As of October 16th, 2022
1. Object and Scope
We take the protection of your personal data very seriously. With this privacy information, we would like to inform you about the personal data we collect, and how and for what purposes it is processed.
This privacy information applies to the use of the ENLYZE platform and explains the data we process as part of your use of the ENLYZE platform.
This privacy information also applies to visiting our website and various other data processing activities, for example, when you visit our social media pages, when you contact us, when we cooperate with you as a customer or supplier, or when you apply with us as an employee.
We always handle your personal data in accordance with the legal data protection regulations and this privacy information.
2nd responsible
The responsible party is
ENLYZE GmbH
Heliosstr. 6a
50825 Cologne-Ehrenfeld
Germany
Email: hello@enlyze.com
3. Use of the ENLYZE platform
3.1 Creating an Account
If you set up an account to use the ENLYZE platform or have us set it up for you, or register as an invited user, we as the controller will collect and process your data to enable you to use the ENLYZE platform.
In this context, we process your data as part of providing the ENLYZE platform or providing the services we offer. This may include processing the name and first name of ENLYZE platform users, address(es), contact details (e.g. email address, telephone number), contract data (e.g. subject matter of the contract, term), payment data, and data collected in the course of providing our services and/or required to provide our services.
The legal basis for this storage and processing is the performance of a contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) GDPR.
3.2 Hosting of the ENLYZE platform
For the hosting of our platform, we use the Google Cloud Platform (GCP) provided by Google Ireland Limited in Ireland (“Google”). The hosting of the ENLYZE platform takes place in the EU. Google acts as a data processor for us based on a Data Processing Agreement in accordance with Art. 28 GDPR.
3.3 No order processing through the ENLYZE platform
The processing of personal data as a data processor by us is not the subject of the use of the ENLYZE platform by the users.
3.4 Usage Analysis
To better understand how users utilize the ENLYZE platform, and to continuously improve the ENLYZE platform and our services, we collect and analyze the usage of the ENLYZE platform by users. This includes in particular information about platform usage (browser history), device information (device ID, but not, for example, the Apple ID), operating system information, and IP address processing. The legal basis for such usage analysis is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR in the improvement and further development of our software and our services.
3.4.A Amplitude
We use Amplitude, an analysis service provided by Amplitude Inc., in the USA ("Amplitude"). Amplitude acts as a data processor on the basis of a data processing agreement in accordance with Art. 28 GDPR for us. Information about the use of the ENLYZE platform by users is transmitted to a server of Amplitude in the USA and stored there. There are suitable safeguards for the transfer of personal data to a third country in accordance with Art. 46 GDPR. Upon request, we will be happy to provide you with proof of the suitable safeguards (EU standard contractual clauses) at any time. You can find further information in the Amplitude Privacy Policy.
3.4.B Segment.io
We also use Segment.io for usage analysis, a service provided by Segment.io, Inc, in the USA ("Segment") for data analysis. Segment.io enables us to aggregate, analyze, and use usage data to optimize the ENLYZE platform. The collected usage data is processed pseudonymously. IP addresses are truncated after collection and the data is not used to create usage profiles.
Segment acts as a data processor for us based on a data processing agreement according to Art. 28 GDPR.
The data processed via Segment.io is transferred to and stored on a server of Segment in the USA. There are appropriate safeguards for this transfer of personal data to a third country in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (EU standard contractual clauses) upon request at any time.
Below are the GDPR compliance of Segment and the Segment Privacy Policy.
3.4.C June
To analyze and evaluate the data collected with Segment, for example, to create dashboards and various metrics and to form cohorts, we use the service June provided by June, Inc., in the USA ("June"). June acts as a data processor for us based on a data processing agreement in accordance with Art. 28 GDPR. The data processed by the June service is transferred to and processed on a server operated by June in the USA. Appropriate safeguards in accordance with Art. 46 GDPR exist for this transfer of personal data to a third country. Upon request, we will gladly provide you with proof of the appropriate safeguards (EU standard contractual clauses) at any time. Further information can be found in the June Privacy Policy.
3.4.D Sentry
To improve the stability of the ENLYZE platform and to identify code errors, we use the service Sentry from the service provider Functional Software, Inc., in the USA. In particular, Sentry collects technical information as well as data on individual users of the ENLYZE platform as part of the analysis of technical incidents. This data is used exclusively for technical analysis to improve the stability of the ENLYZE platform and to identify code errors. This data is also immediately anonymized and deleted upon completion of the analysis.
