Privacy Policy

Privacy Policy

With this privacy policy, we would like to inform you as a user of our internet presence (hereinafter referred to as “website”) by the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data, on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).

 

1. name and contact details of the controller

The responsible party within the meaning of the DS-GVO and other national data protection laws of the member states as well as other data protection regulations is:

Braintower Technologies GmbH

Schlackenbergstr. 41 a

66386 St. Ingbert

Phone +49 6894 92966-0

fax +49 6894 92966-20

E-mail info@braintower.de

You can reach our data protection officer at datenschutz@braintower.de

 

2. purpose, legal basis, and duration of processing

 

2. a) When calling up the website

Each time our website is called up, the browser used on the user’s terminal device automatically sends information to our website server. The following of the transmitted information is temporarily stored by us in so-called log files:

  • Information about the browser type and version used,
  • The operating system of the user,
  • Internet service provider of the user,
  • The IP address of the calling computer,
  • date and time of access,
  • websites from which the user’s system accesses our website, and
  • Websites that are accessed by the user’s system via our website.

This information is processed (1) to ensure a smooth connection setup of the website, including the delivery of the website to the user’s computer, (2) to ensure comfortable use of our website, and (3) for the purpose of evaluating system security and stability and (4) for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 UAbs. 1 S. 1 lit. f DS-GVO. Our legitimate interest follows from the data processing purposes listed above. An evaluation of the data for marketing purposes or for the purpose of drawing conclusions about your person does not take place in this context.

The data used to provide the website is deleted as soon as it is no longer required to achieve this purpose, i.e. at the end of the respective session. The data stored in log files are deleted after 14 days at the latest.

In addition, we use cookies as well as analysis and other services when you call up our website. You can find more detailed explanations of this under points 5 to 9 of this data protection declaration.

 

2. b) Jira Service Desk

Our website offers you the opportunity to contact us and report technical faults via the Jira Service Desk platform.

To use this platform, you must register by providing personal data and creating a user account. The data is entered in an input mask and transmitted to us and stored. To register, you must provide a valid e-mail address and your full name. At the time of completing the registration, the IP address of the calling computer, as well as the date and time of sending, are also stored.

Registration of the user serves the purpose of being able to process fault reports from customers more easily, as the information about the customer is automatically transferred to the processing procedure.

If you report a fault via the platform, this may contain further personal data. This additional personal data is also only processed to process the fault report.

Insofar as this is necessary for the processing of your fault report, we will forward the personal data relating to you to third parties (e.g. manufacturers, suppliers, and service providers). Under certain circumstances, personal data may also be forwarded to a third country in this context.

The legal basis for processing the data is Article 6 (1) (1) (a) of the German Data Protection Regulation (DS-GVO) if the user has given his consent, and otherwise Article 6 (1) (1) (f) of the DS-GVO. If registration and fault reporting is connected with the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (1) (b) DS-GVO.

The other personal data processed for processing the fault report will be deleted at the latest after the expiry of the statutory retention periods, unless you have consented to storage beyond this by Art. 6 (1) UAbs. 1 S. 1 lit. a DS-GVO. In general, the processed personal data must be deleted 6 years after the end of the calendar year in which the contractual relationship was terminated; for invoice receipts, the general retention period is 10 years. Exceptionally, we may be obliged to store data for a longer period due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO). Insofar as no statutory retention periods are to be observed, we will immediately delete the processed personal data as soon as they are no longer necessary for processing the fault report or for complying with statutory retention periods.

 

3. cookies

We use so-called cookies on our website. Cookies are small files that are automatically created by your browser when you visit our website and are stored on your end device (laptop, tablet, smartphone, or similar). In the cookie, information is stored that arises in each case in connection with the specific end device used.

The use of cookies serves on the one hand to make our website as user-friendly as possible. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. To optimize the user-friendliness of our website, we also use temporary cookies. These cookies are stored on your terminal device for a specific, predefined period of time and contain information that allows your browser to be uniquely identified when you return to the website. This is used to automatically repeat the entries and settings made when you previously called up our website. However, we do not obtain direct knowledge of your identity by identifying your browser.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 UAbs. 1 lit. f DSGVO.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies also enable your browser to be clearly identified when you return to the website. You can find more detailed explanations of this under section 7 of this data protection declaration.

