Data Protection Declaration
Names and contact information of the controllers in accord with Article 4, Par. 7 DSGVO
soluzione Script GmbH
Commercial Registry – Munich (HRB 135656)
UST ID: DE 213 277 183 (VAT ID Nr.)
General Managers: Frank Rodà, Bastian Ziegler
Telephone: +49 (0)89 38 99 70 0
Telefax: +49 (0)89 38 99 70 77
Security and protection of your personal data
We consider maintaining the confidentiality of the personal data with which you entrust us and protecting it from unauthorized access to be our foremost responsibility. For that reason we utilize extreme care and the most modern security standards to guarantee a maximum of protection for your personal data.
As a private-sector company we are subject to the provisions of the European DSGVO (Datenschutzgrundverordnung = General Data Protection Regulation - GDPR) and the regulations of the BDSG (Bundesdatenschutzgesetzes = German Federal Data Protection Act). We have implemented both technical and organizational measures that ensure that not only our firm but also our external service providers adhere to these data protection regulations.
Definition of Terms
The legislature requires that personal data shall be managed in a lawful fashion, in good faith and in a fashion that is for the concerned persons both transparent and understandable (“lawful, processing in good faith, transparent”. To guarantee these requirements, we will inform you as to how each of the legal terms used in this declaration are defined.
- Personal data
“Personal data” means all information that in any way relates to an identified or identifiable natural person (in following text: “affected person”. Natural persons are considered “identifiable” when they can be individually identified, directly or indirectly, on the basis of an identifier such as a name, an ID or code number, a location, an online identifier, or one or more physical, psychological, genetic, mental, emotional, economic, cultural or social characteristics that could uniquely identify a particular natural person.
“Processing” is every action or sequence of actions performed in connection with personal data – with or without help from automatic procedures – such as collection, recording, organization, ordering, storage, modification or change, selection, inquiry, utilization or dissemination through transmission or distribution by some other means of data presentation, comparison or linking, limitation, deletion or destruction.
- Restriction of processing
“Restriction of processing” is the marking of stored personal data so that future processing involving that data can be limited.
“Profiling” is any automated processing of personal data that could be used to evaluate certain personal aspects relating to a natural person - in particular such aspects having to do with work performance, economic situation, health, personal preferences, interests, reliability, behavior, or to analyze or predict the current the location or movements of that natural person.
“Pseudonymization” is the processing of personal data in such a fashion that this data, without the addition of supplementary information, can no longer be associated with a specific affected person, provided that any such supplementary information will be separately stored and be subjected to technical and organizational measures that ensure that the personal data are not attributed to an identified or identifiable natural person.
- File System
“File system” is any structured set of personal data that are accessible according to certain criteria, without regard for whether the collection is maintained in a centralized or distributed fashion or whether it is ordered on a functional or geographical basis.
“Controller” is a natural person or public entity, authority, agency or other office that alone or in conjunction with others has the power to decide about the purposes and methods for processing personal data. Should the purposes and methods for the processing of personal data be specified by European Union legislation or that of its member states, the controller can choose to reference and apply those criteria as provided for by European Union legislation or that of its member states.
“Processor” is a natural person or a public entity, authority, agency or other body that processes personal data on behalf of the controller.
“Recipient” is a natural or legal person, public authority, agency or other body, to which the personal data are disclosed without regard for whether or not that person or entity is a third party. Public authorities that may receive personal data in the course of carrying out an investigation in accord with European Union legislation or that of its member states are not regarded as recipients. The processing of such data by the referenced authority is carried out shall be in accord with the applicable data protection regulations and with the purposes of the processing.
- Third party
“Third party” is a natural or legal person, public authority, agency or other body, but not the affected person, the controller, the processor and any other such persons that are sanctioned under the direct authority of the controller or processor to process personal data.
