Table of Contents



Information for processing customer / prospect / supplier data

KUMAVISION AG takes the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable statutory data protection requirements for the following purposes. Personal data in the sense of this data protection information is all information, which has a relation to your person.

Here's how we handle this data. For a better overview, we have divided our data protection information into chapters.

1 Responsible body and data protection officer

Responsible for the data processing is the:

Oberfischbach 3
88677 Markdorf (Lake Constance)

Tel.: + 49 7544 966-300
Fax: + 49 (7544) 966-101

Email: This email address is being protected from spam bots! To display JavaScript must be turned on.

If you have any questions or comments about privacy (such as information and updates of your personal information), you may also contact our Privacy Officer.

German Data Protection Law Office - Maximilian Musch

Richard-Wagner-Straße 2

88094 top rings

Tel.: + 49 7542 94921-02

Email: This email address is being protected from spam bots! To display JavaScript must be turned on.


2 processing frame

2.1 Source of data collection

We process personal data that we have collected directly from you.

As far as this is necessary for the provision of our services, we process from other companies or other third parties (eg credit bureaus, adress publishers) permissible received personal data. In addition, we process personal data that we have legitimately taken, obtained or acquired from publicly available sources (such as telephone directories, trade and association registers, registration registers, debtor directories, land registers, press, Internet and other media) and may process.


2.2 Origin and data categories of data that was not collected directly from you

To the extent necessary for the provision of our services, we process personally identifiable information obtained from other companies or other third parties. In addition, we process personal data that we have legitimately taken from public sources, press, Internet and other media), or have acquired and may process. Relevant personal data categories may be in particular:

  • Personal data (name, function in the company and comparable data)
  • Contact details (address, e-mail address, telephone numbers and comparable data)
  • Data about your use of the telemedien offered by us (eg time of calling our web pages, apps or newsletters, clicked pages / links from us or entries and comparable data)

2.3 Purposes and legal basis of the processed data

We process personal data in accordance with the provisions of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed upon. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and / or other information provided to you (eg as part of the use of our website or our terms and conditions).

Purposes for the performance of a contract or precontractual measures (Art. 6 para. 1 b DSGVO)

The processing of personal data takes place to carry out our contracts with you and the execution of your orders as well as to carry out measures and activities in the context of pre-contractual relationships, eg with interested parties. This essentially includes: contractual communication with you, the corresponding billing and related payment transactions, the verifiability of orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures to control and optimize business processes and to fulfill the general due diligence requirements Control and control by affiliates; statistical evaluations of corporate management, costing and controlling, reporting, internal and external communications, emergency management, billing and tax assessment of operating services, risk management, legal claims and defense of legal disputes; Ensuring IT security (including system and plausibility tests) and general security, ensuring and exercising home ownership (eg through access controls); Ensuring the integrity, authenticity and availability of data, preventing and resolving criminal offenses, and oversight by oversight bodies or control bodies (eg auditing).

Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f DSGVO)

In addition to the actual fulfillment of the contract or preliminary agreement, we process your data as necessary, if necessary, in order to safeguard the legitimate interests of us or third parties, in particular for purposes

  • advertising or market and opinion research, provided that you have not objected to the use of your data;
  • the review and optimization of requirements analysis procedures;
  • the further development of services and products as well as existing systems and processes;
  • the enrichment of our data, including through the use or research of publicly available data;
  • statistical evaluations or market analysis; of benchmarking;
  • the assertion of legal claims and defense in legal disputes that are not
  • directly attributable to the contractual relationship;
  • the restricted storage of the data, if a deletion is not possible or only with disproportionately high costs because of the special nature of the storage;
  • the prevention and investigation of criminal offenses, if not exclusively for the fulfillment of legal requirements;
  • the building and plant safety (eg by access control), as far as the general due diligence requirements;
  • internal and external investigations and security checks; of the possible listening or
  • the preservation and maintenance of certifications of a private or regulatory nature;
  • ensuring and exercising the rights of the home through appropriate measures (such as video surveillance), as well as to secure evidence of crime and its prevention.

Purposes within the scope of your consent (Art. 6 Abs 1a DSGVO)

Processing of your personal data for specific purposes (eg use of your e-mail address for marketing purposes) may also be based on your consent. As a rule, you can revoke these at any time. This also applies to the revocation of declarations of consent prior to the application of the GDPR, ie before the 25. May 2018, have been granted to us. You will be informed separately about the purposes and consequences of a withdrawal or non-grant of consent in the relevant text of the consent. In principle, the revocation of consent only works for the future. Processing that occurred before the revocation is unaffected and remains legal.

Purposes for the fulfillment of legal requirements (Art. 6 Abs. 1 c DSGVO) or in the public interest (Art. 6 Abs. 1 e DSGVO)

Like everyone involved in business, we too are subject to a variety of legal obligations. These are primarily legal requirements (eg commercial and tax laws), but also, if applicable, regulatory or other regulatory requirements. The purposes of processing may include the fulfillment of tax control and reporting obligations, as well as the archiving of data for privacy and data security purposes, as well as audits by tax and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for the purposes of collecting, prosecuting or enforcing civil claims.

