Privacy notice

customers, prospective customers, partners, suppliers and service providers of gridX GmbH

The following privacy notice is to be provided pursuant to Art. 13 GDPR where personal data is collected from our customers, prospective customers, partners, suppliers and service providers regarding our business relationship.

I. Controller

The controller pursuant to Art. 4 no. 7 GDPR is:

gridX GmbH

Dennewartstraße 25

52068 Aachen

Deutschland

+49 241 312 597 10

info@gridx.ai

II. Data Protection Officer

The Data Protection Officer of gridX GmbH is:

DataCo GmbH

Dachauer Str. 65

80335 Munich

Germany

+49 89 7400 45840

datenschutz@dataguard.de

III. Purposes and legal basis for the processing

1. Handling of inquiries, preparation of offers and performance of supplier or service provider relationships

If you are interested in our offered goods and services (e.g. our cloud-based XENON-platform and related
training, consulting, technical support, licenses etc.) or where to perform the supplier or service provider
relationship, we process and store the following data for the administration:

  • Title 
  • Name, first name
  • Company/organization and possibly department within the company
  • Position in the company
  • Business address
  • Business phone numbers
  • Business fax number
  • Business email address
  • Individual message
  • Product interest
  • Conversation notes from sales and customer support calls and live chat sessions, if applicable.

Where the subject is related to pre-contractual measures or measures to perform a contract the legal basis for such processing is Art. 6 (1) lit. b GDPR. The provision of such personal data is required, otherwise the contract cannot be performed or even concluded.

Despite, the legal basis for the processing can be our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interest assessment was carried out and came to the conclusion that the processing of your data is necessary to answer your inquiry and if necessary, for further pre-contractual measures and that our interest outweighs your interests or fundamental rights and freedoms to protect your data.

2. Implementation and execution of contracts

In order to implement and perform an existing contractual relationship, in particular to provide services owed(e.g. provision of our cloud-based XENON-platform and associated execution of services such as support, consulting and training) and to send you contractual documents or where to implement and to execute contracts with suppliers or service providers, we and any third parties or processors commissioned by us process the following data from you, insofar as you have provided us with this when concluding the contract orin the course of the contractual relationship:

  • Contact details of contact persons and, if applicable, other employees in the company of the business customer 
  • Title 
  • Name, first name 
  • Company/organization and possibly department within the company 
  • Position in the company 
  • Business address 
  • Business phone numbers 
  • Business fax number 
  • Business email address 
  • Further information that is required to process in the context of a project or the handling of a contractual relationship with gridX GmbH or which is provided voluntarily by our contact persons 
  •           - Orders placed (especially products and services ordered) 
  •            - Transacted inquiries 
  •            - Project details 
  •            - Conversation notes from sales and customer support calls and live chat sessions, if applicable. 
  • Information collected from publicly available sources, information databases, or credit reporting agencies 

For invoicing, monitoring and collection of trade receivables, we process contact details of accounting contacts and other persons entrusted with these processing operations. If you make use of the offer of our trainings and courses and register for them (e.g. online via our website or by e-mail), we process the following data for the planning and execution of the trainings and, if applicable, for the creation and sending of personalized certificates of participation: 

  • Personal data of the training participants 

           - Name, first name 

           - Company/organization and possibly department within the company 

           - Email address 

            - Address 

  • Personal details of the payer 

           - Name, first name 

          - Company/organization and possibly department within the company 

          - Field of activity o Company address 

           - Phone number 

  • Other information such as: Course date, duration, location, price, date of registration/time stamp. 

The training participants are usually employees of our customers and prospective customers. 

We also use online video conferencing systems of the respective customer or alternatively our own system for various services, e.g. for technical support or for conducting training/education for customers. The activation of video transmission is the responsibility of the respective participant and is not linked to any advantages or disadvantages in the provision of the service. A recording of the video conferences by us shall only be made upon request and in consultation with all participants. If, in exceptional cases, recording by us is necessary, consent will be obtained from the participants in accordance with Art. 6 (1) lit. a in conjunction with Art. 7 GDPR.

The legal basis for the processing of your data in regard to the above mentioned purposes is Art. 6 (1) lit. bGDPR. The provision of such personal data is required, otherwise the contract cannot be performed or even concluded.

3. Marketing activities

In the case of an advertising approach, we will only contact you via the communication channels to which you have consented, subject to mailing. For this purpose, we use your data for the following purposes:

  • Quality assurance: In order to continuously improve our performance, our products and our services for you, we conduct surveys on your satisfaction, as well as your experiences from your contractual relationship.
  • E-mail advertising using newsletter
  • Invitations to specific events
  • Communication regarding downloaded whitepapers 

The legal basis for the processing is generally Article 6 (1) lit. a GDPR. Pursuant to Article 7 (3) GDPR, you can always withdraw your consent with effect for the future by sending an e-mail to info@gridx.ai

Without separate consent, the legal basis may also be our legitimate interest for the purpose of direct advertising (in accordance with Article 6 (1) lit. f GDPR in conjunction with Article 95 GDPR, Section 7 (3) German Act against Unfair Competition) provided that your fundamental rights and freedoms do not conflict. In accordance with Art. 21 GDPR, you can always object to data processing on the basis of our legitimate interests with effect for the future by contacting the e-mail address info@gridx.ai.

