Data protection regulations
The operation of our website https://gertrud.digital (in the following both also “website”) involves the processing of personal data. This data will be handled by us in a confidential manner and processed in accordance with the applicable laws, especially the General Data Protection Regulation (GDPR) and Germany’s Data Protection Act (BDSG). These data protection regulations are designed to inform you about the personal data we collect from you, what we use it for, the legal basis for the usage and, where applicable, with whom we share it. They will also inform you of your rights in regard to the protection of your data.
Our data protection regulations contain specialist terms used in GDPR and BDSG. For your better understanding we want to explain these terms in simple words:
2.1 Personal Data
“Personal data” is all information relating to an identified or identifiable person (art. 4 no. 1 GDPR). Details of an identified person could be their name or email address. However, data can also be described as personal if, despite the fact that a person’s identity cannot be deduced directly from the data, their identity can nonetheless be deduced by combining the data with other information. A person could for example be identified via their address or bank details, date of birth, username, IP address or location details. The key point is that any information that can be used in any way to identify a person can be described as personal data.
Under art. 4 no. 2 GDPR, “processing” describes any process applied to personal data. This especially includes the collection, capture, administration, classification, recording, amendment, printing , making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.
Data Controller and data protection officer
3. Data controller
The party responsible for data processing is:
Company: Gertrud digital GmbH (“wir”)
Statutory representative: Sven Rebbert, Nils Langemann (managing director)
Address: Nobistor 10, 22767 Hamburg
4. Data protection officer
We have appointed an external data protection officer:
C/O BBS Bier Brehm Spahn Partnerschaft Rechtsanwälte
5. Processing parameters: Website
We will process the personal data listed in detail under Article 6-11 below, when you use the website https://gertrud.digital. In this process, we will only process data from you that you actively enter on our Website (e.g. by completing forms) or that you provide automatically when using our offer.
Your data will exclusively be processed by us and these data will, as a matter of principle, not be sold, leased or provided to any third parties. Insofar as we use external service providers for the processing of your personal data, that will be done in the context of a cooperation with a so-called data processor, where we act as principal and are authorized to give instructions to our contractors. For the operation of our Website, we use external service providers for hosting, and for the maintenance, update and further development. Insofar as other external service providers will be used for individual processing activities that are listed in Article 6-11, they will be specified there.
We do, in general, not transfer any data to any third countries and this is not planned for the future either. Any exemptions from this principle will be explained in the types of processing activities listed below.
The Processing activities in detail
6. Provision of website and logfiles
6.1 Description of processing
Whenever anybody visits our Website, we automatically collect information that their browser transfers to our server. These data will also be stored in the so-called log files of our system. This concerns the following data:
- Your IP address
- Your browser software, its version and language
- Your operating system
- The pages you visit on our website
- The date and time of your visit to our website
Your IP address is recorded in the log files only shortened by the last three digits.
Your data is processed in order to facilitate access to our website, to ensure the website’s stability and security and to enable the statistical evaluation and improvement of our online service.
6.3 Legal Basis
The processing is required to protect our overriding legitimate interests (art. 6 para. 1 f) GDPR). Our legitimate interest lies in the purpose specified in 6.2.
6.4 Duration of Storage
Your data will be erased as soon as it is no longer required for the purpose for which it was collected. Where your data has been collected for the purposes of providing our website, it will no longer be required for this purpose when your session ends. The logfiles will be deleted after thirty days.
7. CONTACT FORM AND CONTACT BY E-MAIL
7.1 Description of processing
For contacting us we have provided a contact form on our website. In this form you will be asked to enter your e-mail address, your name and a message to us. If you press the “Send” button, the data will be transmitted to us using SSL encryption (see 12). The contact form can only be transmitted if you accept our data protection regulations by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and answering your request.
7.3 Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, data processing is carried out to fulfil the contract (Art. 6 para. 1 lit. b DSGVO).
7.4 Storage period
The data is deleted by us as soon as it is no longer required for the purpose of its collection. This is usually the case when the respective communication with you has ended. The communication is terminated when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, deletion will take place immediately after expiry of the statutory retention period.
8. Google Analytics
8.1 Description of Processing
The processing is done to be able to evaluate the use of our Website. The information gained in the process serve to improve our online presentation and to design it according to demand.
8.3 Legal Basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Article 8.2.
8.4 Storage period and right to object
For information on the storage period and an explanation of your control and setting options for cookies, please refer to Art. 11. You may object to the data processing by Google Analytics, at any time, by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=en . Alternatively, you have the option to click on the following link. This will place an opt-out cookie on your device which prevents the future collection of your data when visiting this Website.
We will automatically delete any analysis data processed and stored by Google Analytics after 14 months.
