Privacy Policy
Privacy policy
With the following privacy policy, we would like to inform you about the processing of your personal data by Veridos GmbH (hereinafter referred to as "Veridos", "we" or "us"). In order to comply with current legal requirements or to reflect adjustments to our services, it may be necessary to adapt this privacy policy in whole or in part.
Processing of personal data on websites and for marketing communications
VERIDOS provides websites to inform customers and other interested persons about the Veridos Group companies as well as their products and services.
Data Controller
- Controller according to GDPR for the processing of your personal data is Veridos GmbH, Oranienstr. 91, 10969 Berlin, Germany
- E-Mail: info@veridos.com
Group Privacy Officer
- Veridos GmbH, Oranienstr. 91, 10969 Berlin, Germany , privacy@veridos.com
Type and origin of personal data
When you visit and interact with a Veridos website, we may collect your personal data. This data may come from you directly, for example, when you subscribe to a newsletter or an event, or when you submit an inquiry.
This includes, for example, your name, your e-mail address or the company you work for.
Some primarily technical data that can be linked to you is processed automatically. This includes, for example:
- IP address
- Browser and operating system,
- Date and time of the page view
- Referrer URL
Purposes and legal basis for processing data
We process your personal data for various purposes depending on the nature of your interaction with our websites:
Fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR):
We process personal data to fulfill contractual obligations to our customers or to carry out pre-contractual measures. This includes, for example, responding to inquiries as part of our customer relationship management.
Based on consent (Art. 6. para. 1 lit. a GDPR):
We process data on the basis of your consent. This includes sending you our newsletters or other advertising and responding to contact requests.
When you visit our websites and access messages sent by us, cookies and other similar technologies may be used to make our websites more user-friendly and to adapt them to your preferences. Or to control Veridos’ advertising on third-party websites. Detailed information on this can be found in our Cookie Notice.
We process data to optimize our online marketing activities. This includes, among other things, the following:
- E-mail marketing (newsletter/infomail and automated mailings, e.g. to provide downloads)
- Reporting (e.g. visits/hits, traffic sources etc. ...)
- Contact management (e.g. user segmentation & CRM)
- Landing pages and contact forms
This information may be used by us to contact visitors of our website and to determine which services of Veridos might be of interest to them. All information collected is used exclusively to optimize our marketing.
If you register for a convention or event, we collect information that is necessary for your participation in and the organization of such events.
You can withdraw your consent at any time with effect for the future.
Veridos's marketing and communication activities are coordinated centrally. If you have granted advertising consent in favor of another company of the Veridos Group, this Privacy Policy will apply accordingly.
Maintaining legitimate interests (Art. 6 para. 1 lit. f GDPR):
We also process personal data for the purpose of pursuing legitimate interests of Veridos, its subsidiaries and, where applicable, other third parties. The processing of your personal data is carried out solely in consideration of your interests. This includes, for example, the analysis of pseudonymized website usage to optimize our websites in accordance with our Cookie Notice.
Where the use of personal data is not necessary, we use only anonymous information or pseudonyms wherever possible.
Disclosure of data to third parties and data transfers
Your personal data will not be disclosed to third parties unless you have consented to such disclosure or such disclosure is permitted under applicable law, for example, if it is necessary for the performance of a contract concluded with you. If you submit a request that relates to Veridos Group subsidiaries located in other countries ("Group Companies"), this request will be forwarded to the relevant Group Company together with the information required to respond to your request. These Group Companies may be located in a country other than the country in which you reside, including countries outside the European Union ("EU") and the European Economic Area ("EEA").
Furthermore, we may use service providers who act as data processors on our behalf and who may also be located in countries outside the EU and the EEA.
Veridos, together with all Group companies and service providers used, has taken appropriate measures to ensure an adequate level of data protection in accordance with applicable requirements. In particular, internal binding data protection regulations pursuant to Art. 47 DSGVO (Corporate Binding Rules) apply to the transfer of personal data between Group companies.
If you have given us your consent, we may also share your data with other companies. These may be partners who help us to optimize our content or better tailor our services to your needs.
Protection of the privacy of children
Veridos acknowledges that the privacy of children and/or users under the age of 18 ("Minors") must be adequately protected. Our website is not directed at minors. Veridos does not wish to address minors with its website and does not knowingly collect personal data from minors without the consent of their parents or legal guardians.
Security
Veridos uses technical and organizational security measures (in particular access, availability and input controls, including encryption techniques and measures to protect media using personal data, as well as the use of qualified personnel responsible for the security of personal data) to ensure that the protection of personal data provided by you is not undermined by unauthorized, accidental or intentional manipulation, damage, loss, deletion or unauthorized access, processing or disclosure. Our security measures are constantly updated and adapted according to the current state of knowledge. Due to the nature of the Internet, the transmission of information may not always be absolutely secure. Therefore, we cannot guarantee the security of your personal data during transmission over the Internet to our website. However, once we have received your personal data, we will take appropriate technical and organizational measures to protect your personal data.
