Data protection policy

By Support | 20 October, 2020

Table of contents

This Data Protection Policy consists of four sections:

  • Section A - What is it about?
  • Section B - General information about your data and your rights
  • Section C - Contact details, partners
  • Section D - Operational Processes

Section A - What is it about?


1. This document

The person responsible for this document is listed on the Imprint page under “Data Protection”.

It is valid from 2020-10-20.

Terms:

2. Introduction

The protection of your data is our concern.

We are pleased about your interest, in our products or services and would like you to feel safe with us regarding the protection of your personal data. We take the protection of your personal data very seriously.

We want you to know when we collect which data and how we use it.

We have taken technical and organisational measures to ensure that the data protection regulations are conscientiously observed by us. We have also committed our contracted external partners to this.

3. Purpose of this Data Protection Policy

If you have contact with us, personal data will be exchanged in some form or another.

Personal data is information that can be used to identify a specific person.

This includes, for example, the name, e-mail address, telephone number, but also technical data that can be used to identify a specific person when linked.

This Data Protection Policy therefore explains the nature, scope and purpose of the collection and use of personal data and also the ‘procedures’ for how the data is processed by us.

4. Questions?

If you have any questions about your data, please contact our data controller (see the Imprint page). Our data controller is always available to answer any questions or suggestions you may have regarding data protection.


Section B - General information about your data and your rights


1. Data processing processes

In our organisation and on this website personal data are processed within the scope of several operational processes. A couple of examples are:

  • Contacting us (e-mail, Tel);
  • Business related processing;
  • Webservices (Website).

The webservices are a collection of individual operational processes.

For a list of all the processes and their details, please refer to Section D of this Data Protection Policy.

2. Our partners

Service partners support us in various areas, e.g.:

  • Service providers for the provision of e.g. computers and networks;
  • Payment service providers (e.g. financial institutions, payment services);
  • Telecommunications service providers;
  • Delivery services;
  • Service providers that provide applications and services on our websites.

We have contractually agreed with these service providers that they may only use your data within the scope of fulfilling orders for us and for our own services.

3. Transfer of data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if

  • you have given your express consent to do so (in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR),
  • the disclosure is necessary for the assertion, exercise or defence of our legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR),
  • there is a legal obligation to pass them on (in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR),
  • this is legally permissible and necessary for the processing of contractual relationships with you (in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR).

4. security measures

In order to guarantee a level of protection appropriate to your personality and your data, we have taken suitable technical and organisational measures (in accordance with Art. 32 GDPR).

These include, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying degrees of probability and severity of the risks associated with the processing for the rights and freedoms of natural persons, among others, the following measures:

  • Control of physical access to data;
  • Procedures to ensure the exercise of data subjects' rights;
  • Procedures to ensure the integrity, confidentiality and availability of data. Examples of such measures include the input, disclosure, separation and deletion of data.

Already during the development or selection of IT systems, hardware, software, technical design and the aforementioned procedures, data protection issues are taken into account. For example, data protection-friendly presettings are implemented (according to Art. 25 GDPR).

Insofar as the respective legal basis for data processing is not stated in this Data Protection Policy, the following applies:

  • Insofar as we obtain your consent for processing operations involving personal data, Art. 6 para. 1 sentence 1 letter a GDPR serves as the legal basis for processing your personal data.
  • When processing your personal data for the fulfilment of a contract between you and us, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures, such as answering enquiries.
  • Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our enterprise is subject, Art. 6 Para. 1 S.1 lit. c GDPR serves as the legal basis.
  • If the processing is necessary to safeguard a legitimate interest of our enterprise or of a third party, and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis.
  • If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 letter d GDPR serves as the legal basis.

6. Your rights

You have various rights in relation to your data:

6.1 Right of access

You have the right to receive free information on the personal data stored about you upon request (in accordance with Art. 15 GDPR). We may charge a fee from the second time information is provided within 12 months.

6.2 Right to correction

You have the right to demand the immediate correction of incorrect data or the completion of your personal data stored with us (in accordance with Art. 16 GDPR).

