I. General

The protection of personal data is of particular importance to Craftview Software GmbH. Therefore, Craftview Software GmbH processes personal data only in compliance with the applicable legal provisions and ensures the observance of data protection regulations through technical and organizational measures.
The following information provides an overview of the handling of data and the rights of data subjects that arise from May 25, 2018, under the European General Data Protection Regulation (GDPR).

Information pursuant to Art. 13 (data collection directly from the data subject) and Art. 14 (data collection from third parties) of the General Data Protection Regulation (GDPR).

In connection with the provision of our services as well as within the scope of the employment relationships required for this purpose, personal data is collected. Please note the following data protection information:

1. Information on the responsible entity:
The entity responsible for data collection is:

Craftview Software GmbH
Mainzer Landstr.178-190, D-60327 Frankfurt a. Main, Germany
Phone: 02823-4256 – 0 Fax: 02823-4256 – 999
E-Mail:
Internet address: www.craftview.de
Managing Director: Dr. André Rasquin

2. Information on the Data Protection Officer:
You can reach our external Data Protection Officer at:

External Data Protection Officer Benjamin Spallek
Creditreform Compliance Services GmbH
Hammfelddamm 13, D – 41460 Neuss
Tel.: 02131 / 1091072
E-Mail:

3. Information on the supervisory authority
The competent supervisory authority for data protection is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4, 40213 Düsseldorf
Phone: 0221 / 38424-0
Fax: 0211 / 38424-10
E-Mail:

4. Purposes and legal bases of processing

Legal bases for the processing of data are:

  • Processing for the performance of contracts concluded with Craftview Software GmbH pursuant to Art. 6 (1) lit. b GDPR
    Where personal data is collected and processed for the execution of pre-contractual measures or on the basis of a contract, such data will be used for the conclusion of the contract, the execution of the contractual relationship, and, where applicable, its termination. This also includes data processing within the framework of employment relationships pursuant to § 26 BDSG.
  • Processing to safeguard legitimate interests pursuant to Art. 6 (1) lit. f GDPR
    Data may be processed to safeguard the legitimate business interests of Craftview Software GmbH or, if applicable, of third parties. This may be required, for example, to ensure IT security and IT operations, to update customer and business partner address data, to prevent and investigate criminal offenses/administrative offenses, to protect property rights, to provide our customers with post-contractual services, or for the purpose of direct marketing to our own customers if further requirements are met.
  • Processing based on consent pursuant to Art. 6 (1) lit. a GDPR
    If the data subject has given Craftview Software GmbH consent for data processing for specific purposes, such personal data may be lawfully used to the extent of that consent.
  • Processing to fulfill legal obligations pursuant to Art. 6 (1) lit. c GDPR
    Data processing may also be necessary to comply with legal obligations, in particular retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO).
  • Where we process special categories of personal data, the legal basis for this is Art. 9 (2) and (4) GDPR in conjunction with § 22 BDSG, if applicable.

5. Categories of data we collect from third parties
We process the following categories of personal data received from third parties:

  • Contact details of prospects (name, address, e-mail, telephone)
  • Credit information

6. Sources (third parties) from which personal data is obtained
Craftview Software GmbH processes personal data if such data has been provided or transmitted by the data subjects themselves (e.g., customers, employees) or, if applicable, by third parties.
If Craftview Software GmbH receives personal data from third parties, these are in particular the following entities:

  • Credit agencies
  • Commercial agents (specialist trade partners)
  • Business partners within the scope of fulfilling contractual services

7. Recipients or categories of recipients of personal data
Within Craftview Software GmbH, those persons who need access to personal data for the respective lawful fulfillment of tasks receive such access. Where external service providers are commissioned to this end and receive personal data, we ensure that appropriate technical and organizational measures are carried out and necessary agreements concluded, so that processing is in line with applicable data protection regulations and ensures the protection of the rights of the data subject.

