seca.

a) Controller pursuant to Art. 4 para. 7 GDPR is

seca gmbh & co. kg.
Hammer Steindamm 3-25
22089 Hamburg
Telefon: +49 40 200000 - 0
E-Mail info@seca.com

b) You can reach our data protection officer at

seca gmbH & co. kg.
Data Protection Officer
Hammer Steindamm 3-25
22089 Hamburg
E-Mail: data.privacy@seca.com

c) The supervisory authority responsible for seca is

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Telefon: +49 40 428 54 - 4040
E-Mail: mailbox@datenschutz.hamburg.de

In the following, we inform you about the processing of personal data by seca. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular from the EU General Data Protection Regulation (GDPR).

1. You have the following rights against seca as the controller with regard to the personal data concerning you:

a) Right to information: to receive information about the data we have stored about you,

b) Right to rectification: Correction if your data is not stored correctly,

c) Right to erasure: deletion or - if storage obligations exist - restriction of the processing of the data no longer required for the stated purpose,

d) Right to data portability: to receive data provided by you in a structured, common and machine-readable format,

e) Right to object to processing: to object if the processing of your data is based on a legitimate interest / to the use for advertising purposes / to a decision based solely on automated processing, including profiling.

2. You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

Due to legal requirements, we are obliged in certain cases to disclose your personal data to third parties. This is the case, for example, if there is suspicion of a criminal offense or misuse of our website. We are then obliged to pass on your data to the responsible law enforcement authorities. If seca uses third party companies for data processing in order to fulfill its contractual obligations towards you (so-called data processing on behalf of third parties), these companies are contractually obligated to handle your data with care in compliance with data protection regulations and in accordance with our instructions and neither to use it for their own purposes nor to pass it on to third parties.

If we collect personal data, we store it on specially protected servers in Germany. Access to it is only possible for a few specially authorized persons who are involved in technical, commercial or editorial support. To prevent loss or misuse of the data, we take extensive technical and operational security precautions, which are regularly reviewed and adapted to technical progress. However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our sphere of responsibility. In particular, data disclosed without encryption - even if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.

• IP address
• Date and time of the request
• time zone difference from Greenwich Mean Time (GMT)
• Content of the request (page visited)
• Access status/HTTP status code
• amount of data transferred
• previously visited page
• Browser
• operating system
• language and version of the browser software.

In the case of an inquiry via the e-mail form, we collect name, address, telephone number and e-mail address in order to provide the respective services and to contact you.

The legal basis is the fulfillment of a contract or the implementation of pre-contractual measures according to Art. 6 para. 1 lit. b GDPR.

When registering for the password-protected dealer area, personal data is collected for the purpose of verifying you as a seca specialist dealer partner. This includes entering a user name and password, collecting contact data such as name, address, telephone number, fax number, e-mail address and information about your industry and company. In addition, you can leave us a comment.

The legal basis is the fulfillment of contractual obligations according to Art. 6 para. 1 lit. b GDPR or a legitimate interest according to Art. 6 para. 1 lit. f GDPR.

Which of your data do we process? And for what purposes?

seca processes your name, your e-mail address and your consent to send you the newsletter.

This data is processed for the purpose of sending the newsletter.

On what legal basis is the data processing based?

The legal basis for the processing of your data is your consent to the sending of the newsletter in accordance with Art. 6 para. 1 lit. a GDPR.

You can apply to seca online. In order to be able to process your application, we collect your contact data, such as name, address, telephone number, e-mail address as well as information about the earliest possible starting date and your salary requirement per annum. In addition, you can attach your attachments and send us a message.

Any further use of personal data does not take place or only with the prior consent of the user. Personal data is deleted as soon as it is no longer required to fulfill the purpose for which it was stored.

The legal basis is the implementation of pre-contractual measures  in accordance with Art. 6 para. 1 lit. b GDPR.

seca uses the salesforce chatbot on its homepage. This tool makes it possible to contact seca and process customer inquiries without telephone support. The chatbot enables users to call up predefined information in an automated process that has been defined and prepared by seca. If necessary, the chat history can be transferred to customer service.

The following personal data can be processed in the process: Name, e-mail address, telephone number for queries, conversation content, usage data such as access date and chat duration.

The chatbot is set up and operated on the basis of seca's legitimate interest in an easily accessible and low-threshold information and interaction option pursuant to Art. 6 para. 1 lit. f GDPR.

