Privacy Policy, Version 2.9
Date: October 1, 2024
The protection of your data is one of the most important principles of STRATO AG. With this privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, we would like to inform you about your rights.
1. Contact information
Controller:
STRATO AG
Otto-Ostrowski-Strasse 7
10249 Berlin, GermanyYou can reach us via the contact form: link.
Data Protection Officer:
Data Protection Officer
STRATO AG
Otto-Ostrowski-Strasse 7
10249 Berlin, GermanyIf you want to assert your legal rights or have general questions, please contact or the corporate data protection officer of STRATO AG.
2. What data do we collect and process
a) Contract data
We collect, process and store the data you provide when you order from us. In addition, we store and process data about the order and payment history.b) Data that you store on our servers
We collect, process and store the information you store yourself when you use our services. This includes the production of backup copies in our backup systems.c) Log data
When you visit our website or use our services, the device that you use to access the page automatically transmits log data (connection data) to our servers. Log data includes the IP address of the device that you use to access the website or service, the type of browser you are using, the website you have visited beforehand, your system configuration, and the date and time. We store IP addresses only to the extent necessary to provide our services. Otherwise, the IP addresses are deleted or made anonymous. We store your IP address when visiting our website for a maximum of 7 days to detect and ward off attacks.d) Customer correspondence
We process the data that is collected when you contact us by email, fax or post, for example.e) Cookies, pixels, and other procedures
We use cookies, pixels, and similar technologies at several points on our web offerings.
Cookies are small bits of identification data that a server saves on a device that you use to access our website or our services. They contain information that can be read when accessing our services, thereby allowing for a more efficient and better utilization of our offerings.
We use both permanent and session cookies. Session cookies are deleted when your web browser is closed. Permanent cookies remain on your device until they are no longer necessary to achieve their purpose and are deleted.- For example, we use first-party cookies to record information about your user behavior on our website.
- Third-party cookies do not come from STRATO but from a third-party provider. We use these cookies, for example, for marketing activities.
A tag is an umbrella term for snippets of code which are integrated into websites and used for various functions, such as simple counters (“tracking pixels”) or complex data transmissions (e.g “conversion tracking tags”).
A script (also JavaScript) is able to execute more complex instructions, just like a programming language
Analogt till ett programmeringsspråk kan ett skript (även JavaScript) utföra mer komplexa instruktioner.
We use the term “cookies” as a commonly used umbrella term. It also includes tags, pixels, and scripts as alternative technical implementations.
The procedures we utilize can be subdivided into various categories. Except for cookies which are technically necessary, you can decide which cookies you wish to permit.
You can change your settings later at the bottom of the page under "Cookie settings“.
Some of the cookies process data in third countries. You can find out what these are in the respective cookie categories. When processing your data on the basis of these cookies, it is possible that the European level of data protection cannot be guaranteed. If you consent to processing using these cookies, you also consent to transferring and processing your data in these third countries in accordance with Article 49 (1) lit. a GDPR.
Necessary cookies
The navigation of our website is made possible by technically necessary cookies. Basic functions such as displaying and selecting products, adding items to the shopping cart, or logging in are not possible without them.
