Controllers and contact information
Controllers
CREALOGIX AG
Maneggstrasse 17
8041 Zürich
Schweiz
Tel: +41-58-404 80 00
E-Mail: solutions@crealogix.com
The controller in Germany is as follows, depending on the service:
CREALOGIX (Deutschland) GmbH
Breitscheidstrasse 10
70174 Stuttgart
Deutschland
Tel: +49-711-614 160
E-Mail: contact-de@crealogix.com
CREALOGIX BaaS GmbH & Co. KG
Am Hofbräuhaus 1
96450 Coburg
Deutschland
Tel: +49-956-155 430
E-Mail: contact-de@crealogix.com
CREALOGIX (Austria) GmbH
c/o Regus
Ausstellungsstrasse 50/C 2nd floor
1020 Vienna
Tel: +43-1-377 12 12
E-Mail: contact-at@crealogix.com
CREALOGIX MBA Limited
21-22 Staple Gardens
Winchester SO23 8SR
United Kingdom
Tel: +44-1962 841 494
E-Mail: contact-uk@crealogix.com
CREALOGIX PTE. Ltd.
5 Shenton Way
Level 10-01 UIC Building
Singapore 068808
Singapore
Tel: +65-693-2 28 04
E-Mail: contact-apac@crealogix.com
Innofis ESGM, S.L.
Balmes 150
08008 Barcelona
Spain
Tel: +34-936 671855
E-Mail: contact-es@crealogix.com
CREALOGIX ME. S.L.
Balmes 150
08008 Barcelona
Spain
Tel: +34-936 671855
E-Mail: contact-es@crealogix.com
Saudi Crealogix Single Partner LLC
Al Tawuniya Tower (South Tower)
Level 16
King Fahad Road
Riyadh
Kingdom of Saudi Arabia
Tel: +34-936 671855
E-Mail: contact-middle-east@crealogix.com
Data protection officers
Multiple data protection officers have been appointed for our group of companies.
For CREALOGIX (Deutschland) GmbH:
dsb-clx@ensecur.de, datenschutz@crealogix.com
For CREALOGIX BaaS GmbH & Co.KG:
datenschutz@dz-cp.de, datenschutz@crealogix.com
For all other CREALOGIX companies:
datenschutz@crealogix.com
Obligations to provide information for contact persons of prospective customers or customers
Purpose and legal bases for data processing
- Customer acquisition and customer care (point (f) of Article 6(1) GDPR*)
- Handling and processing inquiries from prospective customers (point (f) of Article 6(1) GDPR*)
- Checks of sanction lists (point (c) of Article 6(1) GDPR in conjunction with Council Regulation (EC) No 2580/2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism and Council Regulation (EC) No 881/2002 imposing certain specific restrictive measures directed against certain persons and entities associated with Usama bin Laden, the Al-Qaida network and the Taliban)
- Preparing offers for prospective customers (point (f) of Article 6(1) GDPR*)
- Entering into and performing purchase agreements (point (f) of Article 6(1) GDPR*)
- Complying with legal obligations (point (c) of Article 6(1) GDPR)
- Supporting operational processes through service providers (Article 28 GDPR)
- Order processing and delivery (point (f) of Article 6(1) GDPR*)
- Processing complaints (point (c) of Article 6(1) GDPR)
Interests of the controller in case of weighing of interests*
- Asserting legal claims and defense in case of legal disputes
- Ensuring system and/or IT security and the company's IT operations
- Preventing criminal acts
- Acquiring new customers and maintaining business relations
- Measures to manage the business and further develop services and products
Recipients or categories of recipients of the personal data
Relevant departments, government agencies, banks, auditors, software producers, support service providers, hosting service providers, payment service providers, affiliated companies
Transfer to third countries
Transfers to third countries take place only in accordance with the standard contractual clauses and additional measures pursuant to point (c) of Article 46(2) GDPR or to countries for which an adequacy decision has been issued.
Duration of storage according to statutory storage obligations
Personal data are typically erased within ten years after the termination of the contractual relationship or earlier if a prospective customer does not become a customer. Beyond that, we erase the data if a data subject objects, provided that there are no overriding legitimate interests on our part that conflict with doing so.
Right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object
As a data subject, you have the right of access, right to rectification, and right to erasure of your data and to restriction of processing and a right of data portability at any time. To exercise your rights, please contact the controller using the contact details provided.
Right to object
Where your data are processed to safeguard legitimate interests, you have the right to object, on grounds relating to your particular situation, at any time to this processing by contacting us using the contact details provided. We will then terminate this processing unless it serves overriding legitimate interests on our part.
Right to lodge a complaint
As a data subject, you can lodge a complaint with the competent supervisory authority at any time.
Existence of a requirement to provide personal data
The data collected are necessary in order to process inquiries from prospective customers, prepare offers, enter into purchase agreements, and/or conduct business operations. Failure to provide these data may render it impossible to commence, execute, and terminate the contractual relationship.
Obligations to provide information for contact persons of partners, service providers, suppliers, other persons and entities
Purpose and legal bases for data processing
- Purchasing and handling of support services to fulfill business purposes (point (f) of Article 6(1) GDPR*)
- Complying with legal obligations (point (c) of Article 6(1) GDPR)
- Provision of informational materials (point (f) of Article 6(1) GDPR*)
Interests of the controller in case of weighing of interests*
- Implementing orders or purchases
- Asserting legal claims and defense in case of legal disputes
- Ensuring system and/or IT security and the company's IT operations
- Preventing criminal acts
- Measures to manage the business and further develop services and products
Recipients or categories of recipients of the personal data
Relevant departments, government agencies, banks, auditors, payment service providers, affiliated companies
Transfer to third countries
Transfers to third countries take place only in accordance with the standard contractual clauses and additional measures pursuant to point (c) of Article 46(2) GDPR or to countries for which an adequacy decision has been issued.
Duration of storage according to statutory storage obligations
The personal data are typically erased within ten years after the termination of the contractual relationship unless a longer statutory storage period applies in an isolated case or, in the event that a data subject objects, provided that there are no overriding legitimate interests on our part that conflict with doing so. In the case of offers not followed by placement of an order, erasure takes place as soon as the offer is no longer needed unless statutory storage periods conflict with the erasure thereof.
Right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object
As a data subject, you have the right of access, right to rectification, and right to erasure of your data and to restriction of processing and a right of data portability at any time. To exercise your rights, please contact the controller using the contact details provided.
Right to object
Where your data are processed to safeguard legitimate interests, you have the right to object, on grounds relating to your particular situation, at any time to this processing by contacting us using the contact details provided. We will then terminate this processing unless it serves overriding legitimate interests on our part.
Right to lodge a complaint
As a data subject, you can lodge a complaint with the competent supervisory authority at any time.
Existence of a requirement to provide personal data
The data collected are necessary in order to enter into and execute the purchase or order. If the necessary data are not provided, it may be impossible to commence, execute or terminate the contractual relationship.
