This policy informs you about the processing of your personal data while you are using our website.
- 1. The data controller according to the General Data Protection Regulation (GDPR) as well as other data protection laws and dispositions of individual EU Member States is:
SMART DATA Deutschland GmbH
- 2. The data protection officer according to the GDPR and other data protection laws and dispositions is:
Mr. Sebastian Feik
51429 Bergisch Gladbach
This data protection policy aims to provide you, as a client or an interested party, with a detailed overview how and within which scope your personal data is collected, stored, processed, and transferred when visiting our website or using our services. Additionally, it aims to provide you with an overview of which data protection measures we use, and which options are available to you when visiting our website or using our services.
In order to continue protecting your personal data in the future, especially when adapting to new data protection regulation or technical developments, it is inevitable that we will occasionally adapt our data protection policy. We therefore advise to regularly check our information regarding data processing in order to remain up to date.
- Object of protection
The object of protection is your personal data. In the GDPR, personal data is defined in Art. 4, 1., as data regarding an identified or identifiable natural person. It is therefore all data in relation to you (regardless of direct or indirect), such as first name, surname, address, email address, user behaviour, etc. Data related to websites or online services which do not belong to us or which we do not control is not part of this data protection policy.
- When and within which scope do we process personal data?
In following you will find an overview of all activities within which your personal data is processed:
2.1 2.1. For the performance of contractual services / registration
We process inventory data and contractual data to execute our contractual obligations and provide our services (Art. 6, 1., b)).
If you contact us per email or through our contact form, the information will be processed as necessary to answer your request.
2.3 Visit of our website
When you visit our website, we may use authorised cookies from service providers or other similar technology. Information is thereby sent automatically from your browser to our website’s servers. This server is then stored as so-called log-files for a short period. The information acquired through this process help us to adapt our services to the expectations of our clients as well as to improve them and their security. Additionally, they are used for advertisement purposes.
- Legal basis for the processing of personal data
If we acquire your consent for the processing for personal data, the legal basis is Art. 6, 1., a) of the GDPR.
If the processing of personal data is necessary to execute a contract to which the data subject is a party, the legal basis is Art. 6, 1., b). This legal basis also applies for processing within the scope of pre-contractual measures.
If the processing is necessary to comply with a legal requirement, the legal basis is Art. 6, 1., c).
If the processing is necessary to comply with the legitimate interest of our company or of a third party which is not overweighed by the rights and interests of the data subject, the legal basis is Art. 6, 1., f).
- Data deletion and storage duration
The data which we store is deleted as soon as the purpose of the processing no longer exists, as long as no legal storage obligation prevents it. If the data is not deleted because it is required for legal purposes, the processing is restricted. This means the data is locked up and will not be processed for any other purposes. This applies for example to user data which must be stored due for financial or tax law purposes. Under German law, according to § 257 Abs. 1 HGB, the storage may be required for 6 years (Commercial books, inventory, opening reports, yearly reports, commercial letters, accounting receipts…) or for 10 years (books, records, storage reports, tax relevant information…).
- How do we protect personal data?
We implement physical, technical, and administration security measures to properly protect your data from loss, misuse, unallowed access, transfer, or modification. These security measures include firewalls, data encryption, access rights for the access to data, and we carefully select our servers’ location. We are committed to the security of our systems and services.
- When do we transfer data?
Our priority is to ensure that we do not sell or rent personal data. Data is only transferred when this is inevitable, for example for the execution of a contract, or we have a legitimate interest or your consent to do so. Each of our contractual partners is chosen carefully and has an obligation to protect data according to the legal dispositions. For this reason, we conclude data processing agreements with our service providers.
There may be links on our website to third party websites, the content of which we are not responsible for and to which this data protection policy does not extend.
- Your rights
As soon as your personal data is processed, you are considered a data subject according to the GDPR. As such, you have the following rights owed to you by the controller (therefore, us):
• Right to access,
• Right to rectification or erasure,
• Right to restriction of processing,
• Right to object,
• Right to data portability.
Additionally, you have the right to complain to the data protection authority about the processing of your personal data.
