DGAP Consulting GmbH
T +49 (0)30 26 30 20 65 F +49 (0)30 28 50 65 13
Responsible in terms of data protection:
Stefan Dauwe, DGAP Consulting GmbH, Rauchstraße 17/18, D-10787 Berlin
T +49 (0)30 26 30 20 65, F +49 (0)30 28 50 65 13, info[at]dgap-consulting.com
Types of processed data:
- Data of the contact form (name and email address of the sender, entered subject and message).
- Data sent to us after the e-mail link was applied (sender, copy recipient, subject, message and header data)
- Access data from server log files (name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the operating system of the user, referrer URL and the requesting provider). The processing of a personal IP address does not take place.
Processing of special categories of data (Article 9 (1) GDPR):
- No special categories of data are processed.
Categories of data subjects:
- Visitors and users of the online offer.
In the following, we refer to the affected persons collectively as “users” to be gender-neutral.
Purpose of processing:
- Providing the online offer, its contents and functions.
- Answering contact requests and communicating with users.
- Security measures for the operation of the website.
As of: 18.05.2018
1. Legal basis
1.1. In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safe our legitimate interests is Article 6 (1) lit. f GDPR. In the event that interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DDPR are used legal basis.
3. Security measures
3.1. We provide appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different propabilities and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. We have also set up procedures to ensure the perception of data subject rights, data deletion and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Article 25 GDPR).
3.2. One of the security measures is the encrypted transfer of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit data to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or based on our legitimate interests (eg the use of agents, webhosters, etc.).
4.2. If we authorise third parties to process data on the basis of a so-called “contract processing contract”, this is done on the basis of Art. 28 GDPR.
5. Transfers to third party countries
5.1. If we process data in a third party country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliant with officially recognized special contractual obligations (so-called “standard contractual clauses”).
6. Rights of the persons concerned
6.1. You have the right to ask for confirmation whether data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. You have accordingly. Art. 16 GDPR the right to demand the completion of the data relating to you or the correction of the incorrect data relating to you.
6.3. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
6.4. You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.
6.5. You have the right to submit a complaint to the competent supervisory authority (Art. 77 GDPR).
7. Right of withdrawal
7.1. You have the right to cancel agreements in accordance with. Art. 7 para. 3 GDPR with effect for the future.
8. Right of objection
8.1. In accordance with Art. 21 GDPR you can object the processing data relating to you at any time with effect for the future.
9. Deletion of data
10. Provision of contractual services
10.1. We process inventory data as mentioned above in order to fulfill our contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
11.1. When contacting us (via contact form or e-mail), the information provided by the user is be used to complete the request and its processing acc. Art. 6 para. 1 lit. b) GDPR.
12. Collection of access data and logfiles
12.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR we store data of every access to the server on which this service is located (so-called server log files).
12.2. The data will also be stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allow the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place.
12.3. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of thirty days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
13.1. Cookies are information that are transferred from our web server to the users’ web browsers, where they may be stored for later retrieval. Cookies can be small files or other types of information storage.
13.2. We use temporary and permanent cookies. These are part of the security or are required to operate our online offer (for example, to allow storage of your login status or selected language at all).
13.4. The storage of cookies can be deactivated by switching them off in the settings of the browser. Please note that in this case not all features of this online offer may be used.
14. Integration of services and content of third parties
14.1. According to our terms of data protection, we do not deploy third-party providers using personal data (such as the IP address) for analysis, processing and evaluation purposes.
DGAP Consulting GmbH