Data privacy
Data privacy
A. Data protection declaration according to the GDPR
I. Name and address of the controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
Sourisseaux Partners – Corporate Psychologists
Rheinstrasse 40-42
64283 Darmstadt
Germany
Phone: +49 (6151) 391 360
E-mail: datenschutz(at)sourisseauxpartners.de
Website: www.sourisseauxpartners.de
II. General information on data processing
1. Scope of the processing of personal data
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. Our users’ personal data are regularly processed only after the users have expressed their consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the data processing is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, the legal basis is defined by Art. 6 para.1 lit. an EU General Data Protection Regulation (GDPR).
Art. 6 para. 1 lit. b of the GDPR is the legal basis for the processing of personal data that is necessary for the performance of a contract to which the data subject is party. This also applies to processing operations that are necessary prior to entering into a contract.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Art. 6 para. 1 lit. c of the GDPR.
In the event that the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Art. 6 para. 1 lit. d of the GDPR.
Where processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, the legal basis for processing is Art. 6 para. 1 lit. f GDPR.
3. Data deletion and retention period
The personal data of the data subject shall be deleted or blocked if the purpose for which they were stored no longer applies. The data may be stored beyond this period if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be deleted or blocked when a storage period specified in the mentioned laws and regulations expires, except where further retention of the data is necessary for the conclusion of a contract or for fulfilling a contractual obligation.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system with which you access the website. The following data is collected:
(1) IP
(2) Folder protection user
(3) Date
(4) Time
(5) Accessed pages
(6) Logs
(7) Status code
(8) Amount of data
(9) Referrer
(10) User agent
(11) Invoked host name
These data are also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that enable the assignment of the data to a user. These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 par.1 lit. f GDPR.
3. Purpose of data processing
The system’s temporary storage of the IP address is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The data are stored in log files to ensure the website functions. In addition, the data help us to optimise the website and ensure the security of our information technology systems. The data are not evaluated in this context for marketing purposes.
Our legitimate interest in data processing also lies in these purposes, in accordance with Art. 6 para. 1 lit. f of the GDPR.
4. Retention period
The data shall be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. The data may also be stored beyond this period. In this case, the user’s IP address shall be erased or distorted so that the client can no longer be classified.
The IP addresses are stored anonymously. The last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymised. The anonymised IP addresses are kept for 60 days. Data regarding the folder protection user are anonymised after one day.
5. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. For this reason, the user shall have no possibility to object.
IV. E-mail contact
1. Description and scope of data processing
Our website contains an e-mail address that can be used for electronic contact.
You can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.
The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para.1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 par.1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para.1 lit. b GDPR.
3. Purpose of data processing
In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
4. Retention period
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the conversation with the user is finished. The conversation is finished when it can be inferred from the circumstances that the issues in question have been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and elimination
You can object to the storage of your personal data at any time by contacting us by e-mail. In this case, however, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us will be deleted.
V. Web analytics by Matomo
1. Scope of processing personal data
On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze how users browse our website. The software places a cookie on the user’s computer (see above for a description of cookies). When individual pages of our website are accessed, the following data is stored:
(1) Two bytes of the IP address of the user’s system used to access the page
(2) The sub-pages visited from the accessed page
(3) The length of time the user remains on the page
(4) The frequency with which the page is accessed
The software runs exclusively on our website servers. The users’ personal data is only stored there and will not be forwarded to third parties.
The software is configured in such a way that the IP addresses are completely anonymized. This renders it impossible to associate the truncated IP address with the querying computer.
2. Lawful basis for processing personal data
The lawful basis for processing personal data of users is given in Article 6 (1) (f) of the General Data Protection Regulation (GDPR).
3. Purpose of data processing
The processing of users’ personal data allows us to analyze the browsing behavior of our users. Evaluating the data collected enables us to compile information about how individual components of our website are used. This helps us to continually improve our website and its user-friendliness. For these purposes it is also in our legitimate interest to process the data in accordance with Article 6 (1) (f) of the GDPR. The anonymization of the IP address sufficiently takes into account the interest of users in the protection of their personal data.
4. Duration of storage
The data will be erased as soon as it is no longer required for our recording purposes. In our case the data will be erased after a period of 6 months.
For further details on the privacy settings of the Matomo software, please visit: https://matomo.org/docs/privacy/.
VI. Rights of the data subject
The following list includes all rights of the data subjects according to the GDPR. If your personal data are processed, you are a ‘data subject’ within the meaning of the GDPR and you have the following rights towards the controller:
1. You have the right:
- • to request information about your personal data processed by us, in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on the related details;
- • in accordance with Art. 16 GDPR, to demand without delay the correction or completion of inaccurate or incomplete personal data stored by us;
- • in accordance with Art. 17 GDPR, to request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- • in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
- • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller;
- • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing data based on this consent in the future.
2. Right to lodge a complaint
Under Article 77 of the GDPR, you have the right to lodge a complaint to a supervisory authority if you believe that the processing of personal data concerning you breaches the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our headquarters. The supervisory authority responsible for us is:
Der Hessische Datenschutzbeauftragte
PO Box 3163
65021 Wiesbaden, Germany
E-mail: Poststelle(at)datenschutz.hessen.de
Phone: +49 611 1408 - 0
Fax: +49 611 1408 - 900
Under Article 78 GDPR, the supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy.
3. Right to object
If your personal data is based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are grounds for this which arise from your particular situation, or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to datenschutz@sourisseauxpartners.de.
4. Automated decision making
As a responsible company, we do not use automated decision-making or profiling.
VII. Data Protection Representative
RA Christoph Kluss
℅ RAe Haaß & Kluss
Martorffstr. 5
60320 Frankfurt am Main
Phone: +49 695 6209 5
E-mail: lawoffice(at)t-online.de