As you may come into contact with personal data in the course of your visit or activity, INNO TAPE GmbH hereby obliges you to observe data protection, in particular to maintain confidentiality.

Your obligation is comprehensive. You may not process personal data yourself without authorization and you may not disclose or make such data available to other persons without authorization. The EU General Data Protection Regulation (GDPR) defines a processing operation as any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

"Personal data" within the meaning of the GDPR means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Your obligation to maintain confidentiality and observe data protection continues without time limit and even after your visit or activity in our company has ended.

Under the application of the GDPR, violations of data protection provisions as well as under other criminal provisions may be punishable by imprisonment or a fine. Data protection violations may at the same time constitute a breach of employment or service law obligations and have corresponding consequences.  Data protection violations are also subject to potentially very high fines for the company, which may lead to claims for compensation against you.

I have been informed about the obligation to maintain data secrecy and the resulting conduct. I have received the leaflet on the declaration of commitment with the printout of the regulations mentioned here on request.

For the purposes of this Regulation:

1. "personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    
2. "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Penal provisions of § 41 to 43 BDSG

(1) Anyone who knowingly discloses personal data that is not generally accessible to a large number of persons without being authorized to do so is liable to a custodial sentence not exceeding three years or a monetary penalty,

1. transmitted to a third party or
2. makes it accessible in any other way

and is acting commercially.

(2) Anyone who discloses personal data that is not generally accessible is liable to a prison sentence of up to two years or a fine,

1. processed without being authorized to do so, or
2. by providing false information

and acts in return for payment or with the intention of enriching himself or another person or harming another person.

(3) The offense will only be prosecuted upon application. The data subject, the controller, the federal commissioner and the supervisory authority are entitled to file an application.

back