Privacy Policy
Privacy Policy
September 2024
We (i.e., the company providing you with this Privacy Policy or the one mentioned in the imprint as the operator of this page) take the protection of your personal data seriously. This Privacy Policy describes how we collect and gather your personal data, use, disclose, transmit and store it (“process”). The personal data collected depends on the context of your interactions with us, the products, services, and features you use, your location and residence, and the applicable law.
1. Processing of personal data in connection with your use of our websites, applications and online services
Data categories and purpose of processing
As part of your use of our external and internal websites, applications or online services (each an “Online Offer”), we process the following categories of personal data:
- Your contact information, such as first and last name, business address, business phone number, business mobile phone number, and business email address,
- Organizational information, including position and company name,
- Further personal data that you provide yourself in contact and other forms of an Online Offer,
- Information you provide in the context of a support request, survey, comment, or forum post,
- Information automatically collected as part of the use of an Online Offer, such as your device and user ID, information about your operating system, pages and services you visited and used during your visit, as well as date and time of a user request.
We process your personal data for the following purposes:
- To enable you to use the services and features of the Online Offers, including to create and administer your online account, in the scope of updates, security, and error correction measures,
- To provide customer support and to improve and develop our Online Offers further,
- To account for the usage of an Online Offer, to establish your identity and enable user authentication,
- To process your request or instruction,
- To fulfil your order and provide you with related information and offers,
- To contact you with information and offers regarding our products and services and to send you further marketing information or to contact you within the scope of customer satisfaction surveys, as described in section 3,
- To enforce our terms of use, assert or defend legal claims, and to avert and prevent fraudulent and similar actions, including attacks on our IT infrastructure.
Online offers provided by your company
In some cases, our online offers are provided to you by the company you are employed with. If you use an Online Offer provided by your company, the processing of personal data uploaded by you or your company into the content of the Online Offer will be carried out on behalf and at the instruction of your company and within the scope of a data processing agreement between your company and us. In this case, your company is legally responsible for data protection. If you have any questions about the personal data that we process as a processor for your company, please contact your company.
2. Processing of personal data in connection with your use of our marketplaces
Data categories and purpose of processing
In the context of your use of our marketplaces (each a “Marketplace”), we process the following categories of personal data:
- Your contact information, such as first and last name, business address, business phone number, business mobile phone number, and business email address,
Organizational information, including position and company name,
Payment data, such as information required to process payment transactions or prevent fraud,
including credit card information and card verification numbers,
other personal data you provide yourself in contact and other forms of a marketplace,
Information you provide in the context of a support request, survey, comment, or forum post,
Information required by law in the context of compliance and export control screenings, such as date of birth,
nationality, residence, identity numbers, information on relevant court proceedings and other legal disputes and
Information automatically collected as part of the use of a marketplace, such as your device and user ID,
information about your operating system, pages and services you visited and used during your visit, as well as
date and time of a user request.
We process your personal data for the following purposes:
- Communication with you regarding our services and products, e.g., to process your inquiries or provide technical information
on products,
- Planning, conducting, and managing the (contractual) business relationship, e.g., to process orders for products and
services, collect payments, for accounting and billing purposes, and perform deliveries,
maintenance or repairs,
- Contacting you with information and offers about our products and services and carrying out further
marketing activities and customer satisfaction surveys as described in section 4,
- Maintaining and protecting the security of our products and services and our websites, preventing and detecting
security risks, fraudulent actions or other criminal or harmful acts,
- Complying with legal requirements (e.g., tax and commercial retention obligations), existing obligations for
compliance screenings (to prevent economic crime or money laundering) as well as our policies and
industry standards and
- Resolving legal disputes, enforcing existing contracts, and asserting, exercising, and defending legal claims.
3. Processing of personal data from business partners
Data categories and purpose of processing
In the context of collaboration with business partners, we process personal data of end consumers and contact persons
at customers, prospects, distribution partners, suppliers, and partners (each a “Business Partner”):
- Contact information, such as first and last name, business address, business phone number, business mobile phone number
and business email address,
- Organizational information, including position and company name,
- Payment data, such as information required for carrying out payment transactions or fraud prevention, including
credit card information and card verification numbers,
- Further information, the processing of which is necessary within the scope of a project or the execution of a contractual relationship with us or that is voluntarily provided by business partners, e.g., within the scope of orders placed, inquiries or project details,
- Personal data collected from publicly available sources (including company or profession-related social networks
and websites), information databases or from credit agencies and
- Information required by law in the context of compliance and export control screenings, such as date of birth,
nationality. residence, identity numbers, information on relevant court proceedings and other legal disputes,
in which business partners are involved.