Provision of the website and creation of log files
- Scope and duration of the data processing
As soon as you visit our website, our system collects information and data about the computer system of the device visiting the page, regardless of registration. The following data is processed and stored for safety purposes for a short period:
• As soon as you visit our website, our system collects information and data about the computer system of the device visiting the page, regardless of registration. The following data is processed and stored for safety purposes for a short period:
• http-status code / access status
• Time difference to Greenwich Mean Time (GMT)
• The user’s operating system
• The user’s IP address
• Time and date of the visit
• Duration of the visit
• Websites from which the user’s system reached our page
• The user’s service providers
• Websites which are accessed by the user’s system through our page
• Device type and brand
As soon as you have left the session, the data is deleted. If the data is processed longer, it is anonymised and evaluated for optimisation purposes. The collection and storage of data is absolutely necessary for the provision of our website. As such, there is no possibility to object.
2. Purpose and legal basis for the data processing
The storage of the IP address on our system for a short period is necessary to provide access to our website for the user’s device. For this purpose, your IP address is stored for the duration of your visit to our website.
The storage in so-called log file takes place in order to guarantee the functionality of our website. Furthermore, we require the data to optimise our website and to guarantee the safety of our information systems. As such, we have a legitimate interest under Art. 6, 1., f) GDPR.
If you have requested a demo, your data will be processed for the setup and operation of the application demonstrator for the period of the assignment.. The legal basis for this is also your consent. The processing takes place exclusively for the fulfillment of your request. Every contractual partner of ours is conscientiously and carefully selected and we oblige them to protect all data in accordance with legal regulations. For this reason, we also conclude a contract processing agreement with the processor in accordance with Art. 28 GDPR.
Contact form and email contact
- Scope of the data processing
You can contact us both through email or through a contact form. If you use the contact form, the data which is indicated on the contact form page is transferred to us and stored. The following data is stored:
• User’s email address
• User’s name
• User’s IP address
• Time and date of the contact request
Your consent is acquired before you can send the contact request with reference to this data protection policy. Furthermore, you may contact us directly through the provided email address. In this case, the personal data provide in the email will be stored. There is no transfer to thirds and the data is exclusively used for the purpose of managing your request.
2. Purpose and legal basis for the processing
The process of your data occurs exclusively to manage your request. Further data transferred during through the contact form aims to prevent its misuse and to ensure the safety of our information systems.
The legal basis for the data processing is the user’s consent according to Art. 6, 1., a) GDPR. If contact per email is part of a process to conclude a contract, the legal basis is Art. 6, 1., b).
We process the data which you have sent us along with your application in accordance with the legal requirements and exclusively on the basis of your consent (Art. 6, 1., a) GDPR) in order to check your suitability for the position and to conduct the recruitment process. The main legal basis for this is Art. 6, 1., b) GDPR (general contractual requirements) together with § 26, paragraph 1 BDSG (requirements of an employment contract).
If any special categories of personal data (especially health data, e.g. a disability) is sent, it will be processed in accordance with Art. 9, 2., b) GDPR. The processing within the frame of the recruitment process serves only to comply with duties under § 164 SGB IX.
If the data may be necessary for legal proceedings after the conclusion of the recruitment process, the storing of data will continue on the basis of Art. 6 GDPR, especially for our legitimate interest in accordance with Art. 6, 1., f) GDPR. Our interest lies in the execution of or defence against legal claims. In order to comply with this interest, we store your data for six (6) months.
The data which you have sent us will be processed further in the case of a successful recruitment process for the purposes of the employment. Access to your data will be exclusively restricted to personnel who need it for the proper conduction of the recruitment process.
- Scope and duration of the processing
We use “etracker” on our website, a software of etracker GmbH, Erste Brunnenstraße 1, 20459, Hamburg, an analytics tool that collects and analyzes data about the use of our website – to optimize the website, especially its efficiency. etracker analyzes user behavior on our website (which pages are visited for how long and how often) and processes IP addresses, device and domain data of visitors.Anonymization takes place at the earliest possible point in time in order to minimize a personal reference.
- Legal basis and user rights
etracker is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website.
As a data subject, you can refuse the processing of your data by etracker and request information or deletion. You can do this by writing to email@example.com or by mail to etracker GmbH, Datenschutzbeauftragte, Erste Brunnenstraße 1, 20459 Hamburg.
Further information on the processing of your personal data by etracker can be found at: https://www.etracker.com/datenschutz/.
You may object to any consent given at any time. Your objection will not have any adverse consequences for you.
- Scope and duration of the processing
To secure our website and to optimize loading times, we use the CloudFlare CDN (content delivery network). This is a service of Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA, hereinafter referred to as “CloudFlare”.
