With the following data protection declaration we would like to inform you about which types of your personal data (hereinafter also referred to briefly as “data”) we process for what purposes and to what extent in the context of the provision of our application.
The terms used are not gender specific.
As of October 6, 2020
- Overview of processing operations
- Relevant legal bases
- Safety measures
- Data processing in third countries
- Provision of the online offer and web hosting
- Deletion of data
- Rights of data subjects
Persons authorized to represent: Georg Bachmaier, Roemerstr. 3, 85088 Vohburg
E-mail address: firstname.lastname@example.org
Overview of processing operations
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
- Content data (e.g. entries in online forms).
- Meta/communication data (e.g. device information, IP addresses).
- Usage data (e.g. websites visited, interest in content, access times).
Categories of affected persons
- Users (e.g. website visitors, users of online services).
Relevant legal bases
In the following, we provide the legal bases of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements may apply in your or our country of residence and residence. Should more specific legal bases be relevant in individual cases, we will inform you of them in the data protection declaration.
- Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR) – The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes in particular the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 of the BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. In addition, state data protection laws of the individual federal states can be applied.
We shall take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, the cost of implementation and the nature, the scope of the processing, as well as the different probability of occurrence and the extent of the threat to the rights and freedoms of natural persons.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, entry, disclosure, securing availability and separation. In addition, we have established procedures that ensure the exercise of data subjects’ rights, the erasure of data and reactions to the risk of the data. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technical design and through data protection-friendly presets.
SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can detect encrypted connections by the prefix https:// in the address bar of your browser.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only in accordance with the legal requirements.
Subject to express consent or transfer required by contract or by law, we process or have the data processed only in third countries with a recognised level of data protection, contractual obligation by so-called standard safeguard clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).
Provision of the online offer and web hosting In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance.
The data processed in the context of the provision of the hosting offer may include all information concerning the users of our online offer that is incurred in the context of use and communication. This regularly includes the IP address necessary to deliver the contents of online offers to browsers and all entries made within our online offer or from websites.
E-mail sending and hosting: The web hosting services we use also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients as well as senders as well as other information concerning the sending of e-mails (e.g. the participating providers) as well as the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails are not sent encrypted on the Internet. As a rule, e-mails are encrypted by transport, but (unless an end-to-end encryption method is used) are not encrypted on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission of the e-mails between the sender and the receipt on our server.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.
- Processed data types: content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Legal bases: Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permission is omitted (e.g. if the purpose of the processing of this data has ceased or they are not necessary for the purpose).
Unless the data is deleted because it is necessary for other and legally permissible purposes, their processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.
Further information on the deletion of personal data can also be made within the framework of the individual data protection notices of this data protection declaration.
Rights of data subjects
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
- Right to object: For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is effected pursuant to Article 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions.
- Right of withdrawal in case of consent: You have the right to revoke consents given at any time.
- Right of access: You have the right to request confirmation as to whether the data in question is being processed and to obtain information about this data as well as to further information and copy of the data in accordance with the legal requirements.
- Right to rectification: You have the right to request the completion of the data concerning you or the correction of the inaccurate data concerning you in accordance with the legal requirements.
- Right to erasure and restriction of processing: You have the right to request that you delete data concerning you immediately or alternatively to demand a restriction of the processing of the data in accordance with the legal requirements.
- Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.
- Complaint to the supervisory authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, workplace or place of alleged infringement, in accordance with the legal requirements, if you believe that the processing of personal data concerning you is in breach of the GDPR.
Drafted by datenschutz-generator.de of Dr. Thomas Schwenke