Browsers are usually set so that cookies are automatically stored on the user’s terminal device. You can prevent or restrict this by changing the settings of your browser. You can also delete cookies that have already been stored at any time, whereby deletion can also be automated. If cookies for our website are deleted or deactivated, it may no longer be possible to use all functions of the website without restriction.

 

4 Matomo

We use the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information about website usage obtained in this way is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website. The data collected is not passed on to third parties.

The IP addresses are anonymized (IP masking), so an assignment to individual users is not possible.

The processing of the data is based on Art. 6 para. 1 p. 1 lit. a DSGVO. We thereby pursue our legitimate interest in optimizing our website for our external presentation.

You can revoke your consent at any time by deleting the cookies in your browser or changing your privacy settings.

 

4 a) Objection to data collection

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

 

5 Rights of the data subject

If personal data of yours is processed, you as the data subject are entitled to the following rights against the controller:

 

5 a) Right to information

Pursuant to Art. 15 DS-GVO, you have the right to request information from us about your personal data processed by us.

The right to information extends in particular to (1) the purposes of the processing, (2) the categories of personal data processed, (3) the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed, (4) the planned duration of the storage of the personal data concerning you or, if this information is not possible, the criteria for determining the storage period, (5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restrict processing by the controller or a right to object to such processing, (6) the existence of a right of appeal to a supervisory authority, (7) if the personal data are not collected from the data subject, any available information on the origin of the data, and (8) the existence of automated decision-making, including profiling, meaningful information on the details of such processing.

In addition, you may request information on whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 DS-GVO in connection with the transfer.

 

5 b) Right to rectification

In accordance with Art. 16 DS-GVO, you have the right to demand that we correct incorrect or complete your personal data stored by us without delay.

 

5 c) Right to deletion

In accordance with Art. 17 DS-GVO, you have the right to demand that we delete your personal data stored by us.

The prerequisite for deletion is that (1) the personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed, (2) you have withdrawn your consent on which the processing is based pursuant to Art. 6 para. 1 subpara. 1 lit. a or Art. 9 (2) lit. a DS-GVO and there is no other legal basis for the processing, (3) you object to the processing pursuant to Art. 21 (1) DS-GVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DS-GVO object to the processing, (4) the personal data concerning you has been processed unlawfully, (5) erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which we are subject, or (6) the personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) DS-GVO.

The right to erasure does not exist insofar as the processing is necessary (1) for the exercise of the right to freedom of expression and information, (2) for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, (3) for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DS-GVO, (4) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) DS-GVO, insofar as the right to erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or (5) for the establishment, exercise, or defense of legal claims.

 

5 d) Right to restriction of processing

Pursuant to Art. 18 DS-GVO, you have the right to demand that we restrict processing.

The prerequisite for the restriction of processing is that (1) you contest the accuracy of the personal data concerning you for a period of time that enables us to verify the accuracy of the personal data, (2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data, (3) we no longer need the personal data for the purposes of the processing, but you need them for the assertion, exercise or defense of legal claims, or (4) you object to the processing pursuant to Art. 21 (1) DS-GVO and it has not yet been determined whether our legitimate reasons outweigh your reasons.

 

5 e) Right of objection

Pursuant to Art. 21 DS-GVO, you have the right to object to the processing of personal data concerning you based on legitimate interests pursuant to Art. 6 (1) UAbs. 1 S. 1 lit. f DS-GVO provided that there are grounds for doing so which arise from your particular situation.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, in accordance with Article 21(2) of the DS-GVO; this also applies to profiling, insofar as it is related to such direct marketing.

 

5 f) Right to data portability

Pursuant to Art. 20 DS-GVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format, or to request the transfer of the personal data concerning you directly to another controller, insofar as this is technically feasible.

 

5 g) Right to revoke the declaration of consent under the data protection law

In accordance with Art. 7 DS-GVO, you have the right to revoke your consent once given at any time.

In the event of a revocation, we may no longer continue the data processing that was based on this consent for the future. The lawfulness of the processing is carried out on the basis of the consent until the revocation is not affected by the revocation.

 

5 h) Right to complain to a supervisory authority

Pursuant to Article 77 of the GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

 

6 Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

 

7 Actuality and change of this privacy policy

This data protection declaration is currently valid and has the status of July 2022.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website under https://www.braintower.de/datenschutz.