Data Protection Declaration

We take the protection of your personal data very seriously, and for this reason we want to provide you with straightforward and precise information about contact options and data subjects.

The following contains information about how to contact our Data Protection Officer as well as information about sending encrypted communications. We also explain the legal and technical terms that are used in the following sections of this document. An overview of the rights of the data subject is then provided. Information about the data controller is also set out. And finally, the deployed technologies, services as well as our handling of these are explained.

1. Contacting the Data Protection Officer

If you have any questions or require information, please to not hesitate to contact our external Data Protection Officer, whose contract details are

Our preferred means of communication is e-mail. You may also contact the Data Protection Officer by post or telephone. If you want to encrypt your e-mail to our Data Protection Officer, then we recommend reading the following section.

Information about enquiries:

In the event of an enquiry sent by e-mail during regular business hours, we will confirm receipt of the message on the same day. If you do not receive confirmation, we kindly ask you to contact us by telephone.

If you send an enquiry by post, we will send you confirmation on the day of receipt, or at the latest one day after receipt. If you do not receive confirmation, we kindly ask you to contact us by telephone.

In the case of a telephone enquiry, we kindly ask you to call the telephone number of our Data Protection Officer, eye-i4 GmbH, directly.

1.1 Encryption of e-mails sent to our Data Protection Officer

We support encrypted transmission by e-mail. For this reason, in order to safeguard confidentiality and integrity, we offer you the opportunity to send your enquiries to the Data Protection Officer in encrypted form. We use PGP for encryption. Information about the free use and deployment of this tool is provided on the website of our Data Protection Officer.

You can download our PGP key using the following link.

If you want the fingerprint to be verified, please contact our Data Protection Officer eye-i4 GmbH by telephone.

If you have any further questions about encryption, please do not hesitate to contact our Data Protection Officer.

2. Terms used in a legal context

Before we address legal matters in the following, we first want to introduce the associated terms:

EU-GDPR (also known as GDPR)

The term EU-GDPR (hereinafter also called “GDPR”) means the General Data Protection Regulation. This is a general regulation issued by the European Union that governs how personal data may be processed. For further information, the text of the GDPR can be accessed under the following link.

Data controller

„Data controller“ means the natural person or legal entity, public authority, institution or other body that alone or jointly with others decides upon the purposes and means of the processing of personal data; if the purposes and means of this processing are stipulated by EU law or the law of member states, then the data controller or the specified criteria of his appointment may be established in accordance with EU law or the law of the member states.

Personal data and data subject

„Personal data“ means all information relating to an identified or identifiable natural person (hereinafter called “the data subject”); a natural person is considered identifiable if they can be directly or indirectly identified, in particular through attribution to an identifier such as a name, a reference number, locational data, an online reference identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of these natural persons.

Processing

„Processing“ means any procedure or series of procedures, such as collecting, gathering, organising, ordering, storing, altering or amending, reading out, retrieving, utilisation, disclosure through transmission or another form of provision, comparison or linking, restricting, deleting or destruction of data in conjunction with personal data.

Processing restriction

„Processing restriction“ means marking saved personal data for the purpose of restricting its future processing.

Processor

„Processor“ means a natural person or legal entity, public authority, institution or another body that processes personal data on behalf of the responsible party.

Recipient

„Recipient“ means a natural person or legal entity, public authority, institution or other body to which personal data is disclosed, irrespective of whether this constitutes a third party or not. Public authorities that may possibly receive personal data within the context of a specific commissioned investigation in accordance with EU law or the law of member states are not, however, deemed to be recipients; the processing of this data by the aforementioned authorities is performed in accordance with applicable data protection regulations in accordance with the purpose of the processing.

Third party

„Third party“ means a natural person or legal entity, public authority, institution or other body, apart from the data subject, the data controller, the processor and the persons who under the direct responsibility of the data controller or of the processor are authorised to process the personal data.

Consent

„Consent“ of the data subject means every declaration of intent or other unequivocal confirmation issued voluntarily and in an informed manner for the specific case with which the respective person indicates that he or she agrees with the Processing of the Personal Data relating to him or her.

Breach of the protection of personal data

„Breach of the protection of personal data“ means a breach of security leading to the destruction, the loss or the amendment, whether unintentional or unlawful, or to the unauthorised disclosure of or unauthorised access to personal data that was transmitted, stored or otherwise processed.

Data concerning health

„Data concerning health“ means personal data relating to the physical or mental health of a natural person, including the rendering of health services, and from which information about their state of health can be obtained.

Enterprise

„Enterprise“ means a natural person or legal entity that exercises an economic activity, irrespective of the legal form, including partnerships or associations that regularly pursue an economic activity.

Supervisory authority

The „supervisory authority“ is an independent state agency established by a member state pursuant to Article 51.

Relevant and well-founded appeal

The „relevant and well-founded appeal“ means an appeal as to whether or not there has been an infringement of this Regulation or whether the proposed measure is in conformity with this Regulation against the controller or the processor, whereby the appeal clearly demonstrates the scope of the risks posed by the draft resolution in relation to the fundamental rights and freedoms of data subjects and, where appropriate, the free movement of personal data within the Union.

3 Terms used in a technical context

Before we address technical matters in the following, we first want to introduce the associated terms:

File system

The „file system“ means any structured collection of personal data that can be accessed in accordance with specific criteria, irrespective of whether this collection is managed centrally, is decentralised or run according to functional or geographical criteria.

Cookies

Cookies are text files that are stored on your device by a website using your browser.
 These text files can be used to implement technical issues such as a shopping cart mechanism or to identify your visitor behaviour.
 For this purpose, the text files can be provided with identification features and additional information.
You can prevent the storage of cookies in the browser of your device.
 If cookies are deactivated, there may be technical restrictions on the use of the website.

