Controller

The controller within the meaning of the General Data Protection Regulation, other data protection acts applicable in the EU member states and other data protection law provisions is:

AUTHADA GmbH
Julius-Reiber-Straße 15A
64293 Darmstadt

Darmstadt District Court
HRB 94377
VAT ID DE815570916
Geschäftsführer: Andreas Plies

The protection of your data is our concern

We are delighted about your interest in our company and our products or services and would like you to feel safe when you visit our websites also as regards the protection of your personal data. We take the protection of your personal data very seriously. The observance of the provisions of the General Data Protection Regulation and the BDSG (new) is a matter for us.

We would like you to know when we collect what data and how we use them. We have taken technical and organisational measures that ensure that the regulations on data protection are observed both by us and by external service providers commissioned by us.

Personal Data

Personal data are information on your identity. This includes, for instance, details such as name, address, telephone number, e-mail address. This information is at all times processed in compliance with the requirements of the General Data Protection Regulation as well as other data law protection regulations applicable to our company.

As a rule, it is not necessary for the use of our websites that you disclose personal data. In certain cases, however, it may be necessary to process personal data, for instance to provide services requested by you.

The same applies, for instance, for the sending of information material and ordered goods or for the answering of individual questions. Where necessary, we inform you accordingly.

Sofern keine gesetzliche Grundlage für eine Verarbeitung dieser personenbezogenen Daten besteht, holen wir eine entsprechende Einwilligung bei Ihnen ein.

In addition, we only save and process data that you provide us with voluntarily and where applicable, data that we collect automatically when you visit our websites (e.g. your IP address and the names of the pages accessed by you, of the browser used by you and your operating system, date and time of the access, search engines used, names of files downloaded).

If you use services, only such data are collected as a rule that we need to provide the services. If we request further data, this is voluntary information. Personal data is processed solely for the fulfilment of the queried service and to maintain own legitimate business interests.

Purpose of the personal data

We use the personal data provided by you to answer your enquiry, process your orders or provide you with access to certain information or offerings.

It goes without saying that we respect your decision, if you do not wish to provide us with your personal data to support our customer relationship (in particular for direct marketing or for market research purposes). We will not sell your personal data to third parties or market them otherwise.

Purpose-linked use

We will only collect, process and use the personal data provided by you online for the purposes reported to you. Any disclosure of your personal data to third parties will not take place without your express consent.

Surveys of personal data as well as their transmission to state institutions and authorities entitled to receive information are only carried out within the framework of the relevant laws or if we are obliged to do so by a court decision. Our employees and the service companies commissioned by us are obliged by us to secrecy and to comply with the provisions of the Basic Data Protection Ordinance.

Data that are automatically collected when visiting our websites

For organisational and technical reasons, the following data is stored when you use our Internet pages: the names of the pages you call up, the browser you use and your operating system, date and time of access, search engines used, names of downloaded files and your IP address.

The AUTHADA website uses the Matomo analysis tool to detect errors at an early stage and to constantly improve the service of the website. In addition, the tool helps to track user behaviour on the website by producing anonymous usage reports. This data is stored on our server at 1&1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. The analysis tool is configured in such a way that only data on the use of the AUTHADA website, the browser used and the location are collected. The data is anonymised (IP address) in such a way that no inference can be made about a person.

The information collected is needed to correctly deliver the content of our web pages. In addition, we evaluate this technical data anonymously and only for statistical purposes in order to constantly optimize our Internet presence and make our Internet offerings even more attractive and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. Conclusions are not drawn about individual persons.

You can prevent your data from being collected by the Matomo analysis tool by clicking on the following link. An opt-out cookie is set to prevent the collection of your data on future visits to this website.

Opt-Out: activate/deactivate analysis tool

Contact options via the website

Due to legal regulations, our website contains information that allows contacting us quickly and a more direct communication with us. This includes the indication of an e-mail address and, where applicable, a contact form.

If you contact us by e-mail or via a contact form, the personal data you provide will be stored automatically. The data you voluntarily provide us with will be stored for the purpose of processing your request or contacting you. They will not be passed on to third parties.

Deletion and blocking of personal data

We process personal data of affected persons only as long as it is necessary to achieve the underlying purpose or as long as this has been provided for by legal regulations to which our company is subject. If the purpose of storage no longer applies or if a statutory storage period provides for this, personal data will be deleted in accordance with the statutory provisions unless we are legally obliged to store this data. In these cases the data will be blocked.

 

Rights of data subjects

To exercise each of the rights specified below, you can contact our data protection officer directly or any other employee.

Right to information

You can obtain information and a copy of the personal data saved about you and processed by us at any time.

This right of access shall include information on the purposes of the processing, the categories of personal data to be processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and where possible, the envisaged duration for which the personal data will be stored, or if not possible, the criteria for determining this duration, the existence of the right to rectify or erase the personal data concerning you or to limit or object to the processing by us, the existence of a right of appeal to a supervisory authority and, if the data has not been collected from you, all available information on the origin of the data and the existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing.

Furthermore, you have the right to request information about whether your personal data were sent to a third country or an international organisation and what suitable guarantees exist for the transmission.