6.3 Right to erasure

You have the right to have your personal data which was unlawfully processed or stored for too long erased (insofar as this does not conflict with any legal obligation to retain data and no other reasons pursuant to Art. 17 Para. 3 GDPR).

6.4 Right of restriction

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

  1. You dispute the accuracy of the personal data concerning you for a period of time which enables us to verify the accuracy of the personal data;
  2. The processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
  3. We no longer need the personal data for the purposes of the processing, but you need the personal data to assert, exercise or defend legal claims; or
  4. You have lodged an objection to the processing (pursuant to Art. 21 para. 1 GDPR) and it has not yet been established whether our justified reasons outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data - apart from being stored - may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the EU or a Member State of the EU.

If the restriction on processing has been restricted under the above conditions, you will be informed by us before the restriction is lifted.

6.5 Right to data portability

You have the right to request the transfer of all data you have handed over to us in a structured, common and machine-readable format to another responsible person (according to Art. 20 GDPR).

6.6 Right of revocation

You have the right to revoke your consent to us at any time (in accordance with Art. 7 Para. 3 GDPR). As a result, we may no longer continue to process the data which was based on this consent in the future.

6.7 Right of appeal

You have the right of appeal to a data protection supervisory authority (in accordance with Art. 77 GDPR).

6.8 Right of objection

Insofar as you also have a right to object to the processing via individual operational processes (pursuant to Art. 21 GDPR), we will point this out in the description of the individual operational processes in Section D.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing.

If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes.

6.9 Exercising your rights

If you wish to exercise your right, simply send an e-mail to the data controller (see section C).

7. General information

7.1 Types of data

There are different types of data processed:

  • Inventory data (e.g. names, title, addresses, customer category);
  • Contact data (e.g. e-mail, telephone numbers);
  • Payment data (e.g. bank details, payment history);
  • Content data (e.g. texts, photographs, videos);
  • Ordering data (e.g. printout files, contact data, payment data);
  • Contract data (e.g. subject matter of the contract, duration);
  • Usage data (e.g. websites visited, interest in content, access times);
  • Communication data (e.g. device type, IP addresses);
  • Technical data.

7.2 General note on cookies

This website uses cookies.

Cookies are small files that are automatically created by your browser and stored on your end device (mobile phone, laptop, tablet, smartphone or similar) when you visit our site.

Cookies do not cause any damage on your terminal device, do not contain viruses, Trojans or other malicious software.

Individual parts of our website can thus ‘recognise’ and ‘remember’ the settings you have made.

This does not mean, however, that we are immediately informed of your identity.

The use of cookies serves to increase the user-friendliness of the website and to make our offers more pleasant for you.

For example, we use so-called session cookies in order to recognise that you have already visited individual pages of our website while using the website. These are normally deleted automatically after you leave our site.

Other cookies are used to optimise user-friendliness, e.g.

  • to automatically recognise that you have already been on our website when you visit it again,
  • which entries and settings you have made so that you do not have to enter them again.

Cookies also serve this purpose,

  • to record statistical data on website usage and to use the data thus obtained for analysis and advertising purposes,
  • to record the use of our website statistically and evaluate it for the purpose of optimising our offer for you.

Normally these cookies are automatically deleted after a defined period of time.

We also use so-called third-party cookies, which are managed by third parties in order to offer certain services.

Most browsers accept cookies automatically.

However, you can influence the use of cookies via the settings of your browser.

Most browsers have an option to restrict or completely prevent the storage of cookies.

However, please note that the use of the website and in particular the comfort-of-use can be restricted without cookies.

For details of the cookies we use, please refer to the section on Operational Processes.

7.3 E-mail correspondence

We would like to point out that there may be security gaps in communicating over the Internet.

Therefore, a complete protection of your data on the Internet against access by third parties is not possible.

7.4 IP address

Every device (e.g. mobile phone, smartphone, tablet, PC) that is connected to the Internet is assigned an IP address.

Which IP address this is depends on how your device is currently connected to the Internet.

