General Data Protection Regulation

date: December 24 2023

Table of contents

  • person responsible
  • overview of processing
  • relevant legal bases
  • security measures
  • rights of the data subjects
  • provision of the online offer and web hosting

    • person responsible

    systeema
    Danny Schwohl
    Straßmannstr. 25
    10249 Berlin

    E-Mail-Adresse: contact@systeema.de Impressum: https://systeema.de/imprint.php?lang=en

    overview of processing

    The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

    types of data processed

  • contact details.
  • content data.
  • usage data.
  • meta, communication and process data.

    • categories of affected persons

  • communication partner.
  • user.

    • purposes of the processing

  • contact requests and communication.
  • security measures.
  • managing and responding to inquiries.
  • feedback.
  • provision of our online offer and user-friendliness.
  • information technology infrastructure.

    • relevant legal bases

    relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

  • legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

    • national data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. The data protection laws of the individual federal states may also apply.

    security measures

    We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

    The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, securing availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

    Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a full IP address is not required, the IP address is truncated (also known as "IP masking"). The last two digits or the last part of the IP address after a dot are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or make it much more difficult to identify a person by their IP address.

    TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing Internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

    rights of the data subjects

    Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • right to withdraw consent: You have the right to withdraw your consent at any time.
  • right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
  • right to rectification: In accordance with the legal requirements, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
  • right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.
  • right to data portability: SYou have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.
  • complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

    • provision of the online offer and web hosting

    We process users data in order to provide them with our online services. For this purpose, we process the users IP address, which is necessary to transmit the content and functions of our online services to the users browser or end device.

  • processed data types: usage data (e. g. websites visited, interest in content, access times); meta, communication and process data (e. g. IP addresses, time data, identification numbers, consent status); content data (e. .g. entries in online forms).
  • persons concerned: users (e. .g. website visitors, users of online services).
  • purposes of the processing: Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). security measures.
  • legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

    • further information on processing operations, procedures and services:

  • provision of online services on own/dedicated server hardware: For the provision of our online offer, we use server hardware operated by us as well as the associated storage space, computing capacity and software; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the users operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used on the one hand for security purposes, e. g., to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks) and, secondly, to ensure the utilization of the servers and their stability; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
  • e-mail dispatch and hosting: The web hosting services we use also include the sending, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails are stored. (e. g. the providers involved) and the content of the respective e-mails. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • netcup: services in the field of the provision of information technology infrastructure and related services (e. g. storage space and/or computing capacity); service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, Deutschland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.netcup.de/; privacy policy: https://www.netcup.de/kontakt/datenschutzerklaerung.php. order processing contract: https://www.netcup-wiki.de/wiki/Zusatzvereinbarung_zur_Auftragsverarbeitung.

    • Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke