Data Protection Declaration
1. Application of this data protection declaration
Thank you for your interest in our online presence and the offerings on our website.
Protecting your personal data (abbreviated as “data” in the following) is a very important concern for us. In the following, we would like to give you comprehensive information about the data that is collected while you visit our site and use our offerings, how we process or use this data as well as the technical and organisational measures we have taken to protect your data.
2. Controller/service supplier
The controller in terms of art. 4 para. 7 EU General Data Protection Regulation (GDPR) and the service supplier in terms of the German Telemedia Act (“Telemediengesetz”, TMG) is A3M Global Monitoring GmbH, Hintere Grabenstraße 26, 72070 Tübingen, Tel. +49 7071 97559-40, Mail email@example.com. The controller is represented by Mr Thomas Dillon, who is also the controller according to and in the meaning of art. 18 para. 2 MStV (German Medien Staatsvertrag).
The position of data protection officer is held by Mr Carsten Fischer, Alter Fischmarkt 5, 20457 Hamburg, telephone +49 7071 9755 940, email: firstname.lastname@example.org
3. Collection and usage of your data
We only collect, process and use personal data that we learn about you during your visit to our website for the stated purposes. We make sure that these actions are in accordance with legal regulations and occur only with your consent.
According to the EU General Data Protection Regulation (GDPR), you have the right to receive information about your stored data at no cost as well as a right to correct this data, limit how it is processed or delete it. Please contact us by e-mail at email@example.com or send us a request by post.
Data is processed only inside of the EU and the European Economic Area unless notification is provided during or subsequent to the data collection that a data transfer to other countries is to occur. Such notification includes relevant legal information and, if required, permission for the data transfer is requested. Upon request, we will send the legal regulations regarding international data transfer and information about the relevant conditions.
We will not make any automated individual decisions about the processing of personal data.
When you contact us (eg by e-mail), we will store your details for the processing of the request as well as for follow-up questions. We store and use other personal data only if you consent to it or if this is permitted by law without special consent. E-mails may be visible without encryption by strangers, for encrypted messages to us please use our contact form.
The data that we collect about you differs in extent and type according to whether you visit our website for informational purposes or for usage of our services:
A) Usage for informational purposes
For visits to our website that have only informational purposes, it is not required that you provide personal data.
In such cases, we collect and use only data that is automatically transferred to us by your Internet browser, such as:
- the date and time that you access our website
- your browser type
- the browser settings
- the operating system you are using
- the sites you have recently visited
- the transferred data volume and the access status (file transferred, file not found etc.) as well as
- your IP address.
This data is stored in our system’s logfiles. Such data is not stored together with any of the user’s other personal data.
The legal basis for temporary storage of data and logfiles is art. 6 para. 1 f GDPR.
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. For this reason, the user’s IP address must be stored for the duration of the session.
Storage in logfiles takes place in order to ensure the website’s functionality. This data also helps us to optimise the website and to ensure the security of our information technology systems. Data is not analysed for marketing purposes in this context.
The data is deleted as soon as it is no longer necessary to achieve the purposes for which it was collected. Data that is collected in order to deliver the website is deleted once the session is completed.
Data that is stored in logfiles is deleted at the latest after seven days. It is possible that data might be stored for a longer period. In such cases, the user’s IP address is deleted or distorted in a manner that makes identification of the client impossible.
Collection of data for the purpose of delivering the website and storage of data in logfiles is necessary for the operation of the website. For this reason, the user has no possibility to opt out.
B) Usage of offerings
If you would like to use the services on our website or contact us for another purpose, it might be necessary for you to provide further data. This concerns the data that is necessary for processing in terms of art.6 para. I lit. b GDPR; without this data, it is not possible for us to provide the desired services. Further services are described in Annex 2.
You can provide additional information on a voluntary basis; we mark fields with such optional information accordingly.
Your data is collected or used for the purpose of providing you the desired service. This includes requests made via our contact form.
We will inform you if a disclosure of data is legally required.
For the purposes mentioned above, your data is transferred to a service provider that we have carefully chosen and that observes the EU General Data Protection Regulation (GDPR).
Your data is only transferred to third parties in other countries if legally permitted or with explicit consent.
4. Declaration of consent
In order to process your data, we might require a declaration of consent in accordance with art. 6 para. 1 lit. a GDPR. We ensure that we process and use such data solely to achieve the purposes for which it was collected.
