0. Versioning and effective date
1. General information
Personal data will be processed only in accordance with the regulations of the GDPR.
We do not use your personal data for profiling, advertising or automated decision making.
2. Context of data protection
3. Data controller
Responsible for data protection matters in the context of the GDPR is:
For further information on how to contact us, please refer to our legal notice page.
4. Legal basis
In general, the following shall apply:
- For data processing based on your explicit consent, the legal basis is article 6 paragraph 1 point (a) GDPR
- If data processing is necessary for the fulfillment of a contract with you or in order to take steps at your request prior to entering into a contract, the legal basis is article 6 paragraph 1 point (b) GDPR
- If data processing is necessary for compliance with a legal obligation to which the controller is subject, the legal basis is article 6 paragraph 1 point (c) GDPR
- If data processing is necessary for the purposes of our legitimate interests, the legal basis is article 6 paragraph 1 point (f) GDPR
5. What personal data we collect, why and how we do it (type, scope, purpose and specific legal basis)
5.1 General provision of our website
In case you visit our website as a viewer, only such personal data is collected that we require to display our website and to ensure fault-free, safe and stable use.
Type and scope of processed data
Purpose and context of data collection and processing
Legal basis (see section 4.)
Retention period and affected data subjects
5.1.1.: Access data that is automatically transmitted by your browser when you visit our website:
The data described here in this section is stored in a log file on our servers and will be automatically deleted after 1 month.
We do not use this data to share it with third parties (with the exception of contract processors, see section 9), to sell it or to combine it with other third party data sources. The data will also not be used to systematically analyze your usage patterns. We have a legitimate interest in collecting the information listed above to ensure the correct delivery of our online services, to ensure the security of our IT systems, and to assist law enforcement agencies in the event of a cyber attack. Accordingly, we reserve the right to subsequently check the data if we become aware of any indications of illegal or abusive use.
In addition to the above-mentioned data, your browser stores so-called cookies when you use our website. Cookies are small text files which are stored on your computer, tablet or smartphone and enable us to present the website in a user-friendly, secure and personalized manner.
5.2.1 Type, scope and purpose of cookies used
Our website primarily uses technically necessary cookies, in particular so-called temporary "session cookies". The use of session cookies enables us to relate various requests from your computer to a coherent session and thus maintain the integrity of your visit on our website.
In addition, persistent cookies may be used. These cookies are used, for example, to save settings (like preferred website language or documentation of cookie consent) you have made on our website so that you do not have to make these settings again and again.
5.2.2 Legitimate Interests
5.2.3 Retention period
Temporary (e.g. session) cookies are usually deleted automatically when the browser session ends.
Persistent cookies are cookies that remain on your device even after the browser session has ended. They have an expiration date and are usually automatically deleted when this date is exceeded.
5.2.4 Opt-Out / Withdrawal
In general, you can delete cookies at any time in the settings of your browser. You can configure your browser in its settings in such a way that cookies are not saved or only saved to a limited extent. In this case, our website may be not or not fully functional.
5.2.5 Data subjects affected
5.3 Contacting us by mail
We would like to offer you the option to get in contact with us, e.g. in order to address enquiries to us or to request information from us. It is entirely voluntary and up to you to contact us.
If you contact us by e-mail, the following data will be transmitted to us and stored if applicable:
- Your message
- Any attachments attached to your mail
- Your sender address
- Technically required metadata attached to the mail (for example, date, your name, mail subject, technical details,...)
These information are collected for the processing of your request and potential subsequent enquiries. Depending on the context and content of your message, the legal basis for this is:
- Fulfillment of contract - according to article 6 paragraph 1 point (b) GDPR
- Our legitimate interest, which is the possibility of fast and direct communication - e.g. to share important information with you. (article 6 paragraph 1 point (f) GDPR)
The above data will be deleted by us no later than 30 days after the final completion of your request.
The data subjects affected by this data processing are those who contact us by e-mail.
We do not use the contact data obtained in this way for other purposes, such as direct advertising.
6. Security measures
We have put security measures in place (see article 32 GDPR) to ensure an appropriate level of protection for your data. Nevertheless, we would like to point out that even modern forms of online communication and data processing can have security vulnerabilities and a 100% protection of personal data is never possible.
