→ Version 5.1
This data protection notice informs you about the processing of your personal data and your rights under the General Data Protection Regulation (GDPR).
1. Table of contents
2. Controller
3. Details of data processing
4. Use of cookies and similar technologies
5. STACKIT benefits and services
6. Processing of personal data of customers
7. References
8. Provision of your personal data by third parties
9. Obligation to provide your data
10. Your rights as a data subject
11. Contact the data protection officer
Unless otherwise stated below, the controller (Art. 4 No. 7 GDPR) for the data processing described below is
Schwarz Digits Cloud GmbH & Co. KG
Stiftsbergstraße 1
74172 Neckarsulm
Email: website@stackit.cloud
Phone: 07132 30 474747
The information contained in this section applies equally to our websites and the associated subdomains or subpages. These currently include:
*.stackit.com
*.stackit.cloud
When you use our websites, the browser used on your end device automatically and without your intervention
are sent to the server of our website and temporarily stored in a log file for the following purposes
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the protection of our systems and the prevention of abusive or fraudulent behavior each time a user accesses this website.
The log files are stored for 30 days.
We process personal data that you send us as part of your inquiry by email/post/telephone/contact form exclusively for the purpose of processing your inquiry.
We process information that you send us via the contact or registration form for registration for events (e.g. trade fair events or our webinars) for the selection and processing of corresponding registrations as well as the organization and implementation of the event.
Otherwise, the legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the aim of responding to your customer inquiry and thus promoting customer satisfaction or selecting and processing corresponding event registrations and organizing and holding the event.
If you register for an event, we will also transmit the contact details you provided when registering for certain events (in particular your name, email address, company, job title, telephone number) to other participants and any exhibitors at this event in order to enable them to contact you after the event, e.g. for advertising purposes, networking, etc. We will indicate whether such data transmission takes place by means of a corresponding note in the registration form. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR, which you give when registering for a corresponding event. Your consent is voluntary, as you are free not to register for the relevant events. You can also revoke your consent at any time by sending an email to info@stackit.cloud. In this case, your data will not be transmitted to other participants or exhibitors, unless this has already been done. This will not affect the lawfulness of the data processing carried out up until receipt of your revocation.
Insofar as we request your consent to data processing in advance in the context of communication with you, Art. 6 para. 1 sentence 1 a) GDPR is the legal basis.
If you provide us with personal data as part of the contact options in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing. This also applies to data processing for the purposes of organizing and conducting events in which you participate, insofar as you are personally a party to the corresponding contract for event participation (conditions of participation) and not, for example, your employer.
The data will be stored for 90 days after completion of your request. Experience has shown that no further queries are to be expected after this period.
We delete personal data for the selection and processing of event participation 90 days after the final selection and processing, unless an event invitation is issued.
If the data processing is based on your consent, we store the logging of the consent you have given for verification purposes for three years, starting from the time at which you withdraw your consent or the associated data processing has ended.
If legal claims are asserted, your data will be stored for three years after your request has been completed, starting at the end of the calendar year, to prove that we have fulfilled any legal claims.
We store personal data that you transmit to us as part of the initiation or execution of a contract for up to twelve years due to statutory retention obligations.
We are partly responsible for the data collection and processing described below and partly the respective operators of the social media platforms. For certain processing operations, we and the platform operators also act as joint controllers within the meaning of Art. 26 GDPR.
We operate the following social media sites:
LinkedIn: https://de.linkedin.com/company/stackit-cloud-colocation
Xing: https://www.xing.com/pages/stackit-ihrpartnerfurcloudundcolocation
YouTube: https://www.youtube.com/channel/UCrlj8jX00GYQYJO5Wnal6Bw
Facebook: https://www.facebook.com/Stackitcloud
Instagram: https://www.instagram.com/stackitcloud
We have only limited influence on the data processing by the operators of the social media platform (e.g. management of members and the information shared). At the points where we can exert influence and parameterize data processing, we work towards data protection-compliant handling by the operator of the social media platform within the scope of the possibilities available to us. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data it processes.
The platform operator operates the entire IT infrastructure of the service, maintains its own data protection regulations and maintains its own user relationship with you (if you are a registered user of the social media service). In addition, the operator is solely responsible for all questions relating to the data in your user profile, to which we as a company have no access.