The legal basis for collecting and processing this information is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the secure operation of our website and in its optimization.
If you access our website, your queries are forwarded to CloudFlare servers. Statistical access data about your visit to our website is collected and CloudFlare stores a cookie on your terminal device via your browser. Access data includes
- your IP address;
- the page(s) on our site that you access;
- type and version of internet browser you are using;
- your operating system;
- the website from which you came prior to visiting our website (referrer URL);
- your length of stay on our site; and
- the frequency with which our pages are accessed.
The data is used by CloudFlare for statistical evaluations of the accesses as well as for the security and optimization of the offer.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
CloudFlare offers further information about its data collection and processing as well your rights and your options for protecting your privacy at this link: https://www.cloudflare.com/privacypolicy/.
Use of Social Media icons or internet links
No personal data is transferred automatically when using social media icons of Facebook, Twitter, YouTube, etc. on our website. To prevent the automatic transfer of data to the social media provider, the setting of those services occurs through a link. No social media plugins are used for data protection purposes. We do not have any joint control over the processing of your personal data for the purposes set out by these services. Our presence on social media is part of our publicity in order to inform and exchange with you.
Google reCAPTCHA is used as a security feature on our website in order to protect our website as well as its users from spam and other security attacks. With your consent according to Art. 6, 1., a) of the GDPR following data is processed through Google:
• Data about the apps, browsers, and devices used to access Google services.
• Type and settings of the browser, type and settings of the device, operating system, information about the mobile network such as the mobile provider and the phone number as well as version number of the app.
• Data about the interaction of the apps, browser, and device with Google services, including but not limited to IP-Address, error notifications, system activity such as the date, time, and the URL link of the request.
• Location data: GPS, IP-Address, sensor data of the device, information about objects in proximity of the device, Wi-Fi connection points, Network devices and Bluetooth capabilities of devices.
• Content and ads which the user has viewed and interacted with.
• Speaker and audio data in case of usage of the audio functions.
• People with whom the user has communicated or shared content.
• Activity on Google providers and on other websites and apps from third parties which use Google services.
• If necessary, phone data such as phone number, caller number, number called, transfer number, date and time of calls and messages, duration of calls, routing information, and types of calls.
• If necessary, google chrome history.
• If necessary, name, email address, phone number, password, payment information.
Data which is processed through Google may be transferred to thirds.
As a data subject, you can object to the processing of your data through Google as well as request access or deletion of your data.
You can find further information about the processing of your personal data through Google at: https://policies.google.com/privacy?hl=de
Embedding of YouTube videos
(1) In our online presence, we use YouTube. It is a video service provided by YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA (following: YouTube). YouTube is a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (following: Google).
(2) We use YouTube together with the setting “extended data protection mode” in order to show you videos. The legal basis is Art. 6, 1., f) GDPR. Our legitimate interest is the improvement of our online presence. According to YouTube, the setting “extended data protection mode” that the data described below is only processed when you actually start a video.
Without this setting a connection to the YouTube server in the US is created as soon as you visit a page on which a YouTube video is embedded.
This connection is necessary in order to show the video on our website through your browser. Through this, YouTube acquires and processes at least your IP-address, the time and date as well as the website you are visiting. Additionally, a connection is created by Google to the advertisement network “DoubleClick”.
Should you be logged into a YouTube at the time, the connection information will be linked to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our page or check the necessary settings in your YouTube account.
For the purpose of functionality as well as the analysis of user behaviour, YouTube stores permanent cookies on the browser of your device. If you do not consent to this processing, you have the possibility to prevent the storing of cookies in the settings of your browser.
(3) You can find further information about the collection and use of data as well as your rights and protection options under: https://policies.google.com/privacy
Data subject rights
- Right to access (Art. 15 GDPR)
You can request a confirmation whether we process your personal data at any time. Unless exceedingly frequent, this request is free of cost. If data processing occurs, you have a right to the following information:
• The purpose of the processing
• The categories of processed data
• The recipients or categories of recipients to whom the personal data is transferred, especially recipients in third countries or in international organisations
• If possible, the duration of the processing or, if not possible, the criteria to determine that duration
• The existence of a right to rectification and erasure of your personal data or restriction of the processing by the controller or to object the processing
• The existence of a right to complain
• If the data was not collected from the data subject, the origin of the data
• The existence of automated decision-making, including profiling according to Art. 24, 1., and 4., and in those cases at least, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Right to rectification (Art. 16 GDPR)
Should you processed data not be correct or complete, you have the right to rectification or completion. The modification is to be executed by us without delay.