As a private user, you usually do not have a permanent IP address, as your network access provider will only assign you a temporary IP address (so-called ‘dynamic IP address’).

This website may contain links to external websites. This Data Protection Policy does not extend to such links.

Please contact the provider of these external websites to find out about their data protection declarations.

8. Actuality and modification of this Data Protection Policy

The date as of when this Data Protection Policy is valid is stated at the top under the paragraph “This document”.

Due to the further development of our services, offers, our website or due to changed legal or official requirements, it may become necessary to amend this Data Protection Policy.

The current Data Protection Policy is listed online on the Website. A link to it can be found at the bottom of the hompage.

We would be grateful for any comments that lead to further improvements in our data protection.


Section C - Contact details, partners


1. Data controller

Contact details about the Data Controller can be found in the Imprint of this website.

2. Partner addresses

Google

Google LLC,1600 Amphitheatre Pkwy, Mountain View, California 94043, USA.

Responsible for services offered within Europe is Google’s subsidiary:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google LLC is certified under the Privacy Shield Agreement, guaranteeing compliance with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Privacy Policy: https://www.google.com/policies/privacy/

SensiOffice

SensiOffice Ltd, 100 Hagley Road West, Smethwick, B67 5EZ. UK.


Section D Operational Processes


1. Contacting us

If you contact us, e.g. by e-mail, the information you provide will be processed for the purpose of processing your enquiry and in the event that follow-up questions arise.

a. Your data

We will use the personal data transmitted to us in this way solely for the purpose for which you contacted us.

b. Recipient of the data

The data of your enquiries sent by e-mail will only be used within our organisation.

c. Purposes of processing

The purpose of using your data is exclusively to process and answer your request.

As far as this involves information on communication channels (such as telephone numbers, e-mail addresses), we will use these channels to contact you in accordance with your request.

The data provided in the course of the contact will be processed in accordance with Art. 6, para. 1 and letter f GDPR.

This regulation allows the processing of personal data within the scope of the service provider’s ‘legitimate interest’, namely the processing of contact details.

e. Duration of data storage

We will delete your data that we have received in the course of contacting you as soon as it is no longer required for the purpose of its collection and no further communication with you is necessary or desired by you.

f. Option to object

You can object to this data processing at any time and request the deletion of the data relating to your query at any time.

Please contact our Data Controller (contact see above).


If you use a service from us or enter into a contract with us, we collect and store various data in order to ensure the fulfilment of the order with you. The collection of personal data is carried out,

  • to be able to identify you as a customer,
  • for correspondence with you,
  • to be able to advise you appropriately,
  • to receive and fulfil orders,
  • to be able to fulfil our contractual obligations towards you,
  • to be able to meet our legal obligations,
  • for invoicing or, if applicable, within the framework of the dunning process,
  • to assert any claims against you,
  • to improve our service quality through market research,
  • to inform you about new services (direct mail),
  • for our customer care processes e.g. by announcing holidays or sending Christmas cards.

a. Your data

The following data will be collected if necessary:

  • Personal data (e.g. name, title, address);
  • Profile data (e.g. student, club, private customer);
  • Communication data (e.g. e-mail address, telephone number);
  • Supportive information (e.g. availability);
  • Payment data (e.g. bank details, payment history).

b. Recipient of the data

Within the scope of contract processing, we can, if necessary, pass on your data to the recipient groups listed below, for example:

  • Payment service providers, for the processing of a payment transaction (e.g. financial institutions, payment services);
  • Printing companies;
  • Telecommunications service providers;
  • Delivery services;
  • Debt collection service providers or credit agencies, insofar as this is necessary to protect our rights;
  • Market research companies.

We have contractually agreed with these service providers that they may only use your data within the scope of order processing for us and for our services.

c. Purpose of processing

We use this data exclusively for the fulfilment of contracts, invoicing, booking of payments, service, customer care and to improve our services.

The information provided in the context of the execution of the contract is processed on the basis of Art. 6 Para. 1 letter b GDPR. This permits the processing of personal data for the purpose of fulfilling a contract.

