Privacy Notice for Business and Cooperation Partners

We hereby inform you about the processing of your personal data and the rights to which you are entitled.

1. Data Controllers

This website is owned and administered by CMX Solutions GmbH. This privacy policy describes how CMX Solutions GmbH and its affiliates, other companies within the CMX Solutions Group ("Company" or "we"), use your data. When interacting with any of the group companies, the 'controller' of your personal information will be the specific company you are engaging with. For their contact details, please see below:

Company CMX Solutions GmbH Rosenstraße 2 10178 Berlin, Deutschland Tel: +49 30 555 785 79 E-Mail: dataprotectionde@cmx-solutions.com	Data Controller Kontakt Tel: +49 30 555 785 79 E-Mail: dataprotectionde@cmx-solutions.com
Company CMX Remote GmbH Rosenstraße 2 10178 Berlin, Deutschland Tel: +49 30 568 499 57 E-Mail:  datenschutz@expertcloud.de	Data Controller Tel: +49 30 568 499 57 E-Mail:  datenschutz@expertcloud.de
Company Abravo GmbH Rosenstraße 2 10718 Berlin, Deutschland Tel: +49 30 201 644 302 E-Mail: dataprotectionabravo@cmx-solutions.com	Data Controller Tel: +49 30 201 644 302 E-Mail: dataprotectionabravo@cmx-solutions.com
Company CMX Solutions Dooel Skopje Dame Gruev 14-1/1-4 Skopje, Nordmazedonien E-Mail: dataprotectionmk@cmx-solutions.com	Data Controller E-Mail: dataprotectionmk@cmx-solutions.com
Company CMX Solutions LLC Vazha-pshavela avenue, N 71 Bürofläche N2, Etage 1, Block III Bezirk Vake, Tiflis, Georgien E-Mail: dataprotectionge@cmx-solutions.com	Data Controller E-Mail: dataprotectionge@cmx-solutions.com
Company CMX Solutions LLC Vazgen Sargsyan Str. 26/1 Erebuni Plaza Business Center, Raum 500, 501, 503 Jerewan, Armenien E-Mail: dataprotectionam@cmx-solutions.com	Data Controller E-Mail: dataprotectionam@cmx-solutions.com
Company CMX Solutions LLP Bezirk Medeuskiy, Nurlan Kapparov Straße 402 R.6, 2. Stock Almaty, Republik Kasachstan E-Mail: dataprotectionkzk@cmx-solutions.com	Data Controller E-Mail: dataprotectionkzk@cmx-solutions.com

 

You will find a list of the countries and regions in which CMX operates in our Company and Location section.

Data Protection Officer: You can contact the Data Protection Officer of the responsible person for data protection issues of the respective company at the above-mentioned email addresses.

2. Purposes and Legal Bases

Below you will find an overview of the purposes and legal basis for the processing of your personal data in the context of cooperation and correspondence with you or your company.

2.1 Data Processing to Conduct a Business Relationship

We process your data necessary for the preparation or implementation of a business relationship with you or your company. The purposes of data processing depend on the specific business relationship and include:

• Processing of concluded contracts

• Visitor management

• Support of business and cooperation partners; provision of services

• Signing of Codes of Conduct (CoCs) and Non-Disclosure Agreements (NDAs)

• Maintenance of supplier master data

• Direct marketing, unless you have objected

• Document exchange

• Conducting web or telephone conferences

• Preparation of offers, order confirmations, and invoices

• Financial control and reporting

• Confidentiality interests

• Ensuring (IT) security

• Internal audits, especially compliance

• Communication with you as a contact person in the context of cooperation with you or your company

• Accounting and bookkeeping

• Contract management

2.2 Data Processing When Conducting Web and Telephone Conferences

When conducting web and telephone conferences for online meetings, events, discussions, live online trainings, and other online events (hereinafter “online meeting”), we use the following services:

• MS Teams

• Zoom

• Google Meet 

Note: If you access the website of the services used to participate in the online meeting, the respective provider is responsible for data processing. Regarding the processing of personal data by the provider, we refer to their data protection information:

• MS Teams: https://www.microsoft.com/en-us/privacy/privacystatement 

• Zoom: https://explore.zoom.us/en/privacy/ 

• Google Meet: https://support.google.com/meet/answer/9852160?hl=en

When using the providers mentioned, various categories of data are processed. For the invitation, we use the contact details that were made available to us as part of our business relationship or the initiation of business. This includes your name and email address. We also process information that you provide when participating in the online meeting. This can include chat data, contributions, and content shared by you during the online meetings such as presentations and documents. Additionally, other data (so-called metadata) may be recorded when participating in the online meeting.

We only process this data to the extent necessary to conduct the online meeting and to enable it to run smoothly. We conduct online meetings as part of a contractual relationship or a contract initiation with you, as part of a business relationship with the company you work for, or if you have given us your informed consent to do so in individual cases.

