Privacy Policy / Data processing information

Hereby we inform you about the processing of your personal data by the disy Informationssysteme GmbH and your entitled rights.

1. Who is responsible for the data processing and how do I contact the data security officer?

Responsible according to Art. 4 Nr. 7 GDPR for the data processing is:

disy Informationssysteme GmbH

Ludwig-Erhard-Allee 6, 76131 Karlsruhe

+49 (0)721 16006000, +49 (0)721 1600605

datenschutz@disy.net

Represented by: Claus Hofmann

You can contact our data security officer at the contact details above or by mail: datenschutz@disy.net

2. What is the purpose of the processing of my personal data and on which legal basis does it take place?

We process your personal data respecting the stipulations of the General Data Protection Regulation (GDPR), the new national privacy law (BDSG-neu) as well as all other relevant laws only as far as it is necessary for the information and services on this website.

In case of a strictly informational use of the website, e.g. when you don’t sign up or register for the use of the website, we do not collect personal data from you, except your browser passes data to enable your visit on our website. These are:

  • IP-Adresse
  • Date and time of the request
  • Difference of time zones to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Status of access/HTTP-Statuscode
  • Respectively passed amount of data
  • Website of origin of the request
  • Browser
  • Operating system and surface
  • Language and Version of browser software.

To ensure the functionality of the website, we save the logfiles. Additionally, this data helps to ensure the safety of our IT-systems and to optimize the website.

Art. 6 Abs. 1 lit. f GDPR provides the legal basis of the temporary saving of the data and logfiles.

If the processing of personal data is justified by an consent of the affected, the legal basis is Art. 6 Abs. 1 lit. a GDPR.

In case our company is subject to a commitment, whereas its execution requires the processing of personal data, Art. 6 Abs. 1 lit. c GDPR is the legal basis.

Art. 6 Abs. 1 lit. d GDPR is also the legal basis, if vitally important interests of the affected persons or another individual requires the processing of the personal data.

If personal Data is processed in order to maintain the company’s or a third party’s interests, the interests, fundamental rights and freedoms of the affected persons are subordinated. Art. 6 Abs. 1 lit. f GDPR is the legal basis of this processing.

Personal Data can be passed to our IT-service provider in order to facilitate this website.

3. Data security

We maintain current technical measures to ensure data security, in particular to protect your personal data from dangers while transferring data as well as acquaintance of third parties. These will be modified according to the most recent technical standards.

4. Cookies

Furthermore, there will be “Cookies” saved on your computer while using this website. Cookies are small text files which will be saved on your hard drive and is assigned to the browser you use. The website which places the cookie on your hard drive (in this case us) receives certain information. Cookies cannot run programs or transmit viruses on your computer. They serve the purpose of making the internet offering more user-friendly and effective.

As soon as our website is accessed, the user is informed about the usage of cookies for analysis purposes. The user’s consent is requested, in order to process the personal data used in this procedure.

The website uses cookies in the following extent: transient cookies (temporal use), persistent cookies (temporal restricted use), third-party cookies (from third-party providers), flash-cookies (permanent use).

  1. Transient cookies are being automatically deleted, if you close the browser. These include explicitly the session-cookies. They save a so-called session-ID, which allow the allocation of different browser-requests to a corporate session. This allows your computer to be recognized, when you return to the website. The session-cookies will be deleted when you log out or close the browser. Without the use of cookies, certain applications of our website cannot be used. They require, that the browser is recognized after the change of the website.
  2. Persistent cookies will be deleted automatically after a given amount of time that can vary, depending on the cookie. You can also delete cookies in the security-settings of your browser.
  3. You can configurate the browser-settings according to your wishes and you can deny third-party cookies or even all cookies for example. We want to point out that given this case, certain applications of the website cannot be used.
  4. The used flash-cookies are not being detected by your browser, but by your flash-plug-in. They save the necessary data regardless of the used browser and they have no automatic expiry date. If you do not wish the processing of flash-cookies, you have to install a corresponding add-on, e.g. “better privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe-Flash-Killer-Cookie for Google Chrome.
  5. Analysing cookies. In order to improve the content and quality of our website, we use analyse-cookies. These allow us to understand how our website is being used. Thereby we can steadily optimize our offering.

This information will be saved separately of other data which is passed to us.

Especially the data relating from the cookies will not be combined with other personal data from you. You can delete the recently saved cookies at any time. The deletion is also automated possible.

