Data protection

Privacy statement of 1NCE GmbH for 1nce.com (as of June 2018)

 

A.     Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is

 

1NCE GmbH

legally represented by the managing directors Mr. Alexander P. Sator, Mr. Younes Allaki, Mr. Alexander Bufalino and Mr. Kim Juchem

Sternengasse 14-16
50676 Cologne

Germany

Email: privacy@1nce.com

Website: https://1nce.com

 

B.     Contact details of the data protection officer

The data protection officer of the data controller may be contacted via the following contact details:

 

Herr Oliver Gönner

SICODA GmbH – Impekovener Str. 44

53347 Alfter

Germany

Tel.: 0228 286 140 – 61
Email: dsb@sicoda.de

C.     General information on data processing

I.       Scope of processing of personal data

We only process personal data of our users if this is necessary to provide a functioning website  or to establish contact between the user and us via this website. The processing of personal data of our users usually only takes place with the user’s consent. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and/or the processing of the data is permitted by provisions of statutory law.

 

II.      Legal basis for the processing of personal data

To the extent we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 subpara. 1 lit. a GDPR serves as a legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 subpara. 1 lit. b GDPR serves as a legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

To the extent the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 subpara. 1 lit. c GDPR serves as a legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para.1 subpara. 1 lit. d GDPR serves as a legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, Art. 6 para. 1 subpara. 1 lit. f GDPR serves as a legal basis.

 

III.    Data erasure and storage time

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for in EU or Member State regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or deleted if a storage period prescribed in one of the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

D.    Data processing in detail

I.       Provision of the website and creation of log files

1.      Description and scope of data processing

Every time you visit our website (1nce.com), our system automatically collects data and information from the computer system of the calling computer.

 

The following data is collected:

  • Information about the browser type and version used
  • The user’s operating system and user interface
  • Language and version of the browser software
  • The user’s internet service provider
  • The IP address of the user
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • Websites from which the user’s system reaches our website
  • Websites accessed by the user’s system through our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

 

2.      Legal basis for the processing of personal data

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 subpara. 1 lit. f GDPR.

 

3.      Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be made available to the user’s computer. To that effect the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing therefore results from Art. 6 para. 1 subpara. 1 lit. f GDPR.

 

4.      Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an identification of the calling client is no longer possible.

 

5.      Possibility of objection and removal

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

II.      Use of cookies

1.      Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is called up again. We use cookies to make our website more user-friendly. Certain elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

  • Language settings

We also use cookies on our website which enable an analysis of the user behavior on our website. In this way, the following data can be transmitted:

  • Frequency of page views
  • Use of website functions

The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the user.

 

When accessing our website, the user is informed about the use of cookies for analytical purposes and his consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this privacy statement.

 

2.      Legal basis for the processing of personal data

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 subpara. 1 lit. f GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 subpara. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 subpara. 1 lit. a GDPR.

 

3.      Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

  • Remembering language settings

The user data collected by technically necessary cookies are not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

 

4.      Duration of storage / possibility of objection and removal

Cookies are stored on the user’s computer and transmitted to our site. Therefore, users also have full control over the use of cookies. By changing the settings in his internet browser, the user can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

 

III.    Newsletter

1.      Description and scope of data processing

You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us. This applies to the following data:

  • First name (optional)
  • Family name (optional)
  • Form of address [Mr. / Mrs.] (optional)
  • Email address

In addition, the following data is collected upon registration:

(1) IP address of the calling computer

(2) Date and time of registration

The user’s consent is obtained for processing the data as part of the technical registration process and reference is made to this privacy statement.

In connection with data processing for the dispatch of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.

 

2.      Legal basis for the processing of personal data

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 subpara. 1 lit. a GDPR.

 

3.      Purpose of data processing

The collection of the user’s email address serves to subsequently send the newsletter.

The collection of other personal data as part of the technical registration process serves to prevent misuse of the services or the email address used.

 

4.      Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The name and email address of the user will therefore be stored for as long as the subscription to the newsletter is active.

Other personal data collected during the technical registration process will normally be deleted within a period of seven days.

