Menu
In accordance with the statutory provisions of data protection law (in particular in accordance with the German Data Protection Act n.F. and the European General Data Protection Regulation “GDPR”) we inform you below about the nature, scope and purpose of the processing of personal data by our company. This Privacy Policy also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” or “processing”, please refer to Art. 4 GDPR.
Name and contact details of the person responsible
Our controller (hereinafter referred to as “controller”) in accordance with Art. 4 para. 7 GDPR is:
Uberitas GmbH
Acacia path 6
159 806 Zossen
E-mail address: m.schmitt@uberitas.eu
Data types, purposes of processing and categories of data subjects
In the following we inform you about the type, scope and purpose of the collection, processing and use of personal data.
usage data (access times, visited websites, etc.), payment data (bank data, account data, payment history, etc.),
Technically and economically optimize the website, facilitate easy access to the website, fulfill legal retention obligations, optimize and statistically evaluate our services, improve user experience, make website user-friendly, avoidance of SPAM and misuse, customer service and customer care, provide websites with features and content,
Visitors/users of the website, customers, interested parties,
The data subjects are collectively referred to as “users.”
Legal basis for the processing of personal data
In the following we inform you about the legal basis for the processing of personal data:
If we have obtained your consent for the processing of personal data, Art. 6 para. 1 p. 1 lit. a) GDPR legal basis.
If the processing is necessary for the performance of a contract or for the execution of pre-contractual measures that are carried out at your request, Art. 6 para. 1 p. 1 lit. b) GDPR legal basis.
If processing is necessary to fulfil a legal obligation to which we are subject (e.g. statutory retention obligations), Art. 6 para. 1 p. 1 lit. c) GDPR legal basis.
If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 p. 1 lit. d) GDPR legal basis.
If processing is necessary to safeguard our or the legitimate interests of a third party and if your interests or fundamental rights and freedoms do not outweigh in this respect, Art. 6 para. 1 p. 1 lit. f) GDPR legal basis.
Disclosure of personal data to third parties and processors
In principle, we do not pass on data to third parties without your consent. If this is the case, the transfer will take place on the basis of the aforementioned legal bases, e.g. when data is passed on to online payment providers for the fulfilment of a contract or due to a court order or due to a legal obligation to hand over the data for the purpose of law enforcement, security or the enforcement of intellectual property rights.
We also use processors (external service providers, e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processors in the context of an agreement for order processing, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly and have been granted the right to give instructions regarding the data. In addition, the processors must have taken appropriate technical and organisational measures and comply with the data protection regulations acc. comply with BDSG n.F. and DS-GVO
Transmission of data to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data is therefore primarily processed by companies to which the GDPR applies. If the processing takes place by third party services outside the European Union or the European Economic Area, they must comply with the special requirements of Art. 44 ff. GDPR. This means that the processing is carried out on the basis of special guarantees, such as the determination of an EU-compliant level of data protection or compliance with officially recognised special contractual obligations, the so-called “standard contractual clauses.”
Insofar as we are due to the ineffectiveness of the so-called “Privacy Shield”, pursuant to Art. 49 para. 1 p. 1 lit. a) DSGVO to obtain your explicit consent to the transfer of data to the USA, in this regard we draw attention to the risk of secret access by US authorities and the use of the data for surveillance purposes, possibly without legal remedies for EU citizens.
Deletion of data and storage time
Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the consent given for processing is revoked by you or the purpose for storage ceases to exist or the data is no longer required for the purpose, unless further retention is necessary for evidentiary purposes or there are legal retention obligations to the contrary. This includes, for example, commercial law retention obligations for business letters pursuant to § 257 para. 1 HGB (6 years) as well as tax retention obligations pursuant to § 147 para. 1 AO of documents (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion of a contract or for the performance of the contract.
Existence of automated decision-making
We do not use automatic decision making or profiling.
Provision of our website and creation of log files
If you only use our website for informational purposes (i.e. not registering or otherwise transmitting information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
These data are not stored together with other personal data about you.
This data serves the purpose of the user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.
The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 para. 1 S.1 lit. f) GDPR.
For security reasons, we store this data in server log files for a storage period of 30 days. After this period, they are automatically deleted, unless we require them to be kept for evidentiary purposes in the event of attacks on the server infrastructure or other legal violations.
Cookies
We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser stores and stores on your computer. When you visit our website again, these cookies provide information to automatically recognize you. Cookies also include so-called “user IDs”, where user information is stored by means of pseudonymised profiles. When you access our website, we inform you about the use of cookies for the aforementioned purposes by means of a reference to our privacy policy and how you can object to them or prevent their storage (“opt-out”).
The following types of cookies are distinguished:
Data categories: user data, cookie, user ID (including pages visited, device information, access times and IP addresses).
Purposes of processing: The information obtained in this way serves the purpose of optimizing our web offers technically and economically and to provide you with easier and secure access to our website.
Legal basis: If we process your personal data with the help of cookies based on your consent (“opt-in”), then Art. 6 para. 1 p. 1 lit. a) GDPR the legal basis. Otherwise, we have a legitimate interest in the effective functionality, improvement and economic operation of the website, so that in this case Art. 6 para. 1 p. 1 lit. f) GDPR is the legal basis. The legal basis is also Art. 6 para. 1 p. 1 lit. b) GDPR, if the cookies are set to initiate a contract, e.g. for orders.
Storage period/deletion: The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the event of the collection of data for the provision of the website, this is the case when the respective session has ended.