You can provide your consent for specific cases in connection with the respective data collection. You can revoke this consent for future processing at any time.
Consent in regards to newsletters is described in § 5 of this Declaration; consent for cookies and ad trackers is described in § 6.
In order to register you for our e-mail newsletter service, we require both your consent in terms of data protection in accordance with art. 6 para lit. a GDPR and the e-mail address to which you would like the newsletter sent. Any other information is voluntary and is used to give you personalised newsletter content and to answer inquiries concerning your e-mail address. We use this data exclusively for sending the newsletter.
As a general rule, we use the double opt-in procedure for sending the newsletter; i.e. we will only send you the newsletter once you have confirmed your registration in a link contained in a confirmation e-mail. This is to ensure that you are the owner of the e-mail address provided for the newsletter. This confirmation must take place soon after receipt of the confirmation e-mail; otherwise your newsletter registration will be automatically deleted from our database.
You can cancel your subscription to any of our newsletters at any time. This can take place in the form of an informal e-mail to firstname.lastname@example.org or via the link at the end of the newsletter.
6. Usage of cookies
We use the consent tool “Real Cookie Banner” to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used and the related consents. Details of how “Real Cookie Banner” works can be found at https://devowl.io/knowledge-base/real-cookie-banner-data-processing/.
The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c DS-GVO and Art. 6 para. 1 lit. f DS-GVO. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of the personal data is not contractually required and is also not necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
Analysis cookies or web beacons (small graphics for log analysis) are used in order to improve the quality of our website and its content and to recognise returning visitors. Analysis cookies allow us to see how the website is used and to optimise our offering.
We do not allow third parties to place cookies on our website.
This information may be transferred to advertising partners under the above-mentioned conditions for analysis and recognition purposes. The transferred data cannot be merged with other data stored by you. The advertising partners or the companies to which the advertising information is transferred may also be located in non-EU countries (in compliance with the data transfer requirements of the GDPR according to art. 44-47, EU standard contractual clauses.
You can determine whether cookies are allowed to be placed and retrieved in your browser’s settings. In your browser, you can deactivate the storage of all cookies, limit it to certain websites, or you can configure your browser to automatically notify you as soon as a cookie is sent and ask for your permission. However, it is necessary for technical reasons that session cookies are allowed in order to provide full functionality of our website.
When using a log-in area on the homepage, the account name and accuracy of the password entry is logged and the user is sent a session cookie that is deleted after the maximum session duration (within a few hours).
We do not offer the possibility of logging into our website via a third-party service provider.
According to art. 13 GDPR , we will first obtain your consent for the usage of cookies as described in art. 6 para. 1 lit. a GDPR.
7. Right of refusal
According to art. 21 GDPR, you can refuse to allow the processing of your data in the above-mentioned cases. This applies particularly to cases where data is processed for reasons stated in art. 6 para. 1 lit. e or art. 6 para. 1 lit f or in the form of direct advertisement or profiling.
8. Data security
We also take technical and organisational security measures to protect produced or collected personal data, in particular against accidental or deliberate loss, damage or attack by unauthorised persons. We improve security measures on an ongoing basis in line with technological developments.
We offer various online forms and services that you can use to send us personal data. These forms are protected from being viewed by third parties by TLS encryption. We can store and process data that you enter or send to us in files if you permit us to do so. If usage and processing of data requires consent from the user or from third parties, such consent can be revoked at any time without statement of reasons. In such cases, our ability to fulfil orders may be aversely affected.
Depending upon the service, you might be asked to provide various information for identification purposes or prevention of misuse:
a) For identification purposes, a user-defined code or other form of authentication may be required for the delivery of data. This data is protected against being accessed by third-parties via SFTP or HTTPS in accordance with art. 32 para. 1 I lit. a and b GDPR if the user uses the data transfer methods that we recommend.
b) In order to prevent usage by machines, CAPTCHAS can be used in accordance with article 32 para. I lit. b GDPR. These contain images or tasks that cannot be processed by computer scripts.
9. Deletion periods
In accordance with art. 17 GDPR, we store personal data only for the period of time required to achieve the purpose of the data storage. This does not apply if the user has voluntarily consented to a longer processing period for the data or if legal retention periods or pursuance of legal claims within non-expired periods of limitation prevent such deletion. If there are retention periods or periods of limitation that prevent deletion, it might be necessary to limit the processing of data in accordance with art. 18 GDPR.
