Privacy statement for quantity-checker-app

Time for an update! For our updated privacy policy for the DENIOS apps, click here. Please update your DENIOS App to stay updated.

1. Introduction

In order to use our application, the processing of personal data is necessary. With the following information, we want to provide you with an overview of how your personal data is processed by us and your rights as a “data subject”, according to data protection laws.

Your personal data, such as your name, address or email address, is always processed in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

With this Privacy Statement, we aim to inform you about the scope and purpose of the collection, utilisation and processing of your personal data.As the controller responsible for data processing, we have taken numerous technical and organisational measures to ensure the complete protection of all personal data that is processed via this application. Nevertheless, Internet-based data transfers are fundamentally vulnerable to security holes, meaning complete protection cannot be guaranteed.

2. Controller

DENIOS AG

Dehmer Straße 58–66

32549 Bad Oeynhausen, Germany

Telephone: +49 (0)5731 753-0

Fax: +49 (0)5731 753-199

Email: info@denios.de

3. Data protection officer

Our data protection offer can be contacted as follows:

datenschutz@denios.de

In case of any questions or suggestions relating to data protection, please feel free to contact our data protection officer directly at any time.

4. Definitions

The Privacy Statement is based on the terminology used by the European regulator in the legislation of the General Data Protection Regulation (GDPR). Our Privacy Statement should be clear and comprehensible to the general public, as well as to our customers and business partners. For this reason, we would like to clarify the terminology used in advance.

The following terminology is used in the Privacy Statement:

1. Personal data

Personal data is all information pertaining to an identified or identifiable natural person. A natural person is considered identifiable if they can be directly or indirectly identified by the assignment of identifiers, such as a name, identification number, location data or online identification data, or of one or multiple specific characteristics that reflect the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing

Processing is every procedure or sequence of procedures carried out in relation to personal data, with or without the help of automated processes, such as collection, recording, organisation, sorting, saving, adaptation or modification, retrieval, querying, utilisation, disclosure through transmission, distribution or other forms of provision, comparison or linking, restriction, deletion or destruction.

4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

5. Profiling

Profiling is every kind of automated processing of personal data, in which personal data is used to evaluate certain personal aspects relating to a natural person, particularly for the purpose of analysing or predicting aspects pertaining to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change in location of that natural person.

6. Pseudonymisation

Pseudonymisation is the processing of personal data such that it can no longer be assigned to a specific data subject without referring to additional information, provided that this additional information is stored separately and that technical and organisational measures have been taken to ensure that the personal data cannot be assigned to an identified or identifiable natural person.

7. Data processor

The data processor is the natural or legal person, authority, institution or other entity who processes personal data on behalf of the controller.

8. Recipient

The recipient is the natural or legal person, authority, institution or other entity to whom personal data is disclosed, regardless of whether they are a third party or not. Authorities who receive personal data within the scope of a specific investigation order in accordance with European Union law or the law of member states, however, are not classified as recipients.

9. Third party

A third party is a natural or legal person, authority, institution or entity, other than the data subject, controller, data processor and persons who are authorised to process data under the direct responsibility of the controller or data processor.

10. Consent

Consent is any declaration of intent provided voluntarily by the data subject for the specific case in an informed and unambiguous manner in the form of a statement or other clear, affirmative action with which the data subject indicates that they consent to the processing of their personal data.

5. Technology

This application uses SSL and TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator.

We use this technology to protect the data you send us.

6. Data processing for use of the application

Our application can be used up to ten times without needing to register. Users can register free of charge at any time. Even without registration, our application collects a series of general information and data during use. The following data is recorded in the log files of the server:

1. browser type and version used,

2. operating system of the accessing system,

3. functions used by the accessing system in the application,

4. date and time of access to the application,

5. Internet Protocol (IP) address

6. the Internet service provider of the accessing system.

In addition, the application records the number of times the user has used the application.

This general data and information is not linked to you as an individual. Rather, this information is used to

1. deliver the contents of the application correctly,

2. ensure the long-term functionality of our IT systems and the technical features of our website,

3. to provide law enforcement agencies with the necessary information in the event of a cyber attack, and

4. to prevent unlimited use of the quantity checker.

The collection data and information is evaluated by us with the aim of increasing data protection and security in our company, to ensure an optimal level of protection for the personal data processed by us, and to prevent unlimited use of the quantity checker.

