Privacy Policy in Accordance with the GDPR
Introduction
With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter shortly referred to as “data”) we process for which purposes and to what extent. This privacy policy applies for all personal data processing performed by us, in the course of our service delivery as well as on our website, in mobile applications and within our external online presence, e.g. our social media profiles (hereinafter collectively referred to as “online offer”). The used terms are not to be considered gender-specific. Status: 2/31/2021
Scope
- Introduction
- Controller
- Processing Overview
- Security Measures
- Use of Cookies
- Social Network Presence
- Data Erasure
- Privacy Policy Changes and Updates
- Rights of Data Subjects
- Definition of Terms
Controller
d3sign.me
Leopoldstr. 2-8
32051 Herford
E-mail: admin@d3sign.me Impressum: ->Impressum
Contact Data Protection Officer
admin@d3sign.me Data protection officer of admin@d3sign.me, certified data security expert of the DEKRA M. Gruber
Processing Overview
The following overview summarises the types of processed data and the purposes of their processing and refers to the data subject.
Types of Processed Data
- Inventory data (e.g. names, addresses)
- Content data (e.g. text entries, photographs, videos)
- Contact data (e.g. E-mail addresses, telephone numbers)
- Meta or communications data (e.g. device information, IP addresses)
- Meta or communications data (e.g. device information, IP addresses)
Categories of Data Subjects
- User (e.g. website visitors, online services user)
Processing Purposes
- Contact requests and communication
- Remarketing.
- Tracking (e.g. interest-related/behavioural profiling, cookie usage)
Appropriate Legal Basis
In the following, we will inform you about the legal basis of the General Data Protection Regulation (GDPR), which serves as a guideline for our personal data processing. Please be aware that national data protection guidelines of your or your company’s country of residence may apply in addition to GDPR regulations.
In the following, we will inform you about the legal basis of the General Data Protection Regulation (GDPR), which serves as a guideline for our personal data processing. Please be aware that national data protection guidelines of your or your company’s country of residence may apply in addition to GDPR regulations.
- Legitimate Interests (Article 6(1) point (f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National Data Protection Regula:tions in Germany
In addition to the data protection regulations of the General Data Protection Regulation, there are national regulations for data protection applying in Germany. In particular, these include the Federal Data Protection Act (BDSG), which protects personal data against abuse during processing. The BDSG includes special regulations regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the data transfer, and automated individual decision-making including profiling. Furthermore, it regulates the data processing for employment-related purposes (§26 BDSG), particularly regarding commencing, carrying out or terminating employment relationships, and the employees’ consent. Also, federal-state data protection laws of the individual federal states may apply as well.
Security Measures
In accordance with legal requirements and consideration of state of the art, the implementation costs and the type, the extent, the circumstances and the purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take suitable technical and organisational measures to guarantee a level of protection appropriate to the risk. These measures especially include the safeguarding of confidentiality, integrity and availability of data by controlling the physical and electronic access to the data and their entering, transferring, securing their availability and separation. Furthermore, we established methods to ensure the awareness of the data subjects’ rights, the erasure of data and reactions to data threats. Also, we consider the protection of personal data already in the development and selection of hardware, software and methods according to the principle of data protection, with technology design and privacy by default settings.
IP Address Shortening: If an IP address storage is not necessary and if it is in our realm of possibilities, your IP address will be shortened either by us or others. In case of an IP address shortening (also known as “IP masking”), the last octet, i.e. the last two numbers of an IP address, will be deleted. In this context, the IP address is an individually assigned identifier of an internet connection provided by the online service provider. The goal of this IP address shortening is to prevent or impede the identification of a person significantly.
SSL Encryption (https): To save your data submitted by our online offer, we use SSL encryption. You can identify connections encrypted like that by the prefix https:// in the address bar of your browser.
