Privacy Notice for Business Partners Pursuant to Article 13 of the General Data Protection Regulation (GDPR)

We wish to provide you with information in the following document with respect to the collection and processing of your data in connection with the business relationship with OpenSynergy as well as your rights in this regard.

  1. Controller. The controller under the terms of the General Data Protection Regulation (GDPR) with respect to the data processing described below is OpenSynergy GmbH, Rotherstrasse 20, 10245 Berlin, Germany (‘OpenSynergy,’ ‘we’), e-mail: info[at]opensynergy.com.
  2. Data privacy officer. If you have any questions regarding data protection at OpenSynergy, please feel free to send an e-mail to our data protection officer at datenschutz[at]opensynergy.com.
  3. Data processing in connection with the business relations with OpenSynergy. We process your personal data as well as the personal data of your employees as part of the business relationship with OpenSynergy.
    • Customer management. In order to manage our business contacts, we process information about your company (in particular, the address, branch offices (where applicable), authorized representatives and their contact details; (hereinafter referred to collectively as: company details), as well as information about the respective contact person (in particular, their name, position, professional contact information; hereinafter referred to collectively as: contact details) and any communication with you. We use this data in order to be able to reach the appropriate contact person, to process your requests and orders properly, and to maintain our business relationship. The legal basis is Article 6(1)(c) GDPR. The data shall be stored for the duration of the business relationship.
    • Orders, order management, and billing. As part of order processing and billing, we collect information on quotes, orders, and invoice items as well as bank account details. The contact details of contact persons can also be processed in this context. The legal basis is Article 6(1)(c) GDPR. The data shall be stored for the duration of the business relationship, and at least for the duration of the period established in the statutory and accounting requirements. If necessary, we shall request a credit check on your company from the credit agency Bisnode D&B Deutschland GmbH. This credit check helps us more effectively assess your liquidity in order to minimize the risk of default. Information regarding data processing by the credit agency can be found in a separate information sheet. The legal basis for the data processing described above is Article 6(1)(f) GDPR.
  1. Credit reports. If necessary, we obtain creditworthiness information about your company from the credit agency Bisnode D&B Deutschland GmbH. This query helps us to better assess your liquidity in order to minimize default risks. Information on data processing by the credit agency can be found in the separate information sheet. The legal basis for the aforementioned data processing is Art. 6 (1)(f) GDPR.
  1. Product liability and warranty. In order to validate legal and contractual claims, we may need information on the products covered by the contract and their use, as well as information on invoices. The legal basis is Article 6(1)(c) GDPR. Once processing is completed, the data shall be stored for documentation purposes for a further six months, and at least for the duration of the period prescribed under the statutory and accounting requirements.
  2. Controlling and reporting. We also use information on orders and invoice items for internal cost and activity accounting, controlling, and internal reporting, which we use for business management and planning. The legal basis is Article 6(1)(f) GDPR. No personal data shall be processed in this context.
  1. Online meetings via “Teams”. We use “Teams” to conduct online meetings, conference calls and/or webinars (collectively, “Meetings”). Teams is a software of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”), available as desktop, web and mobile app. It is used by us in particular for conducting digital conferences with business partners.

Legal basis for data processing is our legitimate interest in the effective conduct of meetings in accordance with art. 6 para. 1 lit. f GDPR. In case meetings are carried out within the framework of existing contractual relationships, legal basis is art. 6 para. 1 lit. b GDPR. We are not responsible for further data processing on the product website of Teams, where the desktop software can be downloaded and the web app can be used.

During a meeting the following data may be processed under certain circumstances:

    • Information about the participant: if applicable, display name, first name, last name, telephone, e-mail address, password (encrypted for authentication), profile picture;
    • Metadata: meeting topic and description, IP address, participant’s phone number, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of participant´s last activity on teams, number of chat and channel messages, number of meetings attended, duration of time for audio, video, and screen sharing;
    • When using chat or channel messages: text data for display and, if applicable, logging;
    • For audio use: recording data of microphone;
    • When using video: recording data of video camera;
    • For recordings: audio, video and screen shares for storage in the Cloud / Microsoft Stream;
    • For phone usage: incoming and outgoing phone numbers, country name, start and end time, if applicable other connection data, such as the IP address of the device.

