zetVisions considers the protection of the individual’s right to privacy highly important. This privacy statement underscores our commitment to the protection of privacy.
This privacy statement applies to personal data that you make available to us and to data that is derived from your personal data, as described below.
The Controller is zetVisions GmbH, Mittermaierstraße 31, 69115 Heidelberg, Germany, tel.: +49 (0)6221-33938-0, e-mail: firstname.lastname@example.org, website: www.zetvisions.de.
The zetVisions Data Protection Officer is Werner Willeke, address as above; e-mail: email@example.com
AUTOMATIC DATA PROCESSING ON THIS WEBSITE
When you access our web pages, information that is sent to us by your browser is automatically stored in our server log files. This information is:
- The browser type/version
- The operating system being used
- The referrer URL (the page that you visited before this site)
- The host name of the computer that is accessing the site (IP address)
- The time of the server request
This data cannot be linked to specific persons by our system. This data is not combined with other data sources (e.g. any registration data), we delete the data following statistical analysis, and the data is not stored as an individual data set.
SERVICES REQUIRING REGISTRATION, SUCH AS NEWSLETTERS
If you wish to make use of personalised features and services offered on our website, we may require further information from you in order to provide these services. This includes, in particular, your name, your (valid) e-mail address and other information (address, telephone number, etc.) that enables us to check, for example, that you are the owner of the provided e-mail address or that the owner is happy to receive the relevant services. This information enables us to provide the services you have requested. A valid e-mail address must be entered so that we can prevent misuse of the registration process, for example for newsletters. The aforementioned data is personal data; i.e. data that can be used to determine your identity. However, it is in principle possible for you to use our open-access web pages without having to disclose your full identity or part of your identity. You may also provide us with further information beyond that needed to provide our services (such as your industry, occupational category, etc.) on a voluntary basis during registration, for example in the relevant fields of a form. We use this data to tailor our services to users’ needs, for product information purposes in relation to advertising and for customer care. The data may be passed to external service providers for the purposes described in the privacy statement. Your personal data may be transferred to countries outside of the EEA. This includes countries where the level of data protection is comparable to the data protection level within the EEA or where requirements insure that the data protection level corresponds to that of the European Union.
LINKS TO OTHER SITES
Our site contains links to other websites. zetVisions is not responsible for the content or privacy practices of third party websites.
2. Google Analytics
However, if IP anonymisation has been activated on this website, your IP address will first be abridged by Google within either a Member State of the European Union or any other signatory state to the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA before being abridged there.
Google will use this information on behalf of this website’s operator in order to analyse your use of the website, to compile reports on website activity and furnish other services associated with the use of the website and the Internet for the website operator.
The IP address transmitted from your browser during the Google Analytics process will not be combined with other Google data. You can prevent cookies being stored on your computer by selecting the corresponding setting in your browser software. However, please note that if you do so, you may not be able to make full use of all the functions of this website. By using this website, you are consenting to the processing of your data by Google in the way and for the purpose described above.
3. Google reCAPTCHA
Our ultimate goal is to ensure that our website is as protected and secure as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). With reCAPTCHA we can determine if you are really a human being of flesh and blood and not a robot or any other spam software.
The legal basis for the use is Article 6 (1) f GDPR (legality of processing), because there is a legitimate interest in protecting this website from bots and spam software.
DISCLOSURE OF DATA
Within the company, access to your data is granted to the departments that need access to fulfil our contractual and legal obligations. The data may also be disclosed to external service providers that we use in the context of data processing.
LEGAL BASIS FOR PROCESSING
Our company uses Article 6 para. 1 clause a) GDPR as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If processing is necessary for the performance of a contract to which the data subject is party (as is the case, for example, with the processing operations required for delivery of goods or for provision of another service or consideration), the basis for processing is Article 6 para. 1 clause b) GDPR. The same applies for processing operations that are required in order to take steps prior to entering into a contract, such as in the case of enquiries regarding our products or services. If our company is subject to a legal obligation that necessitates the processing of personal data, such as for the fulfilment of tax obligations, the basis for processing is Article 6 para. 1 clause c) GDPR. Lastly, processing operations may be based on Article 6 para. 1 clause f) GDPR. This legal basis is used for processing operations that are not covered by any other legal basis if the processing is necessary to guarantee a legitimate interest of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are in particular permitted to perform such processing operations through the specific reference to this by the European legislature.
PERIOD OF TIME FOR WHICH THE PERSONAL DATA IS STORED
The relevant statutory storage period determines the time for which personal data is stored. Once the period has come to an end, the data in question is routinely deleted, provided it is no longer required for the performance or initiation of contracts.
EXISTENCE OF AUTOMATED DECISION-MAKING
No automated decision-making is performed.
RIGHTS OF THE DATA SUBJECT
1. Right to information
Any person (‘data subject’) affected by the processing of personal data has the right, as granted by the European legislature, to obtain information free of charge at any time regarding the personal data held in relation to them from the party responsible for processing (the ‘data controller’) and to receive a copy of this information. The European legislature also allows the data subject access to the following information:
- The purposes of the processing
- The categories of personal data that are processed
- The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular in the case of recipients in third countries or international organisations
- Where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine this period
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- The right to lodge a complaint with a supervisory authority
- Where the personal data is not collected from the data subject: any available information as to its source
- The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
The data subject also has the right to be informed if personal data is transferred to a third country or to an international organisation. If this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
2. Right to rectification
Any data subject affected by the processing of personal data has the right, as granted by the European legislature, to demand without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to erasure (‘right to be forgotten’)
Any data subject affected by the processing of personal data has the right, as granted by the European legislature, to request from the data controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and provided that the processing is not necessary:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- The data subject withdraws consent on which the processing is based according to Article 6 para. 1 clause a) GDPR, or Article 9 para. 2 clause a) GDPR, and where there is no other legal ground for the processing
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR
- The personal data has been unlawfully processed
- The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
- The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR
If zetVisions has made the personal data publicly available and is, as the controller, obliged pursuant to Article 17(1) GDPR to erase the personal data, zetVisions, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data insofar as the processing is not necessary.
4. Right to restriction of processing
Any data subject affected by the processing of personal data has the right, as granted by the European legislature, to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
- The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims
- The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject
5. Data portability
Any data subject affected by the processing of personal data has the right, as granted by the European legislature, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 para. 1 clause a) GDPR or Article 9 para. 2 clause a) GDPR or on a contract pursuant to Article 6 para. 1 clause b) GDPR and the processing is carried out by automated means, insofar as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not infringe on the rights and freedoms of other persons.
6. Right to object
Any data subject affected by the processing of personal data has the right, as granted by the European legislature, to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6 para. 1 clause e) or f) GDPR, including profiling based on those provisions.
In the event of an objection, zetVisions shall no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where zetVisions processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject raises an objection with zetVisions to processing for direct marketing purposes, zetVisions shall no longer process the personal data for such purposes.
7. Automated individual decision-making, including profiling
Any data subject affected by the processing of personal data has the right, as granted by the European legislature, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This shall not apply if the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
8. Right to withdraw consent in relation to data privacy law
Any data subject affected by the processing of personal data has the right, as granted by the European legislature, to withdraw his or her consent at any time to the processing of personal data.
If you wish to invoke one of the aforementioned rights as the data subject, please contact the data controller responsible or its data security officer. The contact details can be found at the top of this page.