19/02/2021
The following data protection information provides an overview of the collection and processing of your data. The complete information can be found in the data protection declaration Datenschutzerklärung (see below).
Which data do we collect from you when and which data are optionally collected based on your input?
The data listed here are stored in the server log files for a maximum of 30 days. The app can be used without processing any further personal data.
In addition, depending on the application, further information may be requested. Which personal data has to be given is determined by the respective input mask that is used for the registration.
At no time will the app download and process data from your address book or geoposition without having obtained your explicit consent.
How do we collect your data?
When accessing this app or websites integrated in the app, the access data may be logged automatically. Otherwise, all further data will be collected through your input.
What do we use your data for?
To provide our products and services as well as to optimize and protect the app and web services. With your consent, we will use your input to respond to your contact requests / messages. We also reserve the right to use your data for information and, if necessary, advertising, provided you have given your explicit consent. Your data will only be passed on to third parties in special exceptions or if you have given your consent, e.g. for criminal prosecution in the event of misuse or attacks on our IT systems.
What are your rights?
We look forward to your use of the app and web services. When using modern software and apps, not only functionality but also data protection is very important.
Data protection and data security have the highest priority for us. We have therefore designed this app, our website, web offers and our business processes in such a way that as little personal data as possible is collected or processed. The following data protection declaration explains how we guarantee the protection of personal data and what type of data we collect and process for you, for what purpose.
Our app and website can generally be used once without entering personal data. Certain technical personal data - which, however, are anonymous for us as the publisher of the app - such as an anonymous app ID or possibly IP addresses are processed automatically. If a data subject wishes to make use of special services, it may be necessary to enter and process personal data when using the app. If this is necessary and if there is no legal requirement or no legitimate interest for such processing or if this is not necessary to fulfill the contract, we generally obtain the consent of the person concerned (i.e. from you as the user).
The processing of personal data, for example the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the applicable country-specific data protection regulations.
The person responsible for processing has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this app and web services. However, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person is free to transmit personal data to us in alternative ways, for example by telephone.
Our data protection declaration is based on the terminology of the General Data Protection Regulation (GDPR). For better understanding and readability, we explain the terms used below.
Personal data
Personal data is all information that relates to an identified or identifiable natural person (hereinafter referred to as "data subject"). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
Affected person
A data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.
Processing
Processing is any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use , disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
Restriction of processing
One restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling
Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, e.g. to analyze aspects of personal preferences and interests of this natural person.
Pseudonymization
Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
Responsible person or person responsible for processing
The person responsible or the person responsible for the processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.
Processor
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
Recipient
The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients.
Third
A third party is a natural or legal person, authority, institution or other body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor to process.
Consent
Consent is any voluntary declaration of intent given by the person concerned for the specific case in an informed manner and unambiguously in the form of a declaration or other unequivocal confirmatory action with which the person concerned indicates that he is with Consents to the processing of the personal data concerning you.
Responsible body for processing
The person responsible within the meaning of the GDPR, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
vmapit GmbH
Julius-Hatry-Straße 1
68163 Mannheim
Tel. 0621 – 150 282 15
Email: info@vmapit.de
Our app collects a series of general data / information with each call by a data subject or an automated system. These data are stored in so-called log files on our server. Can be recorded …
When using this general data / information, the user remains anonymous for us as the publisher of the app, so we do not draw any conclusions about the person concerned. The above information is required to correctly deliver the content of our app and web services, to improve the content of our app and web services and their distribution, to ensure the long-term functionality of our systems and the IT infrastructure of our app and To guarantee web services and, if necessary, to be able to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data is evaluated by the person responsible for the app and the technical operator of the app for statistical purposes or with the aim of increasing data protection and data security. Anonymous data in the server log files are stored separately from all personal data provided by a data subject.
Our app and web services may use cookies. Cookies are text files that are filed and saved on a computer system via an (Internet) browser.
Some cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign the Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables a website or a server to differentiate the individual browser of the person concerned from other Internet browsers that contain other cookies. A certain internet browser can be recognized and identified via the unique cookie ID. By using cookies, we can provide users of our app and web services with more user-friendly functions that would not be possible without the use of cookies.