Right to correction

Furthermore, you have the right to request the immediate correction of personal data relating to you. In addition, in consideration of the purposes of processing, you have the right to request completion of incomplete personal data.

Right to deletion

You also have the right to demand that the data we have stored about you be deleted immediately if one of the following reasons applies: the personal data has been collected for such purposes or processed in any other way for which it is no longer necessary; you revoke your consent on which the processing was based pursuant to Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 GDPR, and there is no other legal basis for the processing; you submit pursuant to Art. 21 Para. 1 GDPR objection to the processing and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR; the personal data have been processed unlawfully; the deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject; the personal data have been collected in relation to Information Society services offered pursuant to Article 8 para. 1.

Right to restriction of processing

You have the right to request that the processing of your personal data is limited if one of the following requirements is given; The correctness of the personal data is contested by you, and this for a duration that enables us to verify the correctness of the personal data; the processing is unlawful and you reject the deletion of personal data and instead request the use of the personal data; we no longer require the personal data for the purposes of processing, but you require the claiming, exercising or defence of legal claims or you have filed objections to the processing under Article 21(1) for as not as long as it is not clear whether the legitimate interests of our company outweigh yours.

Right to data transmission

You may receive at any time the data concerning you which you have provided to us in a common and machine-readable format. Furthermore, you have the right to transfer these data to another responsible person without any hindrance on our part, provided that the processing is based on an agreement in accordance with Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 a GDPR or on a contract in accordance with Art. 6 Para. 1 b GDPR and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority which has been transferred to us.

Furthermore, you may request that the personal data stored by you be sent directly by us to another controller, if this is technically feasible and the rights and freedoms of other persons are thereby not affected.

Right to objection

For reasons that arise from your particular situation, you have the right to object to the processing of personal data relating to you, which takes place under Article 6(1e or f) GDPR, at any time. This also applies to any profiling based on these provisions.

In the event of an objection, we no longer process the personal data, unless we can prove protected reasons for the processing, which outweigh your interests, rights and freedoms or the processing serves the claiming, exercising or defence of legal claims.

If we process personal data to conduct direct advertising, you have the right to file an objection against the processing of personal data relating to you for the purposes of advertising at any time; this also applies for the profiling insofar as it is connected to such direct advertising. If you file an objection with us to the processing for the purposes of direct advertising, the personal data are no longer processes for these purposes.

For reasons that arise from your particular situation, you have the right to object to the processing of personal data relating to you, which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless such a processing is required to fulfil a task that is in the public interest.

It is at your discretion to exercise your right of objection using automatic methods in connection with the use of services of the information company and irrespective of Directive 2002/58/EC during which technical specifications are used.

Right to withdrawal

You may withdraw granted consent to the processing of your personal data with effect for the future.

Right to confirmation

You have the right to request confirmation whether personal data relating to you are processed.

 

Automatic decision-making

As a responsible company, we refrain from conducting an automatic decision-making or profiling.

Period of archiving

Personal data are deleted on expiry of the statutory archiving period, unless they are required for contract fulfilment or contract initiation.

Legal basis of the processing

If you have given us your consent to process your personal data for a certain purpose, the processing is carried out on the basis of Article 6(1a) GDPR, If such a processing is necessary to fulfil an agreement with you or to initiate such, the processing is based on Article 6(1b) GDPR. In some cases, e.g. to fulfil tax law obligations, we may be subject to a legal obligation to process personal data. The legal basis of this in such cases is Article 6(1c) GDPR. In rare cases, processing can also take place to protect vital interests of yours or another private individual. In this exceptional case, the processing takes place under Article 6(1d) GPDR. Finally, processing may also be based on Article 6(1f) GDPR. This is the case if the processing is performed to protect an interest that is legitimate for our company or a third party if your interests, basic rights and basic freedoms do not take precedence. Such a legitimate interest can be already be assumed if you are a customer of ours. If the processing of the personal data is based on Article 6(1f) GDPR, out legitimate interest is the conducting of our business activities.

Provision of personal data

In some cases, the provision of personal data is required by law or contract. For this reason, it may, for example, be necessary for a contract to be concluded that you provide us with personal data, which must be processed by us. For example, you are obliged to provide personal data in order to conclude a contract. Failure to do so would mean that the contract cannot be concluded.

Before providing personal data, you may also contact our data protection officer. He will inform you whether the provision of personal data is prescribed by law or agreement in the individual case and what consequences any non-provision of these data would have.

Security

As the data controller, we have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all persons involved in data processing are obliged to comply with the Basic Data Protection Regulation and other laws relevant to data protection as well as to treat personal data confidentially.

In the event of the collection and processing of personal data, the information is transferred in an encrypted form to prevent abuse of the data by third parties. Our protection measures are being consistent revised in accordance with the technical development.

Nevertheless, internet-based transmission may have security loopholes as a rule, for which reason absolute protection cannot be guaranteed.

Amendments or our data protection provisions

We reserve the right to amend our security and data protection measures if this becomes necessary due to the technical development. In this case, we will also adjust our notes on data protection accordingly. Please therefore note the relevant current version of our data protection statement.