Functional Software, Inc. acts as a data processor for us based on a data processing agreement in accordance with Art. 28 GDPR.
The data processed through Sentry is processed and stored on servers in the USA. There are suitable safeguards in place for the transfer of personal data to a third country in accordance with Art. 46 GDPR. We will be happy to provide you with evidence of the appropriate safeguards (EU standard contractual clauses) upon request at any time.
For further information, please refer to the Privacy Policy of Sentry.
3.4.E Microsoft Clarity
For the analysis of usage and demand-driven optimization of the ENLYZE platform, we use Microsoft Clarity. Microsoft Clarity is a service of Microsoft Corp. In the USA ("Microsoft"). With Microsoft Clarity, protocols of mouse movements and clicks, and pseudonymized usage profiles are created. When using Microsoft Clarity for usage analysis, usage data (in particular access times, mouse movements), meta/communication data (e.g. device fingerprint and IP addresses), and location data (information about the geographic position of the accessing device) are processed in pseudonymized form (IP masking).
Microsoft acts as a processor based on a data processing agreement in accordance with Art. 28 GDPR for us.
When using Microsoft Clarity, personal data may be transferred to a third country without an adequate level of data protection. There are appropriate safeguards for this transfer of personal data to a third country in accordance with Art. 46 GDPR. Upon request, we will be happy to provide you with evidence of the appropriate safeguards (EU standard contractual clauses) at any time. Further information can be found in the Microsoft Privacy Statement.
3.5 Chat function and ticketing (Intercom)
When creating support tickets and using live chat, the contact information and other information provided by you are collected and processed. In addition, information about the browser, IP address, and location of the respective user are processed. This processing is carried out for the purpose of managing and handling your support or contact request. The legal basis for this storage and processing is Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interest is to communicate with the users of the ENLYZE platform and to provide optimal support for the users. For the ticketing system and live chat, we use Intercom, a service of Intercom R&D Unlimited Company in Ireland ("Intercom"). Intercom acts as a data processor for us based on a data processing agreement in accordance with Art. 28 GDPR. The data processed by Intercom is transferred to servers of Intercom in the USA and stored there. There are appropriate safeguards for this transfer of personal data to a third country in accordance with Art. 46 GDPR. Upon request, we will be happy to provide you with proof of the appropriate safeguards (EU standard contractual clauses). For more information, please refer to the Intercom Privacy Policy.
3.6 transaction messages
For transaction messages via email, messenger, notifications, etc., sent in connection with your use of the ENLYZE platform, we utilize an external service provider that carries out the email dispatch for us and ensures the deliverability of the messages. This service provider acts for us as a data processor on the basis of a data processing agreement in accordance with Art. 28 GDPR. This may involve the transfer of personal data to a third country outside the EU. There are suitable guarantees for data transfer in accordance with Art. 46 GDPR. Upon request, we will be happy to provide you with evidence of the suitable guarantees (EU standard contractual clauses) at any time.
4. Visit our websites
The confidentiality and integrity of the personal data processed with our IT systems is of great importance to us. The data is also used to correct errors on the websites.
For these purposes, the following data is logged:
IP address of the calling computer
Operating system of the calling computer
Browser version of the calling computer
Name of the accessed file
Date and time of access
Amount of transmitted data
Referring URL
This data is regularly deleted after a few days. Our websites are hosted by a service provider on the basis of order processing in accordance with Art. 28 GDPR. The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity, and availability of the data.
5. Contact, CRM and Direct Marketing
Contact us, for example by email or live chat, to request information or documents, the information you provide for processing the request will be stored.
The information requested in a contact form or chat function on the website is necessary to process your request, address you correctly, and send you a response.
The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interest is communication with our prospects, visitors, and customers.
If the contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
Inquiries, customer contacts, and orders are usually stored in our CRM system. The data processed in this context (name, first name, title, postal address, if applicable date of birth, your specific interest in our products and services, and your interactions with us) may also be used by us for the purposes of direct marketing, especially for postal advertising, in compliance with legal requirements.
The legal basis for this storage and processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interest is the marketing of our products and services as well as the maintenance of our prospective customer and client relationships.
For our contact form or chat function on the website, we use an external service provider as a data processor based on a data processing agreement in accordance with Art. 28 GDPR.
As a result, personal data may be transferred to a third country outside the EU. There are appropriate safeguards for data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with evidence of the appropriate safeguards (EU standard contractual clauses) upon request at any time. Please contact us using the contact details provided above.