Affected persons may for each individual case voluntarily and in an informed fashion produce a “consent” by completing a clear statement of intention in the form of a declaration or other unambiguous action by which the affected person signifies that they are in agreement with the processing of the relevant personal data.
Legal basis for the processing
The processing of personal data is only lawful when there is a proper legal foundation for the processing. The legal basis for the processing is located in Article 6 Par. 1 let. a – f DSGVO, in particular:
a. The affected person has given their consent for the processing of their personal data for one or more specific purposes;
b. The processing is required to fulfill the terms of a contract to which the affected person is a party, or it is required for carrying out precontractual measures that result from a request by the affected person;
c. The processing is essential for the controller to fulfill a legal obligation;
d. The processing is required, to protect the affected person’s most vital interests or those of another natural person.
e. The processing is required to carry out a task that either concerns a matter of public interest or the exercise of official authority when that responsibility has been entrusted to the controller;
f. The processing is required to protect the controller legitimate interests or those of a third party, as long as the interests or fundamental rights and freedoms of the affected person whose personal data requires protection do not predominate, especially then, when the affected person is a minor child.
About the processing of personal data
(1) In the following text, we provide information about the processing of personal data that are associated with the use of our website. Personal data include, for example, name, address, email address, user behavior.
(2) When you contact us, by email or through the use of a contact form, we save the data that you convey to us (your email address and possibly your name and telephone number) so that we can answer your questions (the legal basis for this is a balancing of interests in accord with Art. 6 Par. 1 S. 1 let. f DSGVO). We delete such data that is gathered in connection with this activity after the legal retention requirement of six years has elapsed.
Collection of personal data when visiting our website
When using our website simply for the purpose of obtaining information, i.e., if you don’t register with us or convey other information to us, we will collect only such personal data that your browser conveys to our server. When you view our website, we collect data that are technically required for us to display our website in your browser and that are necessary to assure stability and security (legal basis for this is a balancing of interests in accord with Art. 6 Par. 1 S. 1 let. f DSGVO):
- IP address
- Date and time of the inquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of the request (specific page)
- Access status/HTTP status code
- Data volume transferred each time
- Website from which the request has come
- Browser type
- Operating system and user interface
- Language and version of the browser software.
At the latest, this information will be deleted or anonymized after a week.
(1) When using our website, in addition to the above listed data, cookies are used to store information on your computer. Cookies are small text files that your browser stores on your hard disk to which various bits of information are conveyed. It is not possible for cookies to run a program or infect your computer with a virus. Their only purpose is to make the Internet service user-friendlier and more effective.
(2) This website utilizes the following sorts of cookies, whose scope and operation are explained in the following text:
- Transient cookies (see a.)
- Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close the browser. Within this cookie class are session cookies. Session cookies provide a place to store a so-called session ID, with which various of your browser’s inquiries can be associated during the overall session. By this means, your computer can be recognized when you return to our website. Session cookies, however, are deleted when you log out or close your browser.
b. Persistent Cookies will be deleted automatically after a certain retention period that can be specified variously for each such cookie. You can, however, use your browser’s security settings to manually delete such cookies at any time.
You can configure your browser settings to match your own requirements. You can specify, for example, that third-party cookies or all cookies are to be rejected. So-called “third-party cookies” are cookies that were set up by a third party, i.e., not by the website which one is currently using. Please note that by deactivating cookies in your browser, you may not be able to make use of our website’s full capabilities.
Use of Google Analytics
(1) Our website makes use of Google Analytics, a Web analysis service of Google Inc. („Google“). Google Analytics utilizes so-called “cookies”, text files that are stored on your computer and that make it possible to analyze your use of the website. As a rule, your website usage information that is collected by via the cookie is conveyed to and stored on one of Google’s servers located in the USA. If the IP anonymization in association with this website is activated, Google will previously have truncated your IP address, provided it was assigned within a member state of the European Union or another nation that is bound under the Agreement on the European Economic Area. Only in special instances will the full IP address be conveyed to a Google server in the USA and truncated there. Only on behalf of the website’s operator will Google use this information – to analyze your usage of the website, to compile reports on the website’s activities, and to carry out further analysis for the website operator regarding website usage and Internet usage of other, associated services.