You can find more information on data processing by the provider of the social media platform and other objection options in the provider's privacy policy:
LinkedIn: https://de.linkedin.com/legal/privacy-policy?trk=d_org_guest_company_overview_footer-privacy-policy
Xing: https://privacy.xing.com/de/datenschutzerklaerung
YouTube: https://policies.google.com/privacy?hl=de&gl=de
Facebook: https://www.facebook.com/privacy/explanation
Instagram: https://help.instagram.com/519522125107875
Twitter: https: //twitter.com/de/privacy
The purpose of data processing by us on our social media presences is to inform customers about services, promotions, competitions, factual topics, company news and interaction with visitors to the social media presences on these topics, as well as to respond to corresponding queries, praise or criticism.
We only reserve the right to delete content should this be necessary. We may share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Data processing is carried out in the interest of our public relations and communication. The operator has no influence on the processing of your data carried out by us in the context of customer communication or competitions.
As already mentioned, we take care to design our social media pages to be as data protection compliant as possible where the provider of the social media platform gives us the opportunity to do so.
The data you enter on our social media pages, such as comments, videos, images, likes, public messages, etc., are published by the social media platform for this purpose and are not used or processed by us for any other purpose at any time. We only reserve the right to delete illegal content if this should be necessary. This is the case, for example, with posts that violate the law or are illegal, hate comments, offensive comments (explicitly sexual content) or attachments (e.g. images or videos) that may violate copyrights, personal rights or criminal laws.
We may share your content on our site if this is a function of the social media platform and communicate via the social media platform. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential inquiries to our address stated under point 1 or in the legal notice.
We will delete or securely anonymize all personal data that you provide to us in the event of inquiries no later than 90 days after the final response to you. The 90-day retention period is due to the fact that you may occasionally contact us again about the same matter after a reply and we may then need to refer to the previous correspondence. Experience has shown that, as a rule, there are no further queries about our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final reply to prove that we have provided you with comprehensive information and that the legal requirements have been met.
All public posts by you on one of our social media pages will remain in the timeline indefinitely, unless we delete them due to an update of the underlying topic, a legal violation or a violation of our guidelines, or you delete the post yourself. We have no means of influencing the deletion of your data by the operator itself. The data protection provisions of the respective operator therefore also apply.
We use the Sales Navigator function on LinkedIn. This enables us to search for corresponding profiles of LinkedIn users based on certain criteria, such as interests, professional background, place of work specified in the profile or similar, and to contact these users based on this. The Sales Navigator includes a messaging function that we can use to contact you via the profiles of our employees on LinkedIn. Messages that we exchange with you via this function on LinkedIn are stored by us for the duration of your use of the Sales Navigator. The communication that takes place in this way is not publicly visible to other users on LinkedIn. The legal basis for the data processing described is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest lies in establishing contact and forming a network of people who may be interested in STACKIT.
We also use the "Generate leads" function on the LinkedIn platform. In a first step, certain characteristics are used to pre-filter which profiles are shown our advertisements. The legal basis for this is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest is to be able to display the ads to target groups relevant to STACKIT.
When you click on our advertisements on LinkedIn, you have the option of leaving your name and business contact details and requesting that STACKIT contact you to obtain further information about our products. The data you provide will be transferred to our customer database. The legal basis for this is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest lies in effective communication with interested parties. If you provide us with personal data in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
All personal data that you provide to us in the aforementioned manner will be deleted or securely anonymized by us no later than 90 days after the final reply to you. The 90-day retention period is due to the fact that you may occasionally contact us again about the same matter after a reply and we may then need to refer to the previous correspondence. Experience has shown that, as a rule, there are no more queries about our responses after 90 days.
We store personal data that you transmit to us as part of the initiation or execution of a contract for a period of up to twelve years due to statutory retention obligations.
There is a partial relationship with the operator of the social media service in accordance with Art. 26 para. 1 GDPR (joint responsibility):
For the web tracking methods used by the operator of the social media platform, the platform operators and we act as joint controllers. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we cannot switch this off.
The legal basis for the web tracking methods is Art. 6 para. 1 sentence 1 f) GDPR. The interest in optimizing the social media platform and the respective fan page is to be regarded as legitimate within the meaning of the aforementioned provision.
Further information on the recipients or categories of recipients as well as the storage period or the criteria for determining the storage period can be found in the data protection declarations of the platform operators. We have no influence over these.
The options for exercising your rights to prevent these web tracking methods can be found in the privacy policies of the platform operators. You can also contact the platform operators using the contact details provided in the respective legal notice.
