Data protection
Responsible
DEF-trans Reisser
Owner: Michaela Reisser
Karl-Jatho-Weg 17
90411 Nuremberg
Germany
E-mail address
Imprint
Contact data protection officer
01 51 - 40 74 52 65
Overview of the processing operations
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
Inventory data (e.g. names, addresses)
Content data (e.g. text entries, photographs)
Contact data (e.g. e-mail, telephone numbers)
Contract data (e.g. subject matter of the contract)
Payment data (e.g. invoices, payment history)
Categories of data subjects
Business and contractual partners
Interested parties
Communication partners
Customers
E-mail contact
Description and scope of data processing
You can contact me via the e-mail address provided, in which case your e-mail address and the data transmitted with the message will be processed.
Your data will not be passed on to third parties in this context. Your data will be used exclusively for the processing of our joint conversation.
Relevant legal bases
The legal basis for the processing of your data transmitted in the course of your use of my e-mail address is Art. 6 para. 1 lit. F GDPR. 6 para. 1 lit. B GDPR.
Purpose of the data processing
If you contact us by email, this also constitutes our necessary legitimate interest in processing your data.
Duration of storage
Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For your personal data transmitted by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Objection and removal options
You can object to the storage of your data at any time by informing me of your objection. In such a case, the conversation cannot be continued.
All personal data stored in the course of making contact will be deleted in this case, as long as there are no legal provisions to the contrary.
- Processed data types: Inventory data (e.g. names, addresses), Payment data (e.g. invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g. subject matter of the contract),
- Data subjects: Interested parties, business and contractual partners, customers.
- Purposes of Processing: Contractual services and support, contact requests and communication, Office and organisational procedures, Managing and responding to enquiries, Security measures.
- Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
National data protection regulations in Germany
In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. The data protection laws of the individual federal states may also apply.
Security measures
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
SSL encryption (https):
We use SSL encryption to protect your data transmitted via our online offering. You can recognise such encrypted connections by the prefix https:// in the address bar of your browser.
Cookies
Cookies are not used by me.
Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or law, we only process or have the data processed in third countries with a recognised level of data protection, including US processors certified under the "Privacy Shield", or on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).
Commercial and business services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships and associated measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries.
We process this data to fulfil our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as for business organisation. We only pass on the data of the contractual partners to third parties within the framework of the applicable law insofar as this is necessary for the aforementioned purposes or to fulfil legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this privacy policy.
We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons (e.g. for tax purposes, generally 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Payment service providers
As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively referred to as "payment service providers").
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the payment service providers' terms and conditions and data protection information.
Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information and other data subject rights.
- Processed data types: Inventory data (e.g. names, addresses), Payment data (e.g. bank details, invoices, payment history), Contract data (e.g. subject matter of the contract), Data subjects: Customers, interested parties.
- Purposes of processing: Contractual performance and service.
- Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Services used and service providers
PayPal: Payment services; service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Reservation of reference to other communication channels:
Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer enquiries via Messenger. This is the case if, for example, internal contractual information requires special confidentiality or a reply via Messenger does not fulfil formal requirements. In such cases, we will refer you to more appropriate communication channels.
- Types of data processed: Contact details (e.g. email, telephone numbers), data subjects:
- Purposes of processing: Contact enquiries and communication, direct marketing (e.g. by email or post).
- Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Services used and service providers:
WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; Website: https://www.whatsapp.com/; Privacy Policy: https://www.whatsapp.com/legal; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active.
Created with Datenschutz-Generator.de by Dr Thomas Schwenke, among others