(2) Your IP address that is conveyed to Google Analytics by means of your browser will not be combined with any other data that Google has or obtains.
(3) You can make a setting in your browser program that prevents the storage of cookies on your system; we note here, however, that if you make that setting, it is unlikely that you will be able to use all functions that are otherwise available within the scope of our website. In addition, you can suppress the recording and transmission to Google and consequent processing of website usage information and data (including your IP address), as facilitated by the cookie, by using the following link to download and install the available browser plug-in that serves that purpose: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the “_anonymizeIp()” extension. Using this function, IP addresses are truncated before being processed further so that it is impossible to associate them with specific individuals. Even if a reference to your person should be conveyed through the automatically collected data, the reference to your person will be blocked and the personal data will be immediately deleted.
(5) We use Google Analytics to analyze the use of our website so that we can periodically improve it. By studying the statistics so attained, we can improve our offerings and develop the site further making it more interesting for users like you. For exceptional cases in which personal data is transmitted to the USA, Google has subordinated itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is found in a balancing of interests in accord with Art. 6 Par. 1 S. 1 let. f DSGVO.
(6) Information of the third party vendor: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Conditions:
http://www.google.com/analytics/terms/de.html, Overview of Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data Protection Policy: http://www.google.de/intl/de/policies/privacy.
Products and services offered by Wired Minds AG (www.wiredminds.de) are used on this website for marketing and optimization purposes. The legal basis for this is a balancing of interests in accord with Art. 6 Par. 1 S. 1 let. f DSGVO. Using these products and services, data will be collected, processed and stored, from which pseudonymous user profiles will be created. To these profiles, cookies, as described above, could be employed. Wherever possible and practical, such user profiles will be completely anonymized. The collected data, which could also contain personal data, will be conveyed to Wired Minds or be acquired directly by Wired Minds. In turn, Wired Minds uses this information, which originated and was saved through visits to the website, to create anonymized user profiles. Data acquired in this fashion will not be used to personally identify any website visitor, neither will the personal data be brought into conjunction with the bearer of the pseudonym. IP addresses that are collected will be anonymized immediately after collection by deleting the last number blocks. After no more than 14 days the pseudonymous collected data will be deleted or completely anonymized.
You can object to this data processing at any time by clicking on the following link: Exclude me from website tracking.
Our website is intended for the express use of adult persons. Anyone under 18 years of age should not convey any personal data to us without the explicit permission of their parents or legal guardian.
Rights of the affected person
(1) Right to revoke consent
As long as the processing of personal data depends on a granted consent, you have the right to revoke that consent at any time. If revoking your consent, the legality of any data processing that was carried out under the auspices of the previously granted consent is not affected up until the time of revocation.
To exercise your right to revoke consent, you can contact us at any time.
(2) Right to confirmation
You have a right to demand a confirmation from the controller regarding whether we are processing the affected person’s data. You can at any time use the contact information listed at the top of this document to demand said confirmation.
(3) Right to Disclosure of Information
As long as personal data is being processed, you have a right at any time to demand the disclosure of information pertaining to the personal data as well as the disclosure of the following information:
a. The purposes of the processing;
b. The categories of personal data that are being processed;
c. The recipients or categories of recipients for whom the personal data were or will be disclosed, especially regarding recipients who are in third countries or who are active in international organizations;
d. If possible, the planned duration for which the personal data will be stored, or if this is not possible, the criteria that determine this duration;
e. The existence of a right to revise or delete the personal data that affect you -or- of a right to demand that the controller restrict processing -or- of a right to formally object to the processing;
f. The existence of a right to appeal to a regulatory authority;
g. Even if the personal data are not actively being collected from the affected person, all available information over the data’s origins;
h. The existence of an automated decision making method including profiling in accord with Article 22 Sections 1 and 4 DSGVO and – at least in these cases – significant information about the logic involved as well as the scope and the desired effect for the affected person of that kind of data processing.