We process the personal data for the following purposes:
- Communication with business partners about products, services, and projects, e.g., to handle inquiries from business partners
or provide technical information on products,
- Planning, executing and managing the (contractual) business relationship between the business partner and us,
e.g., to process orders for products and services, collect payments, for accounting and billing purposes and perform deliveries,
maintenance or repairs,
- Creating a personal profile with business-related information about interactions between you and us with the goal of,
providing you and the company you work for, with relevant information and suitable offers for services and products
and improving our personal communication with you,
- Conducting market analyses, competitions, contests or similar activities and events,
- Contacting you with information and offers about our products and services and carrying out further
marketing activities and customer satisfaction surveys as described in section 4,
- Maintaining and protecting the security of our products and services and our websites, preventing and detecting
security risks, fraudulent actions or other criminal or harmful acts,
- Complying with legal requirements (e.g., tax and commercial retention obligations), existing obligations
for compliance screenings (to prevent economic crime or money laundering) as well as our policies
and industry standards and
- Resolving legal disputes, enforcing existing contracts and asserting, exercising, and defending
legal claims.
4. Processing personal data for customer satisfaction surveys and direct marketing
Under applicable laws, we may use your contact information for direct marketing purposes (e.g., trade fair invitations,
newsletters with information and offers about our products and services) and for conducting
customer satisfaction surveys, also by email. You have the right to object to the use of your
contact information for these purposes at any time by sending an email to info@auctoa.de or using the
objection option in the message you have received.
5. Processing personal data in connection with your application
If you apply for an open position with us, we process your personal data as described in the
privacy policy of the auctoa Recruiting Portal or the application platform you are using.
6. Transmission and disclosure of personal data
We only transmit your personal data as described below:
Companies and distribution partners
To the extent and the purpose necessary to perform our business relationship with you, we transmit
your personal data to our affiliates and other third parties (e.g., distribution partners and representatives).
For example, we distribute certain products and services solely through local business relationships, and in this
case, we transmit your personal data to our respective local companies or other distribution partners,
who handle the business relationship with you.
Transactions on our marketplaces
Through our marketplaces, we also provide products, services, and offers from our companies and others
third parties. We transmit personal data of our customers in connection with these transactions to the respective company and/or other third parties.
Service providers
We subcontract companies and other companies to perform tasks on our behalf,
e.g., manufacturers, service providers, IT services, or payment processing. These companies and other companies
process personal data solely for the purpose of the commissioned products and services.
Other third parties
We transmit personal data in connection with fulfilling legal obligations or the
establishment, exercise or defence of rights or claims to other third parties (e.g., for court and
arbitration proceedings, to regulatory, law enforcement, and government authorities, lawyers and consultants).
Recipients of your personal data may be located outside the country where you reside.
Personal data that you publish via online offers (e.g., in chat rooms or forums), can be
accessible to other registered users of the respective online offer worldwide.
7. Storage periods
Unless an explicit retention period is specified at the time of collection (e.g., as part of a consent declaration),
your personal data will be deleted if it is no longer necessary to fulfil the purpose of the storage,
unless legal retention obligations (e.g., commercial and tax retention obligations) prevent deletion.
8. Your rights
Under applicable data protection law, you may have the right to:
- request confirmation as to whether we process personal data about you and access the
personal data we process,
- request the correction of inaccurate personal data,
- request the deletion of personal data that we process,
- request the restriction of processing of personal data,
- request the transfer of personal data you actively provided to us,
- object to the processing of personal data for reasons arising from your particular situation or
- revoke a given consent.
9. Data security
We take appropriate technical and organizational measures to protect personal data from accidental
or unlawful destruction, use, or alteration and unauthorized disclosure or unauthorized access.
10. Contact
Our data protection organization assists with all questions related to data protection. Complaints
against our data protection organization can also be made, and the rights mentioned in this Privacy Policy can be exercised.
Our data protection organization can be contacted at datenschutz@auctoa.de.
Our data protection organization is always committed to addressing and remedying your inquiries and complaints.
In addition to contacting the data protection organization, you can also contact the responsible
data protection supervisory authority at any time.
11. Processing of personal data under the EU General Data Protection Regulation
This section applies if your personal data is processed by one of our companies based in
the European Economic Area.
Data controller for data processing
Online offers
The company named in the imprint of the online offer is the data controller for processing
activities described in this Privacy Policy.
Marketplaces
The company stated as the operator of the marketplace on the marketplace is the data processing controller.
Personal data of business partners in our customer relationship systems
We may share business partner contact information within our business relationship with us with other companies.
We and these companies are jointly responsible for the protection of your personal data
(Article 26 GDPR). To ensure that you can easily and reliably exercise your data protection rights in the context of this
joint responsibility, we have agreed with these companies that you can exercise your rights as described in section 6 not only against the respective company but also centrally against SCAILE Technologies GmbH. Contact us at: datenschutz@auctoa.de.
Legal basis of processing
The GDPR obliges auctoa to inform you about the legal basis of data processing.
Unless otherwise expressly indicated at the time of collection of the personal data, the legal basis for the processing is:
- the implementation and fulfilment of a contract with you (Article 6 (1) (b) GDPR)
(“Contract execution”),
- the fulfilment of legal obligations to which we are subject (Article 6 (1) (c) GDPR)
(“Fulfilment of legal obligations”), or
- the protection of our legitimate interests (Article 6 (1) (f) GDPR)
(“Legitimate interest in processing”).
Our legitimate interest lies in the processing of your personal data for the purpose:
(i) of offering and operating the online offers and
(ii) in the initiation, execution and completion of our business relationship.
