Privacy — Gemineo

Privacy Policy

Last amended: May 2018

I. Controller’s Name and Address

The Controller within the meaning of the General Data Protection Regulation and other national privacy laws of the Member States as well as other privacy rules is:

Gemineo GmbH
Theresienstr. 73
80333 Munich
Germany

Phone: +49 89 54 27 47-0
Fax: +49 89 54 27 47-5

Email: info@gemineo.de
Internet: www.gemineo.de

II. Data Protection Officer’s Name and Address

The Controller’s appointed Data Protection Officer is:
DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany

Phone: +49 89 74 00 45 84 0

www.dataguard.de

III. General Information on Data Processing

1. Scope of processing of Personal Data

As a general rule, we process our users’ Personal Data only to the extent that it is necessary to provide a functional website as well as our content and services. Our users’ Personal Data are regularly processed only upon the user’s consent. Exceptions shall apply in such cases where prior consent cannot be obtained for factual reasons and data processing is legally allowed.

2. Lawfulness of processing Personal Data

To the extent that the Data Subject has given consent to the processing of his or her Personal Data, the legal grounds are Article 6(1) Sentence 1 lit. a European General Data Protection Regulation (GDPR).
To the extent that processing is necessary for the performance of a contract to which the Data Subject is party, the legal grounds are Article 6(1) Sentence 1 lit. b GDPR. The same shall apply to processing steps which are required to complete any steps prior to entering a contract.
To the extent that processing is necessary for compliance with a legal obligation to which our company is subject, the legal grounds are Article 6(1) Sentence 1 lit. c GDPR.
To the extent that the processing of Personal Data is necessary in order to protect the vital interests of the Data Subject or of another natural person, the legal grounds are Article 6(1) Sentence 1 lit. d GDPR.
To the extent that processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, the legal grounds for processing are Article 6(1) Sentence 1 lit. f GDPR.

3. Data erasure and data storage period

The Data Subject’s Personal Data shall be erased or locked as soon as the purpose for the storage no longer exists. Data may also be stored if provided for by European or national laws in the form of Union regulations, laws, or other rules to which the Controller is subject. Data shall also be locked or erased if a statutory storage period stipulated by the aforementioned legal standards expires unless further data storage is required for the purposes of conclusion or performance of a contract.

IV. Rights of the Data Subject

If your Personal Data is being processed, you are a Data Subject pursuant to the GDPR, and you have the following rights via-à-vis the Controller:

1. Right of access

You have the right to obtain from the Controller confirmation as to whether or not Personal Data concerning you are being processed by us.
Where that is the case, you may obtain the following information from the Controller:

the purposes of the processing;
the categories of Personal Data concerned;
the recipients or categories of recipient to whom the Personal Data have been or will be disclosed;
the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the Controller rectification or erasure of Personal Data concerning you, or restriction of processing of Personal Data, or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the Data Subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

You have the right to obtain information on whether Personal Data concerning you are transferred to a third country or to an international organization. In that context you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the Controller the rectification and/or completion of inaccurate or incomplete Personal Data concerning you which have been processed. The Controller shall rectify any such data without undue delay.

3. Right to restriction of processing

You have the right to obtain from the Controller restriction of processing of Personal Data concerning you where one of the following applies:

the accuracy of the Personal Data is contested by you, for a period enabling the Controller to verify the accuracy of the Personal Data;
the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead;
the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims;
you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Controller override yours.

Where the processing of Personal Data concerning you has been restricted, such Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the aforementioned conditions, you shall be informed by the Controller before the restriction of processing is lifted.

4. Right to erasure

a) Duty to erase
You have the right to obtain from the Controller the erasure of Personal Data concerning you without undue delay, and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:

the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw consent on which the processing is based according to Article 6(1) Sentence 1 lit. a or Article 9(2) lit. a GDPR, and where there is no other legal ground for the processing;
you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
the Personal Data concerning you have been unlawfully processed;
the Personal Data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information of third parties
Where the Controller has made the Personal Data public and is obliged pursuant to Article 17(1) GDPR to erase the Personal Data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Controllers which are processing the Personal Data that you, the Data Subject, have requested the erasure by such Controllers of any links to, or copy or replication of, those Personal Data.

c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Article 9(2) lit. h and i as well as Article 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in Paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise, or defense of legal claims.

5. Right to notification

If you have exercised your right to rectification, erasure, or restriction of processing, the Controller shall be obligated to communicate any rectification or erasure of Personal Data or restriction of processing to each recipient to whom the Personal Data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to obtain from the Controller information about those recipients.

6. Right to data portability

You have the right to receive the Personal Data concerning you, which you have provided to the Controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another Controller without hindrance from the Controller to which the Personal Data have been provided, where:

the processing is based on consent pursuant to Article 6(1) Sentence 1 lit. a GDPR or