8.5 Recipients and transfer to third countries
Google Analytics works for us as a service provider within the scope of an order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
9. GOOGLE RECAPTCHA
9.1 Description of processing
Our website uses “reCAPTCHA”, a service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as “Google”). With reCAPTCHA we can use forms to check whether the input is made by a person or by automated software – in particular so-called bots. This enables us to protect our website from spam and misuse. In this context, your IP address, the time spent on the website, mouse movements made by you and possibly other data required for the service reCAPTCHA are transmitted to Google. You can find further information on data protection at Google at https://policies.google.com/privacy?hl=de-DE
The processing takes place in order to protect forms on our website against misuse and spam.
9.3 Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 9.2. If you are asked by us for consent within the scope of a cookie banner or cookie consensus tool, the legal basis is Art. 6 Para. 1 lit. a DSGVO. Such consent is voluntary.
9.4 Recipients and transfer to third countries
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework .
10. SOCIAL NETWORKS
10.1 Description of processing
Our website does not use social media plugins. The logos of the social networks Twitter, LinkedIn and Xing displayed on our website are only linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.
The social networks with which you communicate store your information using pseudonyms as usage profiles and use it for advertising and market research purposes. For example, advertisements within the social network and on other third-party websites may be displayed to you that correspond to your presumed interests. For this purpose, cookies are usually used, which the Social Network stores on your terminal device. Further information on cookies can be found in section 11. You have the right to object to the creation of these user profiles, for the exercise of which you must contact the social networks directly.
We maintain profiles with the aforementioned social networks for the purpose of contemporary and supportive public relations and corporate communication with customers and interested parties.
10.3 Legal basis
The legal basis for data processing within the framework of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 10.2. If you are asked by us to give your consent within the scope of a cookie banner or cookie consensus tool, the legal basis is Art. 6 Para. 1 lit. a DSGVO. Such consent is voluntary. If the respective operator of a social network requests your consent, the legal basis is Art. 6 para. 1 lit. a DSGVO.
10.4 Recipients and transmission in third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.
- Xing, New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland https://privacy.xing.com/en/privacy-policy.
- LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland https://www.linkedin.com/legal/privacy-policy?_l=de_DE
11.1 Description of processing
11.3 Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Clause 11.2. If you are asked by us for consent within the scope of a cookie banner or cookie consensus tool, the legal basis is Art. 6 Para. 1 lit. a DSGVO. Such consent is voluntary.
11.4 Storage period, revocation of consent
We have compiled the following links for you, which will lead you to instructions on how you can change the settings of common browsers. Further information can be found in the support menu of your browser:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent.
12. Security Measures
In order to protect your personal data from third-party access, we use SSL (secure sockets layer) or TLS (transport layer security) technology that encrypts the communication of data between our website and your device. You can identify SSL/TLS encryption via the small padlock logo on the left of the address bar of your browser.
13. Data subject rights
With regard to the aforementioned data processing carried out by us, you have the following rights as a data subject:
13.1 Right of Access (Art. 15 GDPR)
You have the right to be informed by us if we are processing your personal data. If we are processing it, you have the right under art. 15 GDPR to be informed as to what data we are processing and the right to additional information as specified in art. 15 GDPR.
13.2 Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and were applicable to have incomplete personal data completed, including by means of providing a supplementary statement.
13.3 Erasure (Art. 17 GDPR)
You have the right to obtain from us the erasure of your personal data concerning without undue delay and we shall have the obligation to erase your personal data without undue delay where one of the following grounds under art. 17 GDPR applies (e.g. if your data is no longer required for the purpose for which we were using it).
13.4 Restriction of Processing (Art. 18 GDPR)
You have the right to demand that we restrict the processing of your personal data, provided that one of the criteria specified under art. 18 GDPR is met (e.g. if you dispute the accuracy of your personal data, its processing will be restricted for the period necessary for us to check its accuracy).
13.5 Data Portability (Art. 20 GDPR)
Subject to the criteria specified under art. 20 GDPR, you have the right to be given your data in a structured, commonly used and machine-readable format.
13.6 Withdrawal of Consent (Art. 7 Abs. 3 GDPR)
You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have future effect but no retroactive affect).
13.7 Complaints (Art. 77 GDPR)
If you believe that the processing of your personal data is in breach of GDPR, you can complain to a supervisory authority. You can submit your complaint to a supervisory authority in the EU member state where you are habitually resident or work or where the alleged breach took place.
13.8 Restraint on automated decision making/profiling (Art. 22 DSGVO)
Decisions that have legal consequences for you or that could have a significant detrimental affect on you must not be based solely on the automated processing of personal data, including profiling. We do not apply any such processing or profiling to your personal data.
13.9 Objection (Art. 21 DSGVO)
Where we process your personal data on the basis of art. 6 para. 1 f) GDPR in pursuit of our overriding legitimate interests, you have the right subject to art. 21 GDPR to object, provided your objection is based on grounds relating to your specific situation. Once you have objected, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Regardless of the aforementioned restrictions, and regardless of whether any special circumstances apply, you have the right to object at any time to the processing of your personal data for direct marketing purposes.
Last amended: November 2019