Data protection regulation according to GDPR

I. Name and address of the responsible person

The responsible person according to the data protection regulation and other national data protection laws of the member states as well as other data protection regulation is:

Patent Attorneys Ostriga, Sonnet, Wirths & Vorwerk
Friedrich-Engels-Allee 430-432
42283 Wuppertal
Phone: + 49 202 75 88 73 0
Fax: +49 202 75 88 73 110
Email: info(at)ostriga.com

II. Name and address of the data protection officer

The data protection officer of the responsible person is:

Jens Maleikat
Bohnen IT GmbH
Hastener Strasse 2
42349 Wuppertal
Phone: +49 202 24755-24
Email: jm(at)bohnensecurity.it
Website: www.bohnensecurity.it

General data processing

1. Scope of the personal data processing

We collect and use personal data of our clients generally only insofar as it is necessary to provide a functional website as well as our contents and services. The collection and processing of personal data of our clients occurs on a regular basis only after the agreement of the client. An exception occurs in such cases where a prior consent of an agreement is not possible due to practical reasons and the processing of the data is allowed by legal regulations.


2. Legal basis for the processing of personal data

As far as we obtain a consent of the person concerned for the processing operations, serves Art. 6 I lit. a, Union-data protection regulation (GDPR) with regard to legal basis.
During the processing of personal data, which is necessary to fulfill a contract and the contract party is the person concerned, serves Art. 6 I lit. b GDPR with regard to legal basis. This applies to processing operations, which are necessary for the implementation of pre-contractual measures.
Unless a processing of personal data is necessary for a completion of a legal obligation, which is governed by our company, serves Art. 6 I lit. c GDPR with regard to legal basis.
In case those essential interests of the person concerned or of another natural person necessitate a processing of personal data, serves Art. 6 I lit. d GDPR with regard to legal basis.
If the processing is necessary to keep a legitimate interest of our company or of a third party and the interests, fundamental rights and fundamental freedoms of the person concerned, do not override the first-mentioned interest, serves Art. 6 I lit. f GDPR with regard to legal basis for the processing.

Data deletion and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage will lapse. However, a further storage could also be carried out if this was applied by European and national legislators in union legal regulation, laws and other requirements, which the responsible person is subject to. A blocking or deletion of the data shall also be made, if the mandatory storage period expires by the mentioned norms, unless there is a necessity to store further data for a conclusion or performance of a contract.

III. Provision of the website and preparation of log files

1. Description and scope of the data processing

With every call of our website, our system records the data and information automatically of the computer system of the calling computer.
The following data may be purchased:

Information about the browser type and its used version
The operating system of the user
The net service provider of the user
The host name of the accessing computer
Date and time of the access
Websites, where the system of the user enters our internet site
Websites, which are accessed by the user’s system through our website

The data will be saved in the log files of our system as well. A storage of these data together with other personal data of the user will not take place.
2. Legal regulation for the data processing

The legal regulation for the temporary storage of the data and the log files are served by Art. 6 I lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP-address by the system is necessary to make it possible to deliver the website to the computer of the user. Therefore, the IP-address of the user has to be stored during the duration of a session.

The storage of the log files takes place due to ensure the functionality of the website. In addition to that, the data helps us to optimize the website and ensure the safety of our information-technological systems. An evaluation in connection of the data for marketing purpose does not occur.

In those purposes, we also have a huge interest in the data processing according to Art. 6 I lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as they are not necessary anymore for the submission of the purpose of their elicitation. In case of the data collection to provide the website, it is the case, when each session is over.

In case of the data storage in log files, it is the case after 7 days. An additional storage is possible. In this case, the IP-addresses of the users will be deleted or alienated so that an allocation of the called client is not possible anymore.

5. Objection and disposal possibility

The data collection to provide the website and the data storage in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of an objection on the part of the user.

IV. Google Analytics

1. Description and scope of the data processing
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These text files will be saved on your computer and make an analysis of the utilization of the website possible. The information about your usage of the website caused by the cookie, normally, will be transferred to a server of Google in the USA and saved over there.

IP-anonymization
We have activated the function IP-anonymization on this website. Therefore, your IP-address of Google will be shortened within the member states of the European Union or in other contract states of the agreement concerning the European economic area before the transmission to the USA takes place. Only in exceptional cases, the full IP-address will be transferred to a server of Google in the USA and shortened on site. On behalf of the provider of this website, Google will use this information to evaluate your usage of the website, to collect reports about the website activities and to render further services in accordance with the website and internet usage against the website provider. The IP-address, which will be transferred from Google Analytics from your browser, will not be brought together with other Google data.

