Sustainability Assurance Services (SAS) Global GmbH (SAS Global) takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal regulations of the relevant data protection laws, in particular the European data protection basic regulation (GDPR) as well as this data protection explanation.
This privacy statement covers the use of SAS Global's digital services, including our social media profiles on PCs, smartphones, tablets and all other Internet-enabled mobile devices.
The digital services may contain links to other third party service provider websites that are not covered by this privacy statement.
1. Note on the data controller - Who is responsible for the collection of data?
The data controller for the processing of your personal data is
Sustainability Assurance Services Global GmbH
represented by the managing director Stefan Sipowicz
Langenhorner Chaussee 155
22415 Hamburg, Germany
If you have any questions about data protection with us, please write to us at the aforementioned postal address, with the addition "Data protection" or at the e-mail address provided.
2. Purposes and legal basis of data processing - What do we use your data for?
2.1 Data processing for the provision of contractual services
We process personal data in order to process the contractual relationships and to be able to submit contractual
offers tailored to requirements. The collection of the data takes place in particular for the conclusion and/or for the execution of a contract.
We collect with all forms obligatorily only those personal data, which are absolutely necessary for the completion of the contractual relations and/or for your information inquiry. This information is marked with an asterisk. The collection of data, which is not absolutely necessary, but in which we are interested in order to optimise the fulfillment of the purpose, is only optional. In this case you decide on a voluntary basis if and which data you want to give us.
For your order we may need your correct name, address and payment data. We ask for your e-mail address and telephone number so that we can communicate with you in the event of questions or problems regarding the service you have commissioned.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
We use so-called cookies on some of our websites, among other things to be able to offer you website-specific services, to recognize you when you visit our website again, and/or to adapt our offer to your personal preferences.
Cookies are small text files that are stored on a visitor's computer and contain data on the respective user in order to enable access to various functions. Both session cookies and persistent cookies are used on our website. A session cookie is temporarily stored on your computer as you navigate through the site. A session cookie is deleted as soon as you close your Internet browser or as soon as your session has expired after a certain period of time. A persistent cookie remains on your computer until it is deleted. The storage of a cookie ensures that you do not have to repeatedly enter your personal settings and preferences every time you visit our website. This saves you time and makes using our website more convenient for you.
The use of the aforementioned cookies is in the interest of a uniform presentation and functionality of our websites. The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.3 Data processing for applications
You can send us applications for jobs in our company via our websites and the contact data we have stored there. Insofar as personal data is transferred to us by you in this way or in any other way during applications, we process your data for the purpose of examining, processing and responding to your application and, if necessary, preparing the employment relationship.
The basis for data processing is Art. 6 Para. 2 GDPR, § 26 Para. 1 BDSG (new), which permits the processing of data for the purpose of deciding on the grounds, for the grounds and for the performance of employment relationships.
2.4 Data processing to protect legitimate interests
We also process your data if it is necessary to protect the legitimate interests of us or of third parties. This may be the case to guarantee IT security and IT operation; for support inquiries; in the event of legal disputes, to be able to understand and prove the facts of the cas.
The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing listed above.
2.5 Log files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address.
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.6 Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations). The basis for data processing is Art. 6 para. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.
3. Categories of receipt of personal data
Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data.
Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract.
[If applicable: In the case of cooperations in which we merely act as intermediaries, your personal data will only be passed on to the cooperation partner if this is necessary for the purpose of concluding the contract and processing the contract for the cooperation partner. Both the cooperation partner and we are obliged to observe the data protection regulations within the framework of the cooperation. This obligation shall continue to apply even after termination of the respective contract.]
Service providers who support us in providing our services to you are sales and marketing partners, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, hosting providers and e-mail service providers.
4. Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
5. Data Security
Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.
6. Rights of the persons concerned
You can request information about your personal data stored by us and under certain conditions request the correction or deletion of your data by contacting us via our contact data given above. You may also have the right to restrict the processing of your data and to have the data you provide disclosed in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. You may object to the processing of your data for direct marketing purposes. If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. You can also contact a data protection supervisory authority. The authority responsible for us is
Freie und Hansestadt Hamburg
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Prof. Dr. Johannes Caspar