Links to other websites
Our website may contain links to other websites that are not owned or operated by Veridos. Veridos has no control over the content or data privacy policies of these websites and cannot take any responsibility for them.
Social Media
You have the option to follow us or interact with us on Facebook and on other social media platforms of third party service providers. The platform operators and we are joint controllers within the meaning of Art. 26 GDPR with regard to the personal data that is collected in the process. You can control the privacy settings yourself within the social media platform.
Our handling of your personal data in the context of our social media offerings is based on our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. For the provision of our social media offers, it is technically necessary to process certain personal data (e.g. the IP address; personal data that you have provided to the respective platform operator or to us).
As part of the necessary balancing of interests, we have weighed up your interest in the respective confidentiality of your personal data against our interests in providing our social media offerings in each case. Your interest in confidentiality is secondary to that interest. Otherwise, we would not be able to provide you with our social media services.
We use service providers to provide our social media services. The data you transmit to us when using our social media offerings is also automatically transmitted to the respective social media platform operator.
Details on the processing of your personal data by social media providers can be found here:
Rights of the data subject
To enforce your data privacy rights, you can contact us at any time.
Data subject rights according to Art. 15 - 21 GDPR
Right to access information about your personal data processed by us (Article 15 GDPR)
Right to rectification of inaccurate or incomplete personal data that is processed by us (Article 16 GDPR)
Right to erasure of your personal data stored by us, e.g. if there is no longer a legitimate business purpose for processing in accordance with applicable law and statutory storage obligations do not require further storage (Article 17 GDPR)
Right to restriction of processing, if the accuracy of the personal data is contested by you or the processing is unlawful (Article 18 GDPR)
Right to data portability, i.e. the right to receive your personal data that you have provided us with in a structured, commonly used and machine-readable format (Article 20 GDPR)
Right to object to the processing of your personal data insofar as such processing is carried out based on Article 6 par. 1 lit. e. or f. GDPR (Article 21 GDPR)
Right to withdraw consent (Article 7 GDPR)
If you believe that the processing of your personal data does not comply with data privacy laws, you have the right to lodge a complaint with a supervisory authority (Art. 77 DSGVO); a list of data privacy authorities in Germany can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The supervisory authority responsible for Veridos at its headquarters in Berlin is the Berlin Commissioner for the Data Protection and Freedom of Information (https://www.datenschutz-berlin.de/).
Integrity Line
Additionally, we would like to inform you that Veridos has implemented a tool that is available 24/7 worldwide to enable all Veridos employees and any other individuals to report potential compliance and data privacy violations. The tool can be accessed here.
Privacy Notice for Veridos Business Activities
Veridos GmbH (“Veridos”, “we” or “us”) attaches great importance to the protection of your personal data and ensuring transparency in its handling. We would therefore like to present you with the following information in line with the requirements set forth in the European General Data Protection Regulation (GDPR). This Privacy Notice is intended for potential and existing customers and business partners of Veridos with whom we have contact or a business relationship.
In order to comply with current legal requirements or to reflect adjustments to our services, it may be necessary to adapt this privacy policy in whole or in part.
Data Controller
The identity of Veridos as data controller is determined by your business relationship with us. It is regularly Veridos GmbH, Oranienstraße 91, 10969 Berlin, Germany
Deviations are possible, for example if your business relationship is with a regional subsidiary of Veridos, which then regularly acts as data controller.
Data Privacy Officer
Veridos GmbH, Oranienstraße 91, 10969 Berlin,, Germany, privacy@veridos.com
Type and origin of personal data
Your personal data is usually collected directly from you. If we receive data from third parties, we ensure compliance with the applicable legal requirements.
Depending on the respective business purposes, we process the following categories of personal data as data controller:
- Master data and contact data (e.g. gender, name, company, business address, function, job title, e-mail, telephone and other contact information);
- Communication data as part of the business communications between you and us;
- Visitor data including data from access control and building monitoring;
- Electronic identification data where required (e.g. login, access right, passwords, badge number, IP address, online identifiers/cookies, logs, access and connection times);
- Contract and payment information (e.g. credit card details, bank account details, VAT or other tax identification number);
- Additional data you provide to us, for example within the scope of an inquiry or our business relationship;
- Data which relate to our products and services;
- Data in the context of your participation in our events.
Commissioned data processing
For personal data that we process as data processor in the sense of Art. 4 No. 8 GDPR on behalf of our customers (e.g. for the personalization of ID cards) the respective customer remains the data controller under applicable data protection laws. In these cases, the processing is carried out on behalf of and on the instructions of the customer with the consequence that the rights of the affected individuals relating to this data must be asserted against the respective customer directly.