Scope of your duties to provide us with data

You only need to provide the information necessary to enter into a business relationship or enter into a pre-contractual relationship with us or we are required to collect it by law. Without this data we will generally not be able to conclude or execute the contract. This may also apply to data required later in the business relationship. If we also request data from you, you will be made aware of the voluntary nature of the information separately.

Existence of automated decision-making in an individual case (including profiling)

We do not use purely automated decision-making procedures in accordance with Article 22 DSGVO. Insofar as we should use such a procedure in individual cases in the future, we will inform you separately if this is required by law. We may process your information partially with the aim of evaluating certain personal aspects (profiling).

In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable needs-based product design, communication and advertising, including market and opinion research. Data on nationality as well as special categories of personal data according to Art. 9 DSGVO are not processed.

2.4 Consequences of not providing data

In the context of the relationship, you must provide the personal information necessary to establish, conduct and terminate the transaction and to perform the related contractual obligations or we are required to collect it by law. Without this data, we will not be able to conduct the transaction with you.

2.5 Recipients of the data within the EU

Within our company, those internal bodies or organizational units receive their data which they need to fulfill our contractual and legal obligations or in the processing and implementation of our legitimate interests.

A transfer of your data to external agencies is exclusively

  • in connection with the execution of the contract;
  • for the purpose of fulfilling legal requirements according to which we are obliged to provide information, notification or disclosure of data or the disclosure of data is in the public interest (see Section 2.4);

if external service providers process data on our behalf as a processor or subcontractor (eg data centers, support / maintenance of EDP / IT applications, archiving, document processing, call center services, compliance services, controlling, data validation or plausibility check, data destruction, purchasing / procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);

  • on the basis of our legitimate interest or the legitimate interest of the third party in the context of the stated purposes (eg to public authorities, credit bureaus, debt collection agencies, lawyers, courts, appraisers, subsidiaries and bodies and supervisory bodies);
  • if you have given us consent for transmission to third parties.

In addition, we will not share your data with third parties. Insofar as we commission service providers within the scope of order processing, your data will be subject to the same security standards as ours. In other cases, the recipients may only use the data for the purposes for which they were transmitted to them.

2.6 Recipients of the data outside the EU

A transfer of data to offices in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries), if it is necessary for the execution of an order / contract by or with you, it is required by law ( For example, tax reporting obligations), it is within the scope of a legitimate interest of us or a third party or you have given us consent.

The processing of your data in a third country can also take place in connection with the involvement of service providers in order processing. Unless there is a decision by the EU Commission regarding an appropriate level of data protection for the country in question, we ensure that the rights and freedoms are adequately protected and guaranteed under corresponding EU treaties. Corresponding detailed information is available on request. Information on the appropriate or reasonable guarantees and the possibility of obtaining a copy thereof may be obtained from the Data Protection Officer on request.

2.7 Storage periods

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various storage and documentation obligations, which result inter alia from the Commercial Code (HGB) and the Tax Code (AO). The deadlines for storage and / or documentation specified therein are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship at the end of the calendar year.

Furthermore, specific legal regulations may require a longer retention period, such as the preservation of evidence under the statutory limitation provisions. According to §§ 195 ff. Of the German Civil Code (Bürgerliches Gesetzbuch, BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data is no longer required for the fulfillment of contractual or legal obligations and rights, these are regularly deleted, unless their - limited - further processing is required to fulfill the purposes of a predominantly legitimate interest. Such an overriding legitimate interest exists, for example, even if a deletion because of the special nature of the storage is not or only with disproportionate effort possible and processing for other purposes by appropriate technical and organizational measures is excluded.

2.8 your rights

Under certain conditions, you can assert your privacy rights with us.

  • So you have the right to receive information from us about your stored data according to the rules of Art. 15 DSGVO (possibly with restrictions according to § 34 BDSG).
  • Upon your request, we will correct the data stored about you according to Art. 16 DSGVO, if these are incorrect or incorrect.
  • If you wish, we will erase your data according to the principles of Art. 17 DSGVO, provided that other legal regulations (eg statutory retention requirements or the restrictions under § 35 BDSG) or a predominant interest on our part (eg to defend our rights and obligations) Claims) do not oppose.
  • Taking into account the requirements of Art. 18 DSGVO, you may require us to restrict the processing of your data.
  • Furthermore, you may object to the processing of your data in accordance with Art. 21 DSGVO, which requires us to stop processing your data. However, this right to objection only applies in the case of very special circumstances of your personal situation, whereby rights of our company may conflict with your right of objection.
  • You also have the right to receive your data under the conditions of Art. 20 DSGVO in a structured, common and machine-readable format or to transmit it to a third party.
  • In addition, you have the right to withdraw your consent to the processing of personal data at any time with regard to us with future effect (see point 2.3).
  • Furthermore, you have a right of appeal to a data protection supervisory authority (Art. 77 DSGVO). However, we recommend that you first make a complaint to our data protection officer.
  • Your requests for the exercise of your rights should, if possible, be addressed in writing or by e-mail to the address indicated above or directly in writing or by e-mail to our data protection officer.

