Under the German constitution, every citizen is entitled to determine how his or her personal data can be used.
Therefore it is our duty to protect the data that you provide us when you visit our website. We wish to show you, below, the data that we have about you, what happens to this data, and which security measures we have taken to protect this data from misuse.
Area of Validity
This data privacy statement applies to our entire website, but not to the sites of other providers for which you may find links on our site.
Our in-house IT department is continually adjusting the technical security precautions to match current circumstances and requirements.
Each time that a user accesses a page on our website, and each time a file is accessed, access data about this procedure is stored in a log file on our server.
- IP address
- Browser type and
- Browser settings
- Operating system
- Page visited
This data is used to generate statistics that help us to continue to modify our web portal to suit your needs. The data cannot be related to any specific person, and it is not passed on to any third party, even in partial form.Should they so request, users are entitled to be told which personal data we have stored about them. They are also entitled to have this data corrected and deleted.CookiesWe use session cookies on our site. The data is not stored long-term. Using temporary cookies is beneficial to you insofar as you will not have to repeatedly enter your personal details when you are filling in different forms on our website: the cookies are automatically deleted when the browser is closed.A cookie refers to information that a web server sends to a browser which the browser then sends back again when it accesses that web server. Session cookies are only stored for the length of a session.Most browsers are configured in such a way that they accept cookies automatically. However, you can disable the storing of cookies or configure your browser so that it notifies you when cookies are being sent.Personal Data ProcessingAt certain places on our website we give you the opportunity to contact us or to make use of particular services (e.g. subscribe to a newsletter). We only use the personal data that is transmitted during this process for the purpose for which you have given it to us. It is not passed on to any third party.Personal Data SecurityTo ensure that our communication with you remains confidential we use so-called SSL encryption. Based on current knowledge, the 128 bit encryption which this enables is regarded as secure. All latest generation browsers can achieve this level of security. In some case you may need to update the browser on your PC.Changes to This Data Protection StatementIf circumstances change, e.g. the BDSG (German Federal Data Protection Act) is amended, we will update this data protection statement if necessary.Your questions and suggestions in relation to data protection are important to us. You can contact our Data Protection Officer at this address: Email: datenschutz(at)controlware.de
Legal bases for data processing
Personal data may be processed on the basis of various statutory provisions, which we refer to below:
- Insofar as we process personal data concerning you on the basis of your consent, this is done in accordance with Art. 6 Para. 1 a) GDPR in conjunction with Art. 4, No. 11 and Art. 7 GDPR.
- Data relating to the initiation, execution or termination of contractual relationships is processed on the basis of Art. 6 Para. 1 b) GDPR. Exempt from this, is data relating to the initiation, execution or termination of employment contracts. This data is processed on the basis of Section 26 of the German Federal Data Protection Act (BDSG).
- Insofar as we process your data for the purpose of fulfilling legal obligations that apply to us, e.g. relating to tax law or social-security law, this is done on the basis of Art. 6 Para. 1 c) GDPR.
- Finally, we may process personal data concerning you on the basis of an overriding legitimate interest on Controlware’s part, taking your opposing interests in protection into consideration. The legal basis for this is Art. 6 Para. 1 f) GDPR.
Your rights as the data subject
Access, Art. 15 GDPR
You have the right to access the data we have stored concerning you. This includes:
- The categories of personal data that are processed
- The purposes of the processing
- The recipients or categories of recipient
- The envisaged period for which the data will be stored
- The existence of your rights to rectification, erasure, restriction of processing, or objection to processing
- The right to lodge a complaint with a supervisory authority.
Access requests should be addressed to: Controlware GmbH
Data Protection Officer
Please enclose a copy of your personal ID, showing your name, address and date of birth, so we can establish your identity and effectively prevent data from being transmitted to unauthorised parties.
Rectification, Art. 16 GDPR
You have the right to obtain from us the rectification of incorrect data we have stored concerning you. You also have the right to have incomplete data sets completed.
Erasure, Art. 17 GDPR
You have the right to obtain from us the erasure of the personal data we have stored concerning you. This does not apply if we are legally obliged to store the data, or if we require the data for the fulfilment of contractual obligations or for legal prosecution. In these cases, the right to erasure shall be replaced by the right to restrict the processing of personal data.
Restriction of processing, Art. 18 GDPR
Where one of the following applies, you have the right to obtain from us the restriction of processing of the personal data we have stored concerning you:
- If you contest the accuracy of the personal data concerning you, for a period enabling us to verify the accuracy of the data;
- If the processing is unlawful and you oppose the erasure of the personal data, instead requesting that its use be restricted;
- If we no longer require the personal data for the original processing purposes, but you require it for the establishment, exercise or defence of legal claims, or
- If you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate interests of the controller override your legitimate interests.
If the processing of personal data concerning you has been restricted, we may – with the exception of storage – only process this data with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
Should we intend to lift the restriction of processing of personal data concerning you, you will be informed of this beforehand.
Right to data portability, Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller, where
- the processing is based on consent pursuant to Art. 6 Para. 1 a GDPR or a contract pursuant to Art. 6 Para. 1 b GDPR, and
- we carry out the processing by automated means.
In this context, you have the right to ask us to transmit the relevant data directly to another controller you name, insofar as this is technically feasible and does not encroach on the rights and freedoms of others.
Objection, Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, insofar as we are processing your data based on Art. 6 Para. 1 e) or f) GDPR.
In the event of an effective objection, we will no longer process the personal data concerning you unless we have compelling grounds for processing, which override your interests, rights and freedoms or if processing serves the establishment, exercise or defence of legal claims.
If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process personal data concerning you for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Right to revoke your consent
Insofar as we process personal data concerning you based on your consent pursuant to Art. 6 Para. 1 a) GDPR, you may revoke this consent at any time, effective for the future, without stating any reasons. As a result of this revocation, we may no longer be able to render our services for you, or only to a limited extent, or you may no longer be able to use certain services.
Objections should be addressed to:
Data Protection Officer
Controlware generally erases personal data immediately, once it is no longer required for the purposes for which it was collected. In some cases, however, there are legal retention periods to which we are, of course, bound. In such cases, the data shall be erased once the respective period has elapsed. Data collected through IP logging is generally erased after 12 months.
Right to lodge a complaint
If you feel that our data processing has breached your rights or basic freedoms, you have the right to lodge a complaint with our company’s data protection officer or a supervisory authority.
Contact details for our company’s data protection officer:
Data Protection Officer