1. In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical perspective (2.) before going into more detail about your individual choices by describing technically necessary cookies (3.) and cookies that you can voluntarily select or deselect (4.).
    

2. Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below:

   Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the joint session and your computer can be recognized when you return to our website.

   Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies set and the duration at any time in your browser settings and delete the cookies manually.

   Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. As a result, we can also use the technologies described below. Here, too, you can of course consent or object.

3. Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use techniques, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Optional cookies if you have given your consent: We only set various cookies after you have given your consent, which you can select on your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyze and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognize you when you visit us again or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Services on the individual seca websites

You can select and revoke the functions we use individually via the cookie settings (at the bottom of this page) by category or by individual service. Below is an overview of the services used. Detailed, up-to-date information on the services can be found in the cookie settings.

Purposes of the processing of personal data

The seca analytics 125 is provided by seca as an order processor.

As a user of seca analytics 125, the following data is stored by you as a user:

• Name
• Password
• E-mail address
• Log files of the use

Data erasure

You can terminate the use of seca analytics 125 yourself at any time. Your personal data in your user ID will then be deleted and cannot be restored.

Disclosure of personal data

As a rule, we do not pass on your data as a user of seca analytics 125 unless we are obliged to do so in order to comply with legal requirements, e.g. for the prosecution of criminal offences.

seca uses the following order processors (as defined in Art. 28 GDPR):

• Amazon Web Services (AWS, Luxembourg) for the provision of cloud infrastructure and application hosting,
• Blue Bridge Group (Vilnius) as service partner for 24/7 functional management of the cloud environment.

Usage of „Cookies“

We use "cookies" (small files with configuration information). These serve exclusively to ensure the operation of the web application and to make it easier and more comfortable for you to use. It is also possible to use our web application without cookies. Most browsers are preset to accept cookies automatically. However, you can disable the storage of cookies or set your browser to notify you before cookies are stored.

Purposes of the processing of personal data

Purposes for which your respective fitness provider is the responsible party:

Purpose A: The collection, evaluation, storage and display of your measurement results recorded during measurements as well as the processing of your access data to myAnalytics is carried out by seca as an order processor.

As a user of myAnalytics, the following data will be stored by you for the calculation of the body composition analysis:

• Name,
• password,
• e-mail address,
• date of birth,
• measurement times,
• log files of use.

Personal data requiring special protection (according to Art. 9 GDPR):

• Health data, such as height, body weight, bio impedance data and other vital parameters, if applicable,
• ethnicity.

Purposes for which seca is the controller:

Purpose 1: Sharing your personal data with third parties (fitness or health app providers) to support your training success.
The legal basis for the transfer of data is your consent (Art. 6 para. 1 p. 1 lit. a GDPR, or - as far as health-related data is concerned - Art. 9 para. 2 lit. a GDPR). See also section "Disclosure of personal data".

Purpose 2: Processing by seca to improve device features and evaluation within the products seca mBCA 555/554 and seca analytics 125.
Personal data and health data are pseudonymized for this purpose. An assignment to an individual data subject is only theoretically possible with the aid of further information, but is not carried out within the scope of the processing mentioned here. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR, or - as far as health-related data is concerned - Art. 9 para. 2 lit. a GDPR).

Purpose 3: Anonymization of your personal data and further processing by seca for statistical evaluation, e.g. for the purpose of determining age dependencies or temporal trends.
The personal data and health data are anonymized for this purpose. After anonymization, assignment to an individual data subject is no longer possible. The legal basis for this data processing is your consent (Art. 6 para. 1 p. 1 lit. a GDPR, or - as far as health-related data is concerned - Art. 9 para. 2 lit. a GDPR).

Erasure of personal data

The personal data and health data used for purposes A, 1 and 2 above will be deleted after termination of the respective contractual relationship, in case of objection or revocation of consent. The data anonymized for purpose 3 can no longer be assigned to you and will be further processed exclusively for statistical purposes.

Disclosure of personal data

If seca passes on your personal data to providers of fitness or health apps (purpose 1), you will additionally inform these providers about the processing of your data and ask for your consent to this.

seca uses the following order processors (as defined in Art. 28 GDPR):

• Amazon Web Services (AWS, Luxembourg) for the provision of cloud infrastructure and application hosting,
• Blue Bridge Group (Vilnius) as service partner for 24/7 functional management of the cloud environment.

