Information regarding the Processing of Personal Data of users of BuyIn IT resources

The following information is intended to give you an overview of the processing of your personal data if you use BuyIn’s IT resources (regarding the definition of “BuyIn IT resources” please consult the BuyIn Information Security & Data Protection Guideline).
BuyIn will process your data in accordance with the Regulation (EU) 2016/679 (“General Data Protection Regulation”, hereinafter the “GDPR”) and the data protection provisions of the German Federal Data Protection Act (“Bundesdatenschutzgesetz”) and the French Law on Computer Technology and Freedom (“Loi informatique et liberté”).

1. Who is responsible for data processing ?

BuyIn SAS, 12, rue Rouget de Lisle, 92442 Issy-les-Moulineaux, France, and BuyIn GmbH, Friedrich-EbertAllee 71, 53113 Bonn, Germany (both hereinafter “BuyIn”), are responsible for processing your personal data in connection with your use of BuyIn’s IT Resources and act therefore jointly as data “controllers” within the meaning of articles 4 no. 7; and 26 GDPR.

2. What data do we use?

BuyIn will process the following categories of personal data in connection with your access to BuyIn’s IT Resources:

  • Personal information (name, company, contact details)
  • Log-in information (including time and data of the user’s access to the respective
  • system/application, IP address & web browser used)
  • Device identifiers
  • Web sites/intranet pages visited by the user
  • VoIP: Skype phone number, counterpart(s) phone number, as well as email in case of BuyIn user, type of action (Skype meeting vs phone call)

3. Why do we process your data (purpose of the processing) and on what legal basis?

BuyIn will process personal data in order to be able to make its IT Resources accessible to its users and to detect and resolve any technical problems. The data may also be used to prevent, detect and, if necessary, prosecute any unauthorized or illegal activities or to maintain business operations of BuyIn as described in the IT Security and Data Privacy Guideline in accordance with applicable data protection laws and local regulations (in particular works council agreements). The legal basis for these processing activities is article 6 para (1) sent. 1 (b) or (f) GDPR and in Germany, section 26(1) Federal Data Protection Act.

4. Who has access to my data? (Sharing of personal data with third parties)

For certain technical data processing tasks, BuyIn is assisted by third party service providers, such as entities belonging to Deutsche Telekom and Orange Group, who will receive access to personal data to provide such services. Those service providers have been carefully selected and meet high data privacy and data security standards. They are subject to strict duties of confidentiality and process data only on behalf and in accordance with the instructions of BuyIn.

5. Is data transmitted to countries outside the European Union?

Your personal data are processed within the European Union especially in France and Germany. If, in exceptional cases BuyIn needs to transfer your personal data outside the European Union, BuyIn will take all necessary measures in order to ensure the implementation of adequate procedures to comply with the applicable data protection law (e.g. using standard contractual clauses for the transfer of personal data recognized by the European Commission).

6. How long will my data be stored?

We process your personal data as long as it is necessary for the purposes described above unless statutory provisions require or allow that they be stored for a longer period of time.

7. What data privacy rights do I have?

You have the right to be provided with information about your personal data that are stored by BuyIn and, if certain legal requirements are satisfied, rights to rectification, erasure, and restricted processing. In addition, you have the right to receive personal data that you have made available to BuyIn in a structured, standard, and machine-legible format. This includes the right to transfer such data to another controller. If technically feasible, you may also demand that BuyIn transfer your personal data directly to other controllers.

If processing of your personal data is based on a weighing of interests within the meaning of Article 6 para 1 sent. 1 (f) GDPR, you have the right to object to this processing under the conditions described in Article 21 GDPR.
You may also lodge complaints with a data protection supervisory authority.

Whom can I contact?

If you want to exercise your data privacy rights, please contact BuyIn at, or BuyIn

BuyIn SAS, 12, rue Roget de Lisle, 92442 Issy-les-Moulineaux, France, or BuyIn GmbH, Friedrich-EbertAllee 71, 53113 Bonn

If you have any questions or if you want to learn more about data protection at BuyIn, please contact, or BuyIn GmbH’s and BuyIn SAS’ data protection officer Dr. Claus Ulmer at or Deutsche Telekom AG, Dr. Claus Ulmer, Group Privacy, Friedrich-Ebert-Allee 140, 53113, Bonn, Germany.