With your consent, data processing may also include recordings of the events, including video and audio recordings, presentations, text files, or log files. If we intend to record webinars, online seminars, conferences, or other online events, you will be informed transparently in advance. A recording will only be made if you voluntarily consent after prior information.

2.3 Data Processing Based on Consent

Under certain circumstances, we also process your personal data on the basis of a declaration of consent you have given. The purpose of the processing arises from the content of the respective declaration of consent.

You have the right to withdraw your consent at any time. If you exercise your right of withdrawal, we will no longer process your personal data on the basis of your original consent. However, the withdrawal does not affect the legality of any processing that was already carried out on the basis of the consent before the withdrawal.

2.4 Data Processing Based on a Legal Obligation

Your data may also be processed if we are required to process your data due to a legal obligation. Such obligations arise, for example, from commercial, tax, money laundering, or financial law. The specific purposes of the processing arise from the respective legal obligation; the processing usually serves to comply with state control and information obligations.

3. Storage Period

We delete your data when it is no longer required for the purposes we pursue, the storage period specified in the consent has expired, or you withdraw your consent and no other legal basis requires and/or legitimizes continued processing. If the latter applies, we delete your data when this other legal basis no longer applies. We store your data for a maximum period of 10 years.

In order to comply with our obligation to provide evidence, we will retain documentation of your consent for three years from the end of the year in which you revoked your consent, even after your revocation.

4. Sources

We may not only process personal data that we have received directly from you, but also from third parties. Below you will find an overview of the relevant (third-party) sources and the data categories included:

• Providing your contact details by your company

• Collection of your contact details from publicly accessible sources, such as the Internet

• Collection of your contact details when communicating with the telephone service

• Collection of your contact details by postal management

• Collection of your contact details in professional social networks after you have given your consent

5. Recipients

5.1 Internal Recipients

Only those persons who need your personal data to achieve the purposes described above have access to your personal data. In our case, these are in particular the employees responsible for you or your company in project management, accounting, bookkeeping, controlling, and purchasing.

5.2 External Recipients

We will only pass on your personal data to external recipients if this is necessary to process our mutual business relationship or if there is another legal permission/obligation.

External recipients can be:

• Processors: External service providers that we use to provide services, for example in areas of our technical infrastructure. We carefully select these processors and regularly check them to ensure that the legal requirements of data protection law are also complied with by these service providers. The service providers may only use the data provided by us for the purposes specified by us.

• CMX Group: To the extent necessary for internal administrative purposes, we pass on personal data of our business and cooperation partners within the group of companies.

• Public bodies: Authorities and government institutions, such as tax authorities, to whom we must transmit personal data for legally compelling reasons.

• Other bodies: Other parties may also be granted access to your personal data in accordance with data protection requirements, such as management consultants, law firms, cooperation partners, or auxiliary persons. In this respect, the confidentiality required by law is guaranteed.

• Participants of online meetings and providers of corresponding services: If you participate in our online meetings, internal or external participants of web or telephone conferences may also be able to view the data you share. If necessary, the provider may also collect diagnostic data for its own purposes. Regarding the processing of personal data by the provider, we refer to its privacy policy:

  • MS Teams: https://www.microsoft.com/en-us/privacy/privacystatement 

  • Zoom: https://explore.zoom.us/en/privacy/ 

  • Google Meet: https://support.google.com/meet/answer/9852160?hl=en

6. Transfer of Data to Third Countries

• Standard data protection clauses (SCC): Adopted by the European Commission or other relevant authorities.

• Other legal safeguards: In accordance with applicable data protection laws.

• Specific derogations: Such as explicit consent, contract performance, establishment of legal claims, or important reasons of public interest.

7. Rights of Data Subjects

As a data subject, you have the following rights under applicable data protection laws, provided that their respective legal requirements are met:

• Information: You have the right to obtain information about the data processed about you.

• Rectification: You can request the correction of inaccurate data about you. In addition, you can request the completion of incomplete data.

• Erasure: In certain cases, you can request the deletion of your personal data.

• Restriction of processing: In certain cases, you can request that the processing of your data be restricted.

• Data portability: If you have provided data on the basis of a contract or consent, you can request that you receive the data you have provided in a structured, commonly used, and machine-readable format or that it be transmitted to another controller.

• Objection to data processing on the basis of a "legitimate interest": You have the right to object to data processing by us at any time on grounds arising from your particular situation, insofar as this is based on the legal basis of "legitimate interest". If you make use of your right to object, we will stop processing your data unless we can prove compelling legitimate grounds for further processing that outweigh your rights.

• Objection to cookies: You can also object to the use of cookies at any time. For details, please refer to the information here on the use of the respective cookie.

• Revocation of consent: If you have given your consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.

• Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.

 

Version adopted in March 2025