Name Provider Function Validity Third country transfer hk_session STRATO AG FAQ portal session 1 hour no ksb_session STRATO AG Customer login session Session no phpmyadmin_host STRATO AG Required for PhpMyadmin login Session no cookiecookie STRATO AG Saves cookie settings 2 years no dsgvo_cookie STRATO AG Agreement on whether to track anonymised 10000 days no auth_server_session STRATO AG Required for authentication in the server login 1 hour no DPX STRATO AG Detect and prevent DDo's attacks on servers that play content in the customer login. 1 hour no Lang locale STRATO AG Manual language selection in Server Login 10 years no visid_incap_$somenumber STRATO AG DDoS-Protection 1 year no incap_ses_259_$somenumber STRATO AG DDoS-Protection Session no video_accept (localStorage) STRATO AG Saves that user accepts cookies from Youtube Videos unlimited no CLICK STRATO AG Tracking gate for triggering external tracking on the final order page depending on the channel. No personal data is processed. 3 months no swtsguid STRATO AG Saves recommendation information for the allocation of different sales channels. 180 days no Cookies hos HiDrive:
Name Provider Function Validity Third country transfer sfm.lang STRATO AG Language set for HiDrive 10 years no privacy_consent STRATO AG Saves the cookie settings 2 years no Cookies in the rankingCoach products:
Name Provider Function Validity Third country transfer logged_in rankingCoach GmbH Detection if a user is logged in. Session no authautologin rankingCoach GmbH Single sign-on 1 year, 2 months no session_redis rankingCoach GmbH Session detection 4 hours no language_redirection rankingCoach GmbH Detection of the user's language 2 months no initial_subscription_id rankingCoach GmbH Determining the original account ID Session no referrer rankingCoach GmbH Internal referrer 2 months no hide_trustpilot rankingCoach GmbH Removing an external provider 2 years no documentHighlights rankingCoach GmbH Used to highlight keywords in the content of the customer area unlimited no wistia Wistia, Inc. Streaming service for playing videos / video instructions unlimited Yes / USA intercom-session-ea1oqsui Intercom, Inc. Intercom is used for the in-app support/support chat of rankingCoach. 1 week Yes / USA intercom-id-ea1oqsui Intercom, Inc. Intercom is used for the in-app support/support chat of rankingCoach. 1 year Yes / USA personalization_id
guest_id
_twitter_sess
ct0
external_referer
gt
auth_token
remember_checked_on
dnt
twid
kdt
ads_prefstwitter.com. The STRATO products "STRATO marketingRadar", "STRATO rankingCoach", "STRATO listingCoach" and "STRATO adCoach" can include social media monitoring as an essential part of the application. Messages/posts on Twitter which refer to the user‘s company or to his selected competitors are displayed within the application as a message stream. Furthermore, functions are available to connect your own Twitter account with the application. In order to make this technically possible and thus to enable the basic function of the application, these cookies must be saved by Twitter. 2 years
2 years session
160 min
7 days
30 min
Session
5 years
5 years
Session
1 year
5 yearsYes / USA fr
locale
xs
spin
sb
c_user
datr
wd
dprfacebook.com The STRATO products "STRATO marketingRadar", "STRATO rankingCoach", "STRATO listingCoach" and "STRATO adCoach" can include social media monitoring as an essential part of the application. Messages/posts on Facebook that refer to the user‘s company or to its selected competitors are displayed within the application as a news stream. Furthermore, functions are offered to connect your own Facebook account with the application. In order to make this technically possible and thus to enable the basic function of the application, these cookies must be saved by Facebook. 90 days
7 days
1 year
1 day
2 years
1 year
2 years
7 days
7 daysYes / USA Statistics and analysis
We use cookies to get a better understanding of your user behavior and to help you find your way around our website. We also use this data to modify the website so it better suits your needs.
Name Provider Function Validity Third country transfer _pk_id.*,
_pk_ses.*STRATO AG / Matomo Pseudonymized analysis of statistical data of website visitors. Integrated as first-party cookie. No data transmitted to third parties. 13 months
30 minutesno LorVisitorTagger
emos_jcsid
emos_jcvid
emos-session
emos-visitor
emSTRATO AG / Econda GmbH Analysis of data for marketing and optimization purposes. Pseudonymized usage profiles are created. This data is not combined with personal data or data which contains the same pseudonym. Econda is utilized as a first-party cookie. 2 months
Session
3 years
Session
2 yearsno dsgvo_tracking STRATO AG Agreement on whether to track /anonymised 1 year no Not a cookie itself, accesses Econda data XAD spoteffects GmbH Spoteffects uses the data collected by Econda to analyse the impact of our TV advertising. You can object to the data processing by opposing the data processing of Econda. no abtestmarker,
abcdtestmarkerSTRATO AG Cookie for A/B tests. Anonymized and no data transmitted to third parties. 1 month no kameleoonVisitorCode,
kameleoonTestCookieKameleeon A/B test: via JavaScript code, variants of elements of our website are created and presented to our website users. This allows for an analysis of user behavior. The resulting user data is stored along with an internal ID, whereby the IP address is anonymized. No other personal data is collected. 1 year 14 days Depends on duration of A/B test no Variant,
Variant.confignameIonos Adserver: contains the selected variant for the delivery of content and ensures that the user sees the same content on his next visit (e.g. A/B tests) 189 days no Google Tag Manager Google LLC. The Google Tag Manager is a service which allows additional Google analysis and marketing services to be integrated into our Internet offerings. The Google Tag Manager itself does not collect any personal data. Instead, it triggers other tags which in turn collect data under certain circumstances. 186 days Yes / USA jts-rw Jentis Server-side tracking first party identifier (User ID) 2 years no jctr_sid Jentis Server-side tracking session identifier (Session ID) 30 minutes no jts_log Jentis Activates the server-side debug-log function for developers (only set in Preview Mode for JTM users and developers) 1 year no stratoCookie STRATO AG among other things old cookie-hint, as well as for the comment function necessary 1 Year no o4ocl4042099280 STRATO AG Mailing (Clicks including timestamp, clientID, MailingID, Mailing2UserID, LinkID are transmitted to Episerver Campaigns in encrypted form and pseudonymized) 31 days no Cookies at HiDrive:
Name Provider Function Validity Third country transfer emos_jcsid
emos_jcvid
emos-session
emos-visitorSTRATO AG / Econda GmbH Analysis of data for marketing and optimization purposes. Pseudonymous user profiles are created. This data is not merged with personal data or data containing the same pseudonym. Econda is used as a first-party cookie. Session
3 years
Session
2 yearsno Cookies in the rankingCoach products:
Name Provider Function Validity Third country transfer _ga
_gidGoogle LLC Google Analytic Statistics is used to analyse visitor flows on our website in order to compile on-line reports for us. Google Analytics sets a cookie in your browser for this purpose. Every time a website on which a Google Analytics component has been integrated is accessed, the Internet browser is automatically prompted to transmit data to Google. Google only works with anonymous IP addresses.
You can find more information and Google's privacy policy https://policies.google.com/privacy
You can change your privacy settings at Google here: https://safety.google/privacy/privacy-controls/20 months
1 hourYes / USA fs_uid FullStory, Inc. With FullStory, user sessions are recorded to identify user problems with the software and to track bugs more easily. 11 months Yes / USA mp_(hexdigits)_mixpanel
mp_mixpanel_cMixpanel International, Inc. With Mixpanel, user behaviour is analysed in the rankingCoach and compiled in on-line reports. 1 year
1 monthYes / USA Marketing and personal website settings
We retain information about how you use our website to create better offers within the scope of direct marketing activities and campaigns. We are responsible for this storage and management of data processing. In addition, personal website settings also fall under this category.
Name Provider Function Validity Third country transfer package_view STRATO AG Displaying of the package overview as a list/tiles in the customer login (anonymized) 2 years no collapseFooter STRATO AG Status for the expanding/retracting of the footer in the customer login (anonymized) Session no rating_link STRATO AG Displaying of the Google rating link in the customer login (anonymized) 2 years no hasNewPackage STRATO AG Highlighting of the new WordPress packages in the customer login (anonymized) Session no survey STRATO AG Cookie that is set when you voluntarily participate in a survey. Valid until the defined end of the survey no Partnerships
We also use cookies to show you individual product and service offerings which are not on our website. Information about your user behavior is, therefore, transmitted to partner companies in order to display content personalized by us or these partners in accordance with your interests. We or our partners can evaluate, track, and issue invoices for these campaigns. Other advertising companies can also read cookies within this category and display personalized content to you. Responsibility for the use of your data beyond our processing lies with these companies and is carried out without our involvement.