If personal data are transferred to a third country or to an international organization, you have a right, secured through the relevant points in Article 46 DSGVO, to be informed about this data transfer. We will make a copy of the personal data that is subject to processing available to you. For any additional copies of the personal data that the affected person requests, we can ask a fee based on reasonable administrative costs. If you make your request electronically, the information will be delivered in any of the common electronic formats, as long as the requestor does not specify a particular (but common) format. The right to receive a copy in accord with section 3 may not impair another person’s rights or freedoms.
(4) Right to revision
You have a right to demand from us that the affected person’s incorrect personal data be promptly revised. Taking into consideration the purposes of the processing, you have a right to demand that any incomplete personal data be completed by using a supplementary declaration.
(5) Right to deletion (“The right to be forgotten”)
You have a right to demand from the controller that the affected person’s personal data be promptly deleted, and we are obliged to promptly delete that personal data, as long as at least one of the following reasons apply:
a. The personal data, for the purposes for which they were collected or in some way processed, are no longer required.
b. The affected person rescinds his/her consent for the processing which was based on Article 6 Section 1 letter a or Article 9 Section 2 let. a DSGVO, and there is no other legal basis for the processing.
c. In accord with Article 21 Section 1 DSGVO, the affected person enters a formal objection to the processing, and there is no other, overriding justification for the processing, or the affected person formally objects to the processing in accord with Article 21 Section 2 DSGVO.
d. The personal data were unlawfully processed.
e. The deletion of personal data is required for the fulfillment of a legal obligation in accord with European Union legislation or that of its member states, to which the controller is subject.
f. The personal data was collected in relation to services offered within the information society in accord with Article 8 Section 1 DSGVO.
If the controller published the personal data and is required in accord with Section 1 to delete them, he must, while taking the available technology, the implementation costs and technical aspects into consideration, inform the person responsible for data processing, the one who processes the personal data, that an affected person has demanded that all links to his personal data, or copies or replications of his personal data, be deleted.
The right to deletion (“the right to be forgotten”) cannot be applied as long as processing is required:
- for exercising the right to free expression of opinions and information;
- for the fulfillment of a legal obligation to process the data, one that underlies European Union legislation or that of its member states, to which the controller is subject, or for carrying out a task that lies in the public interest, or for carrying out a task which was assigned to the controller by an official authority;
- for reasons stemming from public interests in the area of public health in accord with Article 9 Section 2 let. h and i as well as Article 9 Section 3 DSGVO;
- for archival purposes in the area of public interest, for purposes of scientific or historic research, or for statistical purposes in accord with Article 89 Section 1 DSGVO, as long as the right named in section 1 would probably make realizing the goals of the processing impossible, or would seriously impair it, or
- for enforcement, execution or defense of legal claims.
(6) Right to restrict processing
You have a right to demand that we restrict the processing of your personal data, as long as any of the following conditions is true:
a. the accuracy of the personal data is challenged by the affected person, for as long as necessary, until the controller can review the accuracy of the personal data,
b. the processing is unlawful and the affected person refuses to allow the data to be deleted, demanding instead that the use of the personal data be restricted;
c. the controller no longer requires the personal data for the reasons it was being processed, but the affected person still requires it for enforcing, carrying out, or defending against legal claims, or
d. the affected person has entered a formal objection to the processing in accord with Article 21 Section 1 DSGVO, as long as it has not yet been determined whether the controller’s justifications outweigh those of the affected person.
If data processing was restricted in accord with any of the above conditions, then the personal data – except for storing it – will only be processed • with the express agreement of the affected person • or for enforcement, execution, or defense against legal claims • or to protect the rights of another natural person or legal entity • or for reasons important in the public interest of the European Union or that of a member state.