Furthermore, the legal basis for customer support, customer care and product maintenance is Art. 6 para. 1 sentence 1 lit. f GDPR.

This regulation permits the processing of personal data within the scope of the ‘legitimate interest’ of the service provider, namely in the optimisation of our services, our processes and our products.

e. Duration of data storage

This data remains stored by us until all mutual claims arising from the contractual relationship have been finally settled and the respective commercial and tax law retention periods have expired. As a rule, this is up to a total of 10 years.

f. Possibility of objection

You have the right to object at any time to the processing of personal data concerning you for the purposes of customer care, including advertising, and profiling, insofar as it is connected with such direct marketing.

If you object to the processing of your personal data for customer care or direct marketing purposes, we will no longer process your personal data for these purposes.


3. Providing the Website

When you visit our website, our web server in conjunction with the necessary infrastructure automatically collects technical data. In order to guarantee its operation, the data is stored in so-called ‘log files’.

a. Your data

Some of this technical data is treated as personal data.

This is:

  • IP address of your terminal device;
  • Name, URL and IP address of the website or file you have accessed;
  • Date and time of access;
  • Amount of data transferred;
  • Message about successful retrieval;
  • Internet browser type and version;
  • Operating system of your terminal device;
  • Type of your terminal device, including MAC address;
  • Referrer URL and IP address of the previously visited website.

b. Recipient of the data

Log files are processed in-house.

Any other use is only permitted with your prior consent.

c. Purpose of processing

The collection of log files serves the purpose of managing the web server and the IT infrastructure and also to improve our offer.

Log files are used to maintain the security and stability of our website. In particular:

  • Detection of technical errors and their rectification;
  • Detection of malicious website accesses (hacking) and their logging;
  • securing forensic activities.

In order to improve our offer, data is used on an anonymised basis (i.e. in principle not personal data), e.g.:

  • Analyse which websites are favoured;
  • To determine errors;
  • To record how many hits occur daily.

This data is not combined with personal data.

The personal data in log files are processed on the basis of Art. 6 para. 1 lit. f GDPR.

This regulation permits the processing of personal data within the scope of the ‘legitimate interest’ of the service provider, namely the processing of contact details.

e. Duration of data storage

The data in the log files are deleted as soon as they are no longer required for the purpose for which they were collected.

This is usually the case after three months.

We reserve the right to store the log files longer if there are indications that unauthorised access (such as hacking, network attacks) may be possible.

f. Possibility of objection

Insofar as data is collected to the extent described, this is absolutely necessary for the security and operation of the website. There is therefore no possibility of objection.


4. Website function Google Analytics

On our website we use the web analysis service Google Analytics from ‘Google’ to analyse the surfing behaviour of our users.

The software sets cookies on the user’s computer.

The use includes the operating mode ‘cross-device reports’. This makes it possible to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus to analyse the activities of a user across devices.

a. Your data

The following data is typically collected:

  • Browser type / version;
  • Operating system used;
  • Referrer URL (the previously visited page);
  • Host name of the accessing computer (IP address);
  • Time of the server request.

We would like to point out that your IP address will be anonymised (so-called IP masking), so that an assignment is not possible.

The user’s IP address is shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

b. Recipient of the data

The recipient of the collected data is:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The data may be transferred to a Google server in the USA and stored there.

You can find more information on the terms of use of Google Analytics at

and Google’s Privacy and Terms of Use at

c. Purpose of the processing

The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our webservices. This helps us to constantly improve our website, our webservices and their user-friendliness.

The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

This regulation permits the processing of personal data within the scope of the ‘legitimate interest’ of the service provider, namely in the optimisation of our website, the analysis of the use of our website and the adaptation of the contents.

The protection of your personal data is adequately safeguarded by anonymising the IP address.

e. Duration of data storage

The data is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

f. Possibility of objection

Cookies are stored on the user’s computer and therefore you as a user have full control over the use of cookies.

By changing the settings in your internet browser, you can deactivate the cookies. Cookies already stored can be deleted at any time. This can also be done automatically.