 

5.      Possibility of objection and removal

The subscription to the newsletter can be cancelled by the user at any time. For this purpose, there is a corresponding link in every newsletter.

By doing so, it is also possible to revoke the consent to the storage of personal data collected during the technical registration process.

 

IV.   Contact forms and email contact

1.      Description and scope of data processing

Contact forms are available on our website which can be used for electronic contact. There is the possibility of using a general contact form to address requests or questions of any kind to us, as well as special contact forms that serve, for example, to request offers for our services or to establish a specific press contact. If a user uses one of these options, the data entered in the input mask will be transmitted to us and stored. Such data may be the following (depending on the contact form in which certain data may be partly marked as optional in the respective input mask):

(1) First name

(2) Family name

(3) Telephone number (landline)

(4) Telephone number (mobile)

(5) Email address

(6) Company

(7) Country of location

(8) Information entered by the user as to his request

 

At the time the message is sent, the following data is also stored:

(1) The IP address of the user

(2) Date and time of registration

 

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this privacy statement.

Alternatively, you can contact us via one of the email addresses provided. In this case, the user’s personal data transmitted by email will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

 

2.      Legal basis for the processing of personal data

The legal basis for the processing of data is Art. 6 para. 1 subpara. 1 lit. a GDPR to the extent the user has provided his or her consent.

The legal basis for the processing of data transmitted in the course of sending an email or made known to us by telephone is Art. 6 para. 1 subpara. 1 lit. f GDPR.

If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 subpara. 1 lit. b GDPR.

 

3.      Purpose of data processing

The processing of personal data from the respective input mask serves us solely for the purpose of treating the contact established by the user. In case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact button/form and to ensure the security of our information technology systems.

 

4.      Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for the personal data entered into the input mask of the con­tact form and the data transmitted by email or telephone, when the respective con­ver­sa­tion with the user has ended. The conversation is terminated when it can be assumed according to the circumstances that the issues in question have been finally clarified. 

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

 

5.      Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. In such a case, the conversation cannot be continued.

The user can revoke his consent and object to the storage of personal data at any time by sending an email to privacy@1nce.com or by writing to our address (1NCE GmbH, Sternengasse 14-16, 50676 Cologne, Germany).

All personal data stored in the course of contacting us will be deleted in this case.

The foregoing does not apply on an exceptional basis if there is a concrete suspicion that the user in question might have acted illegally in the context of making contact (e.g. in the case of offensive or other statements that violate personal rights) and a continued storage of the data concerned is at least directly permitted by Art. 6 para. 1 subpara. 1 lit. f GDPR.

 

V.     Disclosure of personal data to third parties: Hosting provider

1.      Description and scope of data processing

Our website is hosted on the server of a hosting provider (currently: maxcluster GmbH) in the Federal Republic of Germany. The personal data processed by us and described in detail in sections I. to IV. above is stored on this server. All our systems are encrypted according to the state of the art. Therefore, access to personal data by the hosting provider should normally hardly be possible. Nevertheless, we have concluded a data processing agreement with the hosting provider as a precautionary measure.

 

2.      Legal basis for the processing of personal data

The legal basis for passing on the data to the hosting provider is Art. 6 para. 1 subpara. 1 lit. b, 28 GDPR.

 

3.      Purpose of data processing

The data is passed on to the hosting provider in order to enable the operation of the website and to make the content available to users.

 

4.      Duration of storage

The data passed on to the hosting provider will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. The duration of the passing on of the data to the hosting provider is identical to the duration of the storage of the data by us in accordance with the sections I. to IV. above.

 

5.      Possibility of objection and removal

The above described passing on of the data to the hosting provider as our technical service provider is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

VI.       Disclosure of personal data to third parties: Website analysis service Google Analytics

1.      Description and scope of data processing

As part of our website we also use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies to analyze the use of our website. The information generated by the cookie about the use of our Internet site is usually transmitted to a Google server in the USA and stored there. The IP address transmitted by the browser within the framework of Google Analytics and anonymized with anonymizeIP is not merged with other Google data. We have a data processing agreement with Google.

 

2.      Legal basis for the processing of personal data

The legal basis for the transmission of data (anonymized IP address of the user) to Google is Art. 6 para. 1 subpara. 1 lit. f, 28 GDPR.

