirements (e.g. tax and commercial record-keeping obligations), current
obligations for conducting compliance screenings (to prevent economic crime or money laundering) as well as our
policies and industry standards
- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Settling legal disputes, enforcing existing contracts, and claiming, exercising, and defending
legal claims
- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
Processing of personal data for customer satisfaction surveys and direct marketing
Processing your contact data for direct marketing purposes (e.g. trade show invitations, newsletters with further information
and offers about our products and services) and conducting customer satisfaction surveys
- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)
- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)
International data transfers
If we transfer your personal data to a recipient located outside the European
Economic Area, we ensure that your data is adequately protected in accordance with the General Data Protection Regulation.
In this context, we take the following measures if required by law:
- We only transfer your personal data to affiliated companies in such countries if they have implemented the Binding
Corporate Rules for the protection of personal data (“BCR”).
- Personal data is only transmitted to non-affiliated recipients in such countries if they
(i) have concluded EU Standard Contractual Clauses with us or
(ii) have implemented Binding Corporate Rules.
For more information and a copy of the implemented measures, contact datenschutz@auctoa.de.
The competent data protection authority
Our data protection organization assists with all questions regarding data protection. Besides contacting the
data protection organization, you always have the possibility to contact the competent data protection supervisory authority.
An overview of national and international data protection authorities is available here.
12. Processing of personal data under Swiss data protection law
Every data subject has the right to enforce their rights in court or file a complaint with the
competent data protection authority. The competent data protection authority for Switzerland is the Federal
Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
13. Further information for users of online offers and business partners in the USA
Additional information applies to US citizens as follows:
**Do Not Track**
Our online offers do not recognize so-called “Do Not Track” settings of your web browser.
For further information on “Do Not Track” functionality, please refer to your web browser’s help pages.
**Use by Children**
Our online offerings are not directed at children under the age of 13. Where legally required, we do not
knowingly collect personal data from children under the age of 13 without the consent of their legal guardians.
We only collect and transmit personal data from children when legally permissible, in order to obtain
the consent of their legal guardians or to protect the child.
**Your rights in specific US states**
Under the laws of some US states, residents of these states have additional rights concerning their
personal data. For more information on that, please click here.