Data privacy information
Data privacy information
for Falcon Complete by Crowdstrike
Status 07/2024
In the Technoform Group, we use the “Falcon Complete” software from Crowdstrike to improve IT security. This software detects suspicious actions and files on the company's own computers, in addition to searching for other suspicious devices in the used networks (company network, private network in the remote office or networks of customers, partners or public networks).
With the following information for employees, customers and business partners, we would like to inform you about the data processing related to this product:
1 Party responsible for data processing
The following companies of the Technoform Group are jointly responsible for operating this product:
Technoform Bautec Holding GmbH
Max-Planck-Str. 6
34253 Lohfelden, Germany
T +49 561 9583-300
E privacy [dot] hisde [at] technoform [dot] com (privacy[dot]hisde[at]technoform[dot]com)
Technoform Caprano + Brunnhofer GmbH
Friedrichsplatz 8
34117 Kassel, Germany
T +49 561 9583-200
E info [at] technoform [dot] com (info[at]technoform[dot]com)
If you have any questions regarding data protection, please feel free to contact us at any time using the aforementioned contact details:
2 Purpose and legal basis
We process your data based on the EU General Data Protection Reguloation (GDPR), the Federal Data Protection Act (BDSG) and all other data protection laws relevant to us.
With the “Falcon Complete” software, the following data are collected and logged from company-owned computers (managed assets):
• Device names
• Device information
• IP and MAC addresses
• File names and locations of suspicious files
• User data
• Times of user logins
Device names, IP addresses and file names can be used to establish a personal reference. However, this information is only evaluated in specific, suspicious cases and so as to eliminate IT problems.
The following data can be collected and logged from devices (unmanaged assets and unsupported assets) that are located in the same networks as the company's own computers:
• Device names
• Device information
• IP and MAC addresses
Device names and IP addresses may be used to identify individuals. However, this information is only evaluated in specific, suspicious cases and do so to eliminate IT problems.
We process the data on the basis of our legitimate interest (Section 6 Para. 1 lit. f GDPR) for the secure operation of our IT systems. Ensuring IT security is both a legal requirement and of great interest to the Technoform Group, all employees, customers, and business partners.
The logged data is normally deleted again after 90 days. In specific cases of suspicion, the data is stored until the incident has been clarified.
3 Organization of the processing
Technoform Caprano + Brunnhofer GmbH has concluded a contract for the system with the provider Crowdstrike for commissioned processing in accordance with Section 28 GDPR and is responsible for all matters relating to this service provider. Each individual Technoform company is independently responsible for all other needs arising from data privacy legislation.
4 Recipients of personal data
We only pass on your data to third parties if this should become necessary for fulfilling this purpose. Furthermore, data may be disclosed to authorities on the basis of statutory provisions pursuant to Section. 6 Par. 1 lit. c and e GDPR.
Falcon Complete is used in several companies of the Technoform Group in one instance. This means that administrators from other companies in the Technoform Group may have access to their data.
The use of the Crowdstrike provider may result in data transfers outside the EU. In this case, the level of data privacy is ensured by a contract that is based on the standard data privacy clauses pursuant to Section 46 Para. 2 lit. c GDPR.
5 Your rights
Regarding your personal data, you have the following rights with respect to us:
• Right to information (Section 15 GDPR)
• Right to rectification (Section 16 GDPR)
• Right to deletion (Section 17 GDPR)
• Right to restriction of processing (Section 18 GDPR)
• Right to data portability (Section 20 GDPR)
• Right to object to processing (Section 21 GDPR)
• Right to revoke consent (Section 7 Par. 3 GDPR)
• Right to complain to a data protection supervisory authority (Section 77 GDPR)
6 Data Protection Supervisor
We have appointed an external data protection supervisor:
Stefan Pietsch
Pietsch IT GmbH
Wilhelmshöher Straße 1
34590 Wabern, Germany
T +49 5683-923440
E datenschutz [at] pietsch-it [dot] de (datenschutz[at]pietsch-it[dot]de)
7 Actuality and change of this data privacy information
This data privacy information is currently valid (see status in the heading). Due to the continued development of our services or following changes in legal or regulatory requirements, it may become necessary to amend this data privacy information.
Appendix A
For operation in home networks, there may be technical possibilities to separate the company devices from the home network. These requirements may vary for each location and home network. For more information, please contact your local IT and management.