5.1 Zapier
To exchange data between different providers, we use the services and interfaces of Zapier, Inc. (548 Market St. #62411, San Francisco, CA, 94104, USA). If you fill out and submit a form to provide us with data, this information (including your contact information) will also be transferred to Zapier.
This may involve the transfer of personal data to a third country outside the EU. There are appropriate safeguards for data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (EU standard contractual clauses) upon request at any time. Please contact us using the contact details mentioned above.
For more information, please visit the privacy policy of Zapier, Inc.: https://zapier.com/privacy.
6. Customer and supplier data
We process the data of our prospects, customers, service providers, and suppliers as part of the provision of our contractual services. Here, we may process inventory data (for example, name, address), contact data (for example, email address, telephone number), content data (for example, photos, videos), contract data (for example, subject matter of the contract, duration), payment data, and data collected and/or processed as part of the provision of services. This data is regularly stored in our CRM system (see above).
The legal basis for this storage and processing is the fulfillment of the contract or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR.
7. Newsletter
7.1 Registration for the newsletter
On our website, you can register to receive a newsletter by email. When registering, the data from the input mask, the IP address of the calling computer, and the date and time of the registration are transmitted to us. For the processing of the data, your consent is obtained during registration and reference is made to this data protection information.
To verify that a registration for newsletter delivery is being made by the actual owner of an email address, we use the so-called "double opt-in" procedure. After registering an email address, a confirmation email is sent to the registered email address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation email is activated. In this process, the IP address of the calling computer and the date and time of the confirmation link activation are also transmitted to us.
Registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us using the contact details above.
The legal basis for processing the data after registering for the newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
7.2 Email Newsletter as part of an existing customer relationship
If you register as a user of our app and provide your email address, it can be used by us in the future for sending an email newsletter, unless you have objected to such use. In this case, the email newsletter will exclusively contain direct advertising for our own similar goods or services. You can object to the use of your email address at any time, without incurring any costs other than the transmission costs at the basic rates, by using the unsubscribe link contained in each newsletter or by contacting us using the above contact details. The legal basis for sending the newsletter following the sale of goods or services is Art. 6(1)(f) GDPR.
7.4 Newsletter service provider
We use an external service provider as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR for the dispatch and analysis of our newsletter.
As part of this, personal data may be transferred to a third country outside the EU. There are suitable guarantees for data transfer in accordance with Art. 46 GDPR. Upon request, we will be happy to provide you with evidence of the suitable guarantees (copy of the EU standard contractual clauses) at any time. Please contact us using the contact information provided above.
8. Cookies
Cookies are used on our website. Cookies are information that is transmitted from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Cookies store information that is specific to the device being used. Cookies contain a characteristic string that enables a unique identification of the browser when the website is accessed again. A cookie also contains information about its origin and storage period. However, this does not mean that we immediately obtain knowledge of your identity.
8.1 Technically necessary or essential cookies
When visiting our website and using the platform, cookies are set that are absolutely necessary for the operation of the website or the platform. These essential cookies may, for example, include cookies that are required for the display of the website with a content management system, that recognize language settings, or that document whether you have consented to the setting of additional (non-essential) cookies or have rejected them.
The technically necessary cookies, including their purpose and storage period or expiration date, will be explained to you in our cookie banner, which is displayed when you visit the website.
The legal basis for the processing of personal data using essential cookies is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interests are the operation and provision of our website.
8.2 Non-essential Cookies
We also use non-essential cookies, for example, to collect additional information about the interests of visitors to our website or their usage behavior, in order to analyze and optimize our website and generally our customer interactions based on this.
Non-essential cookies, including their purpose and storage duration or expiry, are also explained to you in our cookie banner, which is displayed to you when you visit the website.
Non-essential cookies are only set if you have expressly consented to the setting of non-essential cookies. In the cookie banner, you can also select different categories of non-essential cookies that you would like to allow.
The legal basis for the processing of personal data using such non-essential cookies is your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.
9. Web analysis
We use web analytics services on our website or parts of the website to capture how our website is used by its visitors and to optimize the website.
9.1 Google Analytics
We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited in Ireland ("Google").
Through JavaScript tags, we can collect information about your use of the website and platform. Google Analytics regularly uses cookies to gather information about a user's interactions with the website or platform.
As part of the use of Google Analytics, your IP address and information about the use of the website or platform, browser type and version, operating system used, the previously visited page, and the time of the server request are transmitted to servers operated by Google and processed there.
As part of IP anonymization, the collected IP addresses of users within the European Economic Area are shortened before being transmitted to the USA. Only in exceptional cases, in the event of technical disruptions in Europe, will the full IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data by Google.
