Information on data protection

Dear sir or madam,

With the following information on data protection, we would like to inform you on how we store and process personal information on our CAY SOLUTIONS GmbH website, observing the latest EU general data protection regulations (GDPR) and the latest federal data protection act (BDSG), as well as your rights as a person using our website as implemented starting May 25th 2018.

Responsible for processing your personal data


Helenenstraße 19 B

38118 Braunschweig (Brunswick),

Germany Phone: +49531 / 224 332 0


Data protection supervisor

Get in touch with our data protection supervisor:

Anna Bauer

c/o BEL NET GmbH

Christian-Pommer-Str. 23

38112 Braunschweig (Brunswick), Germany


Data processing for the purpose of conducting a contract or pre-contract steps


We at CAY Solutions always process your personal data that you are asked to enter on our website when ordering or requesting (via post or mail) our services, as well as data that is publicly available, as long as it is required to conduct a contract and also finish said contract. Besides various details regarding the services and products you requested, the personal data that we process includes your first name, your last name, your client/supplier-number and further contact information (such as your address and a way to reach you, meaning email and/or phone information).

In order to guarantee you a duly contract settlement and fulfillment, meaning being able to reach you as quickly and directly as possible for check-backs regarding your order, we process further private data, specifically your contact information such as your address, your phone number (landline and mobile) and/or your email address you’ve been asked to enter and provide us with for this specific reason.

We process all data regarding contract settlement and fulfillment (also regarding pre-contract negotiations) observing the official legal basis for this, which is usually Article 6 Paragraph 1 (b) GDPR.


We process all personal data you have provided us with during your application process as well as all data that is necessary to start and conclude the application process. This includes your contact information (last name, first name, mailing address, phone number, email-address), your complete application documents (such as a valid ID, resume, diploma, references) as well as all data and information you provide us with during your application process. The legal basis for the processing of your data for and during your employment relationship is usually Article 6, Paragraph 1 (b) GDPR, 88 GDPR ex. rel. § 26 BDSG.


We process your personal data that you provided us with by filling out our personnel questionnaire. This includes, among other things, personal information (such as your first and last name, your address, your landline/mobile phone number, your email-address, your bank details), employment data (such as your professional title, your highest education), information regarding taxes (such as your ID-number and your tac class) and information regarding your social security (such as the name of your insurance company).

The legal basis for the processing of your data for the purpose of maintaining a proper employment relationship is usually Art. 6 Abs. 1 (b) GDPR, 88 GDPR ex. rel. § 26 BDSG

Processing of data for the purpose of protecting the legitimate interests of those responsible or a third party

We process your data and information beyond the above mentioned if it is necessary for the purpose of protecting our legitimate interests as a company or those of a third party. Our processing of data based on our legitimate interests always includes direct advertisement for our own products, creation of internal statistics, discovering criminal offenses as well as steps to secure proper day to day business and processes regarding our IT-infrastructure.

The legal basis for the processing of your data for the purpose of protecting the legitimate interests of those responsible or a third party is Article 6, Paragraph 1 (f) GDPR.

Data processing for the purpose of fulfilling a legal obligation

We also process your data and personal information in case doing so is necessary to dutifully fulfill a legal obligation. Specific examples include tax-related and merch-related storage obligations.

The legal basis for the processing of your data for the purpose of fulfilling a legal obligation is Article 6, Paragraph 1 (c) GDPR in combination with the respective relevant legal standard.

Processing of your data based on mutual consent and for other purposes

If need be, we as a company also process your personal data, but only after having received explicit consent from you to do so (see Article 6 (1) (a) of the GDPR). Be that the case, we will of course provide and secure you with additional data protection information as part of the consent procedure. You may withdraw your consent at any time via the above mentioned contact details.

If in the future we process your personal data for further purposes that are not listed in our standard data protection information, we will, if necessary, notify you separately according to standard legal requirements.

Who will receive your personal data

External service providers

Our external service providers, who regularly process data on our behalf, are — if requested by law — in the meaning of Art. 28 GDPR contractually obliged to treat all personal data in accordance with the applicable regulations. According to the extent to which said companies have permitted access to your personal data, we have ensured through legal, technical and organizational measures as well as through regular supervision and check-ups that they comply with all standard regulations regarding data protection laws. We currently use the following types of service providers to process your data: service providers for the provision and maintenance of our servers and payment service providers.

Third parties

If required in the context of our own statutory notification obligations, we will pass your personal information on to state authorities. In addition, your personal data may be transmitted to our tax advisor if doing so will become necessary for them to dutifully conduct their work.

Data transmission to a third country

We usually do not transfer any of your personal data to a third country or to an international organization outside the European Economic Area (EEA). If, in individual cases, we make a transfer in this manner, it will exclusively be with third countries which have been approved through a European Commission adequacy decision, or whose means and level of data protection have been confirmed by suitable or appropriate guarantees (e.g. binding corporate rules or EU standard contractual clauses).

Duration of data storage

We only store your personal data for the exact period of time that is required for the above-mentioned purposes, as well as for the period of time in which it is most likely for us to receive legal claims against us as a company. The statutory limitation period for such claims can — in individual cases — range between three and up to thirty years.

In addition, we also store your personal data as far as we are obligated to do so within standard statutory proof and storage obligations (e.g. in accordance with the German Commercial Code, Tax Code or Money Laundering Act). The statutory storage periods may — in individual cases — require us to store your information for up to ten years. In exceptional cases, special proof requirements may exist that may in addition require the storage of your personal data over a longer period of time than usual.

Your rights regarding data processing and protection

In the meaning of Art. 15 ff. GDPR, you – as an affected person – have rights listed as followed. Please contact us via e-mail at Alternatively, please let us know your request via standard post services and contact the above mentioned address.

Right to information

You have the right to ask us for information on how (and if) we are processing any personal data or information concerning your person. If this is the case, you further have the right to ask us for information about the nature of all personal data and information concerning your person that we’re processing.

Right to rectification

You have the right to ask us to correct any possibly incorrect personal data and information concerning your person.

Right to delete

In certain cases, you may have the right to ask us to delete all your personal data and information immediately without any delays.

Right to restriction of processing

In certain cases, you may have the right to demand that we restrict the processing of all your personal data and information.

Right to data portability

You have the right to ask as to provide you with all your personal data and information (that you in return have made available to us in the first place) in a structured, common and machine-readable format.

Right to object to the processing of your data and information

You have the right, on compelling legitimate grounds relating to your particular situation, to object against the processing of personal data on the basis of Art. 6 para. 1 (e or f) GDPR at any time. You can object to our use of your data for direct promotion and advertising at any time.

Right of withdrawal

If you have given us consent to use your personal data and information, you can revoke said consent at any time. Data protection supervisory authority In addition, you have the opportunity to file an official complaint with the Data Protection Supervisory Authority if you are unhappy with the way we process your personal data and information. The data protection supervisory authority responsible in this case can be contacted at the following address:

Die Landesbeauftragte für den Datenschutz Niedersachsen

Prinzenstraße 5

30159 Hannover

In case you have further questions or comments regarding this matter, please don’t hesitate to contact our very own data protection supervisor at all times.

Last updated: February 2019