Declaration on Data Protection – Practice David Pomarino, Hamburg
This declaration on data protection provides information on the way in which, the extent to which and the reasons for how your individual data is used whitin our online services and the websites, functions and contents associated with our online presence (these will be referred to in the summarised term “Online offers” hereafter). With regard to the terminology used, for example “processing (Verarbeitung)” or “responsible individual (Verantwortlicher)”, we would like to refer you to the definitions used in article 4 of the Datenschutzgrundverordnung (DSGVO- general law on data protection). We follow our legal obligation to inform you about the ways in which your data maybe saved, which data could be affected and for what purpose, as well as our identity in that context in the next few pages of this declaration. We also inform you about the initial transmission of data and about what kind of data might be transmitted. 1. Object of data protection The data on your person is the primary object of data protection. These are individual pieces of information about personal or material circumstances of a specific or specifiable natural person, such as their name, postal address, email address or details of their personal use such as the IP-address linked to their computer. 2. Automatic anonymous data acquisition, procession and usage We may acquire, process or use automatic non-personal information, which your browser may pass on to us (cookies). This information includes: - Browser type and version, - Reference URL (source of the links), - IP-address (Hostname of the computer used), - Time of service request Most web browsers will allow you to choose a setting, so that your browser doesn’t accept any new cookies or deletes old cookies via the settings option in your menu. This can unfortunately affect the functionality of some features on the webpage. If you would like to reduce the use of cookies despite this, you should ensure that every computer and every browser you use has the desired level of data protection. 3. Requested acquisition of personal details, data processing or data use Generally, the use of the website does not require the acquisition, use or processing of your personal data. Therefore, we do not use your data in this way. We will only need to perform data acquisition, data processing or data use if you would like to share your personal information with us voluntarily. This may become necessary in the following situations: (1) Contract processing It may be necessary that your personal information is passed on to third parties, who we work with for the purpose of providing a service or completing a contract. These may be transport companies or other service providers. Your data will not be shared with third parties outside traffic relating to that business exchange. (2) Passing data on to third parties or state institutions and agencies The data is only passed on to third parties in cases outside this specification, when you have previously given your explicit consent. You have the right to withdraw your previous consent at any point in the future. We provide your data to state institutions and agencies who are entitled to receive them, only to the extent to which we are required to do so by law or as required by a court ruling. The processing of data, such as your name, your address, your email address or phone number will only ever be performed as required by the relevant data protection regulation and in accordance with the specific laws affecting your country or region. We want to use this data protection statement to inform the public about the kind of data we may store, the extent to which we do so and the purpose of any such activity, be it for the purpose of using the data, storing data or in order to process it. Furthermore, affected individuals are informed of their rights using this data protection statement. We do need to advise you that we are not able to provide complete protection that would prevent the use of your data by third party groups at all times. The following pages state the data protection policy in greater detail. Responsible party: Practice Pomarino David Pomarino Rahlstedter Bahnhofstrasse 9 22143 Hamburg Rahlstedt Germany Phone: +49 (0)40 / 513 20 880 Telefax: +49 (0)40 /513 20 881 Email: info@ptz-pomarino.de Internet: www.ptz-pomarino.de Type of Data Storage and Data Processing: Our website collects a series of general data and information on any affected person or automated system every time it is opened. This general data and information is then saved in the log files of the computer. They may acquire the (1) Browser types and versions used, (2) The operating system of the accessing agent (3) The website, from which an accessing agent is being directed to our website (the referrer), (4) The sub-websites, which are being controlled by accessing agent on our website, (5) The date and time of access when the website was used, (6) An internet protocol address (IP-Address), (7) The internet service provider of the accessing agent, (8) Additional data and information, which are beneficial to the defence against threats in the event of attacks on our information technology systems. The use of this general data and information provides no implied information on the affected person. The information is rather required to (1) Provide the contents of our website correctly, (2) Optimise the contents of our website and any adverts, (3) Ensure the lasting functionality of our information technology systems and the technical processes. (4) To provide the necessary information to prosecuting agencies in the event of the investigation of a cyber-attack. The data and information stored is anonymous. - Basic data (such as names and addresses) - Contact details (such as email and phone numbers) - Content data (text input, photography, videos). - Data usage (such as websites you visited, interest in content, times of access). - Meta-/ Communication data (such as device information, IP-addresses). Categories of affected individuals Visitors and users of the online offers (We will summarise all affected individuals as “users” in the following sections). Purpose of data processing - Provision of the online offers, their functionality and contents. - Responses to contact enquiries and communication with users. - Security measures. Terminology used “Personal data” means all information, which relate to an identifiable or identified individual (termed “affected individual” in the following); identifiable means a natural person, who is directly or indirectly, particularly using the attribution to a feature such as the name, associated number, location data, an online reference (such as a cookie) or because of one or several characteristics identifiable, which express the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person. “Processing” means every automatic procedure performed with or without help, or every such series of procedures linked to personal data. The term reaches far and wide and covers practically every time data is used. The “responsible part” means the natural or legal person, institute, office or other agency, which decides on the means and uses of data processing of personal data on their own or together. Essential Legal Basis As deemed the standard by Art. 13 in the DSGVO, we provide you with the legal basis of our data processing practices. If the legal basis in the data protection declaration is not stated, the following applies: The legal basis for the receipt of consent is Art. 6 Sec. 1 lit/ a and Art 7 DSGVO, the legal basis for the completion of our services and the performance of our contractual measures, as well as the response to questions as found in Art. 6 Abs. 1 lit. b DSGVO, the legal basis for the processing for the purposes of completing out legal obligation in Art. 6 Abs. 1 lit. c DSGVO, and the legal basis for the protection of our justified interests in Art. 6 Abs. 1 lit. f DSGVO. Art. 6 Abs. 1 lit. d DSGVO, should vital interests of an affected person or another natural person require the processing of personal data. Collaboration with Contracted Processors and Third Parties As far as we may be revealing data to other persons or companies as part of our data processing activities, as far as we may be sending them or giving access in some other way, this happens exclusively on the basis of some legal permission (For example when a communication of the data to third parties, for example for the purposes of payment management, as stated in Art. 6 Abs. 1 lit. b DSGVO for the completion of a contract, requires this or on the basis of our legitimate interests (the use of contractors, web designers, etc.)). If we hire third parties to process data within a so-called “commissioned processing contract”, this always happens on the basis of Art. 28 DSGVO. Transferring Data to Third Countries If data is processed outside of the EU or EEA, in terms of it being processed by a third country, or if this happens within the use of the services of a third party service provider or upon a third party request, including the transferral of data to third parties, this only happens as far as it is dictated by our contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our justified interest (for example within a so-called standard contractual condition). Rights of the affected individual You have a right to demand a confirmation of how the data in question is being processed and what data is involved, as well as further information and a copy of the data as stated in Art. 15 DSGVO. In line with Art.16 DSGVO you have the right to complete the data concerning yourself or to demand a correction of any data concerning your person that is incorrect. You have the right, in accordance with Art. 17 DSGVO, to demand that affected data is deleted immediately or that alternatively demand a restriction for the processing of the data is demanded as stated in Art. 18 DSGVO. You have the right to demand that the affected data, which you have provided us with as stated in Art. 20 DSGVO, is revealed to you or shared with other responsible parties. Furthermore, you have the right to make a formal complaint to the responsible oversight institution as specified in Art. 77 DSGVO. Right of Withdrawal You have the right to withdraw consent you had previously given as stated in Art. 7, Sec. 3 DSGVO for all future action. Right to Objection You can object the future processing of data concerning your person at any time, as stated in Art 21 DSGVO. The objection can be made against the processing of your data for the processes of advertisement specifically. Cookies and Right to Object Use for Direct Advertisement The term “cookies” refers to small data, which is saved on the user’s computer. There may be multiple pieces of information saved in the cookies. A cookie is primarily used to safe information about a user (when the cookie is saved on the computer) after their visit to an online offer and after they close their browser. Any such cookies may contain the contents of a shopping basket in an online shop or a login status which have been saved. A cookie is described as permanent or persistent, when it remains saved after the closer is closed. This allows for something like a login status to be saved for many days until the user next visits that page. Likewise, the cookie may also save the interests of the user, which are used to measure reach or assess marketing matters. Third-Party-Cookies are cookies that are offered by someone other than the individual in charge of the online offer (if the cookies are all native to that page, they would be described as First-Party-Cookies). We can use temporary or permanent cookies and will tell you more about them within the scope of this declaration on data protection. Should the users not want the cookies saved to their computer, they are asked to untick the relevant option in their browser settings. The saved cookies can be deleted in the browser settings. Choosing to not allow cookies could lead to the functionality of this online offer becoming impaired. A general opposition to the The use of cookies for online marketing, including tracking, can be declared on the American website http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Additionally, you can disable the storage of cookies by de-activating the browser settings. Please note that you may not be able to use all the features of the online offer if you choose to do so. Deleting and Blocking Data The data processed by us will be deleted or restricted during processing in accordance with the DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention requirements. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons. We process and store personal data of the data subject only for the period necessary to achieve the storage purpose, or if this is provided by the European directives and regulations, or another legislator has been provided for in laws or regulations to which the controller is subject. If the purpose of storage no longer applies or if a storage period prescribed by the European directives and ordinances or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements. According to legal requirements in Germany, storage takes place for 6 years in accordance with § 257 Paragraph 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) as well as for 10 years in accordance with Section 147 Paragraph 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.). Hosting The hosting providers we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer, which we or our hosting provider uses to process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract for order processing). Collection of access data and log files We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the specification in Art. 6 paragraph 1 lit. DSGVO. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requested provider. For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data, which must be stored further for the provision of evidence, are excluded from deletion until the respective incident has been finalised and resolved. SSL encryption This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries that you send to us as the site operator. If the SSL encryption is activated, the data is protected to a high security standard. Provision of contractual services We process the inventory data (e.g., names and addresses as well as contact details of users) and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Paragraph 1 lit b. DSGVO. The entries marked as mandatory in online forms are required for the conclusion of the contract. When using our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO. We process the usage data (e.g. the websites of our online offer that are visited , interest in our products). The deletion of the data takes place after the expiry of the legal warranty and comparable obligations, the necessity of the retention of the data is checked every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry. Information in any customer account remains until it is deleted. Contact us When contacting us (e.g. via the contact form, email, telephone or via social media), the information provided by the user is retained for the purpose of processing the contact request in accordance with Art. 6 Para. 1 lit.b) DSGVO. The user information can be stored in a customer relationship management system ("CRM system") or a comparable request organization. We delete the requests if they are no longer required. We review the requirement every two years; Furthermore, the statutory archiving obligations with regard to storage and deletion apply. Integration of services and content from third parties We use content or service offers from third-party providers within our online offer based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. Integrate services such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content perceive the IP address of the user, as they cannot send the content to their browser without the IP address could send. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as being linked to such information from other sources. Youtube Occasionally we include videos from the platform “YouTube” from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https : //adssettings.google.com/authenticated. Google Maps Occasionally we include maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. Google Fonts We also incorporate fonts ("Google Fonts") from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out : https://adssettings.google.com/authenticated. We have the full agreement on data processing with the provider in accordance with Art. 28 Paragraph 3 of the GDPR. As of May 2018. Note: In the event of changes to the statutory data protection declaration, we will update it whenever necessary.