With regard to statistics that the provider of the social media platform makes available to us, we can only influence and prevent these to a limited extent. However, we make sure that no additional optional statistics are made available to us.
Please be aware that it cannot be ruled out that the provider of the social media platform may use your profile and behavioral data, for example to evaluate your habits, personal relationships, preferences, etc. Schwarz Digits Cloud GmbH & Co. KG has no influence on the processing or disclosure of your data by the provider of the social media platform.
We compile the content you share publicly and voluntarily on social media platforms (e.g. X, Facebook) using certain hashtags with reference to our company on so-called social walls. These social walls are published on our website and on our social media channels, for example for the external presentation of our company, for the implementation of marketing campaigns or competitions and for customer loyalty purposes.
Depending on the type of content, the following data is processed:
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the above-mentioned purposes.
The data used for the social wall is processed for as long as the social wall is displayed. If you delete your post displayed on the social media platform, it will no longer be displayed on the social wall.
If you agree to receive our newsletter, we will process your data:
for sending information about products, offers, promotions, services, announcements and invitations to competitions, surveys, training courses, events and webinars relating to STACKIT services and, if applicable, information about goods and services from affiliated partner and associated companies. These are currently in particular
We also use tracking mechanisms (cookies or pixel tags) to record your usage behavior in the newsletters (in particular opening, clicking on links and other activities) and create personalized usage profiles on this basis and by assigning them to your person and/or e-mail address in order to tailor the information to your interests and to improve the offers.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR (for data processing) and Section 25 para. 1 TDDDG (for the use of cookies, etc.). You can revoke your consent to receive the newsletter and the recording of newsletter activities at any time with effect for the future, e.g. by unsubscribing from the newsletter on our website. You will find the link to the unsubscribe page at the end of each newsletter. When you unsubscribe, we consider your consent to the sending of the newsletter and the recording of your usage behavior and the receipt of newsletters based on this to be revoked. Your usage data will be deleted by us. This does not affect the legality of the data processing carried out up to receipt of your revocation.
To ensure that no errors have been made when entering the e-mail address, we use the so-called double opt-in procedure: After you have entered your e-mail address in the registration field, we will send you a confirmation link. Only when you click on this link will your e-mail address be added to our mailing list.
We also process the following data to document your consent and to defend our rights:
IP address of the end device used for registration,
date and time of registration and email verification,
registration and unsubscription source and
newsletter history.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the above-mentioned purposes.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
For our newsletter, we use IT service providers who process personal data on our behalf.
If the confirmation link is not confirmed within 24 hours, your data will be deleted completely.
As soon as you unsubscribe from the newsletter, we will delete your e-mail address, your name (if provided), your company (if provided), profession (if provided), your interest and your usage data.
To prove your consent, the required data will be stored for three years, starting at the end of the calendar year in which you unsubscribe from the newsletter.
If you would like to participate in a live webinar or view it as a call-up afterwards, you will be asked to provide your name, your business e-mail address (mandatory) and your company, business telephone number and job title (optional) in order to register.
If you use the interactive functions as part of your participation, the content of your chat or other contributions (e.g. questions, answers to surveys) may also be processed. Please note that the webinar will be recorded and therefore the content of your interactions will also become part of the recording. In this context, please do not provide any personal information about yourself or third parties in your contributions.
Further information can be found in the data protection information of the respective webinar itself.
We collect the above-mentioned identity and contact data in order to be able to include them in our customer database and to be able to provide you with information about our products and, if necessary, training documents for the webinar by e-mail and telephone afterwards on the basis of your voluntary consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 7 a para. 1 UWG. In addition, the other data is required to make the webinar, including the interactive functions, technically available. This data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 f) GDPR to enable the webinar to be held to the extent necessary. With regard to contacting us by email, please refer to the information on sending newsletters.
Your consent is voluntary and can be revoked at any time. In this case, your contact details will be deleted immediately. The legality of the processing that has already taken place up to receipt of the revocation is not affected by the revocation.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
In this context, the service provider Cisco International Limited, 9-11 New Square Park, Bedfont Lakes, Feltham, England TW14 8HA, United Kingdom, is used to provide the webinar tool Webex. We use the service provider Microsoft Ireland Operations Ltd South County Business Park, One Microsoft Court, Carmanhall an Leopardstown, Dublin, D18 P521, Ireland to provide the webinar tool MS Teams Webinar/ MS Teams Live and to operate our customer database.
