20.12.2019

Privacy

Created by GLAMUS GmbH
Bonn, December 2019

1. FOREWORD

Data protection enjoys a high priority at GLAMUS GmbH ("we", "us"). For this reason, we take the protection of your personal data very seriously and want to ensure that your privacy is always protected in the best possible way when using our services.

We therefore always process personal data in accordance with the European General Data Protection Regulation (EU-GDPR) and the valid national data protection regulations.

With this data protection information, we would like to create transparency regarding the type, scope and purposes of processing data and inform the persons affected by the processing of their data about the rights to which they are entitled.

In order to ensure a high level of protection, we have implemented numerous technical and organisational measures which are regularly checked for effectiveness and compliance and are adapted to the state of the art.

Nevertheless, we would like to point out that - despite the encryption of all communication between you and our servers - Internet-based data transmissions can generally have security gaps that are beyond our control. It is therefore not possible to guarantee complete protection.

Unless otherwise stated, all articles mentioned are those of the European General Data Protection Regulation (EU-GDPR). This can be downloaded in its original version from the Site of the Publications Office of the EU.

2. TERMINOLOGY

This data protection notice uses many of the terms and formulations used by the European legislator when the General Data Protection Regulation was adopted. To help you understand the contents of this data protection notice, we explain the most important terms in advance.

2.1. Personal data

Collective term for all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or one or more factors specific to the identity of that natural person.

2.2. Processing (personal data)

Collective term for all operations relating to personal data, whether or not they are carried out using automated procedures. This includes the collection, recording, organization, sorting, filing, storage, adaptation or modification, retrieval, request, use, disclosure by transmission, distribution or other form of making available, matching or postprocessing of data, restriction, deletion or destruction.

Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future.

2.3. Pseudonymisation

Modification of personal data in such a way that the personal data can no longer be linked to a specific data subject without additional information (to be kept separately).

2.4. Person responsible

Natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

2.5. Processor

Natural or legal person, public authority, agency or other body which processes personal data on behalf of the person responsible.

2.6. Receiver

Natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether being a third party or not.

2.7. Third party

Natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who, under the direct authority of the person responsible or the processor, are authorised to process the personal data.

2.8. Consent

Any freely given expression of will by the data subject in a specific case, in an informed and unambiguous manner, in the form of a statement or any other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

3. RESPONSIBLE AUTHORITY

Responsible in the sense of Art. 4 Para. 7 is GLAMUS GmbH, Gartenstraße 24, 53229 Bonn, Germany, legally represented by the managing directors Gerhard Loosch and Ulrich Santo.

Please contact our data protection officer with all questions on the subject of data protection, in particular with regard to the exercise of your rights as a data subject:

GLAMUS GmbH, z. Hd. des Datenschutzbeauftragten, Gartenstr. 24, 53229 Bonn, Germany
datenschutz@glamus.de +49 228 97617-0

4. DATA COLLECTION WEBSITE

4.1. Access data

The retrieval of web-based content always involves the transmission of a number of general data and information, including personal data. Thus, visiting our website also triggers the transmission of such data. The web server needs this data in any case in order to be able to deliver the requested contents correctly.

4.1.1. Processed data

IP address
Called address
Date and time of access
Amount of transmitted data in bytes
Response code of the server to the request
Browser identification („User Agent“)
Source/reference from which you accessed the site

4.1.2. Purpose of processing
This information is processed primarily to ensure the smooth availability of our websites, to obtain an overview of system security and stability and thus to be able to quickly detect and fend off attacks on the technical infrastructure.

In addition, the information is statistically evaluated in order to gain insight into the use of our website and to adapt them to the needs of the users on the basis of the information thus obtained (see section 4.4 Measuring the reach with Matomo).

4.1.3. Legal basis
Data processing is carried out on the basis of our legitimate interest in availability, securing and optimising our offers (Art. 6 para. 1 lit. f).

4.1.4. Storage duration
The information described is temporarily stored in log files. After 28 days these are anonymised by replacing the last two blocks of digits (so-called "octets") of the IP address with "0". It is then no longer possible to establish a personal reference.

Six months after the end of the calendar month of collection, the log files are permanently deleted.

4.1.5. Data transfer
The described data will not be passed on to third parties unless there is a legal obligation to do so or the passing on of data serves the purpose of criminal prosecution.

4.1.6. Right to object
The described processing is absolutely necessary for the operation and security of the operation of our website. There is therefore no possibility for objection. The only way to avoid processing is to refrain from using our service.

4.2. Newsletter subscription

4.2.1. Contents of the newsletter
We offer interested users the opportunity to be the first to know about news concerning the further development of everoo by subscribing to our newsletter.

4.2.2. Registration procedure
The registration for the newsletter is done via a double opt-in procedure. After registration you will first receive an e-mail with a confirmation link. Only by clicking on this link will you confirm the ownership of the e-mail address sent and thus activate the subscription.

The newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.

