Data security
General privacy policy
I. General information
The protection of your personal data is important to us. In the following we would therefore like to inform you in detail which data we collect from you on the one hand within the scope of current business relations and on the other hand during your visit to our Internet presence and the use of our offers there and how these are subsequently processed or used by us and which rights you are entitled to in this respect.
Your personal data, such as your name, address, e-mail address or telephone number, will only be processed by us on the basis of statutory data protection legislation, i.e. the EU Data Protection Basic Regulation (DSGVO), the Federal Data Protection Act (BDSG-neu) and the Telemedia Act (TMG).
The extent of the data collected and processed by us differs depending on whether you visit our website only to retrieve information or also make use of services offered by us via our website or otherwise.
II. Definitions
Our data protection declaration uses the terms of the EU data protection basic regulation (DSGVO), which we would like to briefly explain to you for easier understanding. These and other definitions can be found in Art. 4 DSGVO.
(a) personal data
“personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, is regarded as identifiable.
(b) affected persons
“persons affected” means any identified or identifiable natural person whose personal data are processed by the controller.
(c) processing
“processing’ means any operation or set of operations which is carried out with or without the aid of automated processes relating to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
(d) Limitation of processing
“Limitation of processing’ means the marking of stored personal data with the aim of limiting their future processing.
(e) pseudonymisation
“pseudonymisation’ means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
f) Person responsible
“Person responsible” means the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his designation may be provided for by Union law or by the law of the Member States
(g) Processors under contract
“processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the person responsible.
(h) Recipient
“recipient’ means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data under a specific investigation mandate in accordance with Union law or the law of the Member States shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing.
(i) third parties
“third party’ means a natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the person responsible or the processor.
(j) consent
“consent” of the data subject shall mean any voluntary, informed and unambiguous expression of will in a particular case, in the form of a statement or other unambiguous act of confirmation, by which the data subject indicates his or her consent to the processing of personal data concerning him or her.
III. type of personal data involved/purposes of processing
Among the personal data to be processed by us are salutation, surname, first name, a valid email address, date of birth, address, telephone and fax numbers, bank data and, if applicable, images of you, provided that you make these available to us – i.e. all personal information that we need in order to be able to provide our contractual services for you. This data is collected in order to be able to identify you as our customer, to process your customer order appropriately, for correspondence with you, for invoicing, for processing any claims that may exist and for asserting any claims against you. Failure to provide personal data (with the exception of telephone and fax numbers) will result in the order not being executable. Non-communication of telephone and fax numbers restricts our ability to communicate with you.
The data processing takes place on your request and is according to Art. 6 Para. 1 S. 1 lit. b DSGVO necessary for the purposes mentioned for the appropriate processing of your request or product use and for the mutual fulfilment of obligations under the contract.
We do not carry out automated decision-making (in particular profiling).
Your data will not be passed on to third parties without your express consent. Excluded from this are only our service partners, such as data hosts, software providers, external consultants (accountants/tax consultants) and similar, which we need to process the contractual relationship and to fulfill our services. In these cases we strictly observe the requirements of the relevant data protection laws. The scope of data transmission is limited to a minimum. The passed on data may be used by the third parties exclusively for the named purposes.
The personal data processed by us within the framework of the contractual relationship will be stored until the contract has been duly fulfilled, including the statutory periods for warranty against defects, and deleted thereafter, unless we are obliged to store them for a longer period of time pursuant to Article 6 para. 1 sentence 1 lit. c DSGVO due to tax and commercial law or other statutory storage and documentation obligations (e.g. from HGB, StGB or AO), or unless you have consented to storage going beyond this pursuant to Article 6 para. 1 sentence 1 lit. a DSGVO.
IV. Name and address of the person responsible for processing personal data
The person responsible within the meaning of the Basic Data Protection Regulation is:
Fanomena GmbH.
www.fanomena.io
Dudweilerstraße 71
66111 Saarbruecken
Germany
Marc Grewenig and Max Ulbrich (Managing directors)
Phone: +49 (0) 681 84492557
Email: info@fanomena.io
V. Name and contact details of the data protection officer
Der Datenschutzbeauftragte des für die Verarbeitung Verantwortlichen ist:
Oliver Pikolleck
Attorney at law and certified external
data protection officer (TÜV-cert.)
hiLevDATA GmbH & Co.KG
contact details
datenschutzbeauftragter@fanomena.de
pikolleck@hilevdata.de
Every person who is affected can contact our data protection officer directly at any time with all questions and suggestions regarding the subject of data protection.
VI. special regulations regarding our website: www.fanomena.io
Server data
If you use our Internet presence for purely informational purposes, the data that your Internet browser automatically transmits will be collected and processed, such as:
Browser type
Date and time of retrieval
Browser settings
The operating system used
Website from which you visit us and the site you visit
Your IP address
This data is anonymised and stored and processed separately from your personal data. The collection of the data is necessary in order to enable the use of our website at all. The processing of the data takes place solely for statistical purposes and for the purpose of improving our Internet offer.
Easy use of a contact option
On our website we offer you the possibility to get in touch with us via a contact form, by phone or by email. If you use the above-mentioned contact options, the information you provide will be stored for the purpose of processing your enquiry. A passing on to third parties does not take place.
