Address:

servinga GmbH
Rüsselsheimer Str. 22
60326 Frankfurt / Main
Phone: +49 69 / 348 75 11 – 0
Fax: +49 69 / 348 75 11 – 99

E-Mail: [email protected]
Web: www.servinga.com

Inhalt
Responsible for own content of servinga GmbH acc. § 55 RStV: Christian Lertes, Adam Lakota

Data Protection Declaration in Accordance with the GDPR

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States, as well as other data protection regulations, is:

servinga GmbH
Christian Lertes, Adam Lakota
Rüsselsheimer Str. 22
60326 Frankfurt am Main
Germany
Phone: +49 +49 69 348 75 11 0
E-Mail: [email protected]
Website: www.servinga.com

II. General information on data processing

1. Scope of personal data processing

We collect and utilize our users’ personal data only insofar as this is necessary for provision of an operational site and of our content and services. Collection and utilization of our users’ personal data is only undertaken periodically with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law.

2. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as legal basis. In processing personal data necessary for performance of a contract to which the data subject is a party, Art. 6 Para. GDPR applies as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. (1)(c) GDPR applies as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 Para. (1)(d) GDPR applies as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. (1)(f) GDPR applies as the legal basis for processing.

3. Data deletion and storage duration

The personal data of a relevant person will be deleted or blocked as soon as the purpose of storage ceases to exist. Furthermore, data may be stored if this has been provided by the European or national legislation in EU regulations, laws or other provisions to which the data controller is subject. Blocking or erasure of data will be carried out even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or performing a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.
In doing so, the following data is collected:

  • Information regarding the used browser type and version
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites accessed by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for temporary storage of data and log files is Art. 6 Para. (1) f GDPR.

3. Purpose of data processing

Temporary storage of IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.

The data are stored in log files to ensure the website’s functionality. The data is also used to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.

These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 Para. (1) f GDP

4. Retention period

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.

Should any data be stored in log files, these will be in seven days at the latest. Further storage is possible. In this case, the user’s IP addresses will be deleted or distorted so that assignment to the accessing client is no longer possible.

5. Objection and deletion options

Collection of data for provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, there is no option to object on the part of the user.

IV. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

We also use cookies on our website to analyze user surfing behavior.

The following data can be transmitted in this way:

  • Search terms entered
  • Frequency of page views
  • Use of website functions

The user data collected in this way is pseudonymized via technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with users’ other personal data.

When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this data protection declaration. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings.

When accessing our website, the user is informed regarding the use of cookies for analytical purposes and his or her consent to the processing of personal data used in this context is obtained. Reference is also made to this Data Protection Declaration, in this context.

b) Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6 Para. (1) f GDPR.

The legal basis for processing personal data by using cookies for analytical purposes, if the user’s consent to this has been obtained, is Art. 6 Para. 1 (a) GDPR.

c) Purpose of data processing

The analysis cookies are used to improve the quality of our website and its content. Using analysis cookies, we learn how the site is used and can constantly optimize our service.

For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 Para. 1 (f) GDPR.

d) Duration of storage, objection and removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, the user also has full control over the use of cookies. By changing the settings in his Internet browser, he can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features in full.

V. Contact form and email contact

1. Description and scope of data processing

Our website contains a contact form for general communication and one for requesting information on our products and services, which can be used for electronic contact. If a user accepts this option, the data entered in the input screen will be transmitted to us and stored. This data includes:

  • Surname and first name
  • Email address
  • Company name
  • Phone number
  • Subject
  • Message

The following data is also stored at the time the message is sent:

  • The user’s IP address
  • Date and time

During the sending process, your consent is obtained for processing data and reference is made to this privacy policy.

Alternatively, you can contact us via the provided email address. In this case, the user’s personal data that is transmitted along with the email will be stored.

This data will not be disclosed to third parties in this context. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 Para. 1 (a) GDPR.