As the controller, seca has contractually obligated the above-mentioned processors to take the necessary technical and organizational measures to ensure the protection of your personal data. Both companies are certified according to the recognized international information security standard ISO / IEC 27001.

In addition, a transfer of your personal data to other persons, companies or bodies, in particular of health data to third parties, does not take place in principle, unless we are legally obliged to do so.

Usage of "cookies

We use "cookies" (small files with configuration information). These serve exclusively to ensure the operation of the web application and to make it easier and more comfortable for you to use. It is also possible to use our web application without cookies. Most browsers are preset to accept cookies automatically. However, you can disable the storage of cookies or set your browser to notify you before cookies are stored.

If you commission seca with remote maintenance as part of the remote support for the seca software, the remote support may include the following: 

• the installation of software (updates)
• Troubleshooting of software problems in connection with the user's individual software configuration
• Maintenance work on the software
• Integration software setup

In order to be able to perform remote support, seca must act as an order processor. For this purpose, an data processing agreement (DPA) must be concluded between the client and seca. All relevant information on data protection regarding remote service can be found in this DPA.

In order to process your request and, if necessary, to be able to give you feedback afterwards, data will be collected from you in the course of the telephone call. In detail, this may be, for example, your name, your telephone number, your company, your email address or similar data. The information is provided voluntarily by you.

The storage period is within the scope of the legal provisions and as far as it is necessary for the purpose of fulfillment.

The data collected by telephone will be used exclusively for processing your request and stored by us as well as Germany and Austria by the commissioned processor CALL + CARE Agentur für Kundendialog GmbH, as a contractual order processing service provider. This applies in particular to calls via our service hotline +49 (0)800 20 00 005.

If you use the seca support ticket system (support.seca.com), your name, e-mail address, telephone number, company name and postal address as well as details of your request will be processed and stored in order to provide you with the requested service and to contact you.

The storage period is within the scope of the legal provisions and as far as it is necessary for the purposes of fulfillment.

On what legal basis is the data processing based?

The legal basis for processing your data is the fulfillment of our contractual obligations pursuant to Art. 6 (1) lit. b DSGVO.

If a customer contacts the telephone hotline or otherwise contacts seca Service, seca may contact the customer a few days after the transaction to inquire about customer satisfaction. This contact is only made with B2B customers.

Which of your data do we process? And for what purposes?

In the case of telephone inquiries about customer satisfaction, the contact data stored in our CRM system is used. The purpose of this processing is to improve customer service.

For this purpose, seca processes your name, telephone number and information about the goods purchased or services used, as well as the customer satisfaction information you provide.

On what legal basis is the data processing based?

The legal basis for processing your data is your presumed consent as a B2B customer pursuant to Art. 6 (1) lit. f GDPR in conjunction with Section 7 (2) No. 2 UWG. (See also guidance of the DSK on the processing of personal data for direct marketing purposes of 18.02.2022).

See have the option to object to this presumed consent at any time by phone or by mail to data.privacy@seca.com.

How long will the data be stored?

The data is stored in the CRM system for as long as a business relationship with you exists, in compliance with the statutory retention periods.

Which of your data do we process? And for what purposes?

seca processes your name, your e-mail address and your consent to send you the newsletter.

This data is processed for the purpose of sending the newsletter.

On what legal basis is the data processing based?

The legal basis for the processing of your data is your consent to the sending of the newsletter in accordance with Art. 6 para. 1 lit. a GDPR.

Which of your data do we process? And for what purposes?

seca processes your name, your e-mail address and your consent to participate in the lottery.

This data is processed for the purpose of evaluating the lottery.

On what legal basis is the data processing based?

The legal basis for the processing of your data is your consent to participate in the prize draw in accordance with Art. 6 para. 1 lit. a GDPR.

How long will the data be stored?

The data relating to the lottery will be deleted after the lottery has been carried out and evaluated.

We use video surveillance on the property we use at Hammer Steindamm 3-25, 22089 Hamburg.

Purpose of video surveillance and legal basis

The video surveillance is carried out to exercise house rights, to prevent criminal offences and to preserve evidence in the event of criminal offences. The legal basis for the video surveillance is Art. 6 (1) lit. f) GDPR, whereby our interests arise from the aforementioned purposes.

Erasure of data

Data from video surveillance is generally deleted after ten days.

Longer storage may take place on an ad hoc basis if facts justify the assumption that actions can be seen on recordings from a limited period of time that are to be prosecuted as a criminal offense or used to assert civil claims.