Privacy

Thank you for your interest in our website, apps and services. Data protection and data security have top priority in all activities of Priotecs IT GmbH. In accordance with our principles, responsible and respectful handling of personal data is a standard.

The following privacy statement represents our commitment to these principles. It describes in detail which data is collected, processed and stored through the use of our apps, services and offers.

Privacy Statement

Content

  1. General Information
    1. Contact details
  2. Detailed information on the collection of personal data
    1. Web page visit
    2. Cookies
    3. Contract Fulfillment
    4. Contact via online form, e-mail, fax or telephone
    5. User Account
    6. Direct mail
    7. Blog, Forum, Helpdesk
    8. Google AdWords
    9. Google Analytics
    10. Matome / Piwik
    11. Facebook-, Instagram-, Twitter-Buttons
  3. Rights of the data subject
    1. Right of access – Art. 15 GDPR
    2. Right to rectification – Art. 16 GDPR
    3. Right to erasure – Art. 17 GDPR
    4. Right to restriction of processing – Art. 18 GDPR
    5. Notification obligation – Art. 19 GDPR
    6. Right to data portability – Art. 20 GDPR
    7. Right to object – Art. 21 GDPR
    8. Automated individual decision-making, including profiling – Art. 22 GDPR
    9. Right to lodge a complaint with a supervisory authority – Art. 77 GDPR
    10. Right to an effective judicial remedy against a controller or processor – Art. 79 GDPR

I. General Information

Contact details

Priotecs IT GmbH
Lendersweg 11
47877 Willich
Tel. und Fax: 02154 / 5021729
E-Mail: info@cumo.app

II. Detailed information on the collection of personal data

1. Web page visit

a) Purpose of data processing

Each time a user accesses a page of our website and each time a file stored on our website is accessed, access data about this process is stored in a log file. Each record consists of:

  1. filename,
  2. the date and time of the request,
  3. the amount of data transferred,
  4. the access status (file transferred, file not found, etc.),
  5. a description of the type of operating system and web browser used, (6) Referrer URL,
  6. hostname of the accessing computer,
  7. the client IP address.

We use this data to operate our website, in particular to ascertain the utilisation of the website as well as malfunctions of the website and to make adjustments or improvements. The client IP address is used for the purpose of transmitting the requested data; it is made anonymous by deleting the last number block (Ipv4) or the last octet (Ipv6) once the technical requirement has disappeared.

b) Duration of storage

We use this data to operate our website, in particular to ascertain the utilisation of the website as well as malfunctions of the website and to make adjustments or improvements. The client IP address is used for the purpose of transmitting the requested data; it is made anonymous by deleting the last number block (Ipv4) or the last octet (Ipv6) once the technical requirement has disappeared.

c) Legal basis

The temporary storage of the aforementioned data takes place on the legal basis of Art. 6 Para. 1 lit. f EU General Data Protection Regulation (hereinafter referred to as „GDPR“). The legitimate interest lies in the provision of our website and the examination of abusive use.

d) Possibility of opposition and removal

By waiving the use of our website, the data subject can object to the processing and, subject to the conditions described in more detail in the section „Rights“ below, demand the deletion of data collected from him in this way by means of an informal declaration.

2. Cookies

a) Purpose of data processing

In order to technically facilitate the visit to our website and the ordering process, we transmit so-called cookies to the end device of the person concerned. Cookies are small text files that can be used to identify the data subject’s terminal device by recording the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. By storing the cookie on the terminal used – without interfering with the operating system – it is recognised again and enables us to make any presettings immediately available. We use this information to adapt our website and the services we offer to your needs and to speed up your visit to our website.

b) Duration of storage

The storage period of the various cookies varies, but is no longer than two years. They are stored on your local device, not on our server, so the actual deletion time depends on how your browser software is configured. Please refer to the operating instructions of your browser software for information on how to delete cookies set by us automatically or on a case-by-case basis.