To the extent that our Legitimate interest in processing is specified below as the legal basis for the processing of your personal data, we believe that your interests, fundamental rights and freedoms are sufficiently taken into account, as:
(i) we regularly review the processing activities and processes described in this privacy statement,
(ii) we consider the protection of your personal data in our processes, including the Binding Corporate Guidelines
on the protection of personal data (auctoa Binding Corporate Rules),
(iii) we guarantee the transparency of our processing activities and
(iv) you have the aforementioned rights with regard to our processing activities.
If you would like more information on the interest measurement described, please contact our
data protection organization at datenschutz@auctoa.de.
If you have expressly given your consent to the processing of your personal data in individual cases, this
consent is the legal basis for processing (Article 6 (1) (a) GDPR) (“Consent”).
Processing of personal data in connection with the use of our online offers - purpose and legal basis
- Enabling the use of the services and features of the online offers, including creating and
administering your online account, in the context of updates, security, and error correction measures, to provide customer support
and to improve and further develop our online offers
- Contract execution (Article 6 (1) (b) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
- Billing for the use of an online offer
- Contract execution (Article 6 (1) (b) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
- Determining identity and user authentication
- Contract execution (Article 6 (1) (b) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
- Processing your request or instruction
- Contract execution (Article 6 (1) (b) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
- Processing your order and making available related information and offers
- Contract execution (Article 6 (1) (b) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Sending marketing information or contacting you within the scope of customer satisfaction surveys, as described in section 3
- Consent, if given voluntarily (Article 6 (1) (a) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Enforce our terms of use, assert and defend legal claims, avert and prevent
fraudulent and similar actions, including attacks on our IT infrastructure
- Fulfilment of legal obligations (Article 6 (1) (c) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Processing of personal data in connection with your use of our marketplaces and business partners
Communication about products, services, and projects, e.g., to handle inquiries from business partners or
provide technical information on products
- Contract execution (Article 6 (1) (b) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Planning, executing, and managing the (contractual) business relationship between us, e.g., to process orders for products
and services, collect payments, for accounting and billing purposes, and to perform deliveries,
maintenance or repairs
- Contract execution (Article 6 (1) (b) GDPR)
- Fulfilment of legal obligations (Article 6 (1) (c) GDPR)
Creating a personal profile with business-related information about interactions between you and us with the aim of,
providing you and the company you work for, with relevant information and suitable offers for services and products
and improving our personal communication with you,
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Conducting market analyses, competitions, contests or similar activities and events
- Consent, if given voluntarily (Article 6 (1) (a) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Conducting customer satisfaction surveys and direct marketing as described in section 4
- Consent, if given voluntarily (Article 6 (1) (a) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Maintaining and protecting the security of our products and services as well as our websites, preventing and
detecting security risks, fraudulent behavior or other criminal or harmful acts,
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Compliance with legal requirements (e.g., tax and commercial retention obligations), existing
obligations to conduct compliance screenings (to prevent economic crime or money laundering) as well as our
policies and industry standards
- Fulfilment of legal obligations (Article 6 (1) (c) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Resolving legal disputes, enforcing existing contracts and asserting, exercising, and defending
legal claims
- Fulfilment of legal obligations (Article 6 (1) (c) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
Processing of personal data for customer satisfaction surveys and direct marketing
Processing your contact details for direct marketing purposes (e.g., trade fair invitations, newsletters with further information
and offers about our products and services) and for conducting customer satisfaction surveys
- Consent, if voluntarily given (Article 6 (1) (a) GDPR)
- Legitimate interest in processing (Article 6 (1) (f) GDPR)
International data transfers
If we transfer your personal data to a recipient whose place of business is not in the European
Economic Area, we ensure your data is adequately protected in line with the GDPR. In this context, we take the following steps if legally required:
- we only transfer your personal data to companies in such countries if they have implemented the Binding Corporate Rules (BCR) for the protection of personal data.
- Personal data is only transferred to non-group recipients in such countries if they have
(i) concluded EU Standard Contractual Clauses with us or
(ii) implemented Binding Corporate Rules.
Further information and a copy of the implemented measures are available under datenschutz@auctoa.de.
The competent data protection authority
Our data protection organization assists with all questions related to data protection. In addition to contacting
the data protection organization, you can also contact the responsible data protection supervisory authority at any time.
An overview of the national and international data protection authorities is available here.
12. Processing of personal data under Swiss data protection law
Every data subject has the right to enforce their rights before a court or lodge a complaint with the
competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
13. Additional information for users of online offers and business partners in the USA
The following additional information applies to US citizens:
**Do Not Track**
Our online offers do not recognize so-called “Do Not Track” settings of your web browser.
For further information about the “Do Not Track” functionality, please visit the help pages of your web browser.
**Use by children**
Our online offers are not directed at children under 13 years of age. To the extent legally required, we do not knowingly collect personal data from children under 13 years of age without the consent of their legal guardians.
We only collect and transmit personal data from children where it is legally permissible to obtain the consent of the legal guardians or to protect the child.
**Your rights in certain US states**
Under the laws of certain US states, residents of these states have additional rights with regard to their
personal data. Further information is available here.