Use of Cookies
Cookies are text files that contain data of visited websites or domains and are saved on the user’s computer by the browser. The primary purpose of a cookie is to save information about a user during or after a visit on an online offer. To the information saved belong e.g. language settings on a website, the login status, a shopping cart or the point on which a video was watched. To the concept of cookies, we also count other technologies that fulfil the same functions as cookies (e.g., if user details are saved using pseudonymous online identifications, also known as “user IDs”).
We distinguish the following types and functions of cookies:
- Temporary Cookies (also session cookies): Temporary cookies are deleted at the latest after a user left an online offer or closed his browser.
- Permanent Cookies: Permanent cookies also remain saved after the browser was closed. Thereby, data like the login state or preferred contents can be shown directly when the user revisits the website. Also, the user’s interests, which are used for range measurements and marketing purposes, are saved on those cookies.
- First-Party Cookies: First party cookies are set by us.
- Third-Party Cookies: Third party cookies are mainly used by advertisers (so called third-parties) to process user information.
- Strictly Necessary Cookies: Cookies can be strictly necessary for a website’s operation (e.g. to save logins and other user input or for safety reasons).
- Analytics, Advertising and Functional Cookies: Furthermore, cookies are generally used in the framework of range measurements and when a user’s interests or behaviour (e.g. viewing certain contents, using features etc.) are saved in a user profile on individual websites. Such profiles are used to show e.g. contents to users which meet their potential interests. This method is also referred to as “tracking”, where the potential interests of users are “tracked”. . As far as we use cookies or “tracking” technology, we will separately inform you about them in our privacy policy or in the framework of asking for consent.
Information on Legal Bases:
The legal basis on which we process your personal data using cookies depends on whether we ask for your consent or not. If we do ask and you give your consent, the legal basis of the data processing is the declared consent. If not or if consent on cookies is required to fulfil our contractual obligations, the data will be processed based on our legitimate interests (e.g. on an economical operation of our online offer and its improvement) using cookies.
General Information on Revocation and Objection (Opt-Out): Depending on whether or not the processing takes place based on consent or legal permission, you have the chance to revoke your given consent or to object against the processing of your data using cookie technology at any time (collectively referred to as “Opt-Out”). First, you can declare your objection using your browser settings e.g., by deactivating the use of cookies. Please note that this may limit the functionality of our online offer. You can declare your objection against the use of cookies for online marketing purposes using a variety of services, especially in case of tracking, on the websites http://optout.aboutads.info and http://www.youronlinechoices.com/. In addition, you can get further information on the objection in the framework of details on our service providers and cookies.
Processing of Cookie Data on Consent Basis: Before we process or have data processed in the framework of cookie usage, we ask the user for consent revocable at any time. Until the consent is given, we will at most use cookies necessary for the operation of our online offer. Their usage takes place based on our and the users’ interests in the expected functionality of our online offer.
- Types of Processed Data: Usage data (e.g. visited websites, content interests, access times), Meta or communications data (e.g. device information, IP addresses)
- Data Subjects: User (e.g. website visitors, online services user)
- Legal Bases: Consent (Art. 6(1) point (a) GDPR), legitimate interests (Art. 6(1) point (f) GDPR)
Social Network Presence
We maintain an online presence on social networks to communicate with their active users or provide information about us on them. Furthermore, the users’ data within social networks are generally processed for market research and advertising purposes. In addition to that, user profiles can be generated, e.g. through the usage behaviour and the resulting interests of the users. On the other hand, these user profiles can be used, e.g. to generate adverts in and outside of the network that presumably meet the users’ interests. Therefore, cookies are typically stored on the users’ computers in which the usage behaviour and the users’ interests are stored. Also, the data stored in these user profiles do not depend on the device used (especially when the users are members of the platform in question and logged into their accounts). For a detailed description of the particular processing types and the appropriate opt-out options, please see the privacy policies and the information given by the network operators in question. Also, in the case of information requests and the assertion of data subject rights, we point out that these are most effectively requested from the service provider. Only the service providers have access to their users’ data and can take the appropriate measures and provide information. If you still need help, feel free to contact us.