Special reference to your right of objection according to Art. 21 DSGVO

You have the right to object at any time to the processing of your data, which takes place on the basis of Art. 6 para. 1 f DSGVO (data processing based on a balance of interests) or Art. 6 para. 1 e DSGVO (Data Processing in the Public Interest) if there are reasons for this arising from your particular situation.

This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

If necessary, we also process your personal data in order to operate direct mail. If you do not want to receive advertising, you have the right to object to it at any time; this also applies to profiling insofar as it is associated with such direct mail. We will consider this contradiction for the future. We will no longer process your data for direct marketing purposes if you object to the processing for these purposes.

The objection can be form-free and should be addressed as far as possible

Oberfischbach 3
88677 Markdorf (Lake Constance)

Tel.: + 49 7544 966-300
Fax: + 49 (7544) 966-101
Email: This email address is being protected from spam bots! To display JavaScript must be turned on.

 You also have the option to lodge a complaint with the above-mentioned data protection officer or with a data protection supervisory authority.

Country Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Lautenschlagerstrasse 20, 70173 Stuttgart
Postbox 10 29 32, 70025 Stuttgart
Phone: 0711 / 615541-0
Fax: 0711 / 615541-15
Email: This email address is being protected from spam bots! To display JavaScript must be turned on.


Information about the processing of applicant data

We are pleased that you are interested in us and have applied or applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with the application.

Who is responsible for data processing?

Oberfischbach 3
88677 Markdorf
Telephone (general): 07544 966-403
Fax (general): 07544 966-101
Email address (general): This email address is being protected from spam bots! To display JavaScript must be turned on.

You will find more information about our company, information on the persons authorized to represent and also further contact options in our imprint of our website:

Which data from you are processed by us? And for what purposes?

We process the information you have provided to us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our companies) and to carry out the application process.

On what legal basis is that based?

The legal basis for the processing of your personal data in this application process is primarily § 26 BDSG in the version valid as of 25.05.2018. Thereafter, the processing of the data required in connection with the decision to establish an employment relationship is permitted.

If the data may be required for the prosecution after completing the application process, data processing based on the requirements of Art. 6 DSGVO, in particular for the exercise of legitimate interests under Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion or defense against claims.

How long is the data stored?

Applicants' data will be deleted in case of cancellation after 6 months.

In the event that you have consented to the further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.

If you have been awarded the contract as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

To which recipients will the data be passed on?

We use a specialized software provider for the application process. This person acts as a service provider for us and may also be aware of your personal data in connection with the maintenance and care of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing takes place in a permissible manner.

Your application data will be viewed by the Human Resources department upon receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. Then the further procedure is tuned. In principle, only those persons in the company have access to your data, who need this for the proper execution of our application process.

Where is the data processed?

The data are processed exclusively in data centers of the Federal Republic of Germany.

Your rights as "concerned"

You have the right to information about the personal data we process about you.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then ask for proof from you proving that you are the person for whom you are claiming to be.

You also have the right to correct or delete or limit processing to the extent that you are legally entitled to do so.

Furthermore, you have a right to object to the processing within the scope of the legal requirements. The same applies to a right to data portability.

The revocation must be sent by post to the human resources department or by e-mail to: This email address is being protected from spam bots! To display JavaScript must be turned on. to judge.

Our data protection officer

We have named a data protection officer in our company. You can reach him under the following contact options:

Maximilian Musch
German data protection law firm
Phone: + 49 7542 94 921-02
Email: This email address is being protected from spam bots! To display JavaScript must be turned on.

Right of appeal

You have the right to complain to us about the processing of personal data by us with the competent supervisory authority for data protection.


Legal information on the processing of special categories of personal data

Information for data controllers (especially when processing special categories of personal data)

Customers who use the software products available here as data controllers within the meaning of data protection law should observe the Microsoft data protection provisions as well as any necessary agreements with Microsoft on commissioned processing, as listed below, especially if they have an operating agreement (cloud, SaaS) with Microsoft and are licensees of the respective Microsoft products, especially in connection with the processing of special categories of personal data within the meaning of Article 9 of the Data Protection Regulation:

Service Trust Portal home page (

Licensing Documents (

Data Protection in the Trusted Cloud | Microsoft Azure

General Data Protection Regulation, Overview of the DSGVO (

Privacy with Microsoft Privacy Principles (

Strong Data Integrity in the Cloud | Microsoft Trust Center

Simple Compliance in the Cloud (

Documentation on Azure Compliance | Microsoft Learn

In this respect, KUMAVISION cannot assume any responsibility under data protection law. Please also note that Microsoft does not act as a sub-processor of KUMAVISION AG, but is the direct processor of the respective customer (data controller).