Our app and web services contain functions (e.g. e-mail / contact forms) that enable quick electronic contact to us and our employees as well as direct communication (e.g. by phone call). If a data subject contacts the person responsible for processing by email or a contact form, the personal data transmitted by the data subject will be saved automatically. Such personal data transmitted by a data subject to the controller on a voluntary basis will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties if this is not expressly requested by the person concerned.
If a registration is offered in the app or via a web service connected to the app, the person concerned has the option of registering on the app or the web service of the person responsible for processing by providing personal data. Which personal data is transmitted to the person responsible for the processing results from the respective input mask that is used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the person responsible for processing and for their own purposes. The person responsible for processing can arrange for the data to be passed on to one or more processors, who also use the personal data exclusively for internal use attributable to the person responsible for processing.
By registering the person responsible for processing, the IP address assigned by the Internet service provider (ISP) of the person concerned, the date and time of registration may also be saved. This data is stored to prevent misuse of our service. These data help, if necessary, to solve crimes that have been committed. In this respect, the storage of this data is necessary to protect the person responsible for processing. This data is generally not passed on to third parties unless there is a legal obligation to pass it on or it is used for criminal prosecution. The registration of the data subject with the voluntary provision of personal data enables the person responsible for processing to offer the data subject services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have them completely deleted from the database of the person responsible for processing. The person responsible for processing provides the data subject with information on request at any time about which personal data is stored about the data subject. Furthermore, the person responsible for processing corrects or deletes personal data at the request or information of the person concerned, provided that there are no legal storage obligations or legitimate interests of the responsible body that make temporary storage necessary. The person responsible for data protection named in this data protection declaration is available to the data subject as a contact person in this context.
Personal data of the data subject will only be used for the period necessary to achieve the storage purpose or if this is required by the European directives and regulations or another legislator in laws or regulations to which the person responsible for the processing is subject , was provided, processed and stored. If the purpose of the storage is no longer applicable or if a storage period prescribed by the European directives and regulations or another competent legislature expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Your rights as a data subject
A data subject has the right, granted by the European directives and regulations, to request confirmation from the person responsible for the processing as to whether they are processing personal data. If a person concerned would like to make use of this right of confirmation, they can contact us at any time.
In addition, a person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to obtain free information at any time from the person responsible for processing about the personal data stored about him and a To receive a copy of this information. In addition, the European legislator of directives and regulations has granted the data subject access to the following information:
In addition, the data subject has a right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject has the right to obtain information about the appropriate guarantees in connection with the transmission. If a data subject wishes to make use of this right to information, they can contact our contact person for data protection or another employee of the person responsible for processing at any time.
A person affected by the processing of personal data has the right granted by the European directives and regulations to request the immediate correction of incorrect personal data concerning them. In addition, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data (also by means of a supplementary statement). If a data subject wishes to exercise this right to rectification, they can contact our contact person for data protection or another employee of the person responsible for processing at any time.
A person affected by the processing of personal data has the right granted by the European directives and regulations to demand that the person responsible delete the personal data concerning them immediately, provided one of the following reasons applies and insofar as processing is not required:
If one of the above reasons applies and a data subject wishes to have personal data deleted, he or she can contact our contact person for data protection or another employee of the person responsible for processing at any time turn. The contact person for data protection or another employee will arrange for the deletion request to be complied with immediately.
Has the personal data been made public by the responsible body and is the responsible body as the responsible party in accordance with Art. 17 para. 1 GDPR to delete the personal data, the responsible body takes appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, in order to take other measures for the Data processing controllers who process the published personal data to inform them that the data subject has requested the deletion of any links to this personal data or copies or replications from these other data controllers this has requested personal data, unless the processing is necessary. The contact person for data protection of the responsible body or another employee will arrange the necessary in individual cases.
Every person affected by the processing of personal data has the right, granted by the European legislator of directives and regulations, to require the controller to restrict the processing if one of the following conditions is met:
If one of the above conditions is met and a person concerned would like to request the restriction of personal data stored by the responsible body, they can contact our data protection officer or another employee at any time of the person responsible for processing. The person responsible for data protection or another employee will initiate the restriction of processing.