We delete personal data as soon as it is no longer required for the above-mentioned purposes.
Recordings of the webinar are stored for five years.
Your contact details will be stored in our customer database until you withdraw your consent. Your consent itself will also be retained for verification purposes for a further three years after deletion or for five years after the last telephone contact as part of the statutory documentation obligations.
If you would like to download one of our whitepapers, you will be asked to provide your name, your business e-mail address (mandatory) and your company and business telephone number (optional).
We collect the above-mentioned identity and contact data in order to include them in our customer database and to be able to subsequently provide you with information about our products by e-mail and telephone on the basis of your voluntary consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and Section 7 a para. 1 UWG. With regard to contacting us by email, please refer to the information on sending newsletters.
Your consent is voluntary and can be revoked at any time. In this case, your contact details will be deleted immediately. The legality of the processing that has already taken place up to receipt of the revocation is not affected by the revocation.
We delete personal data as soon as it is no longer required for the above-mentioned purposes.
Your contact data will be stored in our customer database until you withdraw your consent. Your consent itself will also be retained for verification purposes for a further three years after deletion or for five years after the last telephone contact as part of the statutory documentation obligations.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients.
The processed data is accessible to IT service providers, in particular Google Ireland, Limited Gordon House, Barrow Street Dublin 4, Ireland, as this service provider is the provider of YouTube.
Your processed data will be deleted after the end of use.
If we receive inquiries from public authorities about our customers or business partners, we process these inquiries on the basis of Art. 6 para. 1 sentence 1 f) GDPR for the purpose of examining, documenting and responding to the request in our legitimate interest or in the legitimate interest of a third party, including the public, in effective law enforcement and the assertion, defense or defense of legal claims. As a result, personal data of our customers or business partners may be transferred to the respective public authority. If there is a legal obligation for us to respond to inquiries from authorities, the legal basis for the transfer of personal data is Art. 6 para. 1 sentence 1 c) GDPR in conjunction with a relevant special law.
The public authority may provide us with information on the content of the request and other data that we need to identify the data subject. Otherwise, we use the data already known to us to process the request, insofar as this is absolutely necessary to process the request. The content of the request and the data processed depend on the specific individual case. This may include, for example, names, contact details, information on the payment method and information on possible criminal offenses or administrative offenses.
If necessary to process the request and covered by the above-mentioned legal basis, we transmit personal data to public authorities (e.g. police authorities, public prosecutors or courts) and external parties who support us in processing the request (e.g. law firms, legal advice service providers, credit agencies, detectives). Furthermore, the request, including the relevant data, may be forwarded within our group of companies to the departments responsible for processing.
In exceptional cases, data is processed on our behalf by processors in the area of customer service.
We store the inquiries and the associated communication until the expiry of the applicable statutory periods.
If you contact the STACKIT customer hotline, personal data will be processed in the course of processing your telephone inquiry (by default: name, title, contact details).
We will, of course, treat any personal information that you provide to us during a telephone conversation as part of a customer service inquiry as confidential. We use your data exclusively for the purpose of processing your request.
The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest here arises from the interest in answering your inquiries and thus maintaining and promoting the satisfaction of our customers, employees, business partners and other persons interested in STACKIT as part of the service.
If you provide us with personal data within the scope of the contact options in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
All personal data that you provide to us in telephone inquiries will be deleted or securely anonymized by us no later than 90 days after the conversation. The 90-day retention period is due to the fact that you may occasionally contact us again about the same matter after a conversation and we may then need to refer to the information you have already provided. Experience has shown that, as a rule, after 90 days there are no more queries about conversations that have taken place.
We process personal data that you provide to us as part of your support request exclusively for the purpose of processing your request.
The legal basis for this data processing in the context of initiating or executing a contract is Art. 6 para. 1 sentence 1 b) GDPR.
Otherwise, the legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the aim of answering your support request and thus promoting customer satisfaction.
You have the option of sharing support tickets you have created with other people who you have assigned as users to your organization account in our STACKIT portal. External users can also be considered as users if you have assigned them to your organization in the STACKIT portal. For sharing, each user has the option of choosing from the users assigned to your organization account as possible recipients. Accordingly, the user can have the users of your organization suggested as recipients of the ticket by name and/or e-mail address. Each user with whom a ticket is shared also receives information about the other users (name and email address) from your organization account with whom the same ticket was shared.