c) Legal basis

The aforementioned data are stored on the legal basis of Art. 6 para. 1 lit. f DSGVO. The justified interest in the setting of cookies is, on the one hand, to be able to optimise the quality of our website by means of an analysis and, on the other hand, to make it possible to visit our website; in particular, some functions on our website cannot be used without cookies, as otherwise the user and the settings already made would not be recognised when changing pages, language settings would be lost and searches could not be carried out. Furthermore, the data is stored on the legal basis of Art. 6 Para. 1 lit. b GDPR for the implementation of the contract.

d) Possibility of opposition and removal

The data subject can block the use of cookies in the terminal used or delete them after use. Under certain circumstances, however, individual functions of our offer may not be usable. For information on how to block cookies and how to delete cookies that have already been saved, please refer to the instructions in the browser software.

3. Contract Fulfillment

a) Purpose of data processing

Name, address(es), bank details, e-mail address, telephone or telefax number, client IP address at the time of placing a customer order are collected, stored and processed solely for the purpose of establishing or executing the contract, which in particular includes billing and processing the contract.

Personal data will only be passed on to third parties if this is necessary for the purpose of executing the contract, e.g. when commissioning a shipping company or using a payment service company.

b) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purposes for which they were collected or otherwise processed. This period is five years for personal data subject to § 147 AO and ten years for personal data subject to § 257 HGB. The periods begin at the end of the calendar year in which the data was collected.

c) Legal basis

The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b and lit. c GDPR in order to fulfil the obligations arising from the contract and to provide the services required for the execution of the contract.

d) Possibility of opposition and removal

Since there are legally standardized retention periods and the data must remain stored and processed for the execution of the contract, objection or deletion is not possible.

Contact via online form, e-mail, fax or telephone

a) Purpose of data processing

On the website we provide a contact form. The person concerned can then contact us electronically and we can process the request. The following data will be collected and stored: Name, e-mail address, date and time of the inquiry and the description of the request, if necessary contract data, if the inquiry takes place in the context of a contract admission or completion.

A user can contact us by e-mail, fax or telephone. We store the data transmitted to us and provided by the person concerned for the purpose of processing the enquiry. These data are name, address, e-mail address, telephone and/or fax number, date and time of the inquiry and the description of the request, if necessary contract data, if the inquiry takes place in the context of a contract admission or completion.

The data will not be passed on to third parties. They serve the processing of the contact request of the person concerned.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they are deleted, which is the case when the conversation has finally taken place and the facts have been clarified and no contractual or tax retention periods stand in the way. This period is five years for personal data which fall under § 147 AO and ten years for personal data which fall under § 257 HGB. The periods begin at the end of the calendar year in which the data was collected.

c) Legal basis

The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b DSGVO in the context of initiating or fulfilling a contract or in accordance with Art. 6 para. 1 lit. f DSGVO. The legitimate interest of the person responsible is to be able to process the contact request and to be able to prevent misuse of the contact request.

d) Possibility of opposition and removal

The person concerned has at any time the possibility of the storage to contradict. Then the data stored for the process will be deleted. If a contract has been concluded, the above remarks regarding the keyword „conclusion of contract“ will apply.

5. User Account

a) Purpose of data processing

The person concerned can register with us by providing personal data which is transmitted to us and stored. The data that is entered in the input mask or otherwise collected is stored. These are name, e-mail address, IP address, date and time of registration. The registration is necessary for the provision of certain contents and services and also serves to justify and fulfil our contract with the person concerned.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they are deleted. In the case of registration without further conclusion of contract, this is the case if the registration is deleted or the data is changed. In the event of registration leading to a further conclusion of contract, the data will be deleted as soon as the statutory and tax provisions permit the deletion of contract data. This period is five years for personal data which fall under § 147 AO and ten years for personal data which fall under § 257 HGB. The periods begin at the end of the calendar year in which the data was collected.

c) Legal basis

The aforementioned data will be stored on the legal basis pursuant to Art. 6 para. 1 lit. b GDPR within the scope of contract performance or initiation or pursuant to Art. 6 para. 1 lit. f DSGVO. The legitimate interest of the person responsible is to be able to provide certain content and services for the benefit of the user.

d) Possibility of opposition and removal

The person concerned has the possibility at any time to delete the registration or to adapt the data. The deletion or change of the account takes place by communication to the contact specified under number I. No objection or removal of the registration and the data is possible if the registration was used to establish or execute a contractual relationship; only the account can be deleted here. The deletion of the account takes place by means of the aforementioned steps.