If cookies for our website are deactivated, it may not be possible to use all the functions of the website to their full extent.

You can also deactivate Google Analytics by downloading and installing a browser add-on. You can find more information about this at https://tools.google.com/dlpage/gaoptout.


5. Website function Google Maps

On our website we use contents of the map service Google Maps from the provider ‘Google’.

We use it, for example, to display maps, as well as to enable you to find our location better.

When you visit our website, Google receives the information that you have called up the corresponding subpage of our website.

a. Your data

Your browser automatically sends data and it can be assumed, among other things, that the following data is recorded and saved:

  • Browser type/version;
  • Operating system used;
  • Referrer URL (the previously visited page);
  • Host name of the accessing computer (IP address);
  • Time of the server request,

The data is used for the map display.

In addition, fonts are downloaded from Google Server for the display: For system administration reasons, it can also be assumed that data is being stored on this server.

By clicking on the Google logo, you will be redirected to Google’s ‘Maps’ service, e.g. for route planning. If you are now logged in to Google at the same time, this data will be assigned directly to your account. If you do not wish to be assigned to your profile, you must log out before clicking on the logo.

By using this Google function, you agree to the collection, processing and use of the automatically collected data as well as the data entered by you by Google, one of its representatives or third parties.

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or of its use by Google.

Detailed information on the purpose and scope of data collection and its processing by Google can be found in the provider’s privacy policy https://policies.google.com/privacy.

b. Recipient of the data

The recipient of the collected data is:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The data may be transferred to Google’s servers outside Europe, such as the USA, and stored there.

You can find more information on the terms of use of Google Maps at

c. Purpose of processing

The processing of your personal data enables you to find our location better and, if necessary, to have a route calculated.

The provider may store this data as a user profile and use it for advertising and market research purposes.

We would like to point out that we, as the provider of the pages, have no knowledge of the further use of the data by Google.

The legal basis for the use of Google Maps is Art. 6 para. 1 sentence 1 lit. f GDPR.

This regulation permits the processing of personal data within the scope of the “legitimate interest” of the service provider, namely the provision of services to our users.

e. Duration of data storage

We would like to point out that we, as the provider of the pages, have no knowledge of the duration of data storage by Google.

f. Possibility of objection

The data is mandatory for the function offered on this website. There is therefore no possibility of objection.


6. Website function Google Fonts

On our website we use fonts of the font service Google Fonts from the provider ‘Google’.

We use it to improve the visual presentation and the understanding of information on the webpages.

When you open a page, and your browser does not already have the font, your browser will fetch the font from Google. Google will receive information that the fonts have been downloaded for this website.

If your browser does not support web fonts, a standard font is used by your computer.

a. Your data

Your browser automatically sends the following data, which will be logged.

  • Host name of the accessing computer (your IP address);
  • The font being accessed;
  • CSS file information;
  • Time of your request;

The following data might also be recorded and be saved:

  • Browser type/version;
  • Operating system used;
  • Referrer URL (the previously visited page);

Information about the handling of user data can be found at https://developers.google.com/fonts/faq.

Detailed information on the purpose and scope of data collection and its processing by Google can be found in the provider’s privacy policy https://policies.google.com/privacy.

b. Recipient of the data

The recipient of the collected data is:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The data may be transferred to Google’s servers outside Europe, such as the USA, and stored there.

You can find more information on the terms of use of Google Maps at

c. Purpose of processing

The provider uses the information for statistics.

We would like to point out that we, as the provider of the pages, have no knowledge of the further use of the data by Google.

The legal basis for the use of Google Fonts is Art. 6 para. 1 sentence 1 lit. f GDPR.

This regulation permits the processing of personal data within the scope of the “legitimate interest” of the service provider, namely the optimization and economic operation of our website.

e. Duration of data storage

We would like to point out that we, as the provider of the pages, have no knowledge of the duration of data storage by Google.

f. Possibility of objection

The data is mandatory for the function offered on this website. There is therefore no possibility of objection.