Sprache

Privacy Policy

1. Data controller & internal data protection officer

We, as the company, are the data controller within the meaning of the European General Data Protection Regulation (GDPR).

VTplus GmbH, An den Breiten 4, 97078 Würzburg, Germany

For all data protection inquiries, please contact our data protection officer. This is:

Thorsten Krietsch
datenschutz@vtplus.eu

2. Legal basis

The legal basis for the collection and processing of personal data is always the most recent version of the European law. All legal bases listed below are contained in the General Data Protection Regulation (GDPR). Depending on the purpose of the data collection, one or more of the following legal bases apply:

  • Consent – legal basis: Article 6 (1) (a) of the General Data Protection Regulation (GDPR).
    What this means is that consent must be an unambiguous indication of your wishes (e.g.: „I hereby consent to …“). Consent may be given either in writing in the form of a statement or by another unambiguous affirmative action. This being said, consent must always be voluntary! In addition, consent of the data subject must be specific and unambiguous indication of the data subject’s wishes by which he or she signifies agreement to the processing of personal data. To this end, the data subject has to be adequately informed and understand what he or she is consenting to.
  • Necessary processing for the performance of a contract or implementation of pre-contractual measures – legal basis: Article 6 (1) (b) GDPR
    What this means: we need the data to meet our contractual obligations towards you or we need the data to prepare the contract with you.
  • Processing for compliance with legal obligations – legal basis: Article 6 (1) (c) GDPR
    What this means: we are required e.g. by law or other (national / regulatory) provisions to process data.
  • Processing for the purposes of the legitimate interests in accordance with Article 6 (1) (f) GDPR
    What this means: the processing is necessary for the purposes of our or third-party legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

 3. Rights of data subjects

You are a data subject if any personal data about you are processed. As a data subject you have the following rights with respect to the data processing we carry out – within the scope specified in the respective Articles of the General Data Protection Regulation:

  • Right of access under Article 15 GDPR
  • Right to rectification under Article 16 GDPR
  • Right to erasure („right to be forgotten“) under Article 17 GDPR
  • Right to restriction of processing under Article 18 GDPR
  • Right to data portability under Article 20 GDPR
  • Right to object under Article 21 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR.

4. Data erasure and length of storage

The personal data of the data subject will be deleted or blocked as soon as the data is no longer required for the purpose for which it was originally stored. In addition, such storage may be provided for by Union or national laws, regulations or other provisions to which the controller is subject. The data will also be blocked or erased upon expiry of the storage period prescribed by the laws and regulations specified above, unless there is a need to continue storing the data for purposes of contract conclusion or performance.

I. Specific types of data processing

1. Data collection when visiting the website

a) Scope of data processing

When you visit our website, the following data is collected and stored by our web server:

  • IP address
  • Date and time of the inquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/ HTTP status code
  • Amount of data transferred
  • The referring website from which you accessed our website
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • Screen resolution
  • Unique device names (MAC addresses or IMEI for mobile devices)

The IP address or the host name are only available to us in anonymised form in the log files. The other data is stored in the log files of our system. This data is not stored together with other personal data of the user.

b) Legal basis

The legal basis for the processing of data is Article 6 (1) (f) GDPR.

The legitimate interest within the meaning of Article 6 (1) (f) GDPR lies in the functionality of our website and its availability.

c) Purpose of data processing

The temporary storage of the IP address by the system is necessary to display the website on the user’s computer. To do this, it is necessary to store the user’s IP address for the duration of the session.

The data is stored in log files to ensure the website’s functionality. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

d) Duration of storage

The log files are deleted in the system at the latest after 6 weeks. If there is a need to store the data for the aforementioned purpose for longer due to specific events, the data may be stored for longer periods. In any case, as mentioned above, the IP addresses of the users will be anonymised to prevent it from being used to identify any particular user.

e) Available remedies

The collection of data for website provisioning and storage of data in log files is essential for the operation of the website. Users, therefore, do not have the right to object in this case.

2. Google Analytics

a) Scope of data processing

This website uses Google Analytics, a web analysis service provided by Google Inc. („Google“). This software collects information about how you use the website and uses this data to compile various statistics. The collected usage data include, in particular, the concrete choice of links, the time spent on each page and the order in which the pages are visited, the frequency at which the pages are accessed. These data are collected together with your IP address. Google will not associate your IP address collected by Google Analytics with any other data held by Google.

Google Analytics uses „cookies“, text files stored on your computer, which allow analysis of your use of this website. The information generated by the cookie about your use of the website will typically be transmitted to and stored by Google on servers in the US.

If IP anonymisation is activated on this website, your IP address will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area before it is transmitted to the US.

Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. For more information about Google’s data processing, please refer to https://www.google.com/policies/privacy/.

b) Legal basis

The legal basis for the processing of personal data when using this website is Article 6 (1) (f) GDPR.

The legitimate interest within the meaning of Article 6 (1) (f) GDPR lies in the objective of having a customer-centric design of the website, which meets the requirements of the users and takes into account their preferences.

The legal basis for the transfer of data to Google is Article 28 (3) and Article 45 (3) GDPR. The service provider is certified under the Privacy Shield Framework and is, therefore, subject to the EU Commission’s adequacy decision (Implementing Decision 2016/1250), i.e. the data-protection level of the service provider is recognised as being equivalent to the GDPR, although the provider is based in the US.

c) Purpose of data processing

The purpose of the processing is to analyse this website and the usage patterns of its visitors.

d) Duration of storage

The data is anonymised automatically after it has been collected. The personal data is therefore collected as part of the transmission and not permanently stored.

e) Available remedies

You can prevent the storage of cookies, including the generation and transmission of data to Google, by restricting or prohibiting the use of cookies in your browser software. This may result in the disabling of non-Google-related cookies and you may not be able to use all the functions of this website.