The legal basis for processing the data transmitted in the course of sending an email is Art. 6 Para. 1 (f) GDPR. If you send us an email with the intention to enter into a contract with us, this creates an additional legal basis for its processing per Art. 1 (b) GDPR.

3. Purpose of data processing

We only use personal data provided on contact forms to make the requested contact. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The processing of other personal data during the sending process serves the purpose of preventing the misuse of the contact form and to ensure the security of our information technology systems.

4. Retention period

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.

5. Objection and deletion options

The user has the option of revoking his or her consent to the processing of personal data, at any time. A user who has contacted us by e-mail can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case.

All personal data stored in the course of contacting us will be deleted as a result.

VI. Creating/operating the customer account

1. Description and scope of data processing

In order to use our services, the customer receives a login and a password. This is only intended for the first login and has to be changed by the customer afterwards.

The following data is stored in the customer account and can be viewed by the customer:

  • Name
  • Email address
  • Company name
  • Password
  • All orders and their status
  • IP address
  • Times of logins and activities

The customer can administer and change the data (exception numbers 6 and 7) on his own responsibility.

During the sending process, your consent is obtained for processing data and reference is made to this privacy policy.

2. Legal basis for data processing

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 Para. 1 (a) GDPR.

The legal basis for the processing of the data necessary for the execution of the contract is Art. 6 Para. 1 (b) GDPR.

3. Purpose of data processing

The processing of personal data serves us solely for the processing of the concluded or concluded or discontinued or existing individual contracts/subscriptions and inquiries. This is also the legitimate interest in the processing of the data.

4. Retention period

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. With regard to the contract data, this is the case as soon as the specific individual contract has been terminated. With regard to other personal data, as soon as the last individual contract has been terminated and all costs have been settled.

The deletion takes place, as far as no commercial law or tax law regulations foresee a longer storage at the latest after a period of 7 days.

5. Objection and deletion options

The user has the option of revoking his or her consent to the processing of personal data, at any time. He can object to the storage at any time.

Such a declaration shall constitute an ordinary termination of all contracts entered into. After termination of the contract and fulfillment of the obligations, the data shall be deleted as specified in Section 4.

VII. Payment methods

1. Description and scope of data processing

To book individual services, the customer has a choice of the following payment options: “Invoice”, “SEPA Direct Debit” and “PayPal”.

a.) Processing of personal data when selecting payment method “invoice”.

If the user has selected the payment method “Invoice”, the following data will be recorded and saved:

  • Name (and first name) of invoice recipient
  • Street and number
  • ZIP code and city
  • Email address
  • Registration number
  • Value added tax number/value added tax ID

b.) Processing of personal data when selecting “SEPA Direct Debit” payment method

If the user authorizes us to direct debit, the respective payer must fill out an appropriate form. This can be created on paper or online.

The form shall contain the creditor identification number, the mandate reference and an indication as to who the payee is and that the credit institution of the debtor is authorised to redeem direct debits.

The debtor must supplement the form with the following information:

  • Name (and first name) of invoice recipient
  • Street and number
  • ZIP code and city
  • Credit institution (name and BIC)
  • IBAN
  • Date, location and signature

The data required for payment processing will be forwarded to the payment service provider commissioned with the payment. In some cases, the payment service providers also collect this data on their own responsibility. In this respect, the data protection information of the respective payment service provider applies.

c). Processing of personal data when selecting payment method “invoice”.

If the user chooses PayPal’s payment services, he will be redirected directly to PayPal’s website. PayPal collects various personal data that is necessary for the processing of payment transactions, but we have no influence on the collection of this data. The user can decide against the collection of data by PayPal and select another payment method.

Data is being processed by
Paypal (Europe) S.à.r.l. & Cie. S.C.A.,
22-24 Boulevard Royal, 2449 Luxembourg,
Luxemburg.