 

3.      Purpose of data processing

The data is passed on to Google in order to be able to assess the use of the website by all users more reliably and to be able to continually improve the content and technical features of the website in line with customer requirements.

 

4.      Duration of storage / possibility of objection and removal

The user can prevent the use of Google Analytics as a whole or restricted to our website as follows:
The collection of data generated by the Google cookies and related to the use of the website (including the IP address) by Google and the processing of this data by Google can be completely prevented by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
When using our website, the user can also prevent Google Analytics from collecting data via his browser by clicking on the following link: Disable Google Analytics. An opt-out cookie is then set which prevents the future collection of data when visiting this website.

Further information (including the extent to which data is processed and how long it is stored by Google) can be found in Google’s privacy policy at http://www.google.com/analytics/terms/de.html.

 

E.     Rights of the data subject

If personal data is processed by you as a user, you are affected within the meaning of GDPR and you are entitled to the following rights vis-à-vis the data controller:

 

I.       Right to information

You can ask us to confirm whether your personal data is processed by us.

If such processing has taken place, you can request the following information from the data controller:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom your personal data concerning has been or is still being disclosed;

(4) the planned duration of the storage of your personal data, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of your personal data, a right to limitation of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data is transferred to a third country or to an international organization. In this context, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

 

II.      Right to correction

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without undue delay.

 

III.    Right to limitation of processing

Under the following conditions, you may request that the processing of your personal data be restricted:

(1) if you dispute the accuracy of your personal data for a period that enables the data controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the data controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or

(4) if you object to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of your personal data has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the European Union or a Member State.

If the processing has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.

 

IV.   Right to erasure

1.      Duty of erasure

You may request the data controller to delete the personal data relating to you without undue delay and the controller is obliged to delete this data without undue delay if one of the following reasons applies:

(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent, on which the processing according to Art. 6 para. 1 subpara. 1 lit. a or Art. 9 para. 2 lit. a GDPR is based, and there is no other legal basis for processing.

(3) In accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you submit an objection pursuant to Art. 21 para. 2 GDPR opposed to the processing.

(4) Your personal data has been processed unlawfully.

(5) The erasure of your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject.

(6) Your personal data has been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

 

2.      Information to third parties

Has the data controller made your personal data public and is obliged to delete it in accordance with Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process such personal data that you as the data subject have requested the erasure, including all links to this personal data or of copies or replications, of this personal data.

 

3.      Exemptions

The right to erasure does not exist to the extent the processing is necessary

(1) to exercise freedom of expression and information;

(2) for the performance of a legal obligation required for processing under the law of the EU or of a Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;

(3) for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 para. 1 GDPR, to the extent that the right referred to in Section 1. above is likely to render impossible or seriously impair the attainment of the objectives of such processing; or

(5) for asserting, exercising or defending legal claims.

 

V.     Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, the data controller is obliged to inform all recipients to whom your personal data has been disclosed of this correction or erasure of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The data controller shall have the right to be informed of such recipients.

 

VI.   Right to data portability

You have the right to receive your personal data that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another data controller without obstruction by the data controller to whom the personal data was provided, provided that

(1)  the processing is based on a consent according to Art. 6 para. 1 subpara. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 subpara. 1 lit. b GDPR and

(2) processing is carried out using automated methods.

In exercising this right, you also have the right to request that your personal data be transferred directly from one data controller to another data controller, to the extent this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

 

VII.  Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which may be processed in accordance with Art. 6 para. 1 subpara. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The data controller no longer processes your personal data, unless it can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

 

VIII.       Right to revoke the data protection related declaration of consent

You have the right to revoke your data protection related declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

 

IX.    Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the data controller,

(2) is admissible according to the legislation of the EU or of a Member States to which the data controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) is reached with your express consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state your own position and to challenge the decision.

 

X.     Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or are suspected of infringement, if you believe that the processing of your personal data is contrary to GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

 

F.         Changes to this privacy statement

We reserve the right to make changes to this privacy statement in the future. This applies in particular in case of implementation of changed legal requirements due to legal changes or changes in administrative or judicial practice.