You can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its transmission to and processing by Google by downloading and installing the browser plugin provided under the following link:

[http://tools.google.com/dlpage/gaoptout?hl=de].

3. Akismet

a) Scope of data processing

This website uses the Akismet plugin from Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA. With the help of this plugin, we can differentiate between comments from real people and spam. All comment information is sent to a server in the US, where it is analysed and stored for four days for comparison purposes. If a comment has been classified as spam, the data will stored for a longer period. This information includes the name entered into the form, the email address, the IP address, the comment content, the referrer, details of the browser used, the computer system and the time of the entry.

b) Legal basis

The legal basis for the processing of personal data when using this website is Article 6 (1) (f) GDPR.

The legitimate interest within the meaning of Article 6 (1) (f) GDPR lies in the objective of having a customer-centric design of the website, which meets the requirements of the users and takes into account their preferences.

The legal basis for the transfer of data to Google is Article 28 (3) and Article 45 (3) GDPR. The service provider is certified under the Privacy Shield Framework and is, therefore, subject to the EU Commission’s adequacy decision (Implementing Decision 2016/1250), i.e. the data-protection level of the service provider is recognised as being equivalent to the GDPR, although the provider is based in the US.

c) Purpose of data processing

The purpose of the processing is to analyse this website and the usage patterns of its visitors.

d) Duration of storage

The data are stored as long as necessary to complete the request, which is typically 4 days.

e) Available remedies

You can completely prevent the transmission of the data by not using the marked forms and contacting us using other means. You may object to the use of your data with effect for the future by sending an email to support@wordpress.com, with the subject „Erasure of data stored by Akismet“ stating / describing the stored data.

4. Newsletter

a) Scope of data processing

If you store your email address on our website, we may use it to send you our newsletter. In this case, the newsletter will only be used for direct marketing of our own similar goods or services.

On our website, you can subscribe to receive our free newsletter, which contains direct marketing of our products and those of our cooperation partners. When users subscribe to our newsletter, the data entered into the form is transmitted to us or the already stored email address is used. In this case, the date and time of subscription to our newsletter and the IP address used will also be stored. As part of the confirmation of the newsletter subscription, we will also store the date and time you clicked on the confirmation link for the newsletter subscription as well as the IP address used.

When the newsletter is sent, your email address will be passed on to the external service provider „Cleverreach GmbH Inc.“, who will be responsible for sending the newsletter on our behalf. The service provider will not use this data for any other purpose. The service provider is established within the European Union.

b) Legal basis

The legal basis for the processing of data when sending out newsletters on the basis of previous purchases of goods or services is Article 6 (1) (f) GDPR in conjunction with Article 7 (3) of the German Act against Unfair Competition (UWG).

The legitimate interest within the meaning of Article 6 (1) (f) GDPR lies, therefore, in direct advertising and the increase in sales to existing customers.

The legal basis for the processing of data when users subscribe directly to the newsletter is Article 6 (1) (a) GDPR.

The legal basis for the transfer of data to the mailing provider is Article 28 (3) GDPR.

c) Purpose of data processing

The purpose of storing the email address is the opportunity to contact users by electronic means for advertising purposes. The date and IP address of the subscription as well as the confirmation of the subscription will be recorded in order to document the consent to receiving the newsletter and to prevent misuse.

We have to pass on the email to the service provider because the newsletter is sent as a mass mailing. The service provider does not have the right to use the data for their own benefit.

d) Duration of storage

Where you have provided us with your email when you purchased goods or services from us, it will be erased or blocked for sending promotional information 18 months after the last purchase of goods or if you exercise your right of objection.

If you have expressly consented to the receipt of the newsletter, we will only erase or block the email address for use for sending promotional information if you exercise your right to withdraw consent. The data relating to the newsletter subscription confirmation will be stored for the same amount of time.

e) Available remedies

You have the right to object or withdraw your consent to the use of your email address for advertising purposes at any time, without incurring any costs save for any communication charges. When you receive promotional communications, you can object to the use of your email for advertising purposes with effect for the future by clicking on the relevant link in the newsletter. You can also object to the use of your data for advertising purposes with effect for the future or withdraw your consent by sending an email to datenschutz-vtp@tedeka-consulting.com . When you use email to exercise your right of objection, it may take up to 5 working days to erase or block your email and you may still receive promotional mailings during this period

5. Contact form

a) Scope of data processing

On our website, we offer a contact form, which can be used to contact us online. When you enter data in the contact form, the data will be transmitted to us and stored. These data are: your name, your email address, if necessary, your telephone number, the nature of your request as well as your individual message to us. In addition, the date and time of your message is automatically recorded.

Alternatively, you can use the email address provided to contact us. In this case, the user’s personal data transmitted by email will be stored.

b) Legal basis

The legal basis for the processing of data transmitted when an email is sent is Article 6 (1) (f) and where applicable also (a) GDPR. If the purpose of the email is to conclude a contract, then the additional basis for the processing of data will be Article 6 (1) (b) GDPR.

The legitimate interest within the meaning of Article 6 (1) (f) GDPR lies in responding to the customers‘ inquiries or contact requests on other topics.

c) Purpose of data processing

We store the data to initiate contact with you at the request of the communication partner.

d) Duration of storage

The data is stored as long as necessary to process the inquiry. Where these are commercial letters, which are subject to statutory retention requirements under commercial and tax laws, we will store these for the required statutory retention period.

e) Available remedies

The user has the option at any time to withdraw his or her consent to the processing of personal data or to object to further use. Users who contact us by email can object to the storage of their personal data at any time. The data can only be erased if this does not conflict with any statutory retention requirements. In this case, the data will be blocked from further use and the parties will no longer be able to engage in further communications.

 25 May 2018