The processing of personal data when using technically necessary cookies is justified by Art. 6 para. 1 lit. f GDPR. If the user agreed on the processing of cookies for analyising purposes, this Agreement is the justification according to Art. 6 para. 1 lit. a GDPR.

You can configurate the browser-settings in order to prevent the storage of cookies. We want to point out that given this case, certain applications of the website cannot be used completely.

5. Disy-News 

You can subscribe to news-mailings that inform you regularly about certain topics (events, instructions, news about products and services, customer’s references, information about Disy) in the format of regular newsletters or mails due to a certain event by giving your consent.

We use the so-called “double-opt-in-process” for the registration to our newsflashes. This means, that we’ll send a confirmation e-mail to the given e-mail address, where we ask for your consent to receive newsletters. Not confirmed registrations will be deleted after two workdays at latest. If you confirm the wish to receive the newsletters after having received our news-mailings, we will save your e-mail address, as well as all the data you have provided. The storage serves the only purpose to send newsletters to you. Furthermore, we will save the date when you are logging in and confirming your IP-address, in order to prevent the misuse of your personal data.

The declaration of the e-mail address is obligatory for the reception of news. The declaration of further, explicitly marked information columns is optional and will be used for a personalization or clustering of the news-mailings.

Sent e-mails use so-called “Web-Beacons” or “Tracking-Pixels” for this evaluation. These are one-pixel picture files, that allow us to evaluate your user behaviour. This happens by processing the respective data and web-beacons, that are assigned to your e-mail-address and are linked to an own personal ID. Links contained in the news-mails also contain this ID.

We’d like to point out, that we use your personal data explicitly for shipment and aggregated for a statistical analysis of user behaviour (click-rate, opening-rate, type of e-mail-client, frequency of clicks on links in the e-mails). This serves the purpose of improving our offering for you. There are no conclusions being made regarding the user’s behaviour of single persons.

Your consent regarding the reception of news can be withdrawn at any time. The withdrawal can be declared by clicking on a link provided in every news-mail, per e-mail to disy-news@disy.net or by message to the address given in the imprint. Your provided Data will be explicitly passed on to the used service provider for the sending of the newsletter.

The consent of the user according to Art. 6 para. 1 lit. a GDPR is the legal basis for the processing of data after the news-registration by the user. As soon as data isn’t necessary anymore for the purpose it was collected for, the data will be deleted from the subscriber’s portfolio. Accordingly, data from newsletter’s subscribers will only be saved in the subscriber’s portfolio for the duration of the subscription.

6. Contact via e-mail

Contact can be established through the provided e-mail address. The personal data of the user transferred in the e-mail will be saved by us.

Legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR in the case of a given consent. Given the case, that the purpose of the established contact is to conclude a contract, the legal basis is Art. 6 para. 1 lit. b GDPR.

The personal data collected by us will be deleted upon request. Further communication can not be entertained in that case, as all personal data that has been saved in the course of the approach will be deleted.

7. Matomo

This website uses the open source web analysis service Matomo. Matomo uses technologies that make it possible to recognize the user across multiple pages with the aim of analyzing the user patterns (e.g. cookies or device fingerprinting). The information recorded by Matomo about the use of this website will be stored on our server. Prior to archiving, the IP address will first be anonymized. 
Through Matomo, we are able to collect and analyze data on the use of our website by website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time. 

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

8. Inclusion of YouTube-Videos

We included YouTube-Videos in our online range of products, which are saved on www.YouTube.com and are directly playable from our Website. These are all included in the “extended data-protection-mode”, which means, that no data about you as a user will be given to YouTube, if you don’t play the videos. The two types of data mentioned above will only be transmitted when playing the video. We don’t have any influence on this process.

By visiting the website YouTube receives the information, that you have accessed the sub-website on our website. Additionally, the Data mentioned in “2.” of this declaration will be transmitted. This happens independent of the circumstance, if this third-party provider provides a user account, where you are logged in to, or if there isn’t any user account. If you are logged in to your Google account, data will be directly referred to your account. If you do not wish the reference to your profile at YouTube, you need to log out before clicking on the button.

YouTube saves the data as user’s profiles und uses these for the purpose of advertisement, market research and/or the at-scale composition of its website. An evaluation like this takes place (also for users, that are not logged in) in order to generate scaled advertisement und to inform other users of the social network about the activities on our website. They have a right of objection against the composition of these user’s profiles. They have to address their objection to YouTube.

