DATA PRIVACY STATEMENT FOR NTS SUPPLIERS
We are pleased that you are our supplier. This group comprises of all employees of suppliers that sell products and services directly to NTS. Some of these employees also have access rights to NTS systems or Remote-Access-Rights (VPN).
WHO IS RESPONSIBLE FOR PROCESSING OF YOUR DATA?
The responsible Data Controller is dependent on the location of the Data Subject:
NTS Netzwerk Telekom Service AG
NTS DEUTSCHLAND GMBH
NTS ITALY GMBH/SRL
Schlachthofstraße/Via Macello 30,
You can find additional information about our business, details about the authorized company representatives and additional contact possibilities in our imprint on our web page at Imprint.
WHAT KIND OF PERSONAL DATA WILL BE PROCESSED BY US? AND FOR WHAT PURPOSE?
We process contract information that may also contain personal data. Contract information includes offers, orders, order confirmations, purchase orders, delivery notes, invoices, credit notes, service contracts and service contract renewals, service tickets and other order specific project data. For all this, we of course require information that is stored on the supplier database such as your name, the name of the company you work for, your role and your department in the company, business e-mail address and business telephone numbers.
Furthermore, it may become necessary that we would have stored login data from you so that you may have the possibility to log into our network or server infrastructure. In the event that you are logged into our network, we save protocol and monitoring data for the purpose of a properly conducted operation of the IT systems and to ensure the traceability of the usage of IT resources. This data consist of log files of servers, databases and applications, access control logs, protocols of accesses onto blocked or unsecure web pages, login name and the user rights onto the relevant platforms that go with it.
We also process your interest in our events and the related product categories as well as interest in technology and in general matters in our CRM for the purpose of business expansion and event organization. We also do this to be able to enhance our ability to stay in touch with you.
WHAT LEGAL FOUNDATION IS THIS BASED UPON?
The above-mentioned contract information and the supplier database are processed according to the general data protection regulation (GDPR) Article 6, Paragraph 1, lit b. This Article gives us the right to process your personal data in order to fulfil a contract or to be able to put pre-contractual measures in place.
The protocol and monitoring data will be processed according to Article 6, Paragraph 1, lit c GDPR. This means that we comply with a legal obligation and that we process our data securely in line with Article 32 GDPR.
The legal foundation for the processing of personal data is Article 6, Paragraph 1, lit f of the General Data Protection Regulation (GDPR). This Article gives us the right to process the data for the purpose of a legitimate interest pursued by us. Relationship Management is in our legitimate interest as a business. It enables us to stay in close relationship, giving you all relevant Information according your interests, conducting events and to be able to stay in touch in future.
FOR HOW LONG WILL THE DATA BE STORED?
Personal data of NTS partners will be stored as long as the contractual relationship exists respectively for the duration as prescribed by the legal provisions (such as § 132 BAO – Article 132 of the Austrian Federal Fiscal Code). After this period, you will be classified as an interested party.
In the case that you are an interested party, we will store your data for a period of three years. Upon expiry of the 3-year period your data will be reviewed by the responsible employee (in most cases this will be the Partner Manager) and then released for deletion. However, should you still be in touch with us frequently (registration for events, you again become a supplier of ours, telephone or e-mail contact with NTS employees, …), then your data will still be stored for an additional period of three years.
We will delete the protocol and monitoring data after three months. Audit logs that are relevant for our customers will be deleted after three years in order to defend labor-law related proceedings or to adhere to periods of limitation.
WHO WILL RECEIVE YOUR DATA?
Internally only the persons that require your data for the appropriate fulfillment of the above-mentioned purpose will have access to it. As a general principle, we will never pass on your data to third parties unless there is a legal obligation to do so.
WHERE IS THE DATA PROCESSED?
Your data will be processed within as well as outside of Europe. However, in third countries the processing of data takes place solely on the basis of “Model Contract Clauses” (decision by the European Commission 2010/87/EU).
In case that you are of the opinion that the processing mentioned herein is conducted in an unlawful manner, we ask you to contact us at firstname.lastname@example.org
Under the circumstance that the clarification is not leading to a result that is satisfactory to you, or if you do not wish to contact us at all, you have the possibility to contact the regulatory authority for data protection.
Garante per la protezione die dati personali
Piazza Venezia 11
YOUR RIGHTS AS DATA SUBJECT
You are entitled to receive information about your personal data that has been processed by us. This right is fulfilled by this document.
You also have the right to access your personal data that is processed by us. We ask for your understanding that in case of an inquiry that has not been submitted in writing, we have to ask for proof that you are the person that you say you are.
Additionally, you are entitled to rectification, erasure, restriction, data portability of processed data, under the conditions of Articles 15 – 19 in the legal framework.
In case you want to exercise your rights that are mentioned herein, we ask you to contact us at the following e-mail address: email@example.com