Links

If you use external links that are offered within the framework of our website pages, this data protection statement does not extend to these links. Insofar as we offer links, we guarantee that no violations against applicable law were identifiable on the linked website pages at the time of placing the links. However, we have no influence on the observance of the data protection and security provisions by other providers. For that reason, please seek information on the internet pages of the other provides also via the data protection statements provided there.

The use of third-party services and content always requires that the providers of such content (hereinafter referred to as "third-party providers") perceive the IP address of the users. Without the IP address of the user, they cannot send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. However, we have no influence on whether the third party providers store the IP address for statistical purposes, for example. As far as this is known to us, we inform the users about it.

Cookies

If you visit our website pages, it may be the case that we store information in the form of a cookie on your computer. Cookies are small text files that are sent by web server to your browser and are stored on the hard disk of your computer.

In doing so, apart from the internet protocol address, no personal data of the user are stored. This information is used to recognise you on your next visit to our website pages, use your preferred language and to make navigation easier for you. Cookies enable us, for instance, to adjust a website page to your interests or to save your password so that you do not have to enter it every time you visit.

If goes without saying that you can also view our website pages without cookies. If you do want us to recognise your computer, you can prevent the storage of cookies on your hard disk by selecting “do not accept cookies” in your browser settings. Cookies already used can also be deleted via your browser. Please refer to the instructions of your browser manufacturer to learn how this works in detail. If you do not accept cookies, however, the functions of our offering may be restricted.

Newsletter

With the following information we inform you about the content of our newsletter as well as about the registration, distribution and statistical evaluation procedures and about your rights of objection. By subscribing to our newsletter, you agree to the receipt of our newsletter and the described procedures.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletter") only with the prior consent of the recipient or a legal permission. If the contents of the newsletter are specifically described within the scope of registration, they are decisive for the prior consent of the user. In addition, our newsletters contain information about our services and us.

Double-Opt-In and logging: The registration to our newsletter takes place via a so-called Double-Opt-In procedure. I.e. after registration you will receive an e-mail with which you will be requested to confirm your registration. This confirmation is necessary to prevent anybody from registering with third-party e-mail addresses. The registrations for the newsletter are logged in order to be able to demonstrate the registration process to be compliant with legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. In addition, any changes to your data that is stored with the newsletter provider are logged.

Registration data: To subscribe to the newsletter it is sufficient to enter your e-mail address. As an option, we would like you to enter a name in the newsletter for the purpose of a personal approach.

The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 Para. 1 a, Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 Act Against Unfair Competition or, if consent is not required, on our legitimate interests in direct marketing pursuant to Art. 6 Para. 1 f. GDPR in connection with § 7 Abs. 3 Act Against Unfair Competition.

The logging of the registration procedure takes place on the basis of our legitimate interests according to Art. 6 Para. 1 f GDPR. Our interest is directed to the use of a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users and furthermore allows us the proof of consent.

Cancellation / revocation: You can unsubscribe from our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe the newsletter at the bottom of each newsletter. We may retain the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests until we delete them in order to be able to provide evidence of a previously given consent. The processing of this data is limited to the purpose of a possible averting of claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.

Performance measurement

The newsletters contain a so-called "web-beacon", i.e. a file the size of a pixel, which is retrieved from our server or from the server of our newsletter provider when the newsletter is opened. Initially, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are collected as part of this retrieval.
This information is used for technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are being clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor our newsletter provider's intention to monitor individual users. The evaluations serve us to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Newsletter2Go newsletter provider

The distribution of the newsletter is carried out by Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. You can view the data protection provisions of this newsletter provider here: https://www.newsletter2go.de/datenschutz/. The shipping service provider will be informed on the basis of our legitimate interests pursuant to Art. 6 para. 1 f. GDPR and an order processing contract in accordance with Art. 28 Para. 3 S. 1 GDPR.

The newsletter provider may use the recipient's data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the distribution and the presentation of the newsletter as such or for statistical purposes. However, the distribution service provider will not use the data of our newsletter recipients to write to them itself and will not pass data on to third parties.

Server log files

The provider of the pages collects and stores information automatically in the so-called server log files, which your browser sends us automatically. This is:

  • Browsertype/Browserversion
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request

These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.

Social networks

AUTHADA GmbH is only liable in the event of intent or gross negligence. We are not in a position to check or permanently monitor the conduct of social network services (e.g. Facebook, Twitter, google+, YouTube, XING, LinkedIn and Pinterest).

Data protection officer

The contact details of our data protection officer are:

Mr Mario Arndt, DEUDAT GmbH
Zehntenhofstraße 5b
65201 Wiesbaden

Tel: +49 611 950008 - 32
Fax: +49 611 950008 - 5932
eMail: datenschutz@authada.de

Our data protection officer is available to you at any time for questions and suggestions regarding data protection.

Competent data protection authority

You have the possibility to contact the above data protection officer or data protection authority. The competent data protection authority in our case is:

Der Hessische Datenschutzbeauftragte
Postfach 31 63
65021 Wiesbaden

Gustav-Stresemann-Ring 1
65189 Wiesbaden

Tel. 0611/1408-0
Fax 0611/1408-611

 

Mai 2018