Search Search
Ask for Support Support
Data Protection verinice.cloud

Privacy Policy for the Use of verinice.cloud

The protection of your personal data is very important to us. We process your data exclusively in accordance with applicable data protection laws, particularly the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This information explains which personal data is processed when using the web-based software verinice.cloud, for what purposes, and what rights you have in this context.

Responsible Entity

SerNet Service Network GmbH
Bahnhofsallee 1b
37081 Göttingen
Germany

Data Processing When Using the Software

When using verinice.cloud, we process personal data for the technical provision, administration, and use of the web-based software. This includes, in particular, the creation and management of user accounts and access within the platform.

Customer Relationship Data

The personal data processed in the user and customer management of the application includes: first and last name; username; job titles; and contact information.

Data Within the Application

The verinice.cloud application allows users to enter and process arbitrary data, including personal data. This data processing occurs outside of our direct control.

Hosting Data

Includes IP addresses and timestamps of usage.

Purpose of Processing

The processing is necessary to enable your organization to use verinice.cloud. Our software is an integrated IT tool that helps organizations meet legal and regulatory requirements in the areas of information security, data protection, and other norms and laws.

Meeting these requirements is not only a legal obligation for many organizations but also practically necessary to demonstrate adequate data protection and IT security levels. Without the processing of personal data for user management—such as account setup, role assignment, and access logging—verinice.cloud cannot provide these functionalities.

Legal Bases for Processing

Art. 6 (1) (b) GDPR (Contractual Obligation):

Use of verinice.cloud is based on a contractual relationship between us and our customers. Setting up and managing user accounts is a necessary part of delivering the agreed-upon service. Without this processing, the software cannot be used.

Art. 6 (1) (f) GDPR (Legitimate Interest):

We also have a legitimate interest in providing our customers with a functional, secure, and compliant tool. Our customers expect a professional system that integrates data protection and information security. Processing personal data for account management is indispensable for this.

Another key aspect of our legitimate interest lies in the long-term support of our customers, especially in emergency situations. This ensures rapid and competent problem-solving without the need for additional onboarding, thereby maintaining system availability and security at all times.

Data Processors

We use external hosting providers for the technical provision and secure operation of verinice.cloud. These providers process personal data exclusively on our behalf and according to our instructions under a contractual data processing agreement in accordance with Art. 28 GDPR.

Our hosting partners:

  • Hostserver GmbH, Biegenstraße 20, 35037 Marburg, Germany
  • SysEleven GmbH, Boxhagener Straße 80, 10245 Berlin, Germany

Both companies provide the necessary infrastructure and ensure that data is processed in compliance with data protection regulations within data centers located in Germany. Personal data is not transferred to third countries.

We have legally compliant data processing agreements with both service providers, particularly covering compliance with data protection laws, confidentiality, processing security, and support for data subjects' rights.

Your Data Subject Rights

Please note: We only technically process the data you enter and manage within verinice.cloud under the data processing agreement. This data is outside our direct access. Accordingly, we can only support you in exercising your rights regarding this data as stipulated in the agreement.

a) Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and access to such data.

b) Right to Rectification (Art. 16 GDPR)
You have the right to have inaccurate or incomplete personal data corrected.

c) Right to Erasure (Art. 17 GDPR)
You have the right to have your personal data erased without undue delay if:

  • it is no longer needed;
  • you object to processing and there are no overriding legitimate interests;
  • data is unlawfully processed;
  • erasure is required to comply with a legal obligation;
  • consent is withdrawn.

Accounting data is deleted after 10 years. Other personal data is deleted no later than 20 years after the end of the contractual or usage relationship, unless legal obligations require otherwise. Data may also be deleted earlier upon request, provided no legal or contractual obligations prevent this.

d) Right to Restrict Processing (Art. 18 GDPR)
You may restrict processing:

  • if you contest the accuracy of the data (while we verify it);
  • if processing is unlawful;
  • if we no longer need the data, but you require it for legal claims;
  • if you object and the balancing of interests is pending.

e) Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

f) Right to Withdraw Consent (Art. 7 (3) GDPR)
If processing is based on your consent, you may withdraw it at any time with future effect.

g) Right to Object (Art. 21 GDPR)

  • General objection: You may object to processing based on our legitimate interests if reasons arise from your particular situation.
  • Objection to direct marketing: You have the right to object to the use of your personal data for direct marketing purposes at any time.

You can object at any time without formality using the contact details provided above.

h) How to Exercise Your Rights
You may exercise your rights by emailing us, or by contacting us by post, phone, or in person.

i) Right to Lodge a Complaint
You also have the right to lodge a complaint with a supervisory authority, especially the one responsible for us:

The State Commissioner for Data Protection Lower Saxony
Prinzenstraße 5
30159 Hannover
Phone: +49 511 1204500
Fax: +49 511 1204599
Email: poststelle@lfd.niedersachsen.de

Contact us
Contact
Contact
We are right here!

Our sales team is happy to help you with any questions about SerNet products and services - personally and individually tailored to your needs.

You can call us directly at  +49 551 370000-0
or send email to sales@remove-this.sernet.de.

SerNet sales team
The SerNet sales team: Christian Börker, Alina Schnur, Nadine Dreymann, Vinisha Rajakumar, Willem Rothe
Contact us about…
linke Spalte
rechte Spalte
captcha
* Mandatory fields