4.2.3. Dispatch service provider
The newsletter is sent via "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The e-mail addresses of subscribers as well as other data processed in connection with the subscription are stored on the servers of MailChimp in the USA.

MailChimp proves the adequacy of the level of protection of data processing by this service provider located outside the European Economic Area by means of certification under the "EU-US Privacy Shield": https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG

In addition, we have negociated a "Data Processing Agreement" with MailChimp in which the service provider ensures to protect the data of our subscribers processed on our behalf in accordance with the provisions of the GDPR and in particular not to pass it on to third parties.

4.2.4. Reach measurement
Newsletters sent via MailChimp contain a so-called "web-beacon" - a pixel-sized file that sends a feedback to the servers of MailChimp when the newsletter is opened. Technical information is read and transmitted (IP address and time of access, information about the browser and operating system). MailChimp uses this information for technical improvement of its services.

The also transmitted information about which links are opened from the newsletter helps us to understand the reading habits of our users in order to better adapt future newsletters to the interests of the recipients.

4.2.5. Opening the MailChimp website
In certain situations newsletter recipients can be directed to the web pages of MailChimp. This is for example the case when calling the web view of the newsletter - a corresponding link is included in our newsletters.

Also the viewing of the MailChimp privacy policy, the confirmation of the e-mail address in the context of the double opt-in, the change of the receiving e-mail address as well as the cancellation of the newsletter are connected with a visit of the MailChimp website.

In this context, we would like to point out that cookies are used on the websites of MailChimp and that personal data are processed by MailChimp, its partners and service providers (e.g. Google Analytics). We have no influence on this data collection.

For further information please see the privacy policy (https://mailchimp.com/legal/privacy) and the cookie statement (https://mailchimp.com/legal/cookies) from MailChimp.

To better protect your data, we also recommend using the "Do Not Track" setting, which you can activate in your web browser. This constitutes a valid opposition.

4.2.6. Purpose of processing
This information is processed exclusively for the purpose of sending the newsletter and documenting your consent to this.

MailChimp uses this information to send and evaluate the newsletter on our behalf.

Furthermore MailChimp may use this data for the optimization and further development of its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter. However, MailChimp does not use the data of our subscribers to contact them themselves or pass them on to third parties.

4.2.7. Legal basis
The use of the e-mail address and the sending of the newsletter are based on your consent (Art. 6 para. 1 lit. a).

The condition for the legality of this consent is that we can prove it (Art. 7 para. 1). Accordingly, the necessary logging is based on a legal obligation (Art. 6 para. 1 lit. c).

The use of the newsletter dispatch platform MailChimp and the performance of the reach measurement are based on our legitimate interests (Art. 6 para. 1 lit. f). Our interest is focused on the use of a secure and user-friendly newsletter system as well as on the provision of a newsletter that is geared to the expectations of the subscribers.

4.2.8. Storage duration
The data will be stored and processed as long as we have your consent. After revocation of your consent or at the latest after discontinuation of the newsletter offer, your data will be deleted from our servers as well as from the servers of MailChimp.

4.2.9. Right to object
By unsubscribing from the newsletter you can revoke your consent at any time with effect for the future. To do so, please use the corresponding link which you will find in the footer of each newsletter.

A separate objection regarding the dispatch via MailChimp or the execution of the reach measurement by MailChimp is unfortunately not possible.

You can object the data collection to enable usage-based advertising (e.g. in the context of accessing the website of MailChimp) here: https://www.youronlinechoices.com/

4.3. Inquiries via contact form or e-mail

4.3.1. Processed data

Name
E-mail address
Message text

4.3.2. Purpose of processing
The collected data will be processed exclusively for the purpose of processing and answering your inquiry.

4.3.3. Legal basis
If you contact us via the contact form, the data will be processed on the basis of your consent (Art. 6 para. 1 lit. a).

If you contact us via the e-mail addresses provided for this purpose, the processing will be based on our legitimate interest in dialogue with users of the services we offer (Art. 6 para. 1 lit. f).

4.3.4. Storage duration
Your data will be stored for 30 days after receipt of your last letter and then deleted.

4.3.5. Data transfer
The described data will not be passed on to third parties unless there is a legal obligation to do so or the passing on of data serves the purpose of criminal prosecution.

4.3.6. Right to object
When contacting us via the contact form, you can revoke your consent at any time with effect for the future.

Also when contacting us by e-mail, you have the possibility to object to the further processing of your data at any time with effect for the future.

Please notify us of your revocation or objection in writing; this can be done by sending us another message via the contact form, but also by e-mail or by post.

4.4. Reach measurement with Matomo
We use Matomo (formerly Piwik), an open source, self-hosted analysis software, to collect data on the use of our websites. In order to gain these insights, which are important for us, without affecting your privacy, we also anonymise your IP address before saving it. This means that it is no longer possible to draw conclusions about you as a specific person.