All personal data that you provide to us in support requests will be deleted or securely anonymized by us at the latest at the end of the existing business relationship with you.
To use STACKIT services, you need an account for the STACKIT portal. This is associated with various functions and services.
An account is required in order to use STACKIT services. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the fact that we would like to offer our services to potential customers and they need an account for this.
If the data processing takes place in the course of a contract initiation or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for the data processing.
In the course of registration, it may be necessary for us to carry out a credit and risk assessment of your company. This basically involves information about your company, which only constitutes personal data in exceptional cases if the company is not a legal entity, e.g. in the case of a sole proprietorship. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the stated purpose.
Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients, in particular for the purposes of creditworthiness and risk assessment.
Your data will always be deleted or securely anonymized once the purpose has been achieved. Different time limits apply here.
To complete your registration, you will receive an email to the address you have provided to confirm account activation (so-called user account). If you do not activate your user account, all your data will be deleted after 90 days. After activation, you will be asked to create a customer account. If no customer account is created and the user account is not assigned to any customer account in the subsequent sequence, all your data will also be deleted after 90 days.
If a customer account is not activated by us, all your data will be deleted after 120 days. If a customer account is rejected by us, all your data will be deleted immediately.
We delete personal data for the creditworthiness and risk assessment of your company as soon as it is no longer required for the stated purpose.
In order to enable you to use the STACKIT portal, data processing is required so that we can manage the account in the back office. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the fact that you can manage the account yourself, for example to be able to invite other users to the customer account.
If you provide us with personal data in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
There is a differentiated deletion concept that differentiates the individual, generally proportionate deletion periods according to data types. Your personal data is always deleted when the purpose has been achieved, i.e. it is stored for as long as the user/project is created. In the latest case, the data will be deleted after 120 days, provided there are no retention obligations to the contrary.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from ensuring the security of the data stored in the cloud. In addition, your data is processed as part of systemic evaluations for the purposes of IT security (incorrect login attempts), evaluation of the services/features used for billing purposes as well as capacity management, optimization purposes and ensuring operation.
If the data processing takes place in the course of an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for the data processing.
The data is generally stored for as long as the system user is active. After that, the deletion period is 30 days. The log files are deleted after 90 days.
The legal basis for the processing of personal data with regard to the aggregation and provision of usage data is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the determination of consumption in order to see which customer has consumed/purchased what with regard to the use of the cloud.
If personal data is processed for further processing for billing purposes, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing, provided that the data subjects are contracting parties. If this affects persons who are not contractual partners, the data processing can be based on Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest in data processing arises from the chargeable nature of the services offered.
In cases in which STACKIT end customers receive services due to the activities of STACKIT partner companies (e.g. agents or resellers) and the partner's commission is influenced by the end customer's use of STACKIT cloud services or their scope of use, the partner receives information on the end customer's use and scope of use, unless it is not possible to settle the commission otherwise.
The data is generally stored for as long as the system user is active. After that, the deletion period is 30 days. The deletion period for log files is 90 days. The storage period for reports on tax retention obligations is twelve years.
The legal basis for data processing for the initial invitation to user feedback is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the stated purpose.
The legal basis for the processing of personal data for further contact (in the event that you are interested in providing user feedback), for the subsequent assessment of suitability (e.g. based on your professional position and activity, experience with IT applications, etc.) and for the evaluation of any user feedback you provide is your consent pursuant to Art. 6 (1) sentence 1 a) GDPR.
After submitting any user feedback, we store the contact details you have provided in order to be able to invite you to participate in any further user feedback in the future. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR.
You give your consent when registering for possible user feedback. Your consent is voluntary and can be withdrawn at any time. The lawfulness of the data processing carried out until receipt of the revocation remains unaffected by the revocation. The legal basis for logging your declaration of consent for the purposes of verifiability (date and time of granting consent, specified name and email address) is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the aforementioned verification option.
If you decide after an initial interest not to participate in a user feedback offered by us or are not suitable for a user feedback, your data will be stored for another 30 days in case of queries.
Data for the evaluation of any user feedback you provide will be stored for four months and then anonymized.
Your contact details will be stored for two years in case you are invited again in the future.
The data associated with your declaration of consent will be stored for a period of three years for verification purposes, starting at the end of the calendar year in which you revoke your consent or all other data has been deleted by you.
