DATA PROTECTION
Introduction and Overview
We have prepared this privacy policy (version 09.12.2021-311896943) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We will provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will discover some information that you were not previously aware of.
If you still have questions, please contact the responsible party listed below or in the legal notice, follow the provided links, and consult further information on third-party websites. Our contact details can also be found in the legal notice.
scope
This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (data processors). Personal data, as defined in Article 4 No. 1 GDPR, refers to information such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:
all online presences (websites, online shops) that we operate
Social media presence and email communication
mobile apps for smartphones and other devices
In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.
Legal basis
In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679 .
We only process your data if at least one of the following conditions applies:
Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
Contract (Article 6 paragraph 1 lit. b GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.
Other conditions, such as the recording of images in the public interest, the exercise of public authority, or the protection of vital interests, do not generally apply in our case. If such a legal basis should apply, it will be indicated at the relevant point.
In addition to the EU regulation, national laws also apply:
In Germany, the Federal Data Protection Act (BDSG) applies.
Contact details of the responsible party
Should you have any questions regarding data protection, you will find the contact details of the responsible person or body below:
Christoph Franke, Feldstr. 4, 06543 Pansfelde
Authorized representative: Markus Mustermann
Email: geschaeftsleitung@f-it.biz
Telephone: +49-2104-8-329-380
Legal notice: https://christoph.f-it.biz/impressum/
Storage duration
We generally adhere to the principle that we only store personal data for as long as is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.
Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided we have further information on this.
Rights under the General Data Protection Regulation
According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent data processing:
According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
for what purpose we carry out the processing;
the categories, i.e. the types of data that are processed;
who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
how long the data will be stored;
the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
the origin of the data if we did not collect it from you;
whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
According to Article 16 of the GDPR, you have a right to rectification of your data, which means that we must correct any data you find.
According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
According to Article 21 GDPR, you have the right to object, which, if exercised, will result in a change to the processing.
If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
If your data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
In short: You have rights – do not hesitate to contact the responsible body listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) . The following local data protection authority is responsible for our company:
Saxony-Anhalt Data Protection Authority
State Commissioner for Data Protection: Albert Cohaus (ViA)
Address: Leiterstraße 9, 39104 Magdeburg
Telephone number: 03 91/818 03-0
Email address: poststelle@lfd.sachsen-anhalt.de
Website: https://datenschutz.sachsen-anhalt.de/datenschutz-in-sachsen-anhalt/
Data processing security
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.
Article 25 of the GDPR refers to "data protection by design and by default," meaning that security must always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). We will discuss specific measures below, if necessary.
TLS encryption with https
TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secure – nobody can “listen in”.
This introduces an additional layer of security, allowing us to comply with data protection by design (Article 25, Paragraph 1 GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission protection by the small padlock icon in the top left corner of the browser, to the left of the internet address (e.g. examplepage.de) and the use of the https scheme (instead of http) as part of our internet address.
If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.
communication
Communication Summary
👥 Affected: Everyone who communicates with us by phone, email or online form
📓 Data processed: e.g., telephone number, name, email address, form data entered. More details can be found under the respective contact method used.
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage period: Duration of the business transaction and legal regulations
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)
When you contact us and communicate via telephone, email or online form, personal data may be processed.
The data will be processed for the handling and processing of your inquiry and the associated business transaction. The data will be stored for as long as required by law.
Affected persons
The aforementioned processes affect everyone who contacts us via the communication channels we provide.
phone
When you call us, the call data is stored pseudonymously on your device and with your telecommunications provider. Additionally, data such as your name and phone number may be sent via email and stored for the purpose of responding to your inquiry. This data will be deleted as soon as the matter is resolved and legal requirements permit.
When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on our email server. This data will be deleted once the business transaction is complete and legal requirements permit.
Online forms
When you communicate with us via online form, data is stored on our web server and may be forwarded to an email address provided by us. The data is deleted as soon as the business transaction has been completed and legal requirements permit.
Legal basis
The processing of the data is based on the following legal grounds:
Article 6 paragraph 1 letter a GDPR (consent): You give us your consent to store your data and to use it further for purposes relating to the business transaction;
Article 6 paragraph 1 letter b GDPR (contract): The processing is necessary for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
Article 6 paragraph 1 letter f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical equipment such as email programs, Exchange servers, and mobile network operators to ensure efficient communication.
Cookies
Cookies Summary
👥 Affected: Visitors to the website
🤝 Purpose: depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.
📓 Data processed: Depends on the specific cookie used. More details can be found below or on the website of the software provider that sets the cookie.
📅 Storage duration: depends on the specific cookie and can vary from hours to years.
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
What are cookies?
Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are truly useful tools. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data, such as your language preferences or personal website settings. When you revisit our site, your browser sends this user-related information back to us. Thanks to cookies, our website recognizes you and provides your preferred settings. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.
There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other malware. Cookies cannot access information on your computer.
Source: e-recht24.de