10. User rights
According to applicable laws, you have various rights in regards to your personal data. If you would like to exercise these rights, please address your request by e-mail or by post to the address stated above for the controller and provide clear identification.
In the following, you will find an overview of your rights.
A) Right to confirmation and information
You have the right to receive a confirmation from us at any time regarding whether your personal data is being processed. If this is the case, you have the right to receive information at no charge about your stored personal data and a copy of any such data. In addition, you have the right to the following information:
- the purposes for the processing;
- the categories of personal data that are being processed;
- the recipients or categories of recipients to whom the personal data has been disclosed or is being disclosed, particularly for recipients in non-EU countries or in international organisations;
- if possible, the planned duration for the storage of the personal data, or if this is not possible, the criteria for the determination of this duration;
- any rights to correct or delete your personal data or to limit of the processing of such data by controllers or to refuse the processing of such data;
- any rights to file a grievance with a supervisory authority;
- if the personal data was not collected from you, all available information about the source of the data;
- the existence of any automated decisions, including profiling in terms of art. 22 para. 1 and 4 GDPR and – at least in such cases – significant information about the logic used in such decisions as well as the scope and intended effects of such processing for you.
If personal data is transferred to a non-EU country or an international organisation, you have the right to be informed of the respective guarantees in terms of art. 46 GDPR in connection with such transfer.
B) Right to correction
You have the right to demand that we immediately correct any incorrect personal data. In consideration of the purposes of the collected data, you have the right to demand the completion of incomplete personal data – including by means of a supplemental declaration.
C) Right to deletion (“right to be forgotten”)
You have the right to demand that we immediately delete your personal data, and we are required to immediately delete personal data if any of the following reasons occur:
- The personal data is no longer required to achieve the purposes for which it was collected.
- You revoke the consent that allowed the processing according to art. 6 para. 1 GDPR lit. a or art. 9 para. 2 a GDPR and there is no other legal basis for the processing.
- You submit an objection to the processing of your data in accordance with art. 21 para. 1 GDPR and there are no overriding legal grounds for the processing, or you submit an objection to the processing in accordance with art. 21 para. 2 GDPR.
- The personal data was unlawfully processed.
- The deletion of personal data is required under the legal provisions stated in EU law or the law of a member country to which we are subject.
- The personal data was collected in connection to information society services according to art. 8 para. 1 GDPR.
There is no right to deletion if the processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation to EU law or the laws of member countries to which the controller is subject, or to fulfil a task that is in the public interest or occurs in the exercise of official authority and requires a transfer of data from the controller;
- due to public interest in the area of public health according to art. 9 para. 2 lit h and i or art. 9 para. 3 GDPR;
- for archival purposes that affect the public interest or serve scientific or historical research purposes, or for statistical reasons according to art. 89 para. 1 GDPR, if the relevant right is likely to make it impossible to realise the goals of such processing or to seriously hinder them.
- for the assertion, exercise or defence of legal claims.
If we have made the personal data public and if we are required by art. 17 GDPR to delete it, we will take appropriate measures in consideration of the available technologies and their implementation costs to inform the parties responsible for the processing of the personal data that you have requested that they delete all links to such personal data, including copies or replications.
D) Right to the limitation of processing
You have the right to demand that we limit the processing of your data if one of the following conditions occurs:
- you contest the accuracy of the personal data (and such data has been stored for a period that has allowed us to check its accuracy),
- the processing is unlawful and, instead of deleting the personal data, you have decided to demand that the usage of such data be limited;
- we no longer require the personal data to achieve the purposes for which it was collected but you require the data to assert, exercise or protect legal claims, or
- you have submitted an objection to the processing of your data according to art. 21 para. 1 GDPR, if it has not yet been determined whether our company’s legitimate purposes override your legitimate purposes.
If the processing of your personal data has been limited, such data – apart from its storage – can only be processed with your consent or for the exercise or protection of legal claims or to protect the rights of another natural or legal entity or for the purposes of an important public interest for the EU or a member country.