Serverlogs

Serverlogs are logfiles that are created by the webserver and record access to a website. A log entry can contain a variety of information such as access time, browser type, visitor's IP address, etc.

Referrer

The Referrer means the website from which the website of the data controller was reached. Server logs, for example, can document the referrer.

4 Rights of the data subject

The rights of data subjects arise out of the GDPR as well as the respective national statutory provisions concerning data protection.
If you wish to assert your rights, please contact our Data Protection Officer using the information provided above.
The following section outlines your rights arising out of the GDPR, in particular Chapter 3:

4.1 Duty to provide information

The data subject has the right to receive information about the personal data held that relates to the data subject if the data was collected from the data subject or if the data was not collected from the data subject.
 This provision is set out in Chapter 3 Art. 13 and 14 GDPR.

4.2 Right to information

The data subject has the right to demand confirmation from the data controller about whether he has processed the respective personal data; if this is the case, the data subject has the right to demand information about this personal data and further information pursuant to Art. 15 GDPR.

4.3 Entitlement to correction

The data subject has the right to demand the prompt correction of incorrect personal data relating to him.

Taking account of the purposes of the processing, the data subject has the right to demand the completion of incomplete personal data – including by means of a supplementary declaration.

4.4 Entitlement to deletion

The data subject has the right to demand that the data controller deletes personal data relating to him without delay, and the data controller shall then be obliged to delete this data without delay, insofar as one of the following reasons pursuant to Art. 17 GDPR is applicable.

4.5 Right to restrict processing

The data subject has the right to demand the restriction of the processing, if one of the conditions pursuant to Art. 18 GDPR is met.

4.6 Reporting obligation

The data controller shall inform all recipients whose personal data has been disclosed, about every correction or erasure of personal data or about a processing restriction pursuant to Art. 16, Art. 17 Para. 1 and Art. 18 GDPR, unless this proves impossible or entails a disproportionate workload.

The data controller shall inform the data subject about these recipients, if the data subject demands this.

4.7 Entitlement to transfer the data

The data subject has the right to receive the personal data relating to him that he made available to a data controller in a structured, accessible and machine-readable format, and he has the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data had been made available.

4.8 Right to appeal

The data subject has the right at all times to appeal against the processing of the personal data relating to him, for reasons arising out of his particular situation, performed on the basis of Art. 6 Para.1 Letters e or f GDPR; this also applies to profiling that is based on these provisions. The responsible party shall then no longer process the personal data, unless he is able to demonstrate mandatory reasons for the processing that are worthy of protection and that outweigh the interests, rights and freedoms of the data subject, or if processing serves to assert, exercise or defend against legal claims.

4.9 Making a complaint to a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to file a complaint before a supervisory authority. As a rule, you may contact the supervisory authority of your normal place of residence or place of work or the domicile of the data controller.

Our competent supervisory authority is:

Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Stuttgart

5 Information about the data controller

The data controller pursuant to Art. 24 GDPR is detailed below:

6 Deployed web technologies

6.1 Serverlogs

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to present our website to you and to ensure its stability and security (the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR):

• Anonymised IP address,
• Date and time of your enquiry,
• Time zone difference relative to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status/HTTP status code,
• The respective transferred data volume,
• Website from which the request originated (referrer),
• Browser,
• Operating system and its interface,
• Language and version of the user software

6.2 Cookies

Cookies are stored on your computer when our website is used. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. In this event, however, we draw your attention to the fact that you may possibly not be able to use all of the functions of the website.

This website uses the following types of cookies, whose scope and function are explained in the following:

Transient cookies

Transient cookies are automatically erased when you close the browser. This includes, in particular, session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This enables your computer to be recognised when you return to our website.
Session cookies are erased when you log out or close the browser.

Persistent cookies

Persistent cookies are automatically erased after a specific period, which may vary from cookie to cookie. You can erase the cookies in the security settings of your browser at any time.

6.3 Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer and facilitate analyses of your use of the website. As a rule, information about your use of this website generated by the cookie will be forwarded to a Google server in the USA, where it will be saved. In the event of IP anonymisation being activated on this website, however, your IP address will first be abbreviated by Google within the member states of the European Union or in other European Economic Area member states. The full IP address will be forwarded to a Google server in the USA only in exceptional cases, where it will be truncated. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage.

You can prevent the saving of cookies by setting your browser software accordingly; however, we point out that in this event you may not be able to fully utilise all the functions of this website. You may furthermore prevent the recording of the data generated by the cookie that relates to your use of the website (incl. your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser add-on from the following link

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses continue to be processed in abbreviated form, while excluding attribution to a particular individual. Insofar as the data collected about you is of a personal nature, it will be immediately excluded and the personal data will be therefore be immediately erased.

We use Google Analytics to analyse the use of our website and to improve this on a regular basis. The collected statistics enable us to improve our services and to make them more interesting for you the user. In exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Information about the third-party provider:

7 Transfer to third parties

Your personal data shall not be transferred to any third party for reasons other than those specified above.

We transfer your personal data to third parties only:

• if you have expressly given us your consent to do this pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR,
• if forwarding is necessary pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR in order to assert, exercise or defend legal entitlements, and if there is no reason to assume that you that you have a predominant interest worthy of protection in the non-disclosure of your data,
• if there is a statutory obligation to transfer this data pursuant to Art. 6 Para. 1 Sentence 1 lit. c GDPR, as well as
• if this is permitted by law and is required pursuant to Art. 6 Para. 1 p. 1 lit. b GDPR to settle contractual relationships with you.