Name Provider Function Validity Third country transfer _fbp
fr
AA003
ATNFacebook Inc. In order to enable user group-driven marketing in social networks, a tracking mechanism in the form of a pixel is embedded in this website. Upon visiting our website, the pixel is loaded by your web browser. During this procedure, information is sent to Facebook. Based on this information, the browser session is linked to a person. This correlation takes place in a pseudonymized fashion solely according to a Facebook ID, such that we are unable to link it to a person. The data is used by Facebook in order to display targeted ads based on behavior profiling and geographical location. For this purpose, we use the Facebook pixel only in the standard model without additional data matching. You can configure ad-related settings on Facebook in your user profile.
For more information and Facebook‘s privacy policy, visit: https://www.facebook.com/policy.php3 months
3 months
3 months
2 yearsYes / USA 1P_JAR
ANID
NIDGoogle LLC
Google Analytics AdvertisingIn addition to the standard functions, we also use the additional functions of Google Analytics on this website. For this purpose, in addition to the data which is collected by the analysis tool Google Analytics, additional data is collected via Google cookies for ad specifications and anonymous IDs on accesses. We use this information to improve our web offerings.
For more information and Google‘s privacy policy, visit: https://policies.google.com/privacy
You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/1 month
2 years
5 monthsYes / USA CONSENT
_gcl_auGoogle LLC,
Google AdsThis cookie is used to save user preferences and other information. In particular, this includes the preferred language, the number of search results to be displayed on the page, as well as the decision regarding whether the Google SafeSearch filter is to be enabled or not.
Conversion linker tags are used to support tags with the measurement of click data, so that conversions can be measured efficiently.
For more information and Google’s privacy policy, visit: https://policies.google.com/privacy
You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/20 years
90 daysYes / USA _gcl_au Google LLC
Google Ads/ DoubleClickThis cookie enables ads to be made more attractive for you. The ad is displayed based on what is relevant for a user. In this manner, reports on the performance of a campaign are improved, and we avoid ads which the user has already seen. One of the most important ad cookies on non-Google sites is called “IDE” and is saved in browsers under the domain doubleclick.net.
For more information and Google’s privacy policy, visit: https://policies.google.com/privacy
You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/2 years Yes / USA _ga
_gat_UA-40858965-1
_gidGoogle LLC
Google Analytic StatisticsWith Google Analytic Statistics, user streams are analyzed on our website in order to compile online reports for us. For this purpose, Google Analytics places a cookie in your browser. Each time a website is accessed into which a Google Analytics component has been integrated, the Internet browser is automatically asked to transmit data to Google. In this context, Google only works with an anonymized IP address.
For more information and Google’s privacy policy, visit: https://policies.google.com/privacy
You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/2 years Yes / USA IDE Google LLC
Google Analytic StatisticsThis cookie enables ads to be made more attractive for you. The ad is displayed based on what is relevant for a user. In this manner, reports on the performance of a campaign are improved, and we avoid ads which the user has already seen. One of the most important ad cookies on non-Google sites is called “IDE” and is saved in browsers under the domain doubleclick.net.
For more information and Google’s privacy policy, visit: https://policies.google.com/privacy
You can modify your Google data protection settings here: https://safety.google/privacy/privacy-controls/2 years Yes / USA MUID,
MUIDBbing.com/Microsoft These cookies are used for advertising, site analytics, and other operational purposes. 365 days Yes / USA _vt2 STRATO AG/Google LLC The cookie contains the pseudonymized customer number and the login status for transferring the data within the respective STRATO domain. The cookie itself does not pass on any data to third parties; it ensures that the pseudonymized customer number is known throughout the domain and can be used for other tracking processes, e.g. Google Analytics. 30 days Yes / USA enc_aff_session_* TUNE Inc. This is an offer-specific cookie. It is valid for the duration of the offer and contains the transaction ID and the user's IP address to track conversions. The * stands for the offer ID. There is a different version of the cookie for each clicked offer. 30 days Yes / USA ho_mob* TUNE Inc. This is a base64-encoded JSON value of the user's device/connection information. It is used for audience targeting of offers. 30 days Yes / USA tdl_strato TUNE Inc. It passes the Transaction ID through to the ordering process until the thank-you page. 400 days Yes / USA tunesdktest TUNE Inc. This is a test cookie that ensures that the Transaction ID can be stored in the cookie tdl_strato. 1-2 minutes Yes / USA f) Cookie setting via YouTube video embedding
We include videos from youtube.com on our website, especially on our Help & Contact page and our blog. We have embedded the videos in the so-called "extended privacy mode". This means that cookies are set by YouTube on the device you are using only after the play function is used, which can also serve to analyse usage behaviour for market research and marketing purposes.