E) Right to data portability
You have the right to receive the personal data that we have been provided in a structured, conventional and machine-readable format, and you have the right to transfer such data to another controller through our company with no obstacles on our part, if
- the processing is being carried out based on a declaration of consent in accordance with art. 6 para. 1 lit. a GDPR or article 9 para. 2 lit.a GDPR or an agreement in terms of art. 6 para. 1 lit. b GDPR, and
- the processing takes place using automated procedures.
In exercising your right to data portability according to para. 1, you have the right to ensure that we transfer the personal data directly to another controller, if technically possible.
The right to data portability does not apply to the processing of personal data that is required for the completion of a task that is in the public interest or takes place as part of the exercise of public authority that has been required of the controller.
F) Right of refusal
You have the right to refuse at any time the processing of your personal data for purposes stated in art. 6 para. 1 lit. e or f GDPR for reasons arising from your personal situation; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms or if the processing serves the assertion, exercise or protection of legal claims.
If we process the personal data for the purpose of direct advertisement, you have the right to enter an objection at any time against the processing of such data for the purposes of such advertisement; this also applies to profiling, if it is in connection to such direct advertising.
You have the right to refuse at any time the processing of your personal data for scientific or historical research purposes or for statistical purposes in terms of art. 89 para. 1 GDPR for reasons arising from your personal situation, unless such processing is necessary to fulfil a task that is in the public interest.
G) Automated decisions including profiling
You have the right to refuse to be subject to a decision that is based exclusively on automated processing, including profiling, that legally affects you or has any similar significant effect.
H) Right to revocation of a declaration of consent regarding personal data
You have the right to revoke a declaration of consent regarding the processing of personal data at any time.
I) Right to submit grievances to a supervisory authority
You have the right to submit grievances to a supervisory authority, particularly in the EU member country in which you live, where your place of work is located or in the location of the supposed infringement if you believe that the processing of your personal data is unlawful.
J) Right to information
If you have exercised the right to information, deletion or limitation of processing by the controller, such party is required to communicate this information, deletion or limitation of the processing to all recipients of the personal data, unless this is proven to be impossible or disproportionately difficult.
You have the right to be informed by the controller of any such recipients.
Annex 1: Data protection regulations regarding third-party services
We sometimes use third-party services that transfer information in accordance with the above-stated § 6.
We use the following services on the website:
This website uses the open-source web analysis tool Countly.
With the help of Countly, we are able to collect and analyse the usage data for our website. This allows us to determine when which page views occurred and from which region they came, among other things. We also collect various log files (e.g., IP addresses, device IDs, referrer, browsers, and operating systems used) and can determine whether our app users perform certain actions (e.g., clicks, etc.).
The use of this analysis tool is based on art. 6 para. 1 lit. f GDPR. The app operator has a legitimate interest in analysing user behaviour in order to optimise both its web/app offering and its advertising.
We use IP anonymisation for analysis with Countly. In this case, your IP address is shortened before analysis such that it can no longer be clearly tracked.
We host Countly exclusively on our own servers, which means that all analysis data remains with us and is not passed on to a third party.
This website uses the “Google Maps” map service via an API, which is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing. This constitutes a justified interest pursuant to art. 6 para. 1 lit. f GDPR.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
SOCIAL MEDIA TOOLS
Services for interacting with social networks; after logging in to the relevant network, it may be possible for the provider of the social network to identify the user when the page is accessed or when a social media button is clicked::
- Name of tool: Facebook
- Link to homepage: https://de-de.facebook.com/
- Link to data protection policy: https://de-de.facebook.com/policy.php
- Disclosure of data to third parties / abroad: yes
- Name of tool: Twitter
- Link to homepage: https://twitter.com
- Link to data protection policy: https://twitter.com/de/privacy
- Disclosure of data to third parties / abroad: yes
- Name of tool: XING
- Link to homepage: https://www.xing.com
- Link to data protection policy https://privacy.xing.com/de/datenschutzerklaerung
- Disclosure of data to third parties / abroad: yes
- Name of tool: Linkedin
- Link to homepage: https://de.linkedin.com
- Link to data protection policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
- Disclosure of data to third parties / abroad: yes
Annex 2: Offerings according to § 3 B of this declaration
- Form name: Contact form
- Link to form
- Data catagories and purpose of data processing: Company, contact person, email-address, phone number for contacting us
- Transfer of data to third parties / in other countries: no