One of the technical measures we have implemented is SSL / TLS encryption. You can usually recognize the encrypted data transmission by a small lock symbol in the address bar of your browser or by the "https://" prefix of the Internet address visited. In this case, the data transmitted when visiting the respective website cannot unintendedly be read by third parties. If you do not see these characteristics of encrypted data transfer, we recommend that you leave the website.
7. General retention period of personal data
Unless specific information on the retention period is provided in section 5, the following shall apply:
We only store your personal data for as long as we need it to fulfill the respective purpose of the processing. Other legal requirements (e.g. tax or commercial law storage obligations), which require longer retention periods, remain unaffected.
8. Deletion of personal data
In general, we delete your personal data when the purpose of retaining or processing the data no longer applies or you exercise your right to deletion (see section 10.4) and there is no legal requirement to the contrary (e.g. tax or commercial law requirements to keep records).
Since we - especially with metadata - often cannot relate data to other personal, identifying data (such as your name, address, etc.), we may be dependent on your cooperation and the provision of further information by you in order to delete specific data records. This may require you to identify yourself to us.
9. Unveiling of personal information
In general, we only disclose personal data to those recipients who require access to fulfill the respective purpose of data processing.
- Within our organisation these are for example:
- Entities that are involved in contract and accounting tasks
- Entities that are in contact with customers
- Entities that maintain user accounts
- Entities that are responsible for technical problems or abusive use of our infrastructure
- Outside our organisation, these are for example:
- Entities which are required to receive personal data for legal reasons (e.g. tax authorities)
- External data processors (see below)
External data processors
We use the services of the following external data processors, to whom data is disclosed or transmitted respectively:
- Serverprofis GmbH, Mondstraße 2-4, D-85622 Feldkirchen, Germany
- In particular, this includes the following services: Provision of application/web servers, mailing services, database servers, storage capacities, domain and infrastructure services and security services.
- The following links will take you to the privacy policies of Serverprofis GmbH: https://www.serverprofis.de/datenschutz/
We have a data processing agreement with the above-mentioned contract data processors, which obliges the contract processors to comply with appropriate data protection requirements and levels.
Making use of the above third party services is based on our legitimate interest in providing modern, highly available and secure online services. The legal basis for this is article 6 paragraph 1 point (f) GDPR.
10. Your rights as a data subject
In the following we inform you about your rights as a data subject:
10.1 Right of access
In accordance with article 15 GDPR, you have the right to obtain information on whether we process personal data relating to you. If this is the case, you have the right to obtain information about this data, a copy of the data and further detailed information (see article 15 GDPR) on the data.
10.2 Right to rectification
In accordance with article 16 GDPR, you have the right to demand that we correct or update incorrect personal data.
10.3 Right to completion
In accordance with article 16 GDPR, you have the right to demand that we complete incomplete personal data.
10.4 Right to deletion
In accordance with article 17 GDPR, you have the right to demand that we delete your personal data, if the legal requirements are fulfilled (see article 17 GDPR) and there is no other legal requirement to the contrary. Please note that we may also be obliged to delete personal data in other cases in accordance with article 17 GDPR.
10.5 Right to restrict processing
In accordance with article 18 GDPR, you have the right to demand that we restrict the processing of your personal data, if the legal requirements are fulfilled (see article 18 GDPR) and there is no legal requirement to the contrary.
10.6 Right to data portability
In accordance with article 20 GDPR, you have the right to demand that we provide you with a copy of your personal data in a structured, common and machine-readable format and to transfer this data to other data controllers, provided that the legal requirements are fulfilled (see article 20 GDPR).
10.7 Right to object
In accordance with article 21 GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data which is legally based on article 6 paragraph 1 point (f) GDPR. This also applies to profiling based on these provisions.
We will stop processing your personal data in the event of an objection, unless we can prove compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to object at any time to processing of your personal data for the purpose of direct marketing. This also applies to profiling that it is related to such direct marketing. If you object to the processing of personal data for direct marketing purposes, your personal data will no longer be processed for those purposes.
10.8 Withdrawal of a given consent
In accordance with article 7 paragraph 3 GDPR, you have the right to withdraw your given consent to the processing of personal data with effect for the future. This does not affect the legality of the processing operations carried out up to the point of withdrawal.
10.9 Right to lodge a complaint with a supervisory authority
If you think that certain aspects of the processing of your personal data violate the provisions of the GDPR, you have (in accordance with article 77 of the GDPR), the right to lodge a complaint with a supervisory authority - in particular in the Member State of your habitual residence, your place of work or the place where the alleged breach occurred.