We may transfer personal data to:

  • External service providers (IT service providers, payroll service providers)
  • Business partners where data transfer is required to fulfill tasks and/or provide our services (e.g., payment service providers/banks, postal/parcel services, event partners)
  • Collection agencies to recover claims
  • Authorities and institutions within the framework of updates or to fulfill statutory notification obligations (e.g., social insurance institutions, tax authorities, police and public prosecutors, supervisory authorities, vehicle licensing authorities)
  • Other third parties, to whom the data subject has given consent for data transfer or where there is a legal basis for transfer (e.g., lawyers, insolvency administrators)

For the area of employee data, additionally e.g.:

  • Professional association
  • Responsible chambers (IHK)
  • Cooperation partners in training
  • Occupational health service
  • Continuing education/training institutions

8. Intention to transfer to a third country or an international organization
When using service providers and transferring data with your consent (= approval) to third parties, personal data may be transmitted to recipients in countries outside the European Union (“EU”), Iceland, Liechtenstein, and Norway (= European Economic Area) and processed there. This particularly concerns the USA. In the following countries, the EU considers an adequate level of protection for the processing of personal data to exist (so-called adequacy decision): Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay.
With recipients in other countries, we agree to the application of EU standard contractual clauses, binding corporate rules, or other permissible mechanisms in order to create an “adequate level of protection” in accordance with legal requirements. Further information on this can be provided upon first request via the contact details given above.

9. Duration of storage or criteria for determining the duration
Personal data will only be stored as long as is permitted under the applicable legal basis. In particular, as long as it is necessary to fulfill the contractual purposes for which the personal data was collected, as long as further storage is required to fulfill retention obligations or due to overriding legitimate interests, or until the data subject revokes their consent on which the processing was based.

10. Rights of data subjects
When your personal data is collected, you have the following rights:

  • Right of access, Art. 15 GDPR: The data subject has the right under Art. 15 (1) GDPR to obtain confirmation as to whether personal data concerning them is being processed. If so, they have a right to access this personal data and the additional information listed in Art. 15 (1) lit. a–h GDPR.
  • Right to rectification, Art. 16 GDPR: If the personal data is inaccurate or incomplete in view of the purposes of processing, there is a right under Art. 16 GDPR to request rectification or completion of personal data.
  • Right to erasure, Art. 17 GDPR: Under Art. 17 (1) GDPR, there is a right to request the erasure of personal data if the processing of such data is unlawful for one of the reasons stated in this provision. However, deletion cannot be requested if further processing is necessary in the cases of Art. 17 (3) GDPR, e.g., to comply with legal obligations.
  • Right to restriction of processing, Art. 18 GDPR: Under the conditions of Art. 18 (1) lit. a–d GDPR, the data subject has the option to request the restriction of processing (blocking).
  • Right to data portability, Art. 20 GDPR: Data subjects have the right to receive their personal data, which they have provided to Craftview Software GmbH and which is processed by Craftview Software GmbH on the basis of consent or a contract, in a commonly used, machine-readable format. This right is subject, inter alia, to technical feasibility.
  • Right to object, Art. 21 GDPR: Data subjects have the right to object to the processing of their personal data, which is based on a balancing of interests (Art. 6 (1) lit. f GDPR), taking into account the provisions of Art. 21 GDPR.
    If the objection relates to direct marketing, data processing will no longer take place for this purpose. In other cases, processing may continue despite the objection only if compelling legitimate grounds for the processing outweigh the interests, rights, and freedoms of the data subject or if the processing serves to establish, exercise, or defend legal claims.

11. Right of withdrawal in the case of consent
Furthermore, consent given can be amended or completely withdrawn at any time and without giving reasons, with effect for the future. The lawfulness of processing carried out on the basis of your consent until any withdrawal remains unaffected.
You may send the withdrawal either by post to Mainzer Landstr.178-190, D-60327 Frankfurt a. Main, Germany, or by e-mail () to Craftview Software GmbH. You will not incur any additional costs other than the basic rates.

12. Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a supervisory authority for data protection. The contact details of the supervisory authority responsible for us can be found in section 3 of this document.

13. Obligation to provide personal data
An obligation to provide certain personal data arises from contracts concluded or to be concluded, insofar as performance of the contract cannot take place without the provision of the data. In addition, legal obligations may require us to collect/process certain data.
If data required for a contract is not provided, the contract cannot be concluded.
If data must be provided due to legal obligations, the associated service cannot be rendered without provision of the data.

In the context of your application, you must provide those personal data required to carry out the application procedure and to assess suitability. Without this data, we will not be able to carry out the application procedure and make a decision regarding the establishment of an employment relationship.

14. Automated decision-making or profiling
Craftview Software GmbH does not engage in automated decision-making on a case-by-case basis, including profiling, pursuant to Art. 22 GDPR.