Information on data collection according to Article 13 DSGVO
Status: 05 December 2022
1 Person responsible and data protection officer
The person responsible for data collection and data processing is
Management: Martin Meng and Frederik Wegner
konfidal GmbH has appointed an external data protection officer. This is
Dr. Bernd Schmidt, LL.M.
PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH
2 Collection and storage of personal data as well as type and purpose and use thereof
2.1 When using our website under the domain konfidal.eu or a read-only call of app.konfidal.eu
When the website is called up, the following data is sent to
- Our servers, which are operated by Hetzner Online GmbH.
- The servers of plausible.io, a completely anonymous website analytics tool,
- Operating system, IP address, browser version and the language set in the browser of the requesting end device.
- The time of the request (date and time)
- The requested content defined by the URL
- The HTTP "Referrer" Header
This data is not stored on our servers, but is only used for a few milliseconds to deliver the website correctly to the user. For technical error analysis, this data may be stored temporarily. Such logs are automatically deleted after 7 days.
When interacting with the website, by clicking on links or buttons, a non-personal anonymous signal is transmitted to plausible.io, which analyses the use of these elements.
The data transmitted to plausible.io is used for the following purposes
We process the aforementioned data for the following purposes:
- Ensuring a smooth and fast delivery of the website.
- Evaluating system security and stability
- Protection and defence against cyberattacks
- Analysis of usage to improve the technical and content of the website.
The legal basis for data processing is Art.6 para.1 p.1 lit.f DSGVO. Our legitimate interest follows from the purposes for data collection just mentioned. In no case do we use the collected data for the purpose of drawing conclusions about your person. The data will also not be merged with other data sources.
We have also integrated meetergo on this website. The provider is meetergo GmbH, Hansaring 61, 50670 Cologne (hereinafter meetergo). meetergo provides an online appointment tool. When you make an appointment with us online, the data you enter for this purpose is stored on meetergo's servers in Germany. In addition, meetergo briefly records your IP address, your referrer URL, the time of access and can determine that you have made an enquiry with us; this data is used exclusively for the technical provision of the service and is then automatically deleted again. The use of meetergo is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in making it as uncomplicated as possible to make appointments. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 1 lit. a; the consent can be revoked at any time.
2.2 When using / interacting with our app under the domain app.konfidal.eu
The collection and processing of data is necessary for the performance of the contract and is based on Article 6 (1) b) DSGVO.
Insofar as we have obtained your consent for processing operations of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (DS-GVO) serves as the legal basis.
The legal basis for direct advertising as a result of the sale of our goods or our services is Section 7 (3) UWG.
2.2.1 When registering a new account
- E-mail address
- For logging in and for notifications from the app.
- For direct advertising
- First name, last name
- For contract execution
- For direct mail
- To personalise the emails that the app sends
- To better display multi-user functionality
- The role in the job and a profile picture, if provided / uploaded by the users themselves.
- For better mutual identification when collaborating in the app.
2.2.2 When inviting a new user to the app.
- E-mail address of the new user
This data is also transmitted to our email service sendinblue. See 2.2.5 "When sending an email from the app to a user".
2.2.3 When submitting a notice via a notification form. Reports can also be submitted anonymously. Personal data is not necessarily collected. E-mail address For logging in and for notifications from the app First name, last name For information to the recipient of the message Any data provided in the free text field or later chat with the case handler of the notification. Due to the EU Whistleblower Directive and the national legislation of the EU member states (in Germany and Austria the Whistleblowing Act), all data related to whistleblowing is permanently stored by us. Only the superadmins of konfidal and the konfidal users listed as case handlers in the respective report form have access to the data. #### 2.2.4 When setting up a company When you enter a new company in konfidal, the following data is collected: Address of the place of business with full company name. For contract execution Name of the company in the app Abbreviation option An image of the company's logo, if uploaded by the user. This data will be stored indefinitely. #### 2.2.5 When sending an email from the app to a user. For example, immediately after a user has freshly registered, the app sends a welcome email containing a link to confirm the new user's email address. The technical dispatch of such emails is outsourced to sendinblue.com. Our servers transmit the following data so that sendinblue can deliver the email correctly. Email address, first name and last name of all recipients of the email. The content of the email Sendinblue stores everything except the content of the email for one month. This is used to help the konfidal development team fix bugs. #### 2.2.6 When opening an email sent by konfidal The following data related to the email is sent to sendinblue by the email program that represents the email: E-mail was delivered Email has been opened A button or link in the email was clicked on. Sendinblue stores this data for one month. #### 2.2.7 When making an in-app purchase of a licence Data is transferred to our payment service providers Chargebee (https://www.chargebee.com/privacy/) and Mollie (https://www.mollie.com/de/privacy). Chargebee is based in the US, but operates a completely separate data centre in the EU for European customers, which means that no data leaves the EU. To complete the purchase process, the following data is transmitted to Chargebee: First name, last name and address of the company For contract execution / invoicing Credit card details For the execution of the payment E-mail of the user * To send invoices and other contractually relevant information by chargebee to the user. After checking out with chargebee, the user automatically has a customer profile in our chargebee instance. This exists as long as the user account with konfidal exists. The chargebee customer profile can be deleted at the user's request. #### 2.2.8 Other data input through functionalities in the konfidal app The app has many free-text input fields whose data we store in the interest of the user. We store data until the user deletes it. We are not allowed to destroy data that is related to the EU Whistleblower Directive or the HinschG for legal reasons. Here, a careful transfer can be carried out in which the data is deleted from our system but lives on elsewhere. ## 3. transfer of data to third parties We store all our data in the EU. Our servers do not transfer data to servers outside the EU. A transfer of your personal data to third parties for purposes other than those listed below does not take place. Insofar as this is necessary for the processing of the contractual relationship with you in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, your personal data will be passed on to third parties. Recipients of the data are public bodies that receive data on the basis of statutory regulations (e.g. social insurance carriers, financial authorities), internal bodies involved in the execution of the respective business processes (personnel administration, accounting, banking institutions/payment service providers, accounting, customer service, marketing, sales), in the case of shipping products to the transport company/shipping company commissioned by us, contractual partners, business partners insofar as the statutory regulations require or permit this. ## 4. your rights You have the right Pursuant to Art. 7 Para. 3 DSGVO to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future; **In accordance with Art. 15 DSGVO Request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about its details; in accordance with Art. 16 DSGVO request the correction of inaccurate or incomplete personal data stored by us without delay; in accordance with Art. 17 DSGVO request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; in accordance with Art. 18 DSGVO to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO; receive the personal data you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller; and. **in accordance with Art. 77 DSGVO to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose. ## 5. routine deletion and blocking of personal data We process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
6. right of objection and revocation, request for information, deletion and correction
You have the possibility at any time to revoke your consent to the processing of personal data with effect for the future and to have your personal data deleted or amended. If the data is required for the fulfilment of the contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
If commissioned by you, it will take up to 3 months for all your data to be completely deleted.
Requests for information, correction and deletion as well as revocation of or objection to the further use of data that may have been given to us can be made informally as follows:
konfidal GmbH \ Hauptstr. 28 \ 15806 Zossen \
by e-mail to: \ email@example.com