If you have not agreed to cookies in the Partnership category, you must agree to the transfer of data to YouTube before playing a video. You can change your settings at any time at the bottom of the page under "cookie settings".
You can find out more about cookie usage by YouTube in Google's cookie policy at https://policies.google.com/technologies/types?hl=en-GBg) Newsletter tracking by Episerver:
The operating company of the application is Episerver GmbH.
The newsletters are provided by Episerver with a pixel-sized file that is retrieved from the server when the newsletter is opened. As part of this retrieval, information about the browser and your system, your IP address and whether and when the newsletters are opened are collected.
Links in the newsletters are individual, so that it can be tracked whether you have clicked on them.
In addition, a post-click tracking cookie is set. This makes it possible to track user actions even after leaving the newsletter. Among other things, purchases, registrations and downloads on the STRATO website are recorded.
The analyses carried out by Episerver on the basis of the data collected are made available to us in summarized form in anonymized form, so that it is no longer possible to draw conclusions about the actions of individual recipients.
We use these statistical analyses to improve the accessibility of our offers and to ensure that you only receive content from us that corresponds to your interests. Our aim is also to optimize websites and to assess the success of advertising campaigns.
While the post-click tracking cookie is only set with your consent, the other tracking measures are carried out within the scope of our legitimate interests. You have the option to object to the collection and processing of data by Episerver in the customer login under the tab "Change customer data"-> "Contact ways".h) Integration of Google services with STRATO Webmail
STRATO Webmail`s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.i) Use of inventory data with marketing partners
We use services such as Meta Custom Audiences, LinkedIn Matched Audiences, TikTok Custom Audiences, Reddit Custom Audiences and Google Customer Match to deliver targeted advertising in the form of adverts on our marketing partners' portals. We transmit inventory data (email address, telephone number, postcode, country) to our marketing partners. However, the data is not sent in plain text, but hashed in advance using the SHA 256 algorithm and then transmitted. The marketing partner then compares the data with its own, identical data in order to display targeted, personalized advertising in the form of advertisements on the portals of the respective marketing partner.
Further information on data processing at Meta can be found at:
https://www.facebook.com/privacy/policy
Further information on data processing at Google can be found at:
https://policies.google.com/privacy
Further information on data processing at TikTok can be found at:
https://www.tiktok.com/legal/page/row/privacy-policy/en
Further information on data processing at LinkedIN can be found at:
https://www.linkedin.com/legal/privacy-policy
Further information on data processing at Reddit can be found at:
https://www.reddit.com/de-de/policies/privacy-policy
If data is transferred to third countries, suitable guarantees for data transfer are agreed with any processors or controllers in accordance with the legal requirements. Further information on data transfer to third countries by our marketing partners can also be found under the links above.
Legal basis
The legal basis for the use of your data is your consent. You can revoke your consent at any time in the customer area.
Storage period
Your personal data will be deleted immediately if you have revoked your consent.
Data recipient
Google Ireland Ltd.
Gordon House, Barrow Street
Dublin 4
Ireland
Meta Platforms Ltd.
4 Grand Canal Square
Dublin 2
Ireland
Tiktok Technology Limited
10 Earlsfort Terrace
Dublin
Ireland
LinkedIn Ireland Unlimited Company
Wilton Pl,
Dublin
Ireland
Reddit Ireland Ltd.
