Privacy Statement
This Privacy Statement clarifies the nature, scope and purpose of processing personal data (“data”) within our online offering and related websites, functions and content, as well as external online presence such as our social media profile (collectively referred to below as an “online offering”). With regard to the concepts used, such as “personal data” or its “processing,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Responsible:
opexxia GmbH
Petunienweg 2a
81377 München
Deutschland
Represented by:
Dörte Kaschdailis
Silvia Sommer-Tsimpoulis
Kontakt:
Telefon: +49. (0) 171 761 71 30
E-Mail: info@opexxia.com
Types of data processed:
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses.
Processing of special categories of data (Article 9 (1) GDPR):
– No specific categories of data are processed.
Categories of persons affected by the processing:
– Customers/prospective customers/suppliers.
– Visitors and users of the online offering.
In summary, we also refer to the following affected persons as “users.”
Purpose of processing:
– Provision of contractual services, service and customer care.
– Response to contact requests and communication with users.
– Marketing, advertising and market research.
– Security.
Status: 24.05.2018
1. Relevant legal framework
In accordance with Article 13 of the GDPR, we will inform you of the legal basis of our data processing. If the legal basis is not mentioned in the Privacy Statement the following applies: The legal basis for obtaining consents is Article 6 (1) lit. (a) and Article 7 of the GDPR, the legal basis for processing to fulfil our services and implement contractual measures, as well as answering enquiries is Article 6 (1) lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Article 6 (1) lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the affected person or another natural person require the processing of personal data, Article 6 (1) lit serves. D GDPR as the legal basis
2. Changes and updates to the Privacy Statement
We ask you to check the content of our privacy statement on a regular basis. We adjust the privacy statement as soon as any changes to our data processing make this necessary. We will inform you as soon as the changes require a joint action on your part (e.g. consent) or any other individual notification.
3. Security measures
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons.,to ensure a level of protection commensurate with the risk; measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and disconnection. In addition, we have established procedures to ensure the ability of affected persons to exercise their rights, the deletion of data and the response to data compromise. Furthermore, we consider the protection of personal data as early as during the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings (Article 25 GDPR).
Security measures include, in particular, the encrypted transfer of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. If, as part of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a statutory provision (e.g. if a transfer of the data to third parties, such as payment service providers, is required under Article 6 (1)) of 1 lit. b GDPR for the fulfilment of the contract), if you have given your consent, a legal obligation provides for it or on the basis of our legitimate Interests (e.g. when using agents, web hosts, etc.).
4.2. If we instruct third parties to process data on the basis of a so-called “contract for contract processing,” this is done on the basis of Article 28 of the GDPR.
5. Transmissions to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done within the context of the use of third-party services or disclosure or transfer of data to third parties, this may only occur if its purpose is to fulfil our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we process or leave the data in a third country only in the event of the special requirements of Article 44 ff. GDPR. This means processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the US by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contract clauses”).
6. Rights of the persons concerned
6.1. You have the right to request confirmation as to whether data in question has been processed as well information regarding this data, and further information and copy of the data in accordance with Article 15 of the GDPR.
6.2. In accordance with Article 16 of the GDPR you have the right to require the completion of any data concerning you or the correction of any incorrect data concerning you.
6.3. In accordance with Article 17 of the GDPR you have the right to request that data in question be deleted immediately or, alternatively, to require a restriction of the processing of that data in accordance with Article 18 of the GDPR.
6.4. You have the right to request that the data you have provided to us be received in accordance with Article 20 of the GDPR and to request that it be transmitted to other persons responsible.
6.5. You also have the right under Article 77 GDPR to lodge a complaint with the relevant supervisory authority.
7. Right of revocation
You have the right to revoke given consents in accordance with Article 7 (3) of the GDPR with effect for the future.
8. Right to object
You may object to the future processing of the data concerning you at any time in accordance with Article 21 GDPR. The objection may be made in particular against processing for direct advertising purposes.
9. Cookies and right to object to direct advertising
We use temporary and permanent cookies, i.e. small files stored on users’ devices (for anexplanation of term and function, see last section of this privacy statement). In some cases, the cookies are for security purposes or are necessary to operate our online offering (e.g. for the presentation of the website) or to store the user decision when confirming the cookie banner. In addition, we or our technology partners use cookies for range measurement and marketing purposes, which users are informed about in the course of the privacy policy. A general objection to the use of cookies used for online marketing purposes in a large number of services, especially in the case of trackingcan be explained by the US side http://www.aboutads.info/choices/or the EU side http://www.youronlinechoices.com. In addition, cookies can be stored by disabling them in the browser’s settings. Please note that not all functions of this online offering may be available.
10. Deletion of data
10.1. The data we process will be deleted or restricted in processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in the context of this privacy statement, the data stored with us will be deleted as soon as it is no longer needed for its purpose and no legal retention obligations stand in the way of deletion. If the data cannot be deleted because it is necessary for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
10.2. According to legal requirements, retention will be upheld in particular for 6 years in accordance with § 257 (1) of the German Commercial Code (trading books, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) as well as for 10 years in accordance with § 147 (1) AO (books, records, status reports, accounting records, trade and business letters, documents relevant to taxation, etc.).