Independently of this, we transfer the following data to PayPal

  • Customer’s last name and first name
  • The billing address with surname and first name
  • Total amount of the shopping cart (no information on individual items)
  • Order number/reference number

After a risk check by PayPal, we only receive the information from PayPal for further order processing, whether the order is accepted or rejected (possibly after manual check by PayPal). In the latter case, the user can then select a different payment method. In this respect, reference is made to PayPal’s data protection declaration:

  • https://www.paypal.com/de/webapps/mpp/paypal-and-your-data
  • https://www.paypal.com/de/webapps/mpp/ua/privacy-full

During the sending process, your consent is obtained for processing data and reference is made to this privacy policy.

2. Legal basis for data processing

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 Para. 1 a GDPR. The legal basis for the processing of the data necessary for the execution of the contract is Art. 6 Para. 1 b GDPR. The legal basis for the transmission of data to external payment service providers for the performance of the contract is Art. 6 Par. 1 b GDPR.

3. Purpose of data processing

The processing of personal data serves us solely for billing the concluded individual contracts/subscriptions. This is also the legitimate interest in the processing of the data.

4. Retention period

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. With regard to the contract data, this is the case as soon as the specific individual contract has been terminated. With regard to other personal data, as soon as the last individual contract has been terminated and all costs have been settled. The deletion takes place, as far as no commercial law or tax law regulations foresee a longer storage at the latest after a period of 7 days.

5. Objection and deletion options

The user has the option of revoking his or her consent to the processing of personal data, at any time. He can object to the storage at any time. Such a declaration shall constitute an ordinary termination of all contracts entered into. After termination of the contract and fulfillment of the obligations, the data shall be deleted as specified in Section 4.

VIII. Web analysis by Matomo

1. Scope of personal data processing

We occasionally use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:

  • Two bytes of the IP address of the user’s accessing system
  • The web page called up
  • The website from which the user has called up the website accessed (referrer)
  • The subpages called up from the website that is accessed
  • The time spent on the website
  • The frequency with which the website is accessed

The software runs exclusively on the servers of our website. The personal data of users is only stored there. Your data will not be disclosed to third parties. The software is set so that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it would no longer be possible to assign the truncated IP address to the computer accessing the site.

2. Legal basis for processing personal data

The legal basis for processing the personal data of users is Art. 6 Para. (1) f GDPR.

3. Purpose of data processing

The processing of users’ personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 Para. (1) f GDPR. By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

4. Retention period

The data will be deleted as soon as it is no longer needed for our recording purposes. In our case, this will be after 180 days.

5. Objection and deletion options

Cookies are stored on the user’s computer and transmitted to our site. Therefore, the user also has full control over the use of cookies. By changing the settings in his internet browser, he can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features in full.

More information about the privacy settings of the Matomo software: https://matomo.org/docs/privacy/

IX. Contract with Microsoft

1. Description and scope of data processing

The user has the possibility to purchase licenses from Microsoft via our portal. The user concludes the license agreement directly with Microsoft.

Their privacy information and privacy settings: https://privacy.microsoft.com/de-de/privacystatement

The monthly billing of the license fees is done by us, so we may be required to provide the following information to Microsoft:

  • Customer (company)
  • Headquarters of the customer
  • Email address of the customer
  • Address of the customer
  • IP address of the customer server
  • Number of physical and virtual CPU cores of customer servers

The data will then be collected and stored on behalf of Microsoft by Comparex AG, Baierbrunner Strasse 15, 81379. During the sending process, your consent is obtained for processing data and reference is made to this privacy policy.

2. Legal basis for data processing

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 Para. 1 a GDPR.

The legal basis for the processing of the data necessary for the execution of the contract is Art. 6 Para. 1 b GDPR.

3. Purpose of data processing

The processing of personal data serves us solely for the processing of the concluded or concluded or discontinued or existing individual contracts/subscriptions and inquiries. This is also the legitimate interest in the processing of the data.

4. Retention period

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. With regard to the contract data, this is the case as soon as the specific individual contract has been terminated. With regard to other personal data, as soon as the last individual contract has been terminated and all costs have been settled. The deletion takes place, as far as no commercial law or tax law regulations provide for a longer storage at the latest after a period of 3 years from the end of the contract to the respective end of the year.

