Introduction
This Privacy Policy applies to the processing of personal data by codn GmbH (hereinafter referred to as “we” or “us”) in the context of our business activities as a consulting and software development startup.
We take the protection of your personal data very seriously and process it confidentially and in strict compliance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG-neu).
Definitions
The terms used in this Privacy Policy correspond to the definitions set out in the GDPR, including:
- Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, address, email address).
- Processing: Any operation performed on personal data, such as collection, storage, use, transfer, or deletion.
- Data Subject: A natural person whose personal data is processed.
- Controller: The entity that determines the purposes and means of processing personal data.
Controller
The controller within the meaning of the GDPR is:
codn GmbH
Fahrgasse 5
63225 Langen (Hessen)
Germany
Email: info@codn.eu
If you have any questions about data protection or wish to exercise your rights, you may contact us at the above address.
Purpose of Processing
We process personal data exclusively for the following purposes:
- Contract fulfillment: To initiate, execute, and manage contracts with our customers.
- Legal obligations: To comply with statutory requirements, such as tax and commercial retention obligations.
- Legitimate interests: To safeguard our legitimate interests, provided that they do not override the rights and freedoms of the data subject.
Types of Personal Data Processed
We generally process the following categories of personal data:
- Contact details: Name, address, email address, telephone number.
- Contract data: Contract subject matter, contract duration, payment details.
- Usage data: Websites visited, access times.
- Communication data: Email correspondence, telephone notes.
- Application data: CV, cover letter, certificates.
Legal Basis for Processing
Processing of personal data is carried out based on the following legal grounds:
Legitimate interests (Art. 6(1)(f) GDPR): If processing is necessary to safeguard our legitimate interests and does not override the data subject’s rights and freedoms.kt ist.
Consent (Art. 6(1)(a) GDPR): If the data subject has given voluntary, informed, and unambiguous consent.
Contract performance (Art. 6(1)(b) GDPR): If processing is necessary for the fulfillment of a contract or pre-contractual measures.
Legal obligation (Art. 6(1)(c) GDPR): If processing is required to comply with a legal obligation.
Disclosure of Personal Data
We disclose personal data only in the following cases:
- Legal permissibility: If disclosure is required or permitted by law.
- Contractual necessity: If disclosure is required for contract fulfillment.
- Consent of the data subject: If the data subject has explicitly agreed to the transfer.
Recipients may include:
- Service providers (e.g., IT service providers, payment service providers).
- Authorities or courts, where there is a legal obligation.,
Transfer of Personal Data to Third Countries
Personal data is transferred to non-EU countries (third countries) only under the following conditions:
- Adequacy decision of the European Commission,
- Use of standard contractual clauses (SCCs) issued by the EU Commission, or
- Explicit consent of the data subject.
We ensure that an adequate level of data protection is guaranteed in all cases.
Data Retention Period
Personal data is stored only for as long as necessary to fulfill the respective purpose or as required by statutory retention obligations.
After the processing purpose ceases to exist or the statutory retention period expires, the data is deleted or anonymized.
Rights of Data Subjects
Data subjects have the following rights:
- Right of access (Art. 15 GDPR): To request confirmation of whether personal data is being processed.
- Right to rectification (Art. 16 GDPR): To have inaccurate personal data corrected without delay.
- Right to erasure (“Right to be forgotten”, Art. 17 GDPR): To request deletion of personal data if no legal retention obligation applies.
- Right to restriction of processing (Art. 18 GDPR): To restrict processing under certain conditions.
- Right to data portability (Art. 20 GDPR): To receive personal data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21 GDPR): To object to processing based on legitimate interests.
- Right to lodge a complaint: With a supervisory authority, if processing violates the GDPR.
To exercise these rights, please contact us via the contact details provided above.
Data Security
We implement technical and organizational security measures to protect personal data from loss, misuse, or unauthorized access. These include, among others:
- Encryption technologies,
- Access controls, and
- Regular security reviews.
Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy at any time to reflect changes in legal requirements or technological advancements.
The latest version is always available on our website.
Effective: [01.04.2023]