70 Sir John Rogerson's Quay,
Dublin 2
Ireland3. Legal basis of the processing
We process and use your data to execute the contract and provide our services, to improve our services and our websites and to adapt them to your needs and to provide updates and upgrades.
Article 6 I lit. a of the General Data Protection Regulation (GDPR) provides us with a legal basis for processing operations, in which we obtain consent for a particular processing purpose. If the processing of personal data is required to fulfil a contract, the processing is based on Article 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries regarding our products or services. If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 I lit. c GDPR. Finally, processing operations could be based on Article 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of our legitimate interests or those of a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned (data subject) prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. A legitimate interest is usually to be assumed if the data subject is a customer of the controller.
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is conducting our business. This also includes data analysis to improve our products and services. As well as performance of legal obligations, insofar as processing does not fall under Article 6 (1) lit. c GDPR.
We process applicant data in accordance with Article 88 GDPR in conjunction with § 26 of the Federal Data Protection Act (BDSG, new version).
4. Categories of recipients
Registrars and registries: For domain registrations, we must forward certain personal data to registrars and registries. This data is stored in the registries' databases and publicly available to a varying extent via Whois enquiries from the registries. Further information about this can be found here https://www.strato.com/faq/en_us/article/2098/What-is-WHOIS-and-which-data-is-stored-there.html
Escrow services: All registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) must, in accordance with ICANN's generic domain rules, hold the domain data they manage in a secure environment in trust. This is intended to ensure the reliable management of the namespace. To that end, we use the escrow services of DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main.
Collection service provider: These provide collection services for us.
Processors: We pass on various personal data to our processors as the controller within the scope of the processing. We have ensured the security of your data by concluding data processing agreements. Our processors can be divided into the following categories:
- Provision of services: These include newsletter delivery, printing and shipping of invoices, customer surveys, payment service providers, data carrier destruction
- Operation of services, maintenance and upkeep of hardware and software
We only release data to authorities and third parties in accordance with statutory provisions or a legal title. Information may be provided to authorities on the basis of a legal regulation on security or for prosecution purposes. Third parties will only receive information if required by law. This may be the case, for example, in the case of a copyright infringement.
5. Data transmission to third countries
Microsoft: To create your Microsoft Office 365 Business Account, we forward the following data to Microsoft Ireland Operations Ltd: Name, address, e-mail address and language. This data, as well as data that you store in Microsoft Office 365, can be processed in various Microsoft data centres around the world. The processing is carried out on the basis of the EU standard data protection clauses in accordance with Article 46 (2) lit. c GDPR.
Registries: For the registration of top level domains. Processing is carried out on the basis of Article 49 (1) lit. b GDPR.
Dropsuite: In order to provide you with STRATO mail archiving, we use software developed and operated by Dropsuite Ltd. In support cases, there is the possibility of remote access from Singapore. The archived contents themselves are stored on our servers in Germany. Processing is carried out on the basis of the EU standard data protection clauses pursuant to Article 46 (2) lit. c GDPR.
Digicert and Sectigo: We act as an intermediary in the procurement and maintenance of SSL certificates. We transmit your data either to Digicert Inc. in the USA or to Sectigo Limited in the United Kingdom so that the SSL provider can provide its service. The processing is carried out by us on the basis of Art. 45 GDPR. SSL providers process your data under their own responsibility. For more details on how Sectigo protects, processes and manages your data, please refer to Sectigo's privacy policy https://www.sectigo.com/de/privacy-policy. You can find Digicert's data protection information at https://privacy.digicert.com/policies/en/.
Sitelock: When using SiteLock, LCC, malware in your webspace is automatically detected and deleted. We act as an intermediary and provide Sitelock with your domain names for this purpose. SiteLock saves your webspace for 7 days. Processing is carried out on the basis of Article 49 (1) lit. b GDPR.
Hewlett-Packard-Enterprise: For the maintenance and support of your servers, support access (remote access) can be provided by the Hewlett-Packard-Enterprise Company from the USA in individual cases of faults. For this purpose, an activation is made in individual cases, which is closed again after the end of the task. To ensure lawfulness, we have concluded EU standard data protection clauses in accordance with Article 46 (2) lit. c GDPR.
