Customer Data: What we do not store

We handle customer data very responsibly. In our industry, where we deal with people who trust our customers, this is essential. That’s why we dedicate a small page to the topic. Find out how data protection is handled in practice by us.

1 Customers of our customers – your customers

We do not collect and store any data in electronic form from your customers. We do not scan name lists. We do not scan trial tests. We do not scan examination sheets. And we do not scan results. And we do not enter any data into our computers that represent such particulars.

2 Exception: Is is your wish, and it is permissible

This rule does not apply if you, as our clientele, need such data – for example, for your billing purposes. If you need scanned attendance lists with signatures from us to check the plausibility of an invoice, we will scan the  pages.

3 Particularly protected: Health data

Health data are legally protected in a strong manner. These data may only be trasferred if this is essential. For example, the statement: “Ms Müller was sick on 28. September”, forms health data. Such data do not belong into the accounts (except when salaried employees are paid in sick leave), or into attendance lists. Therefore, we will not provide you with such information electronically.

4 We encrypt customer data when sending e-mail

When sending data by e-mail, we are particularly careful and often encrypt data. Let us explain why.

4.1 Why e-mails are not securely transmitted

If files or texts are sent by e-mail, any body involved in the transmission can read along. The data is not encrypted. E-Mails are forwarded unpredictably through various companies that jointly maintain the Internet, and may also be cached. The open transfer of data via e-mail is therefore less secure than the transmission of a postcard – the postcard can at least only be read by postal staff while on its way; the email can be read by potentially all.

4.2 How we encrypt

If you require the transfer of personal data – such as attendance lists – we encrypt the files that we send to you by e-mail. The key to decrypting is provided to you by us, of course not in the e-mail. We encrypt in a way that allows decryption with any popular program if the key is known.

5 We have to keep your and our emails for a long time

At this point, we would like to draw your attention to a special feature of the storage regulations that also affect your customer data.

5.1 Long retention periods for the tax authorities

The German Tax Code stipulates that “commercial letters” and accounting documents must be kept for a long time – “commercial letters” for six years, accounting documents even for ten years. The period begins when our tax assessment is finally completed.

5.2 Large extent of the storage obligation

The “trade letters” to be kept include all documents – including electronic ones – relating to the preparation, execution, conclusion or cancellation of a transaction – in other words, all business correspondence other than advertising. If, for example, price lists form an aid to invoicing, these are also considered “trade letters”. So you can practically assume that we have to keep all correspondence with you for a long time.

5.3 Storage in the original and auditable

The documents must be kept in the original – that means in the case of electronic correspondence: electronically, as a file. The storage must be audit-proof, so above all: We can not delete or change anything. This handling is mandatory under tax law.

5.4 Conclusions for your correspondence

The requirements of tax law precede the data protection laws. This means that if you send us data via e-mail concerning the execution of a contract, we must store the content unchanged for many years. If it is unnecessary, do not send us sensitive data by email or choose non-verbose language. Instead of stating that someone is “ill”, it is usually sufficient to point out a “personal absence”.

6 Any questions?

This explanation does not replace our statutory privacy policy statement, which we refer to. If you have any questions, feel free to contact us using the contact form below.

    For contacting, our privacy policy applies, in particular numbers 3.2 and 5 therein. You are not required to use your real name, and you need not provide us with your contact data, such as an e-mail address, to get into touch with us. If you do not provide your name together with your request, we may not be able to identify you, or to address you correctly. If you do not provide us with contact details, such as an e-mail address, we cannot reply to you and cannot resolve further questions we might have, which might lead to the result that we cannot adequately respond to some or all details of your request. If you do not state the subject matter of your request in the subject line or in the message area of this contact form, we cannot respond to your concern, as we do not know it. Provisioning this contact form does not exclude other ways to contact us.