6. Direct mail

a) Purpose of data processing

We will use the data received from the person concerned in connection with the sale of a product or service for direct advertising of our offer, to the extent permitted by law.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they are deleted, which is the case if the data subject has objected to the direct advertising or if the expiry of time after the last advertising measure requires this with reference to the right of objection, which is the case after twelve months after the last advertising measure.

c) Legal basis

The legal basis for advertising following the purchase of goods or the use of services is Article 6(1)(f) GDPR. Legitimate interest is direct advertising for sales promotion.

d) Possibility of opposition and removal

The person concerned can object to the use of the information for the future at any time.

7. Blog, Forum, Helpdesk

a) Purpose of data processing

In our blog, the user forum around the helpdesk area, in which we publish various articles on topics related to our offers, a user can make public comments and post posts.

The user will be published with the given name in the post. The user name and e-mail address are required, all other information is voluntary. The IP address is also saved.

The storage is necessary in order to be able to defend us against liability claims in cases of a possible publication of illegal content. We need your e-mail address in order to contact you if a third party should object to your comment as unlawful.

b) Duration of storage

The data is stored and deleted with each comment of a user as soon as it is no longer necessary for the purpose of the collection, which is the case at the latest three months after the publication of the comment.

c) Legal basis

The aforementioned data are stored in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the provision of our blog and in order to prevent misuse of the comment function.

d) Possibility of opposition and removal

The person concerned has at any time the possibility of the storage to contradict. Then the data stored for the process will be deleted.

8. Google AdWords

a) Purpose of data processing

We use the services of Google Adwords to draw attention to our services on external websites. For this purpose, we use Ad Server Cookies, which can be used to measure certain parameters such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords stores a cookie on your terminal device. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, the analysis values stored are usually the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed).

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer’s website and the cookie stored on his or her terminal has not yet expired, Google and the customer may recognize that the user clicked on the ad and was directed to that page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers.

We ourselves do not collect and process any personal data in the aforementioned advertising measures. Google only provides us with statistical evaluations. On the basis of these evaluations we can recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating AdWords Conversion, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address.

You can find out more about Google AdWords‘ privacy policy at the following Internet address

https://policies.google.com/technologies/ads?hl=en

b) Duration of storage

Cookies are valid for 30 days and are deleted after expiry unless you delete them yourself beforehand – for example by making suitable settings in your browser or manually.

c) Legal basis

The above data is stored on the legal basis of Art. 6 para. 1 lit. f GDPR and § 15 para. 3 TMG.

d) Possibility of opposition and removal

You can block the use of cookies; the corresponding steps can be found in the instructions for your browser software.

9. Google Analytics

a) Purpose of data processing

The client IP address is collected for the use of the Google Analytics service. This website uses Google Analytics, a web analytics service provided by Google Inc. „(„Google“). Google Analytics uses „cookies“, which are text files placed on the user’s computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymisation on this website, the IP address of the person concerned will be shortened by Google in advance within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating website usage, compiling reports on website activity and providing other services to website operators relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they are erased, which is the case when the anonymisation carried out within the European Union has been completed. This takes less than a second.

