I. Name and Address of the Controller
We, Honesto AG, are controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws and regulations that determine the purposes and means of processing personal data. If you have any questions regarding the processing of your personal data, please do not hesitate to contact us:honesto AG
Our data protection coordinator can be contacted at:
E-mail address: email@example.com
II. General Information regarding the Processing of Personal Data
1. Scope of data processing
We only process your personal data if this is necessary to provide a functional website as well as our contents and services. The processing of your personal data is normally only carried out with your prior consent, except those cases where prior consent cannot be obtained for factual reasons and the processing of your personal data is permitted by law.
2. Legal basis for data processing
We process your personal data based on the following legal basis:
- Processing on the basis of your consent to the processing of your personal data (art. 6 (1) (a) GDPR);
- Processing for the performance of a contract to which you are party or the implementation of pre-contractual measures (art. 6 (1) (b) GDPR);
- Processing for compliance with a legal obligation to which we are subject (art. 6 (1) (c) GDPR);
- Processing for the purpose of legitimate interests pursued by us or third parties (art. 6 (1) (f) DSGVO).
3. The erasure and storage of personal data
Your personal data will be erased or blocked as soon as it is no longer necessary in relation of the purpose of storage. Furthermore, personal data may be stored if this has been required by regulations, laws or other provisions to which we are subject. The personal data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
- Information relating to the browser type and version used
- The user’s operating system
- The user’s Internet Service Provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites accessed by the user’s system via our website
The data is also stored in the log files of our system but is not stored together with other personal data concerning you.
2. Legal basis for data processin
The legal basis for the temporary storage of personal data and log files is art. 6 (1) (f) GDPR.
3. Purpose of data processing
The temporary storage of your IP address by the system is necessary to enable the website to be delivered to your computer. For this the IP address must remain stored for the duration of the session.
The personal data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to art. 6 (1) (f) GDPR also lies in these purposes.
4. Period of storage
Your personal data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, the data will be deleted when the respective session has ended. If personal data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses are deleted or alienated so that the calling client can no longer be assigned.
5. Possibility of objection and erasure
The collection of personal data for the provision of our website and the storage of personal data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection.
IV. E-mail contact
1. Description and scope of processing of personal data
You can contact us via the e-mail address provided. In this case, your personal data transmitted by e-mail will be stored
In this context, the personal data will not be transmitted to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for processing
The legal basis for the processing of personal data transmitted in the course of sending an email is art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is art. 6 (1) (b) GDPR.
3. Purpose of processing
The processing of personal data from the e-mail sent to us serves us only for the treatment of the establishment of contact. This represents also our legitimate interest in processing of personal data. The other personal data processed during the sending process serve to prevent misuse of the e-mail address and to ensure the security of our information technology systems.
4. Period of storage
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
Consequently, the personal data that is sent by e-mail will be erased as soon as the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and erasure
If you contact us by e-mail, you can object to the storage of your personal data at any time. In this case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
V.Rights of the data subject
If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights:
1. Right of access
You can ask us to confirm whether personal data concerning you is being processed by us.
Is that the case, you can request the following information from us:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data has been or will be disclosed;
- the envisaged period for which the personal data will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
- the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of personal data concerning you or to object to such processing ;
- the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from you, any available information as to their source;
- the existence of automated decision-making, including profiling, in accordance with art. 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.
2. Right to rectification
You have the right to obtain from us the rectification and/or completion of incorrect or incomplete personal data concerning you.
3. Right to restriction of processing
Under the following conditions, you have the right to request the restriction of processing of your personal data:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you refuse the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; or
- you have objected to processing pursuant to art. 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override those of you.
Where processing of personal data concerning you has been restricted, such personal data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
4. Right to erasure
4.1 Obligation to erase
You have the right to obtain from us the erasure of your personal data and we are obliged to erase personal data without undue delay where one of the following grounds applies:
- the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based pursuant to art. 6 (1) (a) or art. 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
- you file an objection to the processing pursuant to art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to art. 21 (2) GDPR ;
- the personal data concerning you has been unlawfully processed ;
- the deletion of personal data concerning you is necessary to fulfil a legal obligation to which we are subject ;
- the personal data concerning you was collected in relation to the offer of information society services referred to in art. 8 (1) GDPR.
4.2 Information to third parties
Where we have made your personal data public and where we are obliged pursuant to art. 17 (1) GDPR to erase your personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, the personal data.
The right to erasure shall not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by applicable law or for the performance of a task carried out in the public interest or in the exercise of official authority assigned to us ;
- for reasons of public interest in the area of public health in accordance with art. 9 (2) (h) and (i) and art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with art. 89 (1) GDPR, insofar as the right referred to in para. IX.1is likely to render it impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
5. Right to data portability
You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another controller without hindrance from us to which the personal data have been provided, where:
- the processing is based on consent pursuant to art. 6 (1) (a) GDPR or art. 9 (2) (a) GDPR or on a contract pursuant to art. 6 (1) (b) GDPR; and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.
The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority assigned to us.
6. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
We no longer process the personal data concerning you, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
7. Right to withdraw the consent to process personal data
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.