Privacy Policy - DOASENSE GmbH

Data protection statement pursuant to GDPR (Privacy Policy)

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:

DOASENSE GmbH
Waldhofer Str. 102
69123 Heidelberg
Germany

2. Use of cookies

The websites of DOASENSE use cookies. Cookies are data that are stored by the internet browser on the user’s computer system. The cookies can be transferred to a site when it is called up and thus enable the user to be assigned. Cookies help to simplify the use of websites for users.

The following types of cookies, the scope and functioning of which are explained below, are used on the DOASENSE website:

Transient cookies

Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

The following data may be collected:

Session ID
IP address

Legal basis for the processing of personal data by using cookies is Art. 6 (1) f GDPR.

It is possible at any time to object to the setting of cookies by changing the setting in the internet browser accordingly. Set cookies can be deleted. Please note that if cookies are deactivated, not all functions of our website may be fully usable.

3. Creation of logfiles

Each time the website is accessed, DOASENSE collects data and information through an automated system. These are stored in the log files of the server.

The following data can be collected:
Information about the browser type and used version
The user’s operation system
The internet-service provider of the user
The IP-address of the user
Date and time of access
The amount of data transmitted
Information whether access/retrieval was successful
Websites from which the user’s system accesses our website (referrer)
Websites accessed by the user’s system via our website

The processing of data are to deliver the contents of our website, to guarantee the functionality of our information technology systems and to optimize our website. The data of the log files are always stored separately from other personal data of the users.These data cannot be assigned to specific persons. These data are not combined with other data sources. The aforementioned data including the IP address are stored for the duration of the communication process in order to enable the use of our websites. In addition, the IP address is stored for a short period to guarantee IT security, in particular to protect our IT systems from misuse and to defend against attacks. We reserve the right to check these data subsequently if we become aware of concrete indications of an illegal use.The same applies to the evaluation of this data in anonymous form for statistical purposes and to improve our website.The legal basis for the temporary storage of data and log files is Art. 6 (1) f GDPR.

4. Registration on our website

If the data subject decides to register on the website of the controller by providing personal data, the data in the respective input mask will be transmitted to the controller. The data will be stored exclusively for internal use by the controller.

During registration, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on the data.

The registration of the data serves the provision of content or services.

The legal basis for the processing of the data is Art. 6 (1) a GDPR if the user has given his consent.

If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) b GDPR.

If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the legal basis for the processing of the data is Art. 6 (1) b GDPR.

Registered persons have the possibility to have the stored data deleted or modified at any time. The data subject will receive information about the personal data stored about him.

5. Possibility to contact us

DOASENSE’s website provides contact information, including an email address for you to contact us. If the data subject contacts the controller through one of these channels, the personal data transmitted by the data subject shall be stored automatically. This data is stored solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties.

The following data can be collected:

E-mail address
First and last name, if specified in the e-mail
Address, if specified in the e-mail
Other personal data included in the e-mail

The legal basis for the processing of data is Art. 6 (1) a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 (1) b GDPR.

6. E-mail transmission via a secure connection

Every DOASENSE e-mail is securely encrypted during transmission using SSL/TLS (For SSL/TLS encryption: STARTTLS protocol with PFS support (https://www.lda.bayern.de/media/pm2014_12.pdf). This encryption is not visible to you as the recipient.

TLS stands for “Transport Layer Security” and is a security protocol for encrypting e-mails to ensure data protection and data integrity. TLS is the successor of SSL (Secure Sockets Layer).

On our system, messages are transmitted via TLS as standard. If no secure connection is available (a secure connection requires the sender and recipient to use TLS), messages are delivered via unsecured connections.

However, you can configure the TLS settings in a way that e-mails from users and to users of certain domains or with certain email addresses that you define yourself must always be transmitted via a secure connection.

A condition for an encrypted transmission is an appropriate support of the procedure by the e-mail provider. Most providers such as T-Online, GMail, GMX, Web.de, Yahoo, Hotmail or Arcor (as of April 2016) support TLS encryption. A few do not offer encryption. This means that third parties could read or change the e-mail on its way through the internet.

Please make sure that encryption is supported by your e-mail provider. You can find the information about encryption in the settings of your e-mail portal.

If SSL encryption is activated, this means that the data you transmit to us cannot be read by third parties.

7. Disclosure of data to service providers

DOASENSE shall transfer the data, collected and stored for the purposes of contract fulfillment and preparation of the contract, to the extent necessary, to

Hetzner Online GmbH – Industriestr. 25 – 91710 Gunzenhausen – Germany

8. Other data processing operations (social-plugins etc.)

Processing of http-log data:

Every time a user accesses DOASENSE websites and every time a file is accessed, the data relating to this process are temporarily stored and processed in a log file. Before storage, each data set is made anonymous by changing the IP address. It is therefore not possible to assign the data entered to a specific natural person. The following data are stored individually for each access/retrieval:

Anonymized IP-address
The names of the data retrieved
Date and time of retrieval
Amount of data transferred
Information, whether the retrieval was successful

These data are evaluated and subsequently deleted solely for statistical purposes and to improve the offer. Any other use or passing on to third parties does not take place.

The legal basis for the processing of data is Art. 6 (1) a GDPR if the user has given his consent. If registration is for the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) b GDPR.

Use of Google Web Fonts:

DOASENSE uses Google Web Fonts (http://www.google.com/webfonts) to display fonts uniformly on its websites. The web fonts are transferred to the cache of the browser when the page is called up so that they can be used for display and texts and fonts can be displayed correctly. By using Google Web Fonts, an external server of Google in the USA is called up when this offer is used, i.e. Google is informed about the use of the offer. If the browser does not support Google Web Fonts or does not allow access, the text is displayed in a standard font.