Browser plugin

You have the possibility to prevent the storage of the cookies by setting your browser software; however, we indicate that you will most probably not be able to use all functions of this website, completely. Furthermore, you may prevent the collection and usage of the obtained data of the website (incl. your IP-address) to Google as well as the proceeding of the data by Google, by downloading and installing the following link, which contains browser plugin:
https://tools.google.com/dlpage/gaoptout?hl=de

Demographic characteristics at Google Analytics

This website uses the function “demographic characteristics” of Google Analytics. Therefore, it is possible to prepare reports about age, gender and interests of the website visitor. These data come from interest-related advertising of Google as well as from visitor’s data of third-party suppliers. These data may not be allocated to a certain person. You are able to deactivate this function from the display settings in your Google account or prohibit the data capture by Google Analytics, as narrated in point “Objection against data capture”, at any time.

2. Legal basis for the data processing

The storage of Google Analytics cookies takes place on basis of Art. 6 I lit. f GDPR.

3. Purpose of the data processing

The website provider has a significant interest in analyzing the behavior of the user to optimize its advertising offer as well as its advertising.

4. Duration of storage

Usually, the data of Google will be deleted one time in a month after an expiry of 26 months.

5. Objection and disposal possibility

You may prevent the data capture of Google Analytics by clicking on the following link: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable

An Opt-Out-Cookie prevents the capture of your data by visiting the website in future: Deactivate Google Analytics. For more information about using the user data at Google Analytics, click on data protection regulation of Google: https://support.google.com/analytics/answer/6004245?hl=de.

V. Right of the person concerned

If personal data will be used by yourself, you are the person concerned in case of the GDPR and you may obtain the following rights of the responsible person:

1. Right to obtain information

You may obtain a confirmation from the responsible whether your personal data will be processed by us

If this is the case, you may obtain the following information:

1. the purpose of the personal data processing;

2. the categories of the personal data, which will be processed;

3. the recipients orthe categories of the recipients towards you have revealed your personal data or will reveal your data;

4. the intended storage of your personal data or in case if an exact time of the data storage cannot be revealed, the criteria for the determination of the storage duration;

5. the existence of a right to correct or delete your personal data used, a right to limit the processing by the responsible person or a right of objection against this processing;

6. the existence of the right to file a complaint with a regulatory authority;

You have the right to receive information whether your personal data used will be transferred to a third world country or to an international organization. In this context, you may request information and be informed about suitable guarantees according to Art. 46 GDPR in connection with the transmission.

2. Right of correction

You have the right to correct and/or complete your personal data used by the person responsible if the data are incorrect or incomplete. The responsible person has to perform its correction immediately.

3. Right to limit the processing

Under the following conditions, you may request the limitation of your personal data being used:

1. if your personal data will be incorrect for a while and the person responsible will not be able to examine the correctness of the data in the meanwhile;
2. if the processing is unlawful and you reject the deletion of the personal data and instead request the limitation of using the personal data;

3. the responsible person does not require the personal data for the purposes of the processing, however, requires them for the assertion, usage or defense of the claims, or

4. if you have filed an objection against the processing according to Art. 21 I GDPR and it is not sure yet if the legitimate reasons of the person responsible prevail your reasons.

In case the processing has been limited, these data are only allowed to be used –apart from its storage - with your agreement or for an assertion, usage or defense of claims or to protect the rights of a natural or juristic person or out of reasons for a public interest of the Union or of a member state.

In case the processing has been limited according to the above-mentioned conditions, you will be informed by the responsible person before the limitation has been cancelled.

4. Right of deletion

a) Obligation of deletion

You may request from the responsible person that the personal data will be deleted immediately. The responsible is obliged to delete these immediately, in case one of these reasons applies:

1. The personal data are not anymore necessary for the purpose of its usage or its usable processing.

2. You reject your agreement, according to which the processing has been revealed according to Art. 6 I lit a. or Art. 9 II lit. a GDPR and another legal basis for the processing is missing.

3. You file an objection according to Art. 21 I GDPR against the processing and there are no legitimate reasons for the processing or you file and objection against the processing according to Art. 21 II GDPR.

4. The personal data have been used unlawful.

5. The deletion of the personal data is necessary to fulfill a lawful obligation according to the law of the Union or the right of a member state, which the responsible is subject to.