The data in the server log files is stored separately from all personal data provided by the data subject.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the above-listed purposes of data collection.

The data in the server log files is stored separately from all personal data provided by the data subject and deleted automatically after seven days. The application records the number of times the user has used the application for the duration that the installed is installed, or at the latest until the user completes the user registration.

7. Data processing during user registration

After the tenth use of the application, the application will prompt you to register. However, you may also register as a user of the application, with the provision of your personal data, earlier.

To register as a user, the following data is required:

• First name

• Surname

• Company

• Postcode

• Email address

When registering on our website, the IP address provided by your Internet service provider (ISP), as well as the date and time of registration, will also be recorded.

The personal data you provide during the registration process is processed for the following purposes:

• Sending our newsletter, provided you have given your consent for us to do so (see Section 9.1)

• Sending advertising by post, provided you do not object to receiving advertising by post

• Displaying interest-based advertising, provided you do not object to the processing of your data for this purpose

• Offering contents or services that can only be offered to registered users, due to the nature of the matter.

The IP address provided by your Internet service provider (ISP), date and time are stored primarily to prevent the misuse of our services, and that this data can be used to address any committed offences. For this reason, the storage of data is necessary for our protection.

Your data is processed on the basis of the following legal principles:

• Sending our newsletter: This processing activity is carried out with your consent on the basis of Art. 6(1)(f) GDPR.

• Sending advertising by post: This processing activity is carried out based on our legitimate interest in the advertising of our products in accordance with Art. 6(1)(f) GDPR.

• Displaying interest-based advertising: This processing activity is carried out based on our legitimate interest in the targeted advertising of our products in accordance with Art. 6(1)(f) GDPR.

• Offering contents or services for registered users

• Storing the IP address, date and time of registration: This processing activity is carried out based on our legitimate interest to prevent the misuse of our services in accordance with Art. 6(1)(f) GDPR.

The data you provide within the scope of your user registration is stored by us until you delete your account.

8. Data processing when using the feedback and contact function

The application offers you the opportunity to give us your feedback on its use, as well as to contact us for advice about our products and services.

Personal data is collected within the scope of the feedback or contact function of the application.

In the case of the feedback function, the following data is collected:

• Surname

• Company

• Postcode

• Email

• Your message

Which data is collected in the event of an enquiry depends on whether you contact us by telephone or via our contact form. In the case of an enquiry by telephone, this is the data that you share with us verbally.

When using the contact form, the following data is collected:

• Company

• First name

• Surname

• Telephone

• Email

• Postcode

• Your preferred callback time

• Your message

The shared data is used and stored exclusively for the purpose of answering your enquiry, making contact with you and the associated technical administration. If you have shared your telephone number with us, we will contact you by telephone on the provided number as standard. Only if you have not shared your telephone number will we contact you on the email address provided.

In the case of the feedback function, the legal basis for data processing is our legitimate interest in the evaluation of your feedback, and in the case of the contact function, in answering your enquiry in accordance with Article 6(1)(f) GDPR.

If, in the case of the contact function, the purpose of your enquiry is the conclusion of a contract, an additional legal basis in accordance with Article 6(1)(b) GDPR applies.

The data you provide within the scope of the feedback function is stored by us until we have evaluated your enquiry and made a decision on its implementation. If your feedback is implemented, this is no longer than the time of implementation. If your feedback is not implemented, your data will be deleted immediately after the decision is made.

The data you provide within the scope of making contact for purpose of seeking advice is stored by us until your enquiry has been handled. This is the case if the circumstances indicate that the matter in question has been conclusively resolved and there is no legal obligation to store the data any longer. This may be up to ten years after the last contact in accordance with the relevant commercial and tax regulations.

9. Sending of the newsletter

9.1 Advertising newsletter

We inform our customers and business partners about our products and services at regular intervals via a newsletter. Our application offers the opportunity to subscribe to our company newsletter. The following data are used to do so:

• First name

• Surname

• Email address

When subscribing to the newsletter, a confirmation email is sent to the email address you provide for legal reasons, as part of the double opt-in process. This confirmation email is used to confirm that you, the owner of the email account, have authorised the subscription to the newsletter.

When subscribing to the newsletter, we also store the IP address provided by your Internet service provider (ISP), the IT system used by you at the time of registration, as well as the date and time of registration. The collection of this data is required to trace the (possible) misuse of your email address at a later point in time, and therefore serves the purpose of our legal protection.