- Right to restriction of the processing, Art. 18 GDPR
In the following situations, you can request that the processing of your personal data be restricted:
• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
- Right to erasure
Unless a legitimate interest prevents it, you have the right to request the deletion of your data at any time.
Any data processing based on the data subject’s consent can be ended upon the objection to the consent. The objection can be formulated at any time and is valid in the future. Due to our duty of accountability, we must store consent forms. As such, the objection must be done in writing. An email is sufficient for this purpose.
Data Protection Information for the Use of Social Media
This is data protection information for the use of social media of the:
SMART DATA Deutschland GmbH
- 2. Data Protection Officer
We have named a data protection officer whose contact information is:
Mr. Sebastian Feik, Dipl.-WJur. (FH)
51429 Bergisch Gladbach
- Purpose of the Data Processing:
We are present on several social media platforms in order to show ourselves, to make information available, to get in contact with users and communicate with them.
- Processing of Personal Data:
When visiting our various platforms of online-presence, we do not process any personal data directly. However, the platform provider processes personal data. Additionally, it is possible that, when using our social media platforms, we process personal data when the user actively provides it (e.g. when posting a comment). In particular, the data which is concerned is the username as well as information published on the user’s account.
Furthermore, data on social media is usually processed for market studies and advertisement purposes. Thus, for example, through behaviour of the users and their interests, user profiles can be created. These user profiles can be used, for example, for advertisement purposes matching the users’ interests within the social media platform as well as outside of it. For these purposes, cookies are usually stored on the user’s device to store information about the users’ behaviour and interests. Additionally, data unrelated to the user’s device can be gathered from the user’s profile (especially if the user has an account on the platform and is logged in).
For detailed information about the various processing activities and the objection possibilities, we advise you to verify the respective provider’s data protection policy.
Please be advised:
When visiting our social media, you are using the services and functionalities on your own responsibility. We do not have any influence on the art and scope of the respective data processing measures, type of processing, use of the data or the transfer of data to third parties.
- Legal Basis:
The processing of personal data through us is based on our legitimate interest regarding the presentation of the company to third parties as well as communication with users on our online platforms (Art. 6, 1. (f) GDPR).
- Data transfers:
We inform you that when using our social media platforms, personal data may be processed outside of the European Union. This can cause risks as, for example, the exercise of user rights may be more complicated. Details can be found in the data protection policies of the respective providers (see below). We do not transfer data to third countries outside of the EU and EEA or to an international organisation, unless appropriate guarantees are set out. This includes European Standard Contractual Clauses (ESCC) as well as adequacy decisions through the EU Commission.
- Our Presence in Overview
LinkedIn is made available by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The data protection policy is available under: https://www.linkedin.com/legal/privacy-policy.
You can object the use of the LinkedIn advertisement cookie under: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
XING is a service of XING AG, Gänsemarkt 43, 20354 Hamburg – Germany.The data protection policy as well as opt-out options are available under: https://privacy.xing.com/de/datenschutzerklaerung
- Deletion of data:
If we process personal data of users, we only store it as long as necessary to complete the purpose for which it was collected or as long as legally required. Afterwards, the data is only stored for the duration of the legal storage period.
- Your Rights as a Data Subject
9.1 Right to Access
At your request, you can have access without cost to the personal data we have stored about you.
9.2 Your Rights to Rectification, Deletion, Restriction, and Objection
If you no longer agree with the processing of your personal data or if the information is no longer correct, we will at your request, delete or block your data or have it corrected (within legal restrictions). The same applies if you wish for your data to only be processed in a restricted form.
9.3 Your Right to Data Portability
At your request, ye will transfer your personal data to a new controller in an accessible, structured and machine-readable format.
9.4 Your Right to Lodge a Complaint with an Authority
You have a right to lodge a complaint with any authority: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
9.5 Your Right to withdraw your Consent with Future Impact
If you have consented, you can object to any further future processing at any time. The prior processing on the basis of your consent is not affected.
Data that does not allow the identification of a person, for example anonymised for analysis purposes, is not impacted by these rights. Access, deletion, archiving, rectifying or transfer to another controller is also possible for this data is additional information is provide to allow identification.