On our status page, you have the option of registering for proactive notifications about the operating status of our services and about planned maintenance work or any product failures.
If you subscribe to the status information service, we will process your e-mail address solely for the purpose of sending you the requested status updates and maintenance information on the components you have selected.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR, which you give when you register for the subscription. The registration takes place via a double opt-in procedure to ensure that the registration is made by the actual owner of the e-mail address.
You can revoke your subscription and thus your consent at any time with effect for the future by using the unsubscribe link ("Unsubscribe") contained in every notification email or by managing your settings on the status page.
To provide the status page and send the notifications, we use specialized IT service providers who work for us as processors.
Ihre E-Mail-Adresse wird für diesen Zweck so lange gespeichert, wie das Abonnement aktiv ist. Nach einem Widerruf bzw. der Abmeldung vom Dienst werden Ihre Daten umgehend aus dem aktiven Verteiler gelöscht. Zum Nachweis Ihrer ehemals erteilten Einwilligung speichern wir die Protokolldaten der An- und Abmeldung für eine Dauer von drei Jahren, beginnend mit dem Ende des Kalenderjahres der Abmeldung.
In order to enable you to use the STACKIT Domain Services Portal, we process the data you provide when registering for the portal and when using the portal functionalities (e.g. account management, users, organizational data and contacts), as well as log data associated with the use (log files). The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from providing you with access to our portal and the associated functions, as well as from the technical stability and security of our systems.
If you provide us with personal data in the course of initiating a contract or an existing contractual relationship, Art. 6 para. 1 sentence 1 b) GDPR is the legal basis for data processing.
We store the log data (log files) associated with the use of the portal for a period of 30 days.
The data associated with an account or user is stored for the duration of the existence of the account or user.
We store data associated with the initiation of a contract or an existing contractual relationship for a period of up to twelve years due to statutory retention obligations.
The legal basis for the processing of personal data with regard to the learning management system Totara is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the offer of STACKIT-specific cloud knowledge in the form of training and the collection and storage of training data to derive potential individual certifications.
The data is generally stored for as long as the system user is active. After that, the deletion period is 90 days.
Personal data that you provide to us via the contact form within the STACKIT Marketplace will, of course, be treated confidentially. The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR if you suggest a third-party product (vendor) for the STACKIT Marketplace. The legitimate interest here arises from the interest in checking your request and the inclusion of the product proposed by you in the STACKIT Marketplace.
If you provide us with information about your product as a vendor so that it can be included in the STACKIT Marketplace, the legal basis for data processing is Art. 6 para. 1 sentence 1 b) GDPR if you yourself become a party to a possible contractual relationship with Schwarz Digits Cloud GmbH & Co. KG If it is not you yourself but, for example, your employer who becomes a party to the contract, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest here arises from the interest in checking your request and the inclusion of the product of your employer, for example, in the STACKIT Marketplace.
If you book a product directly with a vendor via the STACKIT Marketplace, we will transmit the data you provide to the respective vendor that is required for the order. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 b) GDPR, which you give when you provide your data. Your consent is voluntary and can be revoked at any time by sending an email to marketplace@digits.schwarz. If you have not already done so, your data will not be transmitted to the vendor and will be deleted. In this case, however, the order cannot be completed. This does not affect the legality of the data processing carried out until receipt of your revocation.
If you book a product directly with Schwarz Digits Cloud GmbH & Co. KG via the STACKIT Marketplace, the legal basis for data processing is Art. 6 para. 1 sentence 1 b) GDPR if you yourself become a contracting party. If it is not you, but your employer, for example, who becomes a contracting party, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the interest in implementing the contractual relationship with, for example, your employer.
If you book a product directly with Schwarz Digits Cloud GmbH & Co. KG via the STACKIT Marketplace and the service associated with the product is not provided by STACKIT itself but by a vendor, we transmit the personal data (business e-mail address and unique user ID) of the users to the respective vendor. You can determine the users yourself by assigning them to the corresponding product as users in the STACKIT portal. The legal basis for the processing of user data is Art. 6 para. 1 sentence 1 b) GDPR if the user himself becomes a contracting party. If it is not the user but, for example, their employer who becomes a contracting party, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the interest in enabling the use of the ordered product by allowing the user to use the associated services via single sign-on on the vendor's website.
When ordering a product directly from a vendor via our STACKIT Marketplace, we transmit the data you provide to the respective vendor that is required for the order. This applies accordingly when ordering a product directly from us if the service associated with the product is not provided by STACKIT itself but by a vendor.
