Privacy policy for the Sesotec app

1. What does this privacy policy inform you about?

We are very pleased about your interest in our product and information platform, which is available to you as an app. Data protection and the protection of your privacy are of particular importance to us. With this privacy policy, we would like to inform you about the processing of your personal data when using the Sesotec app. For this purpose, we will inform you first about who is responsible for this data processing and who you can contact if you have any questions. That is followed by a description of the individual data processing methods of the Sesotec app. For each procedure, we inform you about the categories of data processed and the legal basis. At the end of this privacy policy, you will be informed about your rights as a data subject.

The legal basis for data protection can be found in the General Data Protection Regulation (GDPR) and country-specific data protection regulations, such as the Federal Data Protection Act (BDSG). We process your personal data exclusively within the framework of these regulations. Personal data (hereinafter also referred to as "data") means all information relating to an identified or identifiable natural person, the so-called data subjects. These are, for example, your name or address.

The terms used are not gender-specific.


2. Who is responsible for the data processing?

The controller responsible for the data processing via the Sesotec app is:

Sesotec GmbH
Regener Strasse 130
94513 Schönberg

Phone: +49 (0) 8554 / 308-0


3. Has the controller appointed a data protection officer?

We have appointed the following person as our Data Protection Officer:

Carolin Bauer
aigner business solutions GmbH
Goldener Steig 42
94116 Hutthurm


Under Article 38 Paragraph 4 GDPR, interested parties may consult the Data Protection Officer on any matter relating to the processing of their personal data and to the exercising of their rights under this regulation.


4. Will your data be passed on?

The data processed by us in connection with the Sesotec app will not be passed on to third parties. Something else applies if you give us your consent to do so or on the basis of other legal bases mentioned in Art. 6 GDPR. For example, in the event of requests from certain public bodies, such as law enforcement authorities, we are obliged to disclose your data to them.

In addition, we rely on external service providers, such as hosting providers or IT service providers for technical support, to offer our products and services. These contract processors are carefully selected by us and regularly checked. In addition, we conclude a data processing agreement ("DPA") with the service providers for contract processing in accordance with Art. 28 GDPR if this is necessary. This is a contract prescribed by data protection law, which ensures that your data will only be processed in accordance with our instructions and in compliance with the GDPR.


5. Where will your data be processed?

In connection with data processing via the Sesotec app, we use service providers based in a so-called third country (i.e. outside the European Union or the European Economic Area). As a result, personal data may be transferred to and processed in these third countries. We would like to point out that there may not be an equivalent level of data protection in third countries. Before passing data on, we ensure that the European Commission has established an adequate level of data protection for the recipient country or that other appropriate safeguards, such as EU standard contractual clauses ("SCCs") and binding corporate rules ("BCRs"), are in place for the correct data processing in the destination country.

The Sesotec app is hosted by an external provider. When you use the Sesotec app, your data will be processed on the servers of the hosting provider. Data may also be transmitted to the USA in the process. Data transmission to the USA is also based on SCCs. We have concluded a DPA with the provider.

Purposes of processing: management of technical infrastructure

Legal basis: legitimate interest in presenting the application as reliably as possible (Art. 6 Para. 1 f) GDPR in conjunction with Art. 28 GDPR and Art. 46 Para. 2 c) GDPR)

Services and service providers used: hosting service of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg, Website:, privacy policy:, detailed information on the EU standard contractual clauses:


6. Where do the data that are processed come from?

On the one hand, your data is collected by the fact that you provide it to us, for example when registering via our registration form, or to our contact persons. Alternatively, the data is automatically recorded as part of the app usage. Details of the data collection are described in more detail below.


7. Which data are processed and why?

We process your data exclusively for specific purposes and on the basis of one of the legal bases named in Art. 6 GDPR. The requirement of data processing in connection with the use of the Sesotec app may arise from technical necessities, contractual requirements and express user wishes.

The Sesotec app has the following data processing methods:

a.   Download and installation of the Sesotec app

The Sesotec app is available via distribution platforms operated by third parties, the so-called app stores. We have no influence on the processing of your personal data in connection with your registration with the respective app store and the downloading of the Sesotec app. The privacy policy of the respective app store must be observed. This applies in particular with regard to the methods used for range measurement and interest-based marketing. We can only view app statistics and pseudonymised data in the respective app store. A reference to you as a person is basically not possible for us.

Processed data may be: Names, addresses, contact details (e.g. email, telephone numbers), contract data (e.g. subject matter of the contract, term, customer category), websites visited, interest in content, access times, device information, IP addresses

Services and service providers used: Apple App Store of Apple Inc., Infinite Loop, Cupertino, CA 95014, USA, website:, privacy policy:

Microsoft Store der Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, website:, privacy policy:

b.   Use of the Sesotec app

When your device connects to our servers or services of other providers used by us, certain data are automatically collected. You will not be personally identified as a user of the app and no usage profile will be created. These data are not merged with other data sources.