5. Objection and deletion options

The user has the option of revoking his or her consent to the processing of personal data, at any time. He can object to the storage at any time.

Such a declaration shall constitute an ordinary termination of all contracts entered into. After termination of the contract and fulfillment of the obligations, the data shall be deleted as specified in Section 4.

X. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to the data controller:

1. Right to information

You can request that the data controller confirm whether we will process personal data that concerns you.

If such processing is taking place, you can request to be informed by the data controller regarding the following information:

  • the purposes for processing the personal data;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
  • the planned storage duration of personal data concerning you or, if specific information in this respect is not possible, criteria for determining the storage period;
  • the existence of a right of rectification or deletion of personal data that concerns you or of a restriction on processing by the data controller or of a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data has not been collected from the data subject;
  • the existence of automated decision-making, including profiling in accordance with Art. 22 Para. 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organization. In this respect, you can request the appropriate guarantees in accordance with Art. 46 of the GDPR in connection with the transmission.

2. Right of rectification

You have a right to correct and/or add to your personal data held by the data controller if it is incorrect or incomplete. The data controller shall make the correction immediately.

3. The right to restrict processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

  • you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
  • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  • the data controller no longer needs the personal data for processing purposes, but you need it to establish, exercise, or defend legal claims; or
  • you object to the processing in accordance with Art. 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh your reasons.

Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.

If the processing restriction has been done in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You may request that the data controller delete the personal data that concerns you immediately, and the data controller will be obliged to delete this data immediately if one of the following reasons applies:

  • the personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed;
  • you revoke your consent to the processing pursuant to Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) GDPR , and where there is no other legal ground for the processing.
  • you submit an objection to the processing pursuant to Art. 21 Para. 1, GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection according to Art. 21 Para. 2 GDPR to the processing;
  • the personal data that concerns you has been processed unlawfully;
  • the deletion of personal data is required to comply with legal obligations according to Union law or the laws of the Member States to which the data controller is subject;
  • the personal data that concerns you has been collected in connection with offered information society services pursuant to Art. 8 Para. 1 GDPR.

b) Transfer of personal data to third parties

If the data controller has made the personal data that concerns you public and if the data controller is obliged for its deletion pursuant to Art. 17 Para. 1 of the GDPR, that data controller shall take appropriate measures, including technical means, while taking into account available technology and implementation costs, to inform the data controllers for data processing who process the personal data, that you as the data subject have requested deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

  • to exercise the right of freedom of expression and information;
  • for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;
  • for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 (h) and (i), as well as Art. 9 Para. 3 of the GDPR;
  • for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
  • to assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to have the data controller correct, delete, or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

It is your right to have the data controller inform you about these recipients.

6. The right to data portability

You have the right to obtain your personal data, which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to pass this data on to another responsible party without obstruction by the data controller to whom the personal data was provided, insofar as

  • the processing is based on consent pursuant to Art. 6 Para. (1) a of the GDPR or Art. 9 Para. 2 (a) of the GDPR or on a contract pursuant to to Art. 6 Para. 1 (b) of the GDPR and
  • the processing is undertaken using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

7. Right of objection

You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 Para. 1 (e) or (f) GDPR, including profiling based on those provisions;

The data controller will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. The right to revoke the data protection declaration of consent

You have the right at any time to revoke your data protection declaration of consent. The revocation of consent shall not affect the legality of any processing undertaken on the basis of this consent before its withdrawal.

9. Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This shall not apply if the decision:

  • is necessary for the conclusion or fulfillment of a contract between you and the data controller;
  • is permissible on the basis of legislation of the Union or the Member States, to which the responsible party is subject, and these laws contain adequate measures to safeguard your rights and freedoms, as well as your legitimate interests, or
  • is undertaken with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 (a) or (g) and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the data controller, to state his or her own position and to challenge the decision.

10. The right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.

The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 of the GDPR.

Date: March 2021