Purpose and legal basis for processing data
We process the data listed above for the following purposes:
- To establish and fulfill a contract with you or with the entity on behalf of which you act, for example, if you make a purchase from us or enter into an agreement to provide or receive services;
- To manage and maintain a contract with you or with the entity on behalf of which you act;
- To answer your requests and provide you with efficient support;
- To respond to any comments or complaints we may receive from you, including to investigate any complaints received from you or from others;
- To detect and prevent misuse of our products and/or services;
- To invite you to events or promotional meetings sponsored by us;
- To invite you to take part in market research or surveys;
- To enable you to participate in virtual events organized by Veridos and to ensure that such events are conducted properly;
- To manage our IT resources, including infrastructure management and business continuity;
- To preserve the company's economic interests and ensure compliance and reporting (such as complying with our policies and legal requirements, tax and deductions, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
- To fulfill the company’s obligations with regard to the prevention of money laundering;
- To manage mergers and acquisitions involving our company;
- Archiving and record keeping;
- Billing and invoicing;
- Any other purposes imposed by law or authorities.
Additional purposes may result from your individual business relationship with Veridos.
Personal data will only be processed on a valid legal basis, particularly if:
- we have obtained your prior consent (Article 6 par. 1 lit. a GDPR);
- the processing is necessary to perform contractual obligations (including pre-contractual steps) (Article 6 par. 1 lit. b GDPR);
- the processing is necessary to comply with our legal or regulatory obligations (Article 6 par. 1 lit. c GDPR); or
- the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms (Article 6 par. 1 lit. f GDPR).
The legitimate interest arises from the described business objectives. However, in such cases, we always seek to maintain a balance between our legitimate interests and your privacy. Examples of such legitimate interests are prevention of fraud or criminal activity and misuse of our products and/or services including the security of our IT systems, architecture and networks; use of cost-effective services offered by suppliers; selling of any part of our business or its assets and meeting our corporate and social responsibility objectives.
Storage period
Personal data are generally stored for the fulfillment of the underlying purposes. Data will be deleted as soon as such purposes have been fulfilled and the data is no longer required, provided that this is not prevented by any statutory retention periods (e.g. as indicated in the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Fiscal Code (AO)) or by any other legal or official regulation. Personal data processed in the context of any possible or ongoing dispute or legal action will be stored for the duration of the legal dispute, proceedings or limitation period, whichever is longer.
The storage limitation of personal data which we process as data processor on behalf of our customers (see chapter Commissioned Data Processing above) is determined by the underlying agreements, in particular the service specifications, as well as the individual customer instructions.
Recipients/categories of recipients and data transfers
For the fulfillment of the purposes listed herein, your personal data may be accessed by or transferred to the following categories of recipients:
- Personnel of the Veridos entity that maintains the business relationship with you including personnel of responsible departments of other Veridos subsidiaries;
- suppliers and services providers of Veridos including IT systems providers, cloud service providers, database providers and consultants;
- tax consultants advisors and external lawyers;
- (national and international) regulatory authorities, public bodies or courts where we are required to do so by applicable law or at their request.
Personal data may also be processed in a country outside the country where you, the entity on behalf of which you act or Veridos is located, including third countries outside the European Union or the European Economic Area. When personal data is transferred to third parties in other jurisdictions, we will make sure to protect your personal data by applying the level of protection required under applicable data protection laws. For data transfers within Veridos group companies, Giesecke und Dervrient’s Group, which includes Veridos, Binding Corporate Rules apply (Art. 46 para. 2 (b), 47 GDPR). Further information on Veridos Binding Corporate Rules can be found here.
Rights of the data subject
To enforce your data privacy rights, you can contact us at any time.
Data subject rights according to Art. 15 - 21 GDPR:
Right to access information about your personal data stored by us (Article 15 GDPR)
Right to rectification of inaccurate or incomplete personal data concerning you stored by us (Article 16 GDPR)
Right to erasure of your personal data stored by us, e.g. if there is no longer a legitimate business purpose for processing in accordance with applicable law and statutory storage obligations do not require further storage (Article 17 GDPR)
Right to restriction of processing, if the accuracy of the personal data is contested by you or the processing is unlawful (Article 18 GDPR)
Right to data portability, i.e. the right to receive the personal data concerning you, which you have provided us with in a structured, commonly used and machine-readable format (Article 20 GDPR)
Right to object for the processing of your personal data insofar as such processing is carried out based on Article 6 par. 1 lit. e. or f. GDPR (Article 21 GDPR)
Right to withdraw consent (Article 7 GDPR)
If you have the impression that the processing of your personal data does not comply with data privacy laws, you have the right to file a complaint with a supervisory authority (Art. 77 DSGVO).
A list of data protection authorities in Germany can be found under the following link:
Addresses of German data protection authorities
A list of European data protection authorities can be found at the following link:
Addresses of European data protection authoritieshttps://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.htmlhttps://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The supervisory authority responsible for Veridos at its headquarters in Berlin is the Berlin Commissioner for Data Protection and Freedom of Information (https://www.datenschutz-berlin.de/).