PASM GmbH attaches great importance to protecting your personal data. It is important to us to inform you what personal data we collect, how your data is used, and how you can influence the process.
1. Name and address of the controller
(1) The controller in the meaning of the General Data Protection Regulation and Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) as well as other data protection law provisions, is:
PASM Power and Air Condition Solution Management GmbH
Marsplatz 4, 80335 Munich, Germany
Email: PASM-Kontakt@telekom.de
Website: www.pasm.de
(2) The controller’s data protection officer is:
Dr. Claus D. Ulmer
Deutsche Telekom AG
Friedrich Ebert-Allee 140, 53113 Bonn, Germany
Email: datenschutz@telekom.de
Website: www.telekom.de
2. General information on data processing
(1) Scope of processing personal data
In principle, we only process our users’ personal data to the extent necessary for the provision of a functioning website as well as of our content and services. Our users’ personal data is processed regularly only with the user’s consent. An exception applies in cases where it is not possible to obtain prior consent on factual grounds and processing of the data is permitted through statutory regulations.
(2) The legal basis for personal data processing
We process your data in accordance with the rules of the European and German data protection laws (the following regulations are those of the European General Data Protection Regulation (GDPR)), i.e., only, insofar and as long as
it is necessary for the performance of a contract with you or for the implementation of pre-contractual measures taken upon your request (Article 6 (1) lit. (b) GDPR); or
you have given your consent to such processing (Article 6 (1) lit. (a) GDPR); or
the data processing is required for the legitimate interests of us or third parties (Article 6 (1) lit. (f) GDPR); or
it is due to legal requirements, e.g., storage of documents for commercial and tax purposes (Article 6 (1c) GDPR), or in the public interest (Article 6 (1) lit. (e) GDPR).
3. What rights do you have?
You have the right
- a) to request information on the categories of personal data concerned, the purposes of the processing, any recipients of the data, and the envisaged storage period (Article 15 GDPR);
- b) to request that incorrect or incomplete data be rectified or supplemented (Article 16 GDPR);
- c) to withdraw consent at any time with effect for the future (Article 7 (3) GDPR);
- d) to object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Article 21 (1) GDPR);
- e) to request the erasure of data in certain cases under Article 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent in accordance with (c) above or object in accordance with (d) above;
- f) to demand under certain circumstances the restriction of data where erasure is not possible or the erasure obligation is disputed (Article 18 GDPR);
- g) to data portability, i.e., you can receive your data that you provided to us, in a commonly used and machine-readable format such as CSV, and can, where necessary, transfer the data to others (Article 20 GDPR);
- h) to file a complaint with the competent supervisory authority regarding data processing (for telecommunications contracts: the German Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit); for any other matters: State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen)).
4. Data deletion and storage period
The data subject’s personal data is deleted or blocked as soon as the purpose for which it was stored is no longer applicable. The personal data can be stored beyond this if this has been provided for by the European or national legislator in Union law regulations, laws, or other provisions to which the controller is subject. Data can also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless the further storage of the data is required for conclusion or performance of a contract.
5. Provision of the website and creation of log files
(1) Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the system of the computer accessing the website. The following data is collected:
The user’s IP address
The log files contain IP addresses or other data that enables assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website, or the link to the website that the user switches to, contains personal data.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
(2) The legal basis for data processing
The legal basis for temporary storage of data and log files is Article 6 (1) lit. (f) GDPR.
(3) Purpose of data processing
Temporary storage of the IP address by the system is required to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.
Log files are stored to ensure the functionality of the website. In addition, we use the data to optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in processing the data in accordance with Article 6 (1) lit. (f) GDPR.
(4) Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session is ended.
In the case of data storage in log files, this is the case after seven days at the latest.
(5) Possibility to object and have data removed
The collection of data for the provision of the website and the storage of data in log files is an absolute requirement for the operation of the website. As a result, the user has no possibility to object to it.
6. Use of cookies
Our website uses only necessary cookies.
7. Email contact
(1) Description and scope of data processing
On our website, electronic contact is possible via the email address provided. The user’s personal data that is transmitted with the email is stored.
The data will not be passed on to third parties in this context. The data is only used to process the conversation.
(2) The legal basis for data processing
The legal basis for processing the data, if the user has given consent, is Article 6 (1) lit. (a) GDPR.
The legal basis for processing the data transmitted in the course of sending an email is Article 6 (1) lit. (f) GDPR. If the purpose of the email contact is to conclude a contract, an additional legal basis for data processing is Article 6 (1) lit. (b) GDPR.
(3) Purpose of data processing
We use the personal data collected following contact by email only to communicate with you.
(4) Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user is completed. The conversation is completed when circumstances indicate that the matter in question has been conclusively clarified.
(5) Possibility to object and have data removed
The user can revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time by email. In this case, the conversation cannot be continued.
All personal data stored in the course of making contact will be deleted in this case.
Last revised: April 2022
PASM
Power and Air Condition Solution Management GmbH
Marsplatz 4
80335 Munich, Germany
Tel.: 0049 89 545509321
Internet: www.pasm.de
