1. Collection and storage of personal data; nature and purpose of data usage
a) When visiting our website
Every time a customer (or other visitor) accesses our website, information provided by the web browser used on your device (such as a PC, laptop, tablet, smartphone, etc.) is sent automatically to the server hosting our website. This information is temporarily stored in a record file known as a ‘log file’. Collection of the following data involves no action on your part and data is stored until automatic deletion:
- IP address of the computer making the request, device ID or unique device code, plus device type
- Name of the file accessed and volume of data transferred, plus date and time of access
- Message confirming successful access
- Domain making the request
- Description of the type of web browser being used and the operating system of your device (possibly) and the name of your access provider
- Your browser history data and your standard weblog information
- Location data, including location data from your mobile device. Please note that you can deactivate or otherwise configure the use of location services for most mobile devices in the configuration menu of your mobile device.
Our legitimate interest in data collection pursuant to point (f) of art. 6(1) of the EU GDPR is derived from the following purposes: ensuring error-free connectivity and ease of use for our website visitors, performing analyses of system security and stability, as well as other administrative purposes. We will never use the data we collect for the purpose of attempting to identify you as a person.
b) When using our contact form
We provide a contact form on our website that you can use to send us any queries or enquiries you may have. The following details must be provided when using this form: name, email and your message – so that we know who has sent us the enquiry and how to answer it appropriately. Other details can also be provided voluntarily. Data processing in relation to contact form submissions is performed pursuant to point (a) of art. 6(1) of the EU GDPR on the basis of your freely given consent. The personal data we collect from your use of our contact form will be erased automatically after handling the query or enquiry you submitted to us with the form.
2. Sharing of personal data
Your data is not shared with third parties for any purposes other than those listed in the following sections. We share your data with third parties, only if
- you have given your express consent to this sharing (pursuant to point (a) of art. 6(1) of the EU GDPR);
- this sharing is necessary for managing our contractual relationship with you (point (b) of art. 6(1) of the EU GDPR);
- we are required by law to share this data (point (c) of art. 6(1) of the EU GDPR); and/or
- this sharing is required in order to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in your data not being shared in this way (point (f) of art. 6(1) of the EU GDPR).
3. Rights of the data subject
You are welcome to ask us for information about the personal data we have stored about you at any time (art. 15 of the EU GDPR). In particular, you may request information about: the purposes of our processing; the category of personal data; the categories of recipients to whom your data has been or will be disclosed; the planned period of storage; the existence of a right to rectification, erasure, restriction of processing or objection; the existence of a right to lodge a complaint; the origin of your data, if we did not collect your data originally; and the existence of an automated decision-making process, including profiling. You may also request the rectification of any errors in personal data collected about you or the completion of incomplete data collected about you (art. 16 of the EU GDPR). You also have the right to request us to restrict the processing of your personal data, assuming the necessary legal conditions have been met (art. 18 of the EU GDPR). You have the right to receive the personal data we have stored about you in a structured, commonly used and machine-readable format, or to request the transfer of the data to another controller (art. 20 of the EU GDPR). Moreover, you are also granted the right popularly known as the ‘right to be forgotten’: this means you can ask us to erase your personal data, assuming the necessary legal conditions have been met (art. 17 of the EU GDPR). Independently of this right, we automatically erase your personal data once the purpose for which we collected the data no longer applies or if data processing was performed unlawfully. Pursuant to art. 7(3) of the EU GDPR, you have the right to withdraw consent you gave to us at some earlier point in time. If you withdraw your consent, we are prohibited in the future from performing the data processing that was based on this consent. In cases where you are granted a legal right to object, you may also object to the processing of your personal data at any time. In the event of a withdrawal of consent on your part, we will also automatically erase your personal data (art. 21 of the EU GDPR). If you wish to exercise your right to withdraw consent or your right to object, simply email us at firstname.lastname@example.org. In the event of a breach of data protection law, you have the right to lodge a complaint at a supervisory authority, pursuant to art. 77 of the EU GDPR.
4. Duration of data storage
We store the data we have collected for as long as is required in order to fulfil the contracts we have received or until you exercise your right to erasure or to data portability (transfer to another controller), whichever is the sooner.
6. Online marketing/analysis tools
7. Data security
We have taken all of the technical and organisational security precautions necessary to store your personal data so that it is not accessible to third parties or the general public. If you wish to contact us by email, please be advised that confidentiality cannot be guaranteed in all circumstances for the information that is exchanged via this particular communication channel. We therefore always recommend using the postal service if you need to send us confidential information.
Breite Straße 61
D&C Datenschutz und Consulting
Telefon: +49 162 58 17 253