Salesforce: Our order processor for the STRATO homepage design service, web4business, uses the CRM software Salesforce. In support cases, there is the possibility of remote access by Salesforce Inc. from the USA. Processing is carried out on the basis of the EU standard data protection clauses pursuant to Article 46 (2) lit. c GDPR.
Genesys: when you contact us, your phone number and the area you are calling from are stored at AWS (Amazon Web Services) in Europe by Genesys Telecommunications Laboratories B.V.. This company operates our telephone system. In addition, your customer number, service pin and details of your products are also cached in AWS Europe. If you have given your consent to the recording of the call at the beginning of the call, this will also be stored. Both the storage and the transmission are exclusively encrypted. In individual support cases, there may be remote access to the data from the USA. However, these are only individual cases, which must be enabled by us in advance. To ensure legality, we have concluded EU standard data protection clauses in accordance with Art. 46 Para. 2 lit. c GDPR.
6. Duration of storage
We only process and store personal data for the period required to achieve the purpose of storage or where required by law. As a rule, the processing purpose is achieved upon termination of your contract.
You can change and delete data that you save in our services yourself. After the termination of contract, we will delete the data stored in the services.
Backup copies in our backup systems are automatically deleted with a time delay.
For contract data, processing will be restricted after the contract has been terminated; it will be deleted after expiry of the statutory retention period.
7. Your rights
a) Right to information and confirmation
You have the right to receive free information from us at any time, as well as confirmation of your personal data stored and a copy of this information.b) Right to rectification
You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of processing.c) Rights to erasure
You have the right to have your personal data erased without delay if any of the following is true and if processing is not required:- The personal data has been collected for such purposes or processed in a way for which it is no longer necessary.
- You revoke your consent, on which the processing was based, and any other legal basis for processing is lacking.
- You object to the processing in accordance with Article 21 (1) GDPR and there are no legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
- The personal data has been processed unlawfully.
- The erasure of personal data is required to fulfil a legal obligation under European Union law or a national law to which we are subject.
- The personal data was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.
d) Right to restriction of processing
You have the right to request the restriction of processing if one of the following conditions is met:- The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
- We no longer need your personal information for processing purposes, but you need it to assert, exercise or defend your rights.
- You have objected to the processing in accordance with Article 21 (1) GDPR and it is not yet clear whether our legitimate interests prevail over yours.
e) Rights to object
You have the right to object at any time to the processing of personal data concerning you, which takes place on the basis of Article 6 (1) lit. e or f GDPR.
In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
You have the right to object at any time to the processing of your personal data for the purpose of direct advertising.f) Right to data portability
You have the right to receive personal data relating to you that has been provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us if the processing is based on the consent pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or is based on a contract pursuant to Article 6 (1) lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising your right to data transferability under Article 20 (1) GDPR, you have the right to arrange that your personal data is transmitted directly from one controller to another, where this is technically feasible and as long as this does not affect the rights and freedoms of others.g) Right to withdraw consent under data protection law
You have the right to withdraw the consent to the processing of personal data at any time.h) Right of appeal to the supervisory authority
You have the right to contact a supervisory authority in the Member State of your place of residence or place of work or the location of the alleged violation at any time if you believe that the processing of personal data concerning you is contrary to the EU General Data Protection Regulation.8. Statutory or contractual requirement, for the provision of personal data, necessity for the conclusion of the contract, obligation to provide the personal data, possible consequences of failure to provide data
The provision of personal data may in part be required by law (e.g. tax regulations) or result from contractual provisions (e.g. information about the contracting party). Sometimes it may be necessary that you provide us with personal data, which must subsequently be processed by us, in order to conclude a contract. For example, you are required to provide us with personal information when we conclude a contract with you. Failure to provide the personal data would mean that the contract could not be concluded.
9. Existence of automatic decision-making / profiling
We do not use automatic decision-making or profiling.