Use of cookies
We use the technology of cookies for our Internet presence. Cookies are small text files which are sent to your browser by our web server during your visit to our website and which are then stored on your computer. These are mainly so-called session cookies which are only stored for the duration of your visit to our website and then deleted.
You can determine yourself in your browser whether cookies can be set and retrieved. However, for the full functionality of our website, the session cookies must be permitted for technical reasons.
We do not collect or store any personal data in connection with the use of cookies. We also do not use any techniques to link the information generated by cookies with user data.
VII Rights of the person affected
a) Recht auf Auskunft; Art. 15 DSGVO
Any data subject involved in the processing of personal data shall have the right, conferred by the basic Regulation on data protection, to obtain at any time from the controller, free of charge, access to the personal data relating to that data subject and a copy thereof. The data subject shall also have the right to obtain information on the following:
the processing purposes
the categories of personal data to be processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
.
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing carried out by the controller or of a right to object to such processing
the existence of a right of appeal to a supervisory authority
o if the personal data is not collected from the data subject: All available information about the origin of the data
o the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) of the DS Block Exemption Regulation and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject
The data subject also has a right of access to information on whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on the appropriate guarantees in connection with the transfer.
If a person affected wishes to exercise this right to information, he or she can contact us at any time using the contact details of the person responsible for processing mentioned in paragraph I.2.
b) Right to rectification; Art. 16 DSGVO
Any person data subject to the processing of personal data has the right, granted by the basic Regulation on data protection, to request the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may contact us at any time at the contact details of the data controller referred to in paragraph I.2..
c) Right to cancellation (right to be forgotten); Art. 17 DSGVO
Any person data subject to the processing of personal data has the right, granted by the Basic Data Protection Regulation, to request the controller to erase personal data concerning him or her without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:
The personal data have been collected for such purposes or processed in any other way for which they are no longer necessary.
The data subject withdraws his consent on which the processing was based pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO and there is no other legal basis for the processing.
The data subject objects to the processing under Article 21(1) DSGVO and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Article 21(2) DSGVO.
The personal data have been processed unlawfully.
The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
The personal data were collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
If one of the above reasons applies and a person concerned wishes to have personal data stored by us deleted, he or she can contact us at any time at the contact details of the data controller mentioned in paragraph I.2. We will immediately comply with your justified request for deletion.
>
If we have made the personal data public and if our company, as the person responsible, is obliged to delete the personal data pursuant to Art. 17 (1) DSGVO, our company, taking into account the available technology and the implementation costs, shall take appropriate measures, also of a technical nature, to inform other persons responsible for data processing who process the published personal data that the data subject has requested these other persons responsible for data processing to delete all links to these personal data or copies or replications of these personal data, insofar as the processing is not permitted.
d) Right to limitation of processing; Art. 18 DSGVO
Any person data subject to the processing of personal data has the right, conferred by the Basic Data Protection Regulation, to request the controller to limit the processing if one of the following conditions is met:
the accuracy of the personal data is disputed by the data subject for a period of time which enables the data controller to verify the accuracy of the personal data.
the processing is unlawful, the data subject refuses to erase the personal data and instead requests the restriction of the use of the personal data.
the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defence of legal rights.
the data subject has lodged an objection to the processing pursuant to Art. 21 (1) DSGVO and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.
If one of the above conditions is met and a person concerned wishes to request the restriction of personal data held by us, he or she can contact us at any time using the contact details of the data controller mentioned in paragraph I.2.
e) Right to data transferability; Art. 20 DSGVO
Any person data subject to the processing of personal data has the right under the Basic Data Protection Regulation to obtain the personal data concerning him which he has provided to a controller, in a structured, common and machine-readable format, and has the right to communicate such data to another controller without being hampered by the controller to whom the personal data were provided, provided that
the processing is based on a consent pursuant to Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO or on a contract pursuant to Article 6(1)(b) DSGVO, and
the processing is carried out using automated procedures.
Furthermore, in exercising his right to data transferability pursuant to Art. 20 (1) DSGVO, the data subject shall have the right to obtain that the personal data be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.
In order to assert the right to data transferability, the person concerned may contact us at any time at the contact data of the person responsible for processing mentioned in paragraph I.2.
f) Right of objection; Art. 21 DSGVO
Any person data subject to the processing of personal data has the right under the Basic Data Protection Regulation to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her carried out pursuant to Article 6(1)(e) or (f) of the DSGVO. This also applies to profiling based on these provisions.
As the person responsible, we will no longer process the personal data in the event of objection, unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves the assertion, exercise or defence of legal claims.
If we process personal data in order to conduct direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling in so far as it is connected with such direct advertising. If the data subject objects to our processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data concerning him or her by us as the data controller for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 DSGVO for reasons arising from his or her particular situation, unless such processing is necessary for the performance of a task in the public interest.
In order to exercise the right to object, the data subject may contact us at any time using the contact details of the data controller referred to in section I.2.
g) Right to revoke consent under data protection law
Any person concerned by the processing of personal data has the right under the Basic Data Protection Regulation to revoke at any time his consent to the processing of personal data.
If the data subject wishes to exercise his/her right to revoke his/her consent, he/she can contact us at any time using the contact details of the person responsible for processing mentioned in paragraph I.2.
h) Right of appeal; Art. 77 DSGVO
Any person data subject to the processing of personal data shall have the right to complain to a supervisory authority as provided for in the basic Regulation on data protection. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
Fanomena GmbH, Mai 2019