Data processed: usage data (e.g. access times, amount of data transferred, device information, version of the operating system, IP addresses, language settings)

Purposes of processing: establishment of communication between server and end device

Legal bases: contractual fulfilment (Art. 6 Para. 1b) GDPR), legitimate interest in the technically error-free presentation and optimisation of the application (Art. 6f) GDPR)

c.   Registration in the Sesotec app

It is possible for you to register to create a personal account in the Sesotec app. Inventory and content data are collected in a login mask. After registering for the first time, you will receive an email to complete the process. The data collected when creating a user account will be stored by us as long as you maintain your user account, after which it will be deleted.

Data processed: mandatory information: name, company, position, email address, password, relationship with Sesotec GmbH (existing customer, new customer, dealer, supplier, employee, competitor or other)

Optional information: identification number (customer number or personnel number)

Purposes of processing: provision of contractual services, customer service and security measures

Legal basis: contractual fulfilment (Art. 6 Para. 1b) DSGVO)

d.   Data collection by the contact partner

If you express interest in us or our products to our contact person, for example at a trade fair, it is possible to record your details in the Sesotec app. In this context, we process your data for the individual provision of services in our CRM system in order to be able to support you in an interest-oriented and appropriate manner, in particular if you send us enquiries or if we prepare quotations for you.

Data processed: name, company, contact details (email address, telephone number), relationship with Sesotec GmbH, contract data (e.g. customer number, order number), other optionally communicated content data (e.g. data from photographed business card, communicated product interests)

Purposes of processing: answering your contact enquiry, individual service provision within the framework of an existing or initiating business relationship

Legal bases: contractual fulfilment and pre-contractual enquiries (Art. 6 Para. 1b) GDPR), legitimate interest in fast and interest-based communication (Art. 6 Para. 1f) GDPR).

e.   Contact

You have the option of manually marking certain products in the Sesotec app according to your interests. If you wish to send us an enquiry for these, you can arrange for a product-related text designed by us to appear in your standard email program. You can adjust this as you like. We do not have access to data processed by your email program at any time. If you contact us in this or another way (e.g. via the contact form on our website or by telephone), your details will be processed to the extent necessary to answer your enquiry and any requested measures.

In addition, data that you have communicated to our contact partners in order to enable us to contact you will be processed if this is necessary for the execution of the business relationship or its initiation.

Data processed: name, company, position, contact details (email address, telephone number), relationship with Sesotec GmbH, content data (e.g. communicated product interests, service enquiry, transmitted media files, documents and audio recordings)

Purposes of processing: answering your contact enquiry, individual service provision within the framework of an existing or initiating business relationship

Legal bases: contractual fulfilment and pre-contractual enquiries (Art. 6 Para. 1b) GDPR), legitimate interest in fast and interest-based communication (Art. 6 Para. 1f) GDPR).


8. What access rights are necessary for full use?

For full and proper use, the Sesotec app requires access to various functions and interfaces of your end device. The rights system depends on the specifications of your operating system. You can manage access rights in the app settings of your operating system.

a.   Internet access

Internet access is required in order to enable the retrieval of information by the Sesotec app and, for example, to display current product information or to store it locally on your device. In addition, Internet access is required if you wish to transfer data to us, for example during registration.

b.   File access

Access to your device memory is required so that the Sesotec app can be installed,.  

Access to your device memory is required in order to be able to store the content you have selected in the Sesotec app or to transmit already stored files to us.

c.   Camera access

Camera access is required so that you can take photos of your documents and transfer them to us via the Sesotec app. You will be prompted to grant the required access permission when you use the function for the first time. 

d.   Microphone access

Microphone access is required in order to make audio recordings, for example in connection with the transmission of an enquiry. You will be prompted to grant the required access permission when you use the function for the first time.


9. How long will the data be stored?

The deletion of personal data takes place after expiry of the contractual and statutory retention periods, such as those according to Art. 257 of the German Commercial Code or Art. 147 of the German Fiscal Code. If personal data is not subject to retention periods, it will be deleted as soon as the aforementioned purposes have ceased to apply.


10. Are automated decision-making processes used?

We do not use automated processes to bring about a decision – including profiling.


11. What rights do users of the Sesotec app have?

To exercise the following rights, please refer to our aforementioned contact options.

You have the right to receive information about your stored personal data free of charge upon request. In addition, you have the right to rectification of incorrect data, the right to demand the restriction of the processing of data processed excessively and the right to deletion of personal data that has been unlawfully processed or stored too long (insofar as this does not conflict with a statutory retention obligation or any other reasons according to Art. 17 Para. 3 GDPR). In addition, you have the right to receive the personal data concerning you that you have provided to us in a common file format (right to data portability).

a.   Right to revocation

If data processing is based on your consent, you can revoke your consent at any time. The legality of the data processing carried out up to the revocation remains unaffected by the revocation.

b.   Right to object

If the data is processed on the basis of Art. 6 Para. 1f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation. Sesotec GmbH will then no longer process the personal data, unless it can prove compelling legitimate grounds that override the interests, rights and freedoms of the data subject.

If your personal data is processed for direct marketing purposes, you have the right to object to this at any time.

c.   Right to complain

In addition, according to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates data protection law.


12. What is the status of this data protection information?

Constant development makes it necessary to adapt our data protection principles from time to time. We reserve the right to make appropriate changes at any time.


Status: 02/2022