Transparent Information

We are aware of the importance of the personal data you entrust to us and consider it one of our most important tasks to ensure the confidentiality of your data.

In accordance with the General Data Protection Regulation (GDPR), which came into force on 25.05.2018, we comply with our duty to inform you when collecting personal data, and also to inform you transparently about the type, scope and purpose of the personal data we collect, as well as your rights regarding this matter.


1. Contact details of the controller

Responsible in terms of the General Data Protection Regulation

Infopark Group GmbH
Kitzingstraße 15
12277 Berlin
Telefon.: +49 30 7479930
Fax: +49 30 74799393
E-Mail: info@infopark.de


Data protection officer

Stephan Hartinger
Data Protection Officer (TÜV), Specialist for Work Safety
coseco GmbH
Albertus-Magnus-Straße 2-4
86836 Graben
Phone: +49-8232-904850
E-mail: info@coseco.de


2. Which sources are used to collect personal data?

We process personal data that we receive directly from our customers in the context of our business relationship with them. In addition, we process personal data we have received from other companies, e.g. for executing orders or fulfilling contracts, or on the basis of a consent given by you.

Personal data relevant to us may be:

Customer contact information

In the course of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by one of our employees, further personal data is generated, e.g. information on the contact channel, date, occasion and result, (electronic) copies of correspondence and information on participation in direct marketing measures.


3. For what purpose is your data processed and on which legal basis?

We process the personal data mentioned above in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

When processing personal data for which we obtain the consent of the data subject, Art. 6 para. 1 lit. a) of the General Data Protection Regulation serves as the legal basis.

When processing personal data required for fulfilling a contract in which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This provision also covers processing operations necessary for conducting pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1, sentence 1 c) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1, sentence 1 f) GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the conduct of our business.


4. Transfer of data to third parties

Within our company, only those persons and bodies receive your personal data that need it to fulfil our contractual and legal obligations.

We transmit data to third parties if we need them to fulfil a contractual obligation.

A transfer to third parties beyond the purposes mentioned under point 3 does not take place.

In addition, we transmit data to third parties if there is a legal obligation to do so. This is the case if state institutions (e.g. authorities and offices) request information in writing, a court order exists or a legal basis permits the transfer.

Within our company group, your data may be transmitted to specific companies if this contributes to the fulfilment of a contractual obligation.

Within Infopark Group GmbH, data can be transmitted to Infopark Polska Sp. z o. o.


5. Transfer of data to third countries

A transfer of personal data to so-called third countries outside the EU/EEA does not take place.


6. Duration of data storage, deletion periods

We process and store your personal data for the period of time necessary to fulfill our contractual obligations as well as for all other purposes mentioned under point 3 or as required by the retention periods stipulated by law.

If the data is no longer required for fulfilling contractual or legal obligations, it will be regularly blocked or deleted for further processing in accordance with the statutory provisions.


7. Data protection rights of the data subject

If you have questions about your personal data, you can contact us in writing at any time.

  • According to GDPR, you have the following rights:

  • The right of access (Art. 15 GDPR)
  • The right to rectification (Art. 16 GDPR)
  • The right to erasure (Art. 17 GDPR)
  • The right to restriction of processing (Art. 18 GDPR)
  • The right to data portability (Art. 20 GDPR)
  • The right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG)
  • Right to revoke consent under data protection law (Art. 7 para. 3 GDPR)


8. Legal or contractual obligations to provide personal data and possible consequences of non-supply

We hereby point out that the provision of personal data is required by law in specific cases (e.g. tax regulations) or may result from a contractual arrangement (e.g. information on the contractual partner). For example, it may be necessary for the conclusion of a contract that the party concerned must provide their personal data so that their request (e.g. an order) can be processed by us at all.

An obligation to provide personal data arises primarily when a contract is concluded. If no personal data is provided in this case, the contract cannot be concluded with the party concerned.

Prior to the provision of personal data by the data subject, the data subject may contact our data protection officer or the data controller. The data protection officer or the controller will then inform the data subject whether the provision of the required personal data is required by law or is necessary for the conclusion of the contract, and whether the data subject’s concerns give rise to an obligation to provide the personal data, and what the consequences are for the data subject if the required data is not provided.


9. Legal existence of automated decision making (including profiling)

As a responsible company, we do not use automatic decision making or profiling in our business relationships.