To employ the right to restrict processing, the affected person can at any time use the contact information at the beginning of this document to communicate with us.
(7) Right to transfer data
You have the right to receive the data relating to your person (personal data) that you made available to us in a structured, conventional and machine readable format; and you have the right to transfer your personal data to another controller without interference from the controller who made the personal data available to you, as long as:
a. the processing is supported either by permission granted in accord with Article 6 Section 1 Letter a or Article 9 Section 2 Letter a or by contractual provisions in in accord with Article 6 Section 1 Letter b DSGVO and
b. the processing is carried out with the help of an automated procedure.
By exercising your right to transfer data in accord with paragraph 1, you have a right to have your personal data transferred directly from one controller to another controller as long as this is technically possible. Exercising your right to transfer data does not affect your right to deletion (“the right to be forgotten”). This right is not valid for data processing when it is required to carry out a task that was assigned to the controller, provided that task lies in the public interest or in the exercise of public authority.
(8) Right to object
At all times you have the right to formally object to the processing of personal data, carried out on the basis of Article 6 Section 1 Letter e or f DSGVO, for reasons that arise from your particular situation; this is also true for profiling that is justified by those same provisions. The controller will no longer process the personal data unless he can demonstrate compelling and legitimate reasons for the processing that outweigh the affected person’s interests, rights and freedoms, or the processing is required to enforce, execute or defend against legal claims.
Should your personal data be used to conduct direct advertising, you have a right at any time to formally object to the use of your personal data for that sort of advertising; this applies as well to profiling, as long as it is being performed in connection with such direct advertising. If you formally object to the processing for the purposes of direct advertising, your personal data will no longer be used for these purposes.
In connection with the use of services of the information society, you can, without regard for the 2002/58/EG guideline, exercise your right to formally object with help from an automated procedure with which technical specifications will be applied.
For reasons that arise from your particular situation, you have a right to formally object to the processing of your relevant personal data that is being carried out for the purpose of scientific or historical research, or for statistical purposes in accord with Article 89 Section 1, unless the processing is required in fulfillment of obligations that arise in connection with a task in the public interest.
You can exercise your right to object at any time by applying to the responsible controller.
(9) Automated decisions in individual cases, including profiling
You have a nonexclusive right to automated processing – including profiling – that subjects you to a decision that has, with respect to you, binding legal effect -or- in a similar fashion, one that significantly disadvantages you. This does not apply when the automated decision:
a. is required for closing a contract or for fulfilling a contract’s provisions, i.e., for contracts made between the affected person and the controller,
b. because of legal provisions in the European Union or those in member states to which the controller is subject, the automated decision is permitted, and if these legal provisions include reasonable measures for safeguarding the rights, freedoms and legitimate interests of the affected person, or
c. is carried out with the affected person’s explicit consent.
The controller implements certain reasonable measures to preserve the affected person’s rights, freedoms and legitimate interests, for which the controller exercises at least the right to intervene on behalf of an affected person so that the affected person can represent their own standpoint and oppose the decision.
The affected person can exercise this right at any time by applying to the responsible controller.
(10) Right to effectively petition a regulatory authority
You also have a right, without prejudice, to seek administrative or legal redress at a regulatory authority including the right to file a formal complaint at such authority, particularly in the member state where you reside, where you work, or at the place of the suspected violation, when the affected person is of the opinion that the processing of the personal data is in violation of these regulations.
(11) Right to effective judicial remedy
You have a right to seek, without prejudice, available administrative or extrajudicial redress, including the right to an effective judicial remedy at a regulatory authority in accord with Article 77 DSGVO, when it is of the opinion that this provision’s enforceable rights are not in accordance with the processing of your personal data and that it represents a violation.
We make use of external service providers (data processors) for the operation and maintenance of our web servers. To secure the protection of your personal data, a separate data processing agreement has been executed with each service provider.