Privacy Statement in accordance with EU GDPR
1. Name and contact details of the responsible party and controller
Responsible in accordance with the European General Data Protection Regulation (EU GDPR) as well as other national data protection laws within Member States of the European Union and further applicable data protection regulations:
The following is to inform you about the processing of your personal data when using our website.
In case of questions regarding any privacy matters connected to the usage of our website or the services we offer, please contact the Controller:
DPP Data Protection GmbH
2. Scope, purpose and legal basis for the processing of personal data
We collect and use personal data of our users only to the extent necessary to provide a functional website as well as content and services, subject to the consent of the data subject. An exception applies to cases, in which a previous consent cannot be obtained for factual reasons and data processing is permitted by law.
2.1 Creation of log files
Each time our website is accessed, our system automatically collects systemic data and information of the contacting browser (log files). This includes the IP address of the respective user. IP addresses in the log files are automatically anonymized with an “x” after seven days and deleted after nine weeks.
Technical information is processed for network security reasons (e.g. to counter attacks), and to improve our website offerings – thus, constituting legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO.
Data collection and log file storage are essential for the provision and operation of the website, therefore not subject to objection.
Our website uses session-cookies in order to increase user-friendliness.
Cookies are text files that are stored in the browser of the user or by the browser in the user’s computer system. When accessing a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that can allow the browser to be uniquely identified when the website is reopened. As soon as the user ends the browser session, cookies set by our website will be automatically deleted.
3. Legal basis fort he processing of personal data
Insofar as we obtain the data subject’s consent to the processing of his or her personal data, Art. 6 para. 1 lit. a EU GDPR serves as the legal basis.
Art. 6 para. 1 lit. b EU GDPR provides the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Insofar as the processing of personal data necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO applies as legal basis.
Art. 6 para. 1 lit. d DSGVO is the legal basis for the processing of personal data necessary in order to protect the vital interests of the data subject or another natural person.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, Art. 6 para. 1 lit. f DSGVO serves as the legal basis. In addition to the matters above, our legitimate interests in this case are:
- Protecting the company from material or immaterial damage,
- The professionalization of our products and services,
- Cost optimization.
We also process personal data in order to comply with commercial or tax-related retention requirements.
4. Data erasure and duration of storage
The personal data of the data subject will be erased or blocked as soon as the personal data are no longer necessary in relation to the purpose for which they were collected. Personal data may be stored for the time in which claims against our can be asserted (statutory limitation periods range from three to thirty years).
In addition, such storage may take place for compliance with a legal obligation set by Union or Member State law to which our company is subject. Corresponding duties of proof and retention arise, inter alia, from the Commercial Code, the Tax Code and the Money Laundering Act – according to which storage periods can be up to ten years.
Blocking or erasure of personal data also takes place when a storage period provided by the standards mentioned expires, unless data remains necessary for entering into, or performance of, a contract.
5. Transfer of personal data to third parties
In order to provide products and services according to contractual obligations or our legitimate interests, we may transfer personal information to other companies within the Group.
These are the following:
- Palladio GmbH
- Palladio Management GmbH
- Palladio (Luxembourg) S.à r.l.
Furthermore, we are legally obliged to provide personal data to German and international authorities. The legal basis for this is Art. 6 para. 1 lit. c EU GDPR in conjunction with further national and international obligations.
6. Right to object in accordance with Art. 21 EU GDPR
You have the right to object, on grounds relating of your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interest, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data you may exercise your right to object by automated means using technical specifications.
7. Rights of the data subject
Transparency regarding all proceedings related to the processing of personal data is of utmost importance for our company. Therefore, we point out that in addition to the right of objection you can exercise further rights if the respective legal requirements apply:
- Right of access (Art. 15 EU GDPR)
- Right to rectification (Art. 16 EU GDPR)
- Right to erasure („right to be forgotten“ - Art. 17 EU GDPR)
- Right to restriction of processing (Art. 18 EU GDPR)
- Right of notification (Art. 19 EU GDPR)
- Right to data portability (Art. 20 EU GDPR)
- Right to object and automated individual decision-making (Art. 21 EU GDPR)
To exercise your rights, you can contact firstname.lastname@example.org.
In order to process your motion as well as for identification purposes, we point out that we process your personal data pursuant to Art. 6 para. 1 lit. c EU GDPR.
You have the right to revoke your privacy declaration at any time with effect for the future. A revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation. In some cases, despite the revocation, we are entitled to process your personal data on another legal basis (e.g. to fulfil a contract).
9. Use of the password protected section
When you visit and use our . Use of the password protected section, you will be redirected to the website of our service provider (currently Drooms GmbH) and they will process your name, email address, company, other contact details as well as data for the analysis of user behavior in the [VDR] (access to documents, dwell time, etc.) and other data room activities (such as user-, usage-, viewing-, login-, index-, authorization- and file processing history) on our behalf.
The processing of personal data is necessary to fulfill our (pre-)contractual and legal obligations, in particular under the Sustainable Finance Disclosure Regulation – (Regulation (EU) 2019/2088 - SFDR) (legal basis Art. 6 para 1 lit. b and c GDPR). This also applies to processing operations that are necessary for the performance of pre-contractual measures. Your information described above regarding your rights, data erasure and storage period apply accordingly.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular within your state of residence, place of work or place of alleged infringement, if you believe that the processing of the personal data violates the EU GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the EU GDPR.
Competent supervisory authority
Der Hessische Datenschutzbeauftragte