11. Providing contractual services
11.1. We process inventory data (e.g., names and addresses as well as contact details of users), contract data (e.g., services used, names of contact persons, payment information) in order to fulfil our contractual obligations and services provided in Article 6 (1)) of GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
11.2. Deletion takes place after the expiry of legal warranty and similar obligations, the requirement for retention of data is checked every three years; in the case of legal archiving obligation, deletion takes place after its expiry deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years); information will remain in the customer account until it is deleted.
12. Contact
12.1. When contacting us (by contact form or e-mail), the user’s details will be used for processing the contact request in accordance with Article 6 (1) lit. b) GDPR.
12.2. User information can be stored in our customer relationship management system (“CRM system”) or similar request organization.
12.3. We will delete the requests if they are no longer required. We check the requirement every two years; requests from customers who have a customer account are stored permanently and deleted in accordance with the customer account details. In the case of legal archiving obligations, deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years).
13. Comments and posts
13.1. If users leave comments or other posts, their IP addresses will be stored for 7 days based on our legitimate interests within the context of Article 6 (1) lit. For GDPR.
13.2. This is done for our safety if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution ourselves and are therefore interested in the identity of the author.
14. Collection of access data and log files
14.1. We collect data regarding every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 (1) lit. f. GDPR. Access data includes name of the website clicked on, file, date and time of clicks amount of data transferred, notification of successful click, browser type plus version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting providers.
14.1. We collect data regarding every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 (1) lit. f. GDPR. Access data includes name of the website clicked on, file, date and time of clicks amount of data transferred, notification of successful click, browser type plus version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting providers.
14.2. Logfile information is stored for security reasons (e.g. to investigate acts of abuse or fraud) for a maximum period of 7 days and then deleted. Data that is required for further retention for evidentiary purposes is exempt from deletion pending a final resolution of the incident.
15. Online presence on social media
15.1. We shall maintain an online presence within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services there on the basis of our legitimate interests within the meaning of Article 6 (1) lit. GDPR . When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
15.2. Unless otherwise stated in our privacy policy, we process users’ data as long as they communicate with us within social networks and platforms, e.g. write posts on our online stores or send us messages.
16. Cookies & Reichweitenmessung
16.1. Cookies are information that is transmitted from our web server or third-party web servers to the web browsers of the users and stored there for later retrieval. Cookies can be small files or other types of information storage.
16.2. Users will be informed about the use of cookies in the context of pseudonymous range measurement as part of this privacy statement.
16.3. If users do not want cookies to be stored on their computer, they are asked to disable the appropriate option in the system settings of their browser. Saved cookies can be deleted from the browser’s system settings. The blocking of cookies can lead to functional limitations of this online offering.
16.4. You may object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and in addition to the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
17. Google Analytics
17.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) lit. f GDPR, we use Google Analytics, a web analytics service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is usually transmitted to a Google server in the USA and stored there.
17.2. Google is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
17.3. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide further information with the use of this online offering and the services associated with the Internet. The processed data can be used to create pseudonymous user profiles.
17.4. We only use Google Analytics with enabled IP anonymization. This means that user IP addresses are shortened by Google within Member States of the European Union or in other countries contracting to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
17.5. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to its use of the online offer to Google, as well as Google’s processing of that data by using it by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
17.6. For more information on Google’s use of data, setting options and possibilities for objection, please visit Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using websites or Apps from our partners”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes “), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you ads”).
17.7. In addition, personal data will be anonymised or deleted after an period of 14 months.
18. Integration of third-party services and content
18.1. Based on our legitimate interest (i.e. interest in analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) lit. f. GDPR) we place content or service offerings from third-party providers to integrate their content and services, such as videos or fonts (referred to below uniformly as “content”). This always presupposes that the third-party providers of this content can see the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only content whose respective providers only use the IP address to deliver the content. Third-party vendors can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” allow information such as visitors on the website to be analysed. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, linked to technical information about the browser and operating system, referring websites, visiting time as well as other information about the use of our online offer as well as such information from other sources.
18.2. The following presentation provides an overview of third-party providers as well as their content, as well as links to their privacy policies, which provide further information on the processing of data and, in some cases already mentioned here, possibilities for objection (so-called opt-out):
External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). Google Fonts are integrated by a server link to Google (usually in the United States). Privacy statement https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
Maps from the service “Google Maps” provided by the third-party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
We use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time you visit one of our pages which contains Xing features, a connection is made to Xing servers. As far as we are aware, no personal data is stored. In particular, no IP addresses are stored or usage behavior evaluated. Privacy statement: https://www.xing.com/app/share?op=data_protection.
External code of the JavaScript framework “jQuery,” provided by the third-party provider jQuery Foundation, https://jquery.org.