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Further information can be found at https://www.google.com/analytics/terms/de.html and https:// policies.google.com/?hl=en.

c) Legal basis

The aforementioned data are stored on the legal basis of Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the fact that it is possible for us to analyse the use of the website by all users in its entirety without drawing conclusions about the behaviour of identifiable persons; this enables us to optimise our website and our offers.

d) Possibility of opposition and removal

The person concerned can prevent the storage of cookies by setting the browser software accordingly; however, we point out to the person concerned that in this case not all functions of this website can be used to the full extent. In addition, the data subject may prevent the collection by Google of data generated by the cookie and relating to the use of the website (including the IP address) and the processing of such data by Google by downloading and installing the browser plug-in available at the following link [http://tools.google.com/dlpage/gaoptout?hl=en].

10. Matomo / Piwik

a) Purpose of data processing

We use the Matomo analysis service. Matomo uses cookies. These are small files that are placed in the browser. These files send information to our server which can be used to evaluate the usage behaviour of the persons concerned and to compile statistics on visitor traffic on the website. Matomo records IP addresses only briefly and completely, shortens them by the last two digit blocks (IPv4) or the last octet (IPv6) before they are processed further, so that data subjects remain anonymous.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they are deleted, which is the case when anonymisation has taken place. For technical reasons, this process takes less than a second.

c) Legal basis

The aforementioned data is stored on the legal basis of Art. 6 Para. 1 lit. f DSGVO and § 15 Para. 3 TMG. The legitimate interest lies in the fact that it is possible for us to analyse the surfing behaviour of non-identifiable users; this enables us to optimise our website and our offers.

d) Possibility of opposition and removal

The user can see from his browser instructions how to block the use of cookies.

11. Facebook-, Instagram-, Twitterschaltflächen

a) Purpose of data processing

Through social network buttons, we do not collect any personal data at all. Nevertheless, for the sake of completeness, we explain the technical background. We only use disabled buttons on social networks such as Facebook, Instagram, Twitter. This means that no data is transmitted to these networks. The person concerned decides by clicking on the buttons to activate them and thus establish a connection to the servers of the operators of the social networks and thus transmit data to the servers of the social networks in accordance with the agreement concluded by the person concerned with the social network. The activation leads to the retrieval of the contents of the social networks. The type, purpose and scope of data collection and use can be found in the corresponding data protection declarations of the social networks.

After a second click on the button, the user can send his recommendation to the social networks. If the person concerned would like to recommend several pages, then the consent is required on each page. If the person concerned wants the social network to have permanent access to his/her data, he/she can activate the buttons permanently. The appropriate check mark can be placed under a cogwheel icon to ensure that the selected button is always directly active.

b) Duration of storage

The duration of the storage depends on the specifications of the operators of the social networks.

c) Legal basis

UThe operators of the social networks inform the persons concerned about the legal basis.

d) Possibility of opposition and removal

The person concerned can later change his consent again and deactivate the buttons via the gearwheel icon that activated the social media buttons.

III. Rights of the data subject

If personal data is processed from the user on our website, the affected person (affected person) has the following rights against the responsible person according to GDPR.

1. Right of access – Art. 15 GDPR

The data subject has the right to obtain the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  9. Where personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

We provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, we may charge a reasonable fee based on administrative costs.

2. Right to rectification – Art. 16 GDPR

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure – Art. 17 GDPR

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

4. Right to restriction of processing – Art. 18 GDPR

The data subject has the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

5. Notification obligation – Art. 19 GDPR

The controller will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller will inform the data subject about those recipients if the data subject requests it.

6. Right to data portability – Art. 20 GDPR

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
  2. the processing is carried out by automated means.

The rights and freedoms of other persons shall not be affected thereby.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object – Art. 21 GDPR

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

We will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

A consent given by the person concerned can be revoked at any time. The collection and processing carried out up to this point in time, however, remains legal.

8. Automated individual decision-making, including profiling – Art. 22 GDPR

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Paragraph 1 does not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
  3. is based on the data subject’s explicit consent.

Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

9. Right to lodge a complaint with a supervisory authority – Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78. GDPR.

10. Right to an effective judicial remedy against a controller or processor – Art. 79 GDP

Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, each data subject has the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.

Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.