4.4.1. Processed data
The following data - in addition to the data listed in the section 4.1 Access data described - is processed:

Cookies
Anonymized IP addresses (removing the last 2 bytes)
location of the visitor (country, region, city - with reduced accuracy, as derived from the anonymized IP address)
Screen resolution, language setting and time zone of the visitor
Title of the page called up
Duration of the page setup
Files that were clicked and downloaded
Visits to external links
Interactions with forms (but not their content)

4.4.2. Purpose of processing
The knowledge gained from the processing of the described data helps us to understand typical user behaviour and to identify problems in the use of our website, so that we can continuously develop our services to meet the needs of the users.

4.4.3. Legal basis
The data processing is based on our legitimate interest in the further development of our services (Art. 6 para. 1 lit. f).

4.4.4. Data transfer
The described data will not be passed on to third parties unless there is a legal obligation to do so or the passing on of data serves the purpose of criminal prosecution.

4.4.5. Right of appeal
There are two ways to object to the processing of your data by Matomo.

„Do not Track“
The browser setting "Do not Track" informs all visited web pages that statistical recording is undesirable. Matomo respects this and does not collect any data about the visit if the setting is active. For further information please refer to the documentation of your web browser.
Matomo Opt-Out
In addition, Matomo itself offers the possibility to contradict the collection for a concrete web offer. To do so, please remove the tick from the checkbox below:

Your decision is stored in a generic deactivation cookie on your computer. Please note that this Matomo deactivation cookie is also deleted when you clean the cookies stored in your browser.
Since cookies are stored device- and browser-dependent, a new opt-out is also necessary when changing the browser or end device.
If your browser is configured accordingly (deletion of all cookies at the end of the session), the opt-out must also be set again on each visit.

5. DATA COLLECTION APP

5.1. Processed data

Person master data (e.g. title/gender, name, academic titles)
Employment data (e.g. company, function or job title)
Postal address
Geocoordinates
E-mail address
Phone number
Website
Profile links social media (e.g. Facebook, Twitter, Instagram, LinkedIn, Xing, Vk, Pinterest)
Profile links Instant Messengers (e.g. Skype, SnapChat)
Profile picture
Date of consent to the use of data

5.2. Purpose of processing

The processing of the described data takes place within the framework of the creation, administration and distribution of the everoo business cards by the user.

5.3. Legal basis

The data processing is carried out within the scope of the fulfilment of the contract of use concluded with us. The legal basis for this is Art. 6 para. 1 lit. b GDPR.

5.4. Storage duration

The described data will be stored for the duration of the user contract on which the processing is based. After termination of the contract, your data will be completely deleted, provided that this does not conflict with any statutory retention obligations.

5.5. Data transfer

Geocoding
To determine the geocoordinates of entered postal addresses we use the service HERE Geocoder of the provider HERE Global B.V, Kennedyplein 222 -226, 5611 ZT Eindhoven, The Netherlands.

Further information on the provider's handling of personal data can be found here: https://legal.here.com/de-de/privacy/policy
Phone number authentication and two-factor authentication
A short message with a confirmation code is sent for verification of entered phone numbers as well as for each login (with activated two-factor authentication). To send these short messages we use the service SMS Messaging of the provider Sinch Germany GmbH, Wilhelm-Wagenfeld-Straße 20, 80807 Munich, Germany.

Further information on how the provider handles personal data can be found here: https://www.sinch.com/gdpr/

5.6. Right to object

By deleting your everoo account, the contract of use also expires - and thus the basis for processing your data. This will result in a complete deletion of your data, as far as compatible with legal storage obligations.

6. RIGHTS OF THE DATA SUBJECT

You can exercise the following rights at any time using the contact details of our contact person for data protection issues mentioned above:

6.1 Right of access (Article 15)

Information about the type and origin of your personal data stored by us and the purpose of its processing.

6.2 Right of rectification (Article 16)

Correction or completion of your personal data, if they are incorrect or incomplete.

6.3 Right of cancellation (Article 17)

Deletion of your personal data stored by us, provided that the legal basis for the processing of the data is missing or has ceased to exist and existing storage obligations or interests worthy of protection to be taken into account do not conflict with a deletion.

6.4 Right to restrict processing (Article 18)

Restriction of data processing if your data may not yet be deleted due to legal obligations.

6.5 Right to object (Article 21)

Objection to the processing of your data stored by us.

6.6 Right to data portability (Article 20)

Provision and transmission of your data in a machine-readable format to another responsible person, as far as this is technically feasible.

6.7 Right of withdrawal (Article 7(3))

Revocation of a granted consent with effect for the future.

6.8 Right of appeal (Article 77)

To exercise your right of appeal, please contact the relevant supervisory authority. The jurisdiction depends on the state of your residence, your work or the place of the suspected infringement.

A list of the supervisory authorities (for the non-public sector) with addresses can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

7. TRANSMISSION OF DATA

If the services of third parties are used in the manner described above to process your personal data, this is done within the framework of contracts for the processing of personal data. These contracts specify the type and scope of processing as well as the obligations of the processor to comply with strict standards of data protection and data security.