Legal basis for the processing of the personal data of the users is Art. 6 Abs. 1 lit. f GDPR. We offer you the possibility to interact with social networks and other users in order to improve our products and to be more attractive to you as a user.

Contact details of the third-party provider: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, : policies.google.com/technologies/product-privacy and www.google.de/intl/de/policies/privacy. Google processes your personal data in the U.S.A. as well and has therefore subordinated itself under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

9. Inclusion of Google Maps

We use the service of Google Maps on this website. We can hereby show interactive maps directly on the website and facilitate the comfortable use of the maps application.

By visiting the website YouTube receives the information, that you have accessed the sub-website on our website. Additionally, the Data mentioned in “2.” of this declaration will be transmitted. This happens independent of the circumstance, if this third-party provider provides a user account, where you are logged in to, or if there isn’t any user account. If you are logged in to your Google account, data will be directly referred to your account. If you do not wish the reference to your profile at Google, you need to log out before clicking on the button.

Google saves the data as user’s profiles und uses these for the purpose of advertisement, market research and/or the at-scale composition of its website. An evaluation like this takes place (also for users, that are not logged in) in order to generate scaled advertisement und to inform other users of the social network about the activities on our website. They have a right of objection against the composition of these user’s profiles. They have to address their objection to Google.

Contact details of the third-party provider: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.de/intl/de/policies/privacy and policies.google.com/technologies/product-privacy. Google processes your personal data in the U.S.A. as well and has therefore subordinated itself under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

10. What rights am I entitled with in regard of data protection?

As far as no opposing professional code of practice is given, you are entitled to/with:

- Withdraw the consent you gave to us at any time, according to Art. 7 Abs. 3 GDPR. We will not be able to proceed processing the kind of data that was legitimated by the withdrawn consent. 

- Demand information about the processed personal data by us at any time according to Art. 15 GDPR. You can demand Information especially about processing purposes, the category of personal data, as well as its origin, the categories of addressees, where the personal data has been revealed to or will be revealed, as well as the purpose and the planned time of storage, the right of correction, deletion, constriction of processing or objection, the existence of a right of complaint, the origin of your data, as far as they haven’t been collected by us, as well as the existence of an automated decision finding, profiling and if necessary significant information about details included; 

- Demand the correction or completion of incorrect or incomplete of your personal data saved by us according to Art. 16 GDPR; 

- Demand the deletion of your personal data saved by us according to Art. 17 GDPR, if the processing is not necessary to execute one’s freedom of speech and information, to fulfil legal commitments, to claim, execute of defend legal rights or if no reasons of public interest justify the processing; 

- Demand to limit the processing of your personal data according to Art. 18 GDPR, if the accuracy of the data is denied by you, the processing is not authorised, you however decline the deletion and we have no further use for the personal data and you need the personal data to claim or defend legal rights or you file an objection against the processing according to Art. 21GDPR; 

- Demand to receive yourself or to pass on your personal data to another responsible, which you have supplied, in a structured and machine-readable format according to Art. 20 GDPR and 

- File a complaint to a surveying administration according to Art. 77 GDPR. Usually this is the surveying administration at your private or professional location or the location of our office. 

Please address all requests or objections regarding the data processing via e-mail to datenschutz@disy.net or to the address mentioned in the legal details.

11. Minors

We don’t collect personal information of minors. If this still happens to be by accident, we will delete the personal data without further delay.

12. Can I object the processing of my personal data?

You have the right to object a processing of your personal data, which is used for direct advertising purposes without explanation. If we process your personal data to preserve justified interests, you can object the processing, if you state a reason, which origins from your special personal situation. We will cease to process your personal data, if we don’t state a coercible reason that requires protection, that prevails your interests, rights and freedoms or is needed to claim or defend legal rights.

The collection of personal data and its storage in logfiles is essential to facilitate the website for users and in order to assure its operation. Because of this circumstance, there is no possibility to object for the user.

If logfiles will be saved, they are deleted within 30 days. A further going processing will not take place.

13. Do I have the possibility of complaint? 

If you think, that the processing of your personal data by us is unrightfully or violates the data protection laws in another way, you can file your complaint at a responsible survey administration:

The county’s agent for data protection and freedom of information in Baden-Württemberg

Königstraße 10a

70173 Stuttgart