6. The personal data were revealed in accordance to the offered services of the information society Art. 8 I GDPR.

b) Information to third parties

In case the responsible has published the personal data, he is obliged to delete them according to Art. 17 I GDPR. Therefore, the responsible takes suitable actions under taking the available technology and implementation costs into account as well as actions of technical kind to inform the person concerned that the deletion of all links to the personal data or copies as well as replications have been instructed.

c) Exceptions

The right of deletion does not exist as long as the processing is necessary to

1. use the right to express your opinion freely as well as obtaining information;

2. to fulfill an obligation which requires the processing to be under the right of the Union or the member states - the responsible is subject to this obligation – or to carry out a task, which is in the public interest or will be exercised of official authority, which has been put the responsible in charge;

3. out of reasons of the public interest in the range of the public health according to Art. 9 II lit. h and i as well as Art. 9 III GDPR;

4. for archive purposes of the public interest, scientifically or historically purpose of the research or for statistically purposes according to Art. 89 I GDPR as far as the right – mentioned under a) makes the implementation of the objectives of this processing impossible or affects it seriously or

5. for the assertion, usage or defense of claims.

5. Right of consultation

If you have asserted the right of access, deletion or limitation of the processing against the responsible, he is obliged to report the access, deletion or limitation of the processing to the persons concerned, unless it is impossible or disproportionate effort would have to be made.

You have the right regarding the responsible person to be informed about these recipients.

6. Right of data transferability

You have the right to receive your personal data, which you have handed over to the responsible, in a structured, conventional and machine-readable format. Furthermore, you have the right to forward your personal data to some other responsible without hindrance of the responsible as long as

1. the processing is based on a consent according to Art. 6 I lit. a GDPR or Art. 9 II lit. a GDPR or based on a contract according to Art. 6 I lit. b GDPR and

2. if the processing will happen with automated procedures.

By executing this right, you also have the right to let your personal data be directly transferred from the responsible to another as far as technically workable. Freedom and rights of other persons must not be sacrificed.

The right of data transferability is not valid for the processing of personal data which are necessary to carry out a task which is in the official interest or in execution of public authority.

7. Right of objection

According to Art. 6 I lit. e or f GDPR you have the right to file an objection against the processing of your personal data when reasons arise out of your special situations at any time, applies as well for the profiling based on these instructions.

The responsible does not anymore use your personal data, unless he may proof forced worthy of protection, which prevail your interests, rights, and freedoms or the processing serves for the assertion, usage or defense of claims.

In case the personal data will be used to run direct advertising, you have the right to file an obligation against the processing of your personal data for advertising at any time; the same belongs to the profiling as well, unless it is in connection with direct advertising.

Should you contradict the processing for purposes of direct advertising, your personal data will not be used anymore for these purposes.

You have the opportunity in connection with the usage of services of the information society - notwithstanding the guideline 2002/58/EG - to fulfill your objection right by means of automated procedures where technical specifications will be used.

 

8. Right of withdrawal of the declaration of consent

You have the right to withdraw your declaration of consent at any time. By withdrawing the declaration, the legality of the processing will not be affected until the withdrawal.

9. Automated decision on a case-by-case basis including profiling

You have the right to be subjected to not an only automated processing – including profiling – based decision, which will display legal effects towards you or affect you similarly. This does not apply, when the decision

1. is necessary for a conclusion or the fulfillment of a contract or to fulfill between you and the responsible,

2. is permitted due to legislations of the Union and the member states which the responsible is subject to and these legislations contain appropriate measures to protect your rights and freedoms as well as your interests or

3. will be made with you express agreement.

However, these decisions are not allowed to be based on Art. 9 I GDPR unless it serves Art. 9 II lit. a or g GDPR appropriate measures have been taken to protect the rights and the freedoms as well as your interests.

Concerning the mentioned cases 1 and 3 the responsible takes appropriate measures to protect the rights and freedoms as well as your interests where at least the right of achieving to intervene has to be taken from one person of the responsible.

10. Right to file a complaint to the supervisory authority

Regardless of another administrative or judicial legal action, you have the right to file a complaint to the supervisory authority, especially, within the member state of your location, working place or the location of the infringement if you find that the processing of your personal data infringes the GDPR.

The supervisory authority where the complaint has been filed, will provide the complainant with an update and the results of the complaint including the possibility of an judicial legal action according to Art. 78 GDPR.

Responsible supervisory authority of patent attorneys Ostriga, Sonnet, Wirths & Vorwerk is the:

State representative of data protection and freedom of information
North Rhine-Westphalia
Postbox 20 04 44
40102 Düsseldorf

Tel: 0211/38424-0
Fax: 0211/38424-10