- Types of Processed Data: Inventory data (e.g. names, addresses), contact data (e.g. E-mail addresses, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. visited websites, content interests, access times), meta or communications data (e.g. device information, IP addresses)
- Data Subjects: User (e.g. website visitors, online services user)
- Processing Purposes Contact requests and communication, tracking (e.g. interest-related/behavioural profiling, cookie usage), remarketing
- Legal Bases: Legitimate interests (Art. 6(1) point (f) GDPR)
Used Services and Service Providers:
- LinkedIn: Social Network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (USA warranty for data protection level in the matter of data processing): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Possibility to Object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Xing: Social Network; Service Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung
Used Services and Service Providers:
- LinkedIn: Social Network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (USA warranty for data protection level in the matter of data processing): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Possibility to Object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Xing: Social Network; Service Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung
Data Erasure
In accordance with legal requirements, we will erase data processed by us as soon as the consent given for their processing will be revoked or other permits lapse (e.g. when the processing purpose of these data lapsed or when they are not necessary for the purpose). As long as data are not erased because they are necessary for other purposes permitted by law, their processing will be limited on these purposes. In other words, the data will be blocked and not processed for other purposes. This applies, e.g. for data, that have to be stored because of commercial or fiscal reasons or whose storage is necessary for the establishment, exercise or defence of legal claims or for the protection of another natural or legal person’s rights. Further information on the erasure of personal data can also be given in the framework of the data protection notices in this privacy policy.
Privacy Policy Changes and Updates
We kindly ask you to inform yourself about the content of our privacy policy regularly. We will adjust our privacy policy as soon as the changes in our performed data processing make it necessary. We will inform you if the changes made require an act of cooperation from your side (e.g. consent) or another individual notification. Suppose we provide addresses and contact information of companies and organisations in this privacy policy. In that case we kindly ask you to be aware that these addresses can change over time, and we ask you to check these details before contacting them.
Rights of Data Subjects
According to the GDPR, you as a data subject are entitled to several rights that especially arise out of Art. 15 to 18 and 21 GDPR:
- Right to Object You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Right to Revocation in Case of Consents You have the right to revoke your given consents at any time.
- Right of Access by the Data Subject You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data as well as on further information and a copy of the personal data processed in accordance with legal requirements.
- Right to Rectification In accordance with legal requirements, you have the right to demand incomplete personal data completed or the rectification of inaccurate personal data concerning you.
- Right to Erasure and Restriction of Processing In accordance with legal requirements, you have the right to demand the erasure of personal data concerning you without undue delay or to demand the restriction of processing such data.
- Right to Data Portability In accordance with legal requirements, you have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller.
- Complaint with Supervisory Authority In accordance with legal requirements, you also have the right to file a complaint with a supervisory authority, especially in the member state of your usual abode, your place of work or the place where the presumed infringement took place if you consider that the processing of your personal data violates the GDPR.
Definition of Terms
This paragraph provides an overview of the terms used in this privacy policy. Many of these terms are extracted from the law and especially defined in Art. 4 GDPR. The legal definitions are binding. On the other hand, the following explanations should primarily serve for a better understanding. The terms are arranged alphabetically.
- Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Personal Data: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing: “Processing” means any operation or set of operations that are performed on personal data or sets of personal data, whether or not by automated means. The term is to be considered extensive and, in practice, comprises all data handling, such as collection, interpretation, storage, submission or erasure.
- Remarketing: The term “remarketing” or “retargeting” is used when the user’s interest in a particular product on a website is recorded, e.g. for advertising purposes, to remind the user of this product on other websites, e.g. in adverts.
- Tracking: “Tracking” means the retracing of a user’s behaviour across several online offers. As a rule concerning the used online offer, behavioural and interest information are stored in cookies or on the servers of the tracking technology provider (so-called profiling). This information can be used, e.g. to show users adverts that are likely to meet their interests.