The protection of your personal data is important to us, no matter whether you visit our website, contact us or, which would of course please us the most, become our customer. Below you will find information about which data is stored during your visit to our homepage, when using our web forms and within an existing contractual relationship:
This privacy statement is based on the terms used by the European legislator and regulator when adopting Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter: "GDPR"). Our privacy statement should fulfil its task, be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we explain the most important terms in advance as follows:
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Regulations of the GDPR do not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person.
b) Data Subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
II. Controller und data protection officer
Controller in the sense explained above is
Director: Hannah Bangura
18A Heath Road
Bristol, BS48 1AD
Data protection officer is
Clemens C. Vogelsberg
c/o Office24 Ltd.
E-Mail: [email protected]
III. Data Protection Principles
Our services are based on the trust you place in us. We want to and will justify this trust by taking your data protection concerns very seriously.
Our processes are based on the principles of lawfulness, fairness and transparency as set out in Article 5 para. 1 GDPR. They are subject to strict purpose limitation, the principles of data minimisation and accuracy achieved by storage limitation and establishing integrity and confidentiality.
Only the data required in the respective situation of the person concerned are processed (e.g. as website visitors, interested parties in our services, contractual partners, cf. below III.) and these are only stored as long as they are necessary for achieving the respective purpose or there is a legal obligation to store them.
If the processing of data is not processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1) (b) GDPR) or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Article 6 (1) (f) GDPR), data processing shall only take place if the data subject has expressly consented thereto (Article 6 (1) (a) GDPR).
If we use third parties for the provision of our services, this remains limited to those providers that offer sufficient guarantees that the processing is carried out in accordance with the requirements of the GDPR and guarantees the protection of the rights of the person concerned. This is guaranteed by appropriate agreements (Article 28 para. 3 GDPR).
An essential part of our service is the processing of calls, mailings, etc. third parties for our customers in the way of processing by a processor (Article 28 GDPR). In this context, we regularly process personal data which third parties transmit to our customers (telephone numbers, contact data, contents of telephone calls or mailings, etc.). In this case, our customers remain responsible for the data protection compliant handling of this personal data (Article 24 et seqq. GDPR). It is therefore up to you to ensure that these data are handled in accordance with data protection regulations, e.g. by deleting call notifications/post scans or similar with personal data no longer required from your inbox in the web interface/smartphone app provided to you.
In this context, we primarily see our responsibility as processors (Article 28 GDPR) in processing our data in accordance with legal regulations and in providing our clients with the appropriate technical and organisational means to fulfil their data protection obligations, e.g. by assisting them in fulfilling their duties to provide information about stored data to affected persons and enabling them to be easily and definitively deleted, unless these data may or must remain stored for other reasons.
IV. Data collection and processing
1. Website visitors
a) General data collection
Every access to our website and every retrieval of files stored on the website is logged. The storage serves internal system-related and statistical purposes. In particular, the following data is logged:
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system reaches our website (so-called referrer),
- the subwebsites which are accessed via an accessing system on our website,
- the date and time of access to the website,
- an Internet Protocol (IP) address,
- the Internet service provider of the accessing system and
- other similar data and information used for security purposes in the event of attacks on our information technology systems.
The logging of this data does not allow any conclusions to be drawn about the person concerned. These are therefore not personal data in the sense mentioned under I. a), therefore no legal basis according to the GDPR is required for their storage (for the IP address see next paragraph). The data is only required to correctly deliver the contents of our website, to optimize the contents of our website as well as the advertising for them, to guarantee the permanent functionality of our information technology systems and the technology of our website and, if necessary, to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
Since the IP address of the requesting computer - regardless of whether the user is assigned a fixed ("static") IP address by his provider or a new ("dynamic") IP address" each time he dials in - is now unanimously regarded as a personal date, these are qualified as a precautionary measure and, if necessary, for analysis. and recorded to avoid future misuse, but only up to a period of 14 days in its unabridged version and then at most in a version shortened by the last octet, with which a conclusion on the identity of the requesting computer is also no longer possible. The legal basis for short-term complete storage of the IP address is Article 6 (1) (f) GDPR.
Our website sets "cookies" (small text files with configuration information) which are stored on your computer and enable an analysis of your use of the website. Such cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.
The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our Internet site may be fully usable.
c) Google Analytics
Our website uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ("Google"). We have concluded a corresponding contract with Google Inc. for processing by a processor (Article 28 para. 3 GDPR) (see http://www.google.com/analytics/terms/de.pdf).
In both cases, the IP anonymization of Google Analytics is active. This means that your IP address will previously be cut by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Google assures that the IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
The legal basis for the use of the cookies required for this is Article 6 (1) (f) GDPR. Since no personal data is passed on to Google with the transmission of the data obtained - as described above - no further legal basis for data protection is required.
d) Google Adwords
Our website uses Google AdWords which is also provided by Google (see c. above). If you accessed our website via a Google ad, a cookie is stored on your computer.