Google acts as a processor based on a data processing agreement in accordance with Art. 28 GDPR for us.
As explained, this may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards pursuant to Art. 46 GDPR are provided for the transfer. Upon request, we will be happy to provide you with evidence of appropriate safeguards (EU standard contractual clauses) at any time.
The legal basis for this data processing is your explicit consent pursuant to Art. 6 para. 1 lit. a) GDPR.
9.2 Microsoft Clarity
We work with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website using behavioral metrics, heatmaps, and session replays to improve and market our products/services. The website usage data is collected using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activities. We also use this information for website optimization, fraud/security purposes, and advertising. For more information on how Microsoft collects and uses your data, please see the Microsoft Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement.
This may involve the transfer of personal data to a third country outside the EU. There are suitable guarantees for data transfers in accordance with Art. 46 GDPR. We will be happy to provide proof of suitable guarantees (EU standard contractual clauses) upon request at any time. Please contact us using the above contact details.
The legal basis for this data processing is your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.
10. Social Media
10.1 Social Media Buttons
On our website, social media buttons from various social media networks (e.g. Linkedin, Instagram, Twitter, Facebook, and/or YouTube and/or LinkedIn) are integrated.
When you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network will receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and either are logged in to the respective social media network or then log in on the page of the respective social media network, the transmitted information can be associated with your account at the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, provider identification, a contact option, and your rights and privacy settings, please refer to the respective privacy information of the providers of the social media networks.
The legal basis for the integration and use of the social media buttons is Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interest is the marketing of our offers and our website.
10.2 Social Media-Pages
We maintain a publicly accessible profile on various social media networks, such as LinkedIn, Instagram, Twitter, Facebook, and/or YouTube and/or LinkedIn ('Social Media Pages' or 'Fanpages').
When you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and associate the information collected with your account on the social media network and enrich it there. Even if you are not logged in or do not have an account with the respective social media network, data about you may be collected by the provider of the respective social media network, such as your IP address or data collected via a cookie.
The operators of the social media networks can create user profiles based on this data. Based on your user profile, you may then be shown interest-based advertisements on the websites of the social media network as well as on other websites.
When you visit one of our social media pages, we, together with the provider of the social media network, are responsible for the collection and processing of your personal data that takes place there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information on this.
We are happy to provide you with information on the appropriate safeguards for data transfers to third countries in accordance with Art. 46 GDPR at any time upon request.
You can assert your data subject rights in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) with us as well as with the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the scope of the options provided to us by the respective provider within the framework of our social media pages.
The legal basis for our use of social media pages is Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interest is the presence and marketing of our products and services on the Internet.
11. Applications
We collect and process personal data from applicants for the purpose of handling the application process. If an applicant submits their application documents to us electronically, this processing is done electronically.
If we enter into an employment contract with an applicant, the data transmitted will be processed for the purpose of carrying out the employment relationship in compliance with statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after the application process is completed, unless deletion conflicts with an overriding legitimate interest, such as the defense of claims or the preservation of evidence in accordance with the General Equal Treatment Act (AGG).
The legal basis for this storage and processing is the fulfillment of the contract or the performance of pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR, and in Germany also § 26 BDSG.
12. Video conferences and webinars
If you participate in a video conference, webinar, or online meeting organized by us (hereinafter "video conferences"), we will process your personal data as part of your participation.
When participating in a video conference, various data categories are processed. The extent of the data also depends on the information you provide before or during participation in a video conference.
When participating in a video conference organized by us, you will usually need to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to facilitate your participation, and information about login and device/hardware information will be stored. Additionally, if provided, email address and profile picture will be processed. If you dial in by phone, your phone number and possibly your IP address will be processed.
To enable participation in the video conference, data from your device's microphone and any device camera, as well as information from screen sharing, will be processed. You can always turn off or mute the camera or microphone yourself. You always determine whether and which parts of your screen are shared.
Audio and video recordings of the video conference may be created. In this case, MP4 files of all video, audio, and presentation recordings will be processed. There will always be a notice of the recording, if one occurs, and if necessary, the explicit consent of the participants in the recording will always be obtained.
You may have the opportunity to use the chat, question, or survey functions in a video conference. In this respect, the text inputs you make will be processed to display them in the video conference and potentially log them.
If personal data of our employees are processed, the legal basis for data processing is Art. 26 GDPR, provided that German law is applicable to the processing of employee data.