You may revoke your consent to the storage of your personal data, granted for the purpose of subscribing to the newsletter, at any time. Every newsletter contains a link for you to revoke your consent. You can also revoke your consent by sending a message to this effect to the afore-mentioned controller, and via the data protection menu in the application.

If you revoke your consent, your email address will be deleted, provided that we have no further purpose for processing your data that is permissible in accordance with data protection law, and about which you are informed in the Privacy Statement.

The legal basis for the processing of your data for the purpose of sending you our newsletter is Art. 6(1)(a) GDPR.

10. Recipient

We use various service providers to provide our application and the associated services, as well as for advertising purposes and for the optimisation of our application and service offer. We share your personal data with these service providers to the required extent.

In addition to DENIOS AG, recipients of your personal data for the purposes described in the Privacy Statement are therefore as follows:

• DENIOS Direct GmbH for the coordination and implementation of direct advertising measures, as well as measuring the success of these measures

• Hosting service providers (e.g. Amazon Web Services, SAP) for the technical provision of the application

• Support service providers (e.g. itelligence AG) for troubleshooting purposes

• Tool providers (e.g. Artegic AG) for the purpose of sending the newsletter and tracking opening and clicks on contained links

• Postal service providers (e.g. Deutsche Post AG, Citipost) for the purpose of distributing printed advertisements.

If necessary, we will share personal data with law enforcement agencies, courts, government offices and authorised third parties, if this is required for the purpose of law enforcement, enforcing, exercising or defending our legal rights and/or those of third parties.

We do not intend to transfer any personal data to third countries.

11. Your rights as a data subject

The protection of your personal data is extremely important to DENIOS AG and its partners. If you wish to exercise your rights as a data subject, please contact us via the contact details of DENIOS AG or our data protection officer.

11.1 Right to confirmation

You have the right to request confirmation from us whether any personal data is being processed concerning you.

11.2 Right to information according to Art. 15 GDPR

You have the right to request information about the personal data stored by us pertaining to you, and to receive a copy of this data in accordance with the legal regulations.

11.3 Right to correction according to Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purpose of data processing.

11.4 Right to deletion according to Art. 17 GDPR

You have the right to request from us that any personal data concerning you is immediately deleted, provided that one of the legally prescribed reasons applies and no further processing or storage is necessary.

11.5 Restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of processing, if one of the legal prerequisites is present.

11.6 Data transferability according to Art. 20 GDPR

You have the right to receive the personal data provided to us by you in a structured, conventional, machine-readable format. You also have the right to transfer this data to another controller without impediment by us, provided that the data will be processed with your consent in accordance with Art. 6(1)(a) GDPR or Art 9. (2)(a) GDPR, or on the basis of a contract in accordance with Art. 6 (1)(b) GDPR, and the data will be processed using automated processes, provided that the processing is not required for the completion of a task assigned to us that lies in the public interest or is required for the exercising of official authority.

Furthermore, when exercising your right to data transferability in accordance with Art. 20 (1) GDPR, you have the right to request that your personal data is transferred directly from one controller to another, to the extent that this is technically possible and does not infringe on the rights and freedoms of other persons.

11.7 Right to object according to Art. 21 GDPR

You have the right to object to the processing of your personal data for the purposes described in Art.6 (1)(e) (Data processing in the public interest) or (f) (Data processing based on the balancing of interests) GDPR at any time.

If you object to our processing your data for the purpose of direct advertising, we will no longer process your personal data for this purpose. The same applies to profiling, to the extent that it is associated with direct advertising. You have the option to object to the processing of your data for the purpose of direct advertising and interest-based advertising at any time.

If you object to processing activities outside the scope of direct advertising, we will no longer process your personal data, unless we can prove compelling, legitimate reasons for its processing that outweigh your interests, rights and freedoms, or its processing serves the enforcement, exercising or defense of legal rights.

11.8 Right to revoke consent

You have the right to revoke your consent to the processing of your personal data at any time with effect for the future.

11.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

12. Actuality and amendment of the Privacy Statement

The Privacy Statement is currently valid and was last updated: April 2020.

Due to the further development of our application or the possible future amendment of the legal or official regulations, it may be necessary to amend the Privacy Statement. We reserve the right to make such changes at any time, in accordance with the applicable data protection regulations.