Prior to a meeting, you will be asked to register via our website or by e-mail. Your registration data will be processed by us. Before the meeting you will receive a confirmation e-mail with an invitation link or a calendar appointment.

In order to participate in a meeting, you must at least provide information about your name and – in case of telephone use – your telephone number, unless we make it possible to participate anonymously in meetings. In the latter case, we will inform you of this possibility of anonymous participation in the invitation. You can deactivate transmission via microphone and camera at any time via the corresponding settings. We will only record meetings or log text data with your consent and prior notification. Microsoft stores and uses the metadata to enable us to analyze and report on team usage

Microsoft may obtain knowledge of the above-mentioned data in the course of processing orders in order to process them. All data traffic is encrypted (MTLS, TLS, or SRTP) and is generally performed at European servers. In case data are processed in the USA, we have agreed upon Standard Contractual Clauses with Microsoft as legal basis for data transfer. For more information, please find enclosed the Microsoft Privacy Policy.

  1. Use for marketing purposes and newsletter. We use your company details and contact details as well as information about previous orders, where applicable, to send you further information relevant to you about our products and services, as well as related news, promotions, and offers by post or via e-mail. We will use your contact details which we have stored to contact you for this purpose. You can object to the use of your data for marketing purposes at any time by sending a message using the contact details specified in Clause 1 (e.g., by e-mail or post). The legal basis for the data processing described above is Article 6(1)(f) GDPR. We also offer the OpenSynergy newsletter which provides regular updates on our technologies, products, and solutions and their relevant applications. You can unsubscribe to the newsletter at any time by clicking the unsubscribe link found in every newsletter. It is sufficient to send an informal message using the contact details (e.g., by e-mail or post) found in the newsletter or specified under Clause 1. Legal basis for the data processing described above is Article 6(1)(a) GDPR.
  2. Recipients. The contact details will be processed exclusively by OpenSynergy and will not be passed on to third parties. By way of exception, data shall be passed on to third parties where required by law or obligatory (e.g., within the scope of a tax audit by the tax authorities or as part of efforts to prevent money laundering). In certain cases, it may be necessary to pass on your data to third parties in order to protect your interests or our interests or to fulfill our contractual obligations. Such a transfer shall occur in particular when we integrate external service providers into our internal processes. In these cases, the service provider is bound by instructions and receives data only to the extent and for the period necessary for the provision of the services. We also pass on the contact details to our local sales partners (independent regional representatives, OpenSynergy subsidiaries and branch offices) in order to ensure the best possible support with your requests. In addition, we also employ external consultants and auditors in some cases. Agreements are always concluded with them to ensure the confidentiality of all information.
  3. Data transfer to third-party countries. As explained in this privacy policy, we use services whose providers are partly located in so-called third-party countries (such as the USA), i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.Where this is not possible, we base the transfer of data on exceptions to art. 49 DSGVO, in particular your express consent or the necessity of the transfer for the performance of the contract. If a third country transfer is provided and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.
  4. Duration of storage. In principle, we only store personal data for as long as necessary to fulfill the purposes for which we collected the data. After that, we delete the data immediately, unless we still need the data until the end of the statutory limitation period for evidence purposes for claims under civil law or because of statutory retention obligations. For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period. Even after this, we still must store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code (Handelsgesetzbuch – HGB), the German Fiscal Code (Abgabenordnung AO), the German Banking Act (Kreditwesengesetz – KWG), and the German Money Laundering Act (Geldwäschegesetz – GwG). The periods specified there for the retention of documents are two to ten years.
  1. Your rights. You have various rights under data protection law. You have the right at any time to request an overview of the data stored by us and to have this rectified if necessary. You also have the right to request the erasure of your data. You can also have the processing of your personal data restricted if, for example, you have any doubts or concerns regarding the accuracy of the data or if you object to the processing where this is based on our legitimate interests. You also have the right to data portability, i.e., the right to have us send you a digital copy of the personal data provided by you upon request. Lastly, we are obligated to inform you of your right of appeal to the competent data protection supervisory authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit (Data Protection and Freedom of Information Commissioner of the State of Berlin), Friedrichstrasse 219, 10969 Berlin, Germany).


You have the right to object to the use of your data for marketing purposes.

You can unsubscribe to our newsletter at any time as described above and revoke any consent you may have given. To assert your rights, please use the (e-mail) address listed in Section 1 above.


June 2022