We delete data that you send us in connection with an inquiry that does not result in a contractual relationship, further customer communication or other information after the final response to your inquiry.
Data in connection with the booking of products (e.g. transaction date, purchased product, product configuration) is stored for a period of eleven years.
Otherwise, personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes.
Irrespective of the data processing described above, we process personal data of customers in connection with the associated contractual relationship and/or pre-contractual measures.
We generally collect your data ourselves. However, it may also be necessary to process personal data that we receive from other companies, authorities or other third parties, for example credit agencies, tax offices or similar. This may also include personal data that we receive via our established whistleblower channels regarding possible compliance violations or as part of compliance investigations.
Relevant personal data may include: personal details (e.g. first/last name, address and other contact details, date and place of birth and nationality), legitimation and authentication data (e.g. extracts from the commercial register, ID card data, specimen signature), data relating to our business relationship (e.g. payment data, data on orders), creditworthiness data, data on company structures and ownership structures, photographs and video recordings and other data comparable to the categories mentioned.
You always have the choice of communicating with us by e-mail or by post. For technical reasons, communication by e-mail may be unencrypted.
The purposes of data processing arise from the implementation of pre-contractual measures that precede a contractually regulated business relationship and in the fulfillment of obligations arising from the contract concluded.
The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for the prevention of money laundering, tax control and reporting obligations and data processing in the context of inquiries from authorities.
It may be necessary to process your personal data beyond the actual fulfillment of the contract. The legitimate interests here are in particular the selection of suitable customers, research on potential customers, e.g. to ensure compliance requirements, etc, assertion of legal claims, defence against liability claims, avoidance of legal risks and economic disadvantages (also for third parties), protection of our IT infrastructure, management of access authorizations to our systems, access controls, other internal administrative purposes (e.g. process and workflow optimization, ensuring data quality), in the event of your prior willingness to participate, sending the invitation email to provide feedback via your contact persons in the Schwarz Group companies, conducting and facilitating communication (e.g. web meeting, telephone, etc.) and contacting you via our group-wide user directory, clarifying possible compliance violations, preventing criminal offenses and settling damages resulting from the business relationship.
When a contract is concluded, we occasionally collect data about your creditworthiness via credit agencies to fulfill the above-mentioned legitimate interests. We use the credit rating data from the credit agencies to check your creditworthiness. The credit agencies store data that they receive from banks or companies, for example. This data includes, in particular, surname, first name, date of birth, address and information on payment history. You can obtain information about the data stored about you directly from the credit agencies.
If you participate in the conclusion of a contract offered by us by means of a digital signature (e.g. Adobe Sign), we process your data, in particular your e-mail address, IP address and the times at which you have processed the respective contract document, e.g. approved, displayed or digitally signed, in each case with the time and date. Our legitimate interest lies in the efficient and fast digital processing of contract signatures and the corresponding logging of the signature process for verification purposes. It is also possible to sign certain contracts with a so-called qualified electronic signature. In this case, we also process the certificate data of your signature in addition to the aforementioned data. Our legitimate interest here is to check whether you have a valid qualified electronic signature, which can be used to replace a possible legal requirement for the written form. A prerequisite for the use of a qualified electronic signature is registration with a trust service provider (e.g. D-Trust/ Bundesdruckerei), which you must carry out independently. However, the respective provider processes the data you provide during registration under its own responsibility and not on our behalf.
In order to check for marketing purposes whether products from other Schwarz Group companies are also of interest to you, they may be given access to your contact data.
In addition, we occasionally process personal data to document important historical milestones and events in the development of the Schwarz Group companies in order to create a company chronicle.
Within our company, access to the data provided by you is granted to those areas that require it to fulfill contractual or legal obligations or to fulfill legitimate interests. Processors or service providers may also have access to your personal data within the scope of contractual relationships, to fulfill legal obligations and to protect legitimate interests. Compliance with data protection regulations is ensured by contract.
The data may also be transferred to Schwarz Group companies for the fulfillment of contractual obligations or legitimate interests (e.g. marketing purposes).