4. Usage of the XENON Platform

If you are using the XENON-Platform the following categories of personal data will be processed by gridX GmbH to provide you with the linked services and to monitor, administer and improve the XENON-Platform:

  • Title
  • Name, first name
  • Company/organization and possibly department within the company
  • Position in the company
  • Business address
  • Business phone numbers
  • Business fax number
  • Business email address
  • Individual message
  • Usage data
  • Electricity usage data
  • Network data
  • Communications data

Where the subject is related to pre-contractual measures or measures to perform a contract the legal basis for such processing is Art. 6 (1) lit. b GDPR. The provision of such personal data is required, otherwise the contract cannot be performed or even concluded.

Additionally, the legal basis for the processing can be our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interest assessment was carried out and came to the conclusion that our interest outweighs your interests or fundamental rights and freedoms to protect your data. In accordance with Art. 21 GDPR, you can always object to data processing on the basis of our legitimate interests with effect for the future by contacting the e-mail address info@gridx.ai.

IV. Automated individual decision-making

Automated individual decision-making including profiling according to Art. 22 (1) and (4) GDPR does not take place on the part of gridX GmbH.

V. Recipients

In order to process personal data for the purposes mentioned here, we use the following categories of recipients as processors pursuant to Art. 28 GDPR:

  • Service provider for hosting and operation of the online video conferencing system and the software for remote maintenance for technical customer support
  • Service provider for hosting servers for the provision of web-based services
  • Service provider for operation of e-mail servers
  • Cloud Provider for hosting the XENON Platform
  • Software service provider, e.g. for CRM systems

Other recipients who are not processors:

  • Service provider for hosting and operation of the online video conferencing system and the software for remote maintenance for technical customer support
  • Financial institutions and providers of payment services for settlements as well as processing of payments
  • Lawyers for the defense and enforcement of claims
  • Tax consultant for financial accounting and preparation of balance sheets
  • Debt collection service providers and competent courts in order to collect receivables and enforce claims in court. If personal data (customer and contact data, payment data and data on the claim) is transferred to a debt collection service provider in the event of collection, we will inform you in advance of the intended transfer.

In addition, we will only disclose your personal data to third parties if you have given your express priorconsent. You have the right to withdraw your consent at any time with effect for the future.

Your data will also be passed on if we are legally obliged to do so.

VI. Data transfer to a third country

Data transfers to countries outside the EU and the European Economic Area ("Third Countries") arise, for example, in the context of the administration, development and operation of IT systems and in the context of marketing activities, customer success management and other administrative activities. The transfer takes place for example on the basis of:

Currently, data transfers to countries outside the EU and the European Economic Area ("third countries") take place in the following cases: by using third-party providers (see above), personal data is transferred to theUnited States of America ("USA"). The USA does not have an adequacy decision from the EU Commission. For this reason, the personal data transferred are exposed to certain risks, which lie in the fact that the level of data protection in the USA does not correspond to that of the EU and, for example, authorities in the USA can gain access to the personal data transferred.

VII. Data sources

We process personal data that we have received from prospective customers and customers in the course of our business relationships.

Insofar as it is necessary for the provision of our service, we process personal data that we permissibly obtain from publicly accessible sources (debtor directories, land registers, commercial and association registers, press, Internet) or that we are legitimately provided with by other third parties (a credit agency or an address service provider).

VIII. Retention periods and criteria applicable to determine that period

Personal data will only be stored as long as necessary to fulfill the purposes mentioned here or as required by the retention periods specified by law.

We delete data from inquiries about our products and services in accordance with the statutory retention obligations, which arise primarily from commercial and tax law (in particular §§ 147 AO and 257 HGB).

We store your data for the period of the existing contract and after termination of the contract with you for a period until receipt of the tax assessment notice for the year in which the contract was terminated. In the event that the notice is not final, the data will be stored until the completion of the complete company audit. In addition, we store your data for the duration of the settlement of legal disputes and the assertion, exercise or defense of legal claims. If there are statutory retention periods, we are obliged to store the data until these periods expire. After expiry of the statutory retention periods, which result primarily from commercial and tax law (in particular §§ 147 AO and 257 HGB), we delete this data again.

We store your data for advertising purposes until you object to its use, you withdraw your consent or the use is no longer permitted by law. We store your other data for as long as we need it to fulfill the specific purpose(e.g. to fulfill or process a contract) and delete it after the purpose no longer exists.

IX. Data subjects’ rights

You have the right to request from us access to personal data (Art. 15 GDPR) and the rectification of inaccurate personal data (Art. 16 GDPR). Furthermore, you have the right to obtain the erasure of personal data (Art. 17GDPR) concerning your person, the right to restriction of processing (Art. 18 GDPR) and the right to receive (Art.20 GDPR) the personal data provided to us by you, in a structured, commonly used and machine-readable format.

In addition, you have the right to object at any time to the use of your data based on public or legitimate interests (Art. 21 GDPR).

Where the processing is based on your given consent you can withdraw the consent (Art. 7 Sec. 3 GDPR) at anytime. Upon receipt of your withdrawal of consent, we will no longer use or process the data concerned for purposes mentioned in your consent.

If you wish to exercise your data subject rights, please send your request by e-mail to info@gridx.ai or by mailto the address mentioned under I.

Furthermore you have the right to lodge a complaint with a supervisory authority:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Postal code 20 04 44, 40102 Duesseldorf

Kavalleriestraße 2-4, 40213 Duesseldorf

Tel.: 0211/384 24 – 0

Fax: 0211/384 24 – 105

E-Mail: poststelle@ldi.nrw.de

Internet: www.ldi.nrw.de

is generally responsible for us.

Alternatively, you can approach the supervisory authority that is locally responsible for you.