If German law should not be applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, performance, or termination of the employment relationship, but nevertheless an essential part of participating in a video conference, our predominant legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our legitimate interest is in the effective implementation of video conferences.
Otherwise, the legal basis for data processing in the conduct of video conferences is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of project execution or when participating in a webinar).
Otherwise, the legal basis for data processing in connection with your participation in a video conference organized by us is our predominant legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. In these cases, our legitimate interest is in the effective implementation of video conferences.
For the conduct of video conferences, we use one or more service providers as processors based on a data processing agreement in accordance with Art. 28 GDPR.
In this context, personal data may be transferred to a third country outside the EU. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. Upon request, we will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses) at any time.
13. Mergers and Acquisitions (M&A)
If we are involved in a restructuring, acquisition, disposal of assets, merger, financing, transfer of services to another provider, due diligence, insolvency, or receivership, your personal data may be transferred to third parties while maintaining the fundamental principles of data protection to the extent legally permissible and as necessary in connection with and as part of the relevant legal process.
14. age restriction
This website is not intended or designed for use by children under 16 years of age. We do not knowingly collect personal data from or about persons under 16 years of age.
15. Recipient of data
Within our company, those internal positions or organizational units receive your data that they need to fulfill their tasks, possibly to fulfill contracts with you, to process data with your consent, or to protect our overriding legitimate interests.
Data is only passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if, for example, this is necessary for contractual purposes based on Art. 6 para. 1 lit. b) GDPR, or to protect our overriding legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR in the effective implementation of our business operations.
If we use service providers or third-party providers in the provision of the website and/or the provision of our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data.
If, in the provision of the website and/or the provision of our services, we use content or tools from service providers or third-party providers and their registered office is located in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not directly applicable, i.e. countries outside the EU or the European Economic Area. Data is only transferred to third countries if there is an appropriate level of data protection, consent, or other legal permission, in particular an appropriate guarantee in accordance with Art. 46 GDPR.
16. Your rights
You have the following rights with respect to the personal data processed by us that concern you:
16.1 Right to information
You can request information on the basis of Art. 15 GDPR about your personal data that we process.
16.2 Right to rectification
If the information concerning you is incorrect or incomplete, you have the right to request rectification according to Art. 16 GDPR. If your data is incomplete, you can request completion.
16.3 Right to erasure
You are entitled to request the deletion of your personal data in accordance with Art. 17 GDPR.
16.4 Right to restriction of processing
According to Art. 18 GDPR, you have the right to request a restriction of the processing of your personal data.
16.5 Right to object to the processing
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions, as well as to such processing for direct marketing purposes. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
16.6 Right to withdraw your consent
If you have consented to processing, you have the right to withdraw it according to Art. 7 (3) GDPR.
16.7 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format ("data portability"), as well as the right to transmit those data to another controller, where the conditions set out in Article 20(1)(a) and (b) of the GDPR are met.
16.8 Exercise of rights
You can assert your rights by notifying the data controller or data protection officer at the contact details mentioned above.
16.9 Right to lodge a complaint with the data protection supervisory authority
If you believe that our processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to complain to a data protection supervisory authority of your choice.
17. Mandatory Information and Profiling
The provision of personal data is neither legally nor contractually required, you are also not obliged to provide personal data, but the provision of personal information is necessary for entering into a contract, insofar as certain information is mandatory for the conclusion (and performance) of a contract.
An automated decision-making including profiling is not carried out by us.
18. Information security and storage duration
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk of the respective processing for the personal data processed by us, and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or unauthorized access.
For security reasons and to protect the transmission of confidential content, such as orders, inquiries, or payment data that you send to us, our website uses SSL encryption.
Our employees are regularly trained in data protection and information security and are committed to confidentiality and data protection.
As part of a restrictive rights and roles concept on a "need to know" basis, it is ensured that employees only have access to the personal data that they absolutely need to fulfill their tasks.
We adhere to the principles of data avoidance and data economy and only store your personal data for as long as is necessary to achieve the respective purposes of data processing, or as provided for by the legislator's storage periods. If the purpose of storage no longer applies or if a storage period prescribed by the legislator expires, the personal data will be routinely anonymized or deleted in accordance with the statutory provisions.
The provision of personal data is neither legally nor contractually required. You are also not obliged to provide personal data, but the provision of personal information is necessary for entering into (and performing) a contract, as certain details are essential for concluding a contract.
19th amendment to the data protection information
We reserve the right to occasionally adapt this privacy policy so that it always complies with the current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will apply to your next visit.