Every person affected by the processing of personal data has the right granted by the European directives and regulations to the personal data relating to them, which have been provided by the person concerned to a person responsible, in a structured, common and machine-readable format Receive. It also has the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that the processing is based on the consent in accordance with. Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract in accordance with Art. 6 Para. 1 Letter b GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of public authority takes place, which was transferred to the person responsible.
In addition, when exercising their right to data portability, the data subject has Art. 20 para. 1 DS-GVO the right to have the personal data transmitted directly from one responsible person to another responsible person, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons become.
To assert the right to data portability, the person concerned can contact the person responsible for processing or the person responsible for data protection or another employee at any time.
Every person affected by the processing of personal data has the right granted by the European directives and regulations to object at any time to the processing of personal data relating to them based on Art. 6 para. 1 letters e or f DS-GVO takes place, to lodge an objection. This also applies to profiling based on these provisions.
In the event of an objection, the responsible body will no longer process the personal data, unless compelling legitimate reasons can be demonstrated for the processing that outweigh the interests, rights and freedoms of the data subject , or the processing serves to assert, exercise or defend legal claims.
If the responsible body processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct mail. If the person concerned objects to the responsible body for processing for the purposes of direct marketing, the responsible body will no longer process the personal data for these purposes. In addition, the data subject has the right, for reasons that arise from his or her particular situation, to object to the processing of personal data concerning him or her that is carried out by the responsible body for scientific or historical research purposes or for statistical purposes. Art. 89 Para. 1 GDPR, to object, unless such processing is necessary for the performance of a task in the public interest. Reliable reasons for the processing can be proven, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
To exercise the right to object, the person concerned can contact the person responsible for data protection in the responsible body or another employee directly. The data subject is also free, in connection with the use of information society services, regardless of Directive 2002/58 / EC, to exercise their right of objection by means of automated procedures in which technical specifications are used.
Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations not to be subjected to a decision based solely on automated processing (including profiling) that opposes them. unfolds over legal effect or similarly significantly affects it, provided that the decision is not necessary for the conclusion or performance of a contract between the data subject and the person responsible, or based on legal provisions of the Union or of the Member States to which the person responsible is subject, is permitted and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or are carried out with the express consent of the data subject.
If the decision is necessary for the conclusion or performance of a contract between the data subject and the person responsible or if it is made with the express consent of the person concerned, the responsible body shall take appropriate measures to safeguard the rights and freedoms as well To safeguard the legitimate interests of the data subject, including at least the right to obtain intervention by a person on the part of the person responsible, to express one's own point of view and to contest the decision.
If the data subject wishes to assert rights with regard to automated decisions, they can contact our data protection officer or another employee responsible for processing at any time.
Every person affected by the processing of personal data has the right granted by the European directives and regulations to revoke their consent to the processing of personal data at any time.
If the person concerned wishes to assert their right to withdraw consent, they can contact our data protection officer or another employee responsible for processing at any time.
Art. 6 I lit. a GDPR serves us as the publisher of the app and as the responsible body, as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration , the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If the responsible body is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis, if the processing is necessary to safeguard a legitimate interest of the responsible body or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not predominate. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the person concerned is a customer or a member of the organization of the person responsible (recital 47 sentence 2 GDPR).
If the processing of personal data is based on Article 6 I lit.f GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of our organization, all of our employees and partners.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, provided that they are no longer required for contract fulfillment or contract initiation.
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. The data subject is, for example, obliged to provide us with personal data if the responsible body concludes a contract with them. Failure to provide personal data would mean that the contract with the person concerned could not be concluded. Before the person concerned provides personal data, the person concerned can contact our employee responsible for data protection. This then explains to the person concerned on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data would have.
Note on the existence of automated decision-making
As the publisher of the app and the responsible body in accordance with GDPR, we do not use automatic decision-making or profiling.
Adjustments to the data protection declaration
We reserve the right to adapt this data protection declaration in the event of technical and / or legal changes. If you have any questions or information about data protection, please do not hesitate to contact us: & nbsp; info@vmapit.de Further contact options can be found under the menu item Contact / Contact person or in the imprint of the app.
|
Key points on data protection
|