At DataGuard, personal data are processed primarily in the data protection management platform provided to the clients. This platform was developed in-house by DataGuard. The following personal data of employees who are employed by DataGuard clients will be processed:
- First name and surname
- Title and academic degree
- Email address
- Position within the company
- Phone number
- Role assigned within the platform and the according authorisations
- All personal data that are provided to us during communication with clients
DataGuard collects data from people in the following manners:
- Querying of the personal data after concluding a contract with DataGuard from the persons themselves, or receipt of personal data via an employee of the client company. This could also concern employees of service providers used by a client’s company.
- Entry of employees’ personal data by an administrative assistant of the client in the data protection platform
We will process your data for the following purposes:
- Client management and client support – in particular the processing of client queries
- Direct marketing in the form of telephone calls and emails
- Issuing of invoices
- Performance of post-contractual measures
- Assertion, exercise, or defence of legal claims
- Establishment, implementation, and termination of a contractual relationship
Data processing takes place on the basis of the contractual relationship and on the basis of the legitimate interest. A balancing of interests hereby always takes place. In doing so, we balance the rights and freedoms of the data subject against the interests of DataGuard, in the form of contract performance for our clients.
The following service providers are involved, as data processors, in our processing of client data:
Deutsche Telekom AG – Bonn, Germany: DataGuard uses dedicated servers of the Open Telekom Cloud (OTC) to host the data protection platform. This service is operated by Deutsche Telekom AG. The Open Telekom Cloud has a Trusted Cloud seal from the German Federal Ministry for Economic Affairs and Energy, and numerous certifications, such as ISO 27001:2013, to verify the high security level of the OTC. DataGuard has entered into a Data Processing Agreement with Deutsche Telekom.
Iversity GmbH – Berlin, Germany: In order to perform training for employees of DataGuard clients, we use a training platform operated by service provider Iversity. This service is used to process names and email addresses. This is necessary to be able to issue the according certificates of participation. DataGuard has entered into a Data Processing Agreement with the service provider.
LogMeIn Ireland Limited – Dublin, Ireland: DataGuard uses the telephone conference function of GoToMeeting to perform audits with clients. No client data are passed on to LogMeIn. Clients dial into the conferences themselves via their own telephony systems. No recording takes place. DataGuard has entered into a Data Processing Agreement with LogMeIn.
SevDesk GmbH – Offenburg, Germany: DataGuard uses the SevDesk tool to issue invoices and reminders. We have entered into a Data Processing Agreement with the service provider.
neXenio GmbH – Berlin, Germany: DataGuard uses the Bdrive data exchange service to transfer files. This is a highly secure data and file exchange service developed by the Bundesdruckerei (Federal Printing Office). We have entered into a Data Processing Agreement with the service provider.
Datev GmbH – Nuremberg, Germany: In order to comply with the GoBD (German regulations for the keeping of books and records electronically), we use the services of DATEV. We have entered into a Data Processing Agreement with the service provider.
DemoDesk GmbH – Munich, Germany: DataGuard uses the DemoDesk service to carry out welcome meetings as part of the clients’ on-boarding processes. The data transferred to DemoDesk will be erased within 2 weeks. A Data Processing Agreement has been concluded with the service provider.
GSG Inkasso GmbH – Munich, Germany: When outstanding accounts are being settled, we will also pass on personal data to our collection service provider, GSG, where necessary. DataGuard will initially send two reminders and attempt to reach the point of contact named by the client, in order to find a solution to settle open accounts. If this proves unsuccessful, GSG will be authorised by power of attorney to collect outstanding amounts on behalf of DataGuard.
Microsoft Inc. – Redmond, USA: DataGuard uses the Office 365 service, incl. Microsoft Teams, to carry out audit phone calls via video telephony, and Outlook for communication of appointments via email. A Data Processing Agreement with Standard Contractual Clauses (in accordance with European Union specifications) has been concluded with the service provider as part of the Online Services Terms. Your personal data, which will be forwarded to the processor for the performance of the planning and the actual video call, will be erased as soon as the purpose of the storage no longer applies.
When processing data of clients and their service providers, we will generally always erase or block your personal data when the purpose of the storage no longer applies. Storage may also take place if required by legal standards to which we are subject, for example in relation to statutory retention and documentation obligations. In such cases, we will erase or block your personal data after the according standards cease to apply.