Data protection notice
Responsible within the meaning of data protection laws is
PROFILERS GmbH, Nördliche Münchner Strasse 42, 82031 Grünwald
PROFILERS 'data protection officer is
Dominique Endler, c / o PROFILERS GmbH, Nördliche Münchner Strasse 42, 82031 Grünwald
With this data protection notice we inform you (in the following text also referred to as “user” or “data subject”) in a general way about data processing in our company and in particular about data processing when you visit our website, when you contact us Website contact form and contact details by email or telephone. We also inform you about our online presence in social media and about your rights with regard to the processing of your data. The term “data processing” always means the processing of personal data.
1. General information on data processing
1.1 Categories of personal data
We process the following categories of personal data:
• Inventory data (eg names, addresses, functions, organizational affiliation, etc.);
• Contact details (eg e-mail, telephone / fax numbers, etc.);
• Content data (eg text input, image files, videos, etc.);
• usage data (eg access data);
• Meta / communication data (eg IP addresses).
1.2 Recipients or categories of recipients of personal data
If we disclose data to other persons and companies such as web hosts, contract processors or third parties in the course of our processing, transmit them to them or otherwise grant them access to the data, this is done on the basis of legal permission (e.g. if the data is transmitted to third parties in accordance with Art. 6 Para. 1 lit. b DS-GVO is required to fulfill the contract) if the data subjects have given their consent or if a legal obligation provides for this.
1.3 Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the relevant data will be deleted, provided that they are no longer required to achieve the purpose, fulfill the contract or initiate a contract.
1.4 Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure or transmission of data to third parties, this only occurs if it happens to fulfill our (pre-) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. DS-GVO are met, i.e. processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of one of the EU corresponding data protection levels (eg for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
2. Data processing when you visit our website
2.1 log files
Every time a data subject accesses our website, general data and information are stored in the log files of our system:
• Date and time of the call (time stamp);
• Request details and target address (protocol version, HTTP method, referrer, user agent string);
• Name of the file called up and amount of data transferred (requested URL including query string, size in bytes);
• Notification of whether the request was successful (HTTP status code).
When using this general data and information, we do not draw any conclusions about the person concerned. There is no personal evaluation or an evaluation of the data for marketing purposes or a profile formation. The IP address is not saved in this context.
The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f GDPR. The collection of the data for the provision of the website and the storage of the data in log files is essential for the secure operation of our website. There is consequently no possibility of objection on the part of the data subject.
2.2 Malware detection and log data analysis
We collect log data that arise during the operation of our company's communication technology and evaluate it automatically, insofar as this is necessary to identify, limit or eliminate faults or errors in communication technology or to defend against attacks on our information technology or to identify and defend against Malware is required.
The legal basis for the temporary storage and evaluation of the data is Art. 6 Para. 1 lit. f GDPR. The storage and evaluation of the data is essential for the provision of the website and its secure operation. There is consequently no possibility of objection on the part of the person concerned.
2.3 Cookies
So-called cookies are used on our website. Cookies are small text files that are exchanged between the web browser and the hosting server. Cookies are stored on the user's computer and transmitted to our site from there. In the web browser you are using, you can restrict the use of cookies or prevent them in principle by making a corresponding setting. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, this may mean that the website cannot be displayed or used in its entirety.
The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 lit. f GDPR.
2.4 Google reCAPTCHA
On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to differentiate whether an input is made by a natural person or is improperly made by machine and automated processing. The service includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in determining individual responsibility on the Internet and avoiding abuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come in the US.
Further information on Google reCAPTCHA and Google's data protection declaration can be viewed at: https://www.google.com/intl/de/policies/privacy/
3. Data processing in the context of establishing contact
3.1 Contacting us by email
You can contact our company by e-mail using the e-mail addresses published on our website.
If you use this contact method, the data you transmit (e.g. surname, first name, address), but at least the e-mail address and the information contained in the e-mail, along with any personal data you have transmitted, are used for this purpose the contact and processing of your request. In addition, the following data is collected by our system:
• IP address of the calling computer;
• The date and time of the email.
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 Para. 1 lit. b or lit. f GDPR
3.2 Contact via the website contact form
If you use the contact form provided on our website for communication, you must provide your name and first name and your email address. Without this data, your request via the contact form cannot be processed. Providing your address is optional and, if you wish, enables us to process your request by post.
In addition, the following data is collected by our system:
• IP address of the calling computer;
• Date and time of registration.
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 Para. 1 lit. b or lit. f GDPR.
3.3 Contact by letter
If you send us a letter, the data you have transmitted (e.g. surname, first name, address) and the information contained in the letter, along with any personal data you have transmitted, will be stored for the purpose of contacting us and processing your request.
The legal basis for the processing of personal data in the context of letters and faxes sent to us is Art. 6 Para. 1 lit. b or lit. f GDPR.
