– Customer & Interested Party and their employees –
As data processing controller, we take the protection of personal data seriously and process it according to the legal regulations.
1. Controller in Terms of Data Protection
The following Aareon Group companies are joint controller for business development, marketing and customer relation measures (e.g. product information, invitations to events, surveys, offers).
- Aareon AG, Isaac-Fulda-Allee 6, 55124 Mainz, Germany, e-mail: info@aareon.com
- Momentum Software AB, Sveavägen 31, 111 34 Stockholm, Sweden, e-mail: info@momentum.se
The joint controllers have concluded an agreement according to which the data of customers and interested parties of Aareon Norge AS and Aareon Sverige AB will be used by all named Aareon companies including Momentum Software AB as well as the data of customers and interested parties of Momentum Software AB will be used by Momentum Software AB and Aareon AG for marketing and customer relation measures (e.g. product information, invitations to events, surveys, offers). Momentum Software AB is the main office for determining the lead supervisory authority.
2. Contact with the Data Protection Officer
- of Aareon AG by e-mail: datenschutzbeauftragter@aareon.com
- of Aareon Norge AS, Aareon Sverige AB by e-mail: dataskyddsombud@aareon.com
- of Momentum Software AB by e-mail: dataskyddsombud@momentum.se
3. Purpose and Lawfulness of Processing
Execution of the customer relationship and fulfillment of contract according to Art. 6 Abs. 1 b) GDPR. Business initiation as well as marketing with a legitimate interest according to Art. 6 para. 1 f) for business initiation as well as marketing and/or consent according to Art. 6 para. 1 a) GDPR. Data subjects may oppose to the legitimate interest and revoke consent at any time.
4. Data and Categories of Data
| Customer & Interested Party(as far as natural persons) |
Name + name supplements (Mr./Mrs., academic title) |
| Address (usually business address) | |
| Contact details (phone, fax, e-mail) | |
| Product or interest (for upselling) | |
| Contract data | |
| Previous contacts | |
| Advertising measures, newsletter registration, advertising objections | |
| Data to opt-in or opt-out of marketing activities Declared consent to receive promotional communications and otherwise. advertising measures, newsletter registration, advertising objections) | |
| Date of birth | |
| Photos | |
| Videos (recorded at events) | |
| Employees of Customer & Interested Party |
Address (usually business address) |
| Details of previous contacts | |
| Data to opt-in or opt-out of marketing activities (Declared consent to receive promotional notifications and other information) advertising measures, newsletter registration, advertising objections) | |
| Data on product interest | |
| Photos | |
| Date of birth | |
| Contents (participation in workshops and training courses, statements on content e.g. error messages, acceptance, instructions, concretization) | |
| Contact details (phone, fax, e-mail) | |
| Name + name supplements (Mr./Mrs., academic title) | |
| Videos (recorded at events) |
5. Recipient and Categories of Recipients
Relevant employees of involved departments and associated companies, processors. Aareon uses Microsoft® Office applications (e.g. Word®, Outlook®), where support can be provided with possible access to data from outside the EU/EEA. Microsoft support is governed by the standard EU contractual clauses, which are available in the Microsoft Trust Center.
6. Storage Period
The data will be stored in compliance with the legal retention periods up to 10 years after termination of the customer relationship. Data that is no longer needed will be deleted. Data based on a consent will be stored until revocation. Data based on a legitimate interest will be stored for as long as the legitimate interest exists, until objection or at the latest until 6 years after the last contact with the company or the data subject.
7. Data Subject Rights
The data subject has the right of access from the controller about the personal data, rectification, erasure, restriction of processing, revocation or objection for the future, data portability and appeal to a supervisory authority.