Data submitted in connection with accessing our websites are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com.

They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser in a way that the fonts are not loaded from Google servers (for example by installing add-ons like NoScript or Ghostery for Firefox). If your browser does not support Google Web Fonts or if you block access to the Google servers, the text will be displayed in your computer’s standard font.

For information about Google Web Fonts’ privacy policy, please visit:

https://developers.google.com/fonts/faq

General information on data protection is available in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy

Use of YouTube-Plugins:

DOASENSE uses YouTube for the integration of videos etc. on its websites. YouTube is operated by YouTube LLC, with headquarter at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Some of DOASENSE’s websites use YouTube plugins. If you access the website provided with such a plugin – for example the media library – a connection to the YouTube servers is established and the plugin is displayed. Hereby it is transmitted to the YouTube server which of our websites you have visited. If you are logged in as a YouTube member, YouTube assigns this information to your personal user account. When using the plugin, for example, clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube account and other user accounts of YouTube LLC and Google Inc. and deleting the corresponding cookies of the companies before using our website.

Further information on data processing and privacy protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.

Use of Vimeo Plugins:

DOASENSE uses the provider Vimeo for the integration of videos, among others, on its websites. Vimeo is operated by Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
Plugins of the provider Vimeo are used on some of DOASENSE’s websites. When you call up the web pages provided with such a plugin – for example, the media library – a connection to the Vimeo servers is established and the plugin is displayed. This transmits to the Vimeo server which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account and deleting the corresponding cookies of the company before using our website.
Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy.
The legal basis for the processing of the data is Art. 6 (1) a GDPR if the user has given his consent. If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) b GDPR.

Use of Google Analytics:

DOASENSE uses Google Analytics on its websites, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the websites is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on these websites, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
For more information on terms of use and data protection, please visit www.google.com or www.google.com/intl/de/analytics/privacyoverview.html. We would like to point out that on these web pages Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymized collection of IP addresses (so-called IP masking).
The legal basis for the processing of the data is Art. 6 (1) a GDPR if the user has given his consent. If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) b GDPR.

9. Routine deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only as long as is necessary to achieve the purpose of the data retention. Furthermore, data may be stored insofar as this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.

As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data are routinely deleted.

10. Rights of data subjects

If your personal data are processed you are a data subject within the meaning of the GDPR and you have the following rights towards the controller:

11.1. Right of information

You can ask the controller to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the controller:

a. the purposes for which the personal data are processed;

b. the categories of personal data processed;

c. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

d. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

e. the existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

f. the existence of a right to lodge a complaint with a supervisory authority;

g. any available information on the origin of the data if the personal data are not collected from the data subject;

h. the existence of automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

11.2. Right to rectification

You have the right to correct and/or complete any personal data processed concerning you that is incorrect or incomplete. The controller shall make the correction without delay.

11.3. Right to restriction of the processing

You may request the restriction of the processing of personal data relating to you under the following conditions:

a. if you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;

b. if the processing is unlawful and you deny the deletion of the personal data and instead request the restriction of the use of the personal data;

c. if the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or

d. if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

11.4. Right to deletion

11.4.1. You may request the controller to delete the personal data relating to you without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:

a. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

b. You revoke your consent, on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR, and there is no other legal basis for the processing.

c. You file an objection against the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing or you file an objection against the processing pursuant to Art. 2(2) GDPR.

d. The personal data concerning you have been processed unlawfully.

e. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.

f. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

11.4.2. If the controller has made the personal data concerning you public and is obliged to delete them pursuant to Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processor who processes the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

11.4.3. The right to cancellation does not exist insofar as the processing is necessary

a. for the exercise of freedom of expression and information;

b. for the performance of a legal obligation required for processing under the law of the Union or the Member States to which the controller is subject, or for the performance of a task in the public interest or in the exercise of public authority conferred on the controller;

c. for reasons of public interest in the field of public health pursuant to Art. 9 (2) h and i and Art. 9 (3) GDPR;

d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in (1) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or

e. to assert, exercise or defend legal claims.

11.5 Right to notification

If you have exercised your right to have the controller correct, delete or limit the processing, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The person responsible shall have the right to be informed of such recipients.

11.6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another controller without hindrance by the controller to whom the personal data were provided, provided that

a. the processing is based on consent pursuant to Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract pursuant to Art. 6 (1) b GDPR and

b. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to have the personal data relating to you transferred directly from a controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

11.7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of Art. 6 (1) e or f GDPR; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

11.8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

11.9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which will have legal effect against it or significantly impair it in a similar manner. This does not apply if the decision

a. is necessary for the conclusion or performance of a contract between you and the controller,

b. is admissible by law of the Union or of the Member States to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights, freedoms and legitimate interests; or

c. with your express consent.

However, these decisions may not be based on specific categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases mentioned in a. and c., the controller takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

11.10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

12. Legal basis of the processing

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) a of the Basic EU Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1) b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) d of the GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the party concerned do not outweigh the first interest, Art. 6(1) f GDPR serves as the legal basis for processing. The legitimate interest of our company is the execution of our business activities.

13. Duration of storage of personal data

Personal data are stored for the duration of the respective legal retention period. After expiry of this period, the data will be routinely deleted, unless there is a need to initiate or fulfil a contract.

Heidelberg, 21-12-2020