If a contract is concluded using a digital signature, your data will also be accessible to all persons involved in approving and signing the contract, as they will receive a log after the contract has been signed showing all processing steps, including e-mail address, IP address, date and time. Furthermore, your data may be accessible to the respective service providers that we use for the corresponding digital signature process. In the case of Adobe Sign, this is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West, Business Campus, Saggart D24, Dublin, Ireland. If a qualified electronic signature is used when concluding digital contracts, your data is also accessible to D-Trust GmbH, Kommandantenstraße 18, 10969 Berlin, Germany, as they check the validity of the signature.
If it is necessary for us to name existing customers and partners as references for the corresponding services in the context of tendering procedures, contract initiation, etc., we process your personal data (e.g. name, contact details, company and position) in order to be able to name you as a reference. In addition, we may process your data in order to name you as a reference on our website, our social media pages, in presentation materials (print and digital) and/or in press materials for the purpose of promoting our services and the STACKIT brand.
The prerequisite for this is that a corresponding reference agreement exists with your employer or you, or that you have submitted a declaration of consent for the naming of references. The data actually processed and the publication media depend in this respect on the reference agreement or declaration of consent.
The legal basis in the case of a reference agreement is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the stated purposes. If you yourself are a party to the reference agreement, the legal basis is Art. 6 para. 1 sentence 1 b) GDPR.
In the case of a declaration of consent, Art. 6 para. 1 sentence 1 a) GDPR is the legal basis.
We also process your data associated with the possible submission of a declaration of consent to document your consent and to defend our rights. The legal basis for this data processing is Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest arises from the purposes mentioned.
In the case of tendering procedures, contract initiation, etc., your personal data will be accessible to the respective tendering body or potential contractual partners. When references are mentioned on our website, our social media pages, in presentation materials and/or in press materials, your data will be accessible to visitors to the respective pages or the recipients of the materials.
We process your personal data for as long as the existing contractual relationship with your employer or you that is relevant for the customer or business relationship and reference exists. At the longest, however, for the duration of the reference agreement or the existence of your declaration of consent.
Irrespective of this, the data associated with the proof of your possible declaration of consent will be stored for three years, starting at the end of the calendar year in which you revoke your consent or your other data is deleted.
Depending on how you obtain STACKIT Cloud Services or which business model we use, we may not collect your personal data from you ourselves, but may receive this data from third parties.
Third parties may, for example, be intermediaries who establish contact between us and you as a potential end customer. In this case, the intermediary provides us with your contact details (e.g. surname, first name, company, email address, address and your function/position within your company). We process this data on the basis of Art. 6 para. 1 sentence 1 f) GDPR in order to select potential end customers and contact them, as well as to initiate possible contracts. The legitimate interest arises from the aforementioned purposes.
If STACKIT Cloud Services are sold by partner companies of Schwarz Digits Cloud GmbH & Co. KG, e.g. as part of reselling or as the basis for our own services, it may be necessary for these partners to provide us with information about a potential end customer in advance in order to take advantage of individual contractual conditions. This usually involves information about the company of the potential end customer, which may constitute personal data under certain circumstances. We process this data on the basis of Art. 6 para. 1 sentence 1 f) GDPR in order to check whether the partner is entitled to make use of individual contractual conditions. The legitimate interest arises from the stated purpose.
Unless otherwise stated above, you are neither contractually nor legally obliged to provide us with personal data.
However, some of the data is processed for technical reasons as soon as you use our website and the associated services. If you no longer wish to provide us with the data, you can only do so by no longer using our website or the corresponding services.
Insofar as personal data is required for the processing of an inquiry from you, a possible conclusion of a contract or other services on our part, we may also not be able to process your inquiry, conclude a contract with you or provide other services if you do not provide this data.
If the data processing is based on consent in accordance with Art. 6 para. 1 sentence 1 a) or Art. 9 para. 2 a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.
In accordance with Art. 15 (1) GDPR, you have the right to receive information about the personal data stored about you free of charge upon request.
In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data.
If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.
If the data processing is carried out on the basis of Art. 6 para. 1 sentence 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will only be continued if we can demonstrate compelling legitimate grounds for further processing that outweigh your interest in objecting.
To exercise your rights as a data subject, if you have any questions or complaints, please contact the data protection officer in writing or by email. You also have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the controller has its registered office is responsible.
If you have any further questions regarding the processing of your data or the exercise of your rights, you can contact the responsible data protection officer at the controller:
Schwarz Digits Cloud GmbH & Co. KG
- Data Protection Officer -
Stiftsbergstraße 1
74172 Neckarsulm
E-mail: datenschutz-digits@mail.schwarz