Cookies are otherwise stored on your computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
Here you can find information on the deletion of cookies by browsers:
Chrome: https://support.google.com/chrome/answer/95647
Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac
Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen
Internet Explorer: https://support.microsoft.com/de-at/help/17442/windows-internet-e xplorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies
Objection and “opt-out”: You can generally prevent the storage of cookies on your hard drive, regardless of your consent or legal permission, by selecting “do not accept cookies” in your browser settings. However, this may result in a functional limitation of our offers. You can opt out of the use of third-party cookies for advertising purposes via this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
Contact us via contact form / e-mail / fax / post
When you contact us via contact form, fax, post or e-mail, your details will be processed for the purpose of processing the contact request.
The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a) GDPR. The legal basis for the processing of data transmitted in the course of a contact request or e-mail, a letter or fax is Art. 6 para. 1 p. 1 lit. f) GDPR. The controller has a legitimate interest in the processing and storage of the data in order to be able to respond to user requests, to secure evidence for liability reasons and to comply, if applicable, with its statutory retention obligations for business letters. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 p. 1 lit. b) GDPR.
We may store your details and contact request in our Customer Relationship Management System (“CRM System”) or a similar system.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. We store requests from users who have an account or a contract with us for up to two years after the termination of the contract. In the case of statutory archiving obligations, deletion takes place after their expiry: End of commercial law (6 years) and tax law (10 years) retention obligation.
You have the option at any time to withdraw your consent pursuant to Art. 6 para. 1 p. 1 lit. a) to revoke the GDPR for the processing of personal data. If you contact us by e-mail, you can object to the storage of your personal data at any time.
Contact by phone
When you contact us by phone, your phone number is processed to process the contact request and its processing and is temporarily stored or displayed in the RAM / cache of the phone device / display. The data is stored for liability and security reasons in order to be able to prove the call and for economic reasons in order to allow a recall. In the event of unauthorized advertising calls, we block the phone numbers.
The legal basis for the processing of the telephone number is Art. 6 para. 1 p. 1 lit. f) GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 bed. b) GDPR.
The device cache saves the calls for 30 days and successively overwrites or deletes old data, when disposing of the device all data is deleted and the memory may be destroyed. Blocked telephone numbers are checked annually for the need for blocking.
You can prevent the phone number from being displayed by calling with the phone number suppressed.
Google Analytics
We have integrated the website analysis tool “Google Analytics” (service provider: Google Ireland Limited, Registration No: 368 047, Gordon House, Barrow Street, Dublin 4, Ireland) into our website.
Data categories and description of data processing: User ID, IP address (anonymized). When you visit our website, Google places a cookie on your computer in order to be able to analyse your use of our website. We have activated the IP anonymization “anonymizeIP”, whereby the IP addresses are processed only in abbreviated form. On this website, your IP address will therefore be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the controller. We have also activated cross-device analysis of website visitors, which is carried out via a so-called user ID. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. For more information on data usage in Google Analytics, please visit: https://www.google.com/analytics/terms/de.html (Analytics Terms of Use), https://support.google.com/analytics/answer/6004245?hl=de&nb sp; (Notice on data protection in Analytics) and Google’s privacy policy https://policies.google.com/privacy.
Purpose of processing: The use of Google Analytics serves the purpose of analyzing, optimizing and improving our website.
Legal basis: If you have given your consent to the processing of your personal data by means of “Google Analytics” by the third party provider (“opt-in”), then Art. 6 para. 1 p. 1 lit. a) GDPR the legal basis. The legal basis is also our legitimate interest in data processing in accordance with Art. 6 para. 1 S.1 lit. f) GDPR. In the case of services provided in connection with a contract, the tracking and analysis of user content is carried out in accordance with Art. 6 para. 1 p. 1 lit. b) GDPR in order to be able to offer optimized services with the information obtained in this way to fulfil the purpose of the contract.
Storage period: The data sent by us and associated with cookies, user IDs (e.g. user IDs) or advertising IDs are automatically deleted after months. The deletion of data whose retention period has been reached takes place automatically once a month.
Data transmission/recipient category: Google, Ireland and USA. We have also concluded an agreement with Google for order processing pursuant to Art. 28 GDPR.
Objection and removal options (“opt-out”):
Rights of the data subject
Objection or revocation against the processing of your data
Insofar as the processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a), Art. 7 GDPR, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
Insofar as we process your personal data on the balancing of interests pursuant to Art. 6 para. 1 p. 1 lit. f) on the basis of the GDPR, you may object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing.
You may object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise the right of objection free of charge. You can inform us about your advertising objection under the following contact details:
Uberitas GmbH
Acacia path 6
159 806 Zossen
E-mail address: m.schmitt@uberitas.eu
Right to information
You have the right to request confirmation from us as to whether personal data concerning you are being processed. If this is the case, you have a right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it has been collected directly from you.
Right to rectification
You have the right to correct incorrect data or to complete correct data pursuant to Art. 16 GDPR.
Right to erasure
You have the right to delete your data stored with us in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights for further storage prevent this.
Right to restriction
You have the right to request a restriction on the processing of your personal data if one of the conditions in Art. 18 para. 1 bed. a) to d) GDPR:
– if you object to the processing pursuant to Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
Right to data portability
You have a right to data portability under Article 20 of the DS-GVO, which means that you can obtain the personal data we hold about you in a structured, commonly used and machine-readable format or request that it be transferred to another controller.
Right of appeal
You have a right to complain to a supervisory authority. As a general rule, you can contact the supervisory authority, in particular in the Member State where you are staying, where you work or where the alleged infringement occurred.
Data security
We have taken appropriate technical and organisational security measures to protect all personal data transmitted to us and to ensure that the data protection regulations are complied with by us, but also by our external service providers. Therefore, all data between your browser and our server is transmitted encrypted via a secure SSL connection.
Status: 07. 03. 2021