Data protection information for Smart Data Deutschland GmbH’s online meetings, teleconferences, and webinars over “Zoom”
The following section informs you about the processing of personal data within the use of “Zoom.”„Zoom“
- Purpose of the processing
We use the tool “Zoom” for teleconferences, online meetings, videoconferences, and/or webinars (following: online meetings). “Zoom” is a service of Zoom Video Communications, Inc. with seat in the USA.
The controller for the data processing directly linked to the online meetings is SMART DATA Deutschland GmbH, Hilpertstraße 31 in 64295 Darmstadt.
Hint: if you visit Zoom’s website, Zoom is the data controller. Visiting the website is only necessary to use Zoom in order to download the software.
You can also use Zoom by indicating the meeting-ID and any further necessary access IDs for the meeting directly in the Zoom App.
- Which data is processed?
The following data is subject to be processed:
Information about the user: first name, surname, phone (optional), email address, password (when “single sign on” is not being used), profile picture (optional), department (optional).
Meeting metadata: topic, description (optional), IP-addresses of the users, device/hardware information.
For recordings (optional): :MP4-file of all video, audio and presentation recordings, M4A-fle of all audio recordings, text file of the online meeting chat.
In case of log in by phone: information about the incoming and outgoing phone numbers, country, beginning and end time. Eventually, further connection data such as the IP-address of the device may be stored.
Text, audio and video data: you may have the possibility to use the chat, question or poll functions during online meetings. Your text contributions will be processed in order to display them in the online meeting and optionally, to log them. To allow the displaying of video and the audio playback, data from your device‘s microphone and came will be processed accordingly for the duration of the meeting. You can disable or mute the camera and microphone in the Zoom App at any time.
To participate in an online meeting, specifically to access the meeting room, you will need to indicate at the very least your name.
- Scope of processing
We use Zoom to conduct online meeting. When we want to record online meetings, we will inform you ahead of time and, if necessary, request your consent. An indication will appear in the Zoom App while the meeting is being recorded.
If it is necessary for the purpose of logging the results of an online meeting, contents of chats will be logged. However, this should generally not be the case.
In case of webinars, we can also process questions from participants during the recording and reworking of the webinar.
When you are registered by Zoom as a user, online meeting reports (meeting metadata, data about phone participation, questions and answers in webinars, poll function in webinars) can be stored for up to a month by Zoom
There is no automated decision-making as defined in Art. 22 GDPR.
- Legal basis for the data processing
If personal data of employees of Smart Data Deutschland GmbH is processed, the legal basis is § 26 BDSG. If personal data is processed during the use of Zoom which is not necessary for the beginning, execution, or ending of the employment but is a necessary element of the use of Zoom, the legal basis is Art. 6, 1., f) GDPR. Our interest lies in the effective conduction of online meetings.
For further data processing, the legal basis is Art. 6, 1., b) GDPR if the online meetings are conducted within the frame of a contractual relationship.
If there is no contractual relationship, the legal basis is Art. 6, 1., f) GDPR. Our interest again lies in the effective conduction of online meetings.
- Recipients/Transfer of data
Personal data which is processed within the frame of participation to an online meeting are not transferred unless explicitly determined as meant to be transferred. Please be aware that the content of online meetings along with meetings in person often aim to exchange information with clients, interested parties and third parties which constitutes transfer.
Further recipients: the provider of Zoom receives information about the above mentioned data which is determined in our data protection agreement with Zoom.
- Data processing outside of the European Union
Zoom is a service which is provide by service provider in the USA. Data processing thus also occurs in a third country. We have concluded a data processing agreement with Zoom which complies with the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed through the conclusion of EU-Standard Contractual Clauses (ESCC).
- Data Protection Officer
We have appointed a data protection officer. He can be reached under firstname.lastname@example.org
- Your rights as a data subject
You have the right to access the personal data about yourself. You can request access at any time.
In case of an access request which is not written, we ask for your understanding that we will require proof of identity.
Furthermore, you have the right to rectification, deletion or restriction of the processing provided this is legally achievable.
Finally, you have a right to object against the processing within the legal frame.
You also have a right to data portability.
- Deletion of data
We generally delete personal data when we no longer have a requirement to store it. A requirement can exist if the data is still necessary for the execution of a contract or to verify and guarantee or defend against legal claims. In the case of legal storage requirements, we only delete the data once the storage period has run out.
- Right to complain
You have the right to lodge a complaint about the processing of your personal data with a data protection authority.