4. Online presence in social media
We maintain an online presence within social networks (Xing, LinkedIn) in order to inform the users active there about our services and to communicate via the platforms if they are interested. Our social media channels can only be accessed via an external link. As soon as you call up the respective social media profiles in the respective network, the terms and conditions and the data processing guidelines of the respective operator apply there.
We have no influence on data collection and its further use by social networks. There is no knowledge of the extent, location and duration of the data stored, the extent to which the networks comply with existing deletion obligations, which evaluations and links are made to the data and to whom the data is passed on. We therefore expressly draw your attention to the fact that your data (e.g. personal information, IP address) are stored by the network operators in accordance with their data usage guidelines and used for business purposes.
We process data with regard to social media presences to the extent that, for example, comments or direct messages are sent to us via them. The legal basis for the processing of the data after the consent of the user is Art. 6 Para. 1 lit. a GDPR.
5. Your rights
As a data subject, you have the following rights in connection with the processing of your personal data:
5.1 Right to information
(1) The person concerned has the right to request confirmation from the person responsible as to whether personal data concerning them are being processed; If this is the case, she has a right to information about this personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data that are processed;
c) the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
e) the existence of a right to correction or deletion of personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the personal data are not collected from the data subject, all available information on the origin of the data;
h) the existence of automated decision-making including profiling in accordance with Art. 22 Paragraph 1 and Paragraph 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject .
(2) If personal data are transmitted to a third country or to an international organization, the data subject has the right to be informed about the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.
5.2 Right to Correction
The data subject has the right to demand that the person responsible immediately correct any incorrect personal data relating to them. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data - including by means of a supplementary declaration.
5.3 right to cancellation
(1) The data subject has the right to request the person responsible to delete personal data concerning them immediately, and the person responsible is obliged to delete personal data immediately if one of the following reasons applies:
a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject revokes their consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a) or Art. 9 Para. 2 lit. a) GDPR and there is no other legal basis for the processing.
c) The person concerned objects to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or the person concerned objects in accordance with Art. 21 Paragraph 2 DS-GVO processing a.
d) The personal data was processed unlawfully.
e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
f) The personal data was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 GDPR.
(2) If the person responsible has made the personal data public and is obliged to delete it in accordance with paragraph 1, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to ensure that the person responsible for the data processing is responsible for the personal data process, to inform them that a data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data.
(3) Paragraphs 1 and 2 do not apply if processing is necessary
a) to exercise the right to freedom of expression and information;
b) to fulfill a legal obligation that requires processing under the law of the Union or the Member States to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible ;
c) for reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h) and i) as well as Art. 9 Para. 3 GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Paragraph 1, insofar as the law referred to in Paragraph 1 is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
e) for the establishment, exercise or defense of legal claims.
5.4 Right to restriction of processing
(1) The data subject has the right to request the controller to restrict processing if one of the following conditions is met:
a) the correctness of the personal data is disputed by the data subject, for a period that enables the person responsible to check the correctness of the personal data,
b) the processing is unlawful and the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted;
c) the controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims, or
d) the person concerned has lodged an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR, as long as it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the person concerned.
(2) If the processing has been restricted in accordance with paragraph 1, these personal data - apart from their storage - may only be used with the consent of the data subject or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person Are processed for reasons of important public interest of the Union or a Member State.
5.5 Right to data portability
(1) The person concerned has the right to receive the personal data concerning them that they have provided to a responsible person in a structured, common and machine-readable format, and they have the right to transfer this data to another responsible person without hindrance from the responsible person to which the personal data was provided, provided
a) the processing is based on consent in accordance with Art. 6 Para. 1 lit. a) or Art. 9 Para. 2 lit. a) GDPR or on a contract according to Art. 6 Para. 1 lit. b) DS-GVO is based and
b) the processing is carried out using automated procedures.
(2) When exercising their right to data portability in accordance with Paragraph 1, the data subject has the right to have the personal data transmitted directly from one person responsible to another, insofar as this is technically feasible.
The right under paragraph 1 must not impair the rights and freedoms of other persons.
This right does not apply to processing that is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority that has been assigned to the person responsible.
5.6 Right to Object
The data subject has the right, for reasons that arise from their particular situation, to object at any time to the processing of personal data relating to them, which is based on Art. 6 Para. 1 lit. e) or f) DS-GVO takes place, to object; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data unless he can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
In connection with the use of information society services, regardless of Directive 2002/58 / EC, the person concerned can exercise their right of objection by means of automated procedures in which technical specifications are used.
5.7 Right of withdrawal
The person concerned has the right to revoke their data protection declaration of consent at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent until the withdrawal.
5.8 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, every person concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their place of residence, their place of work or the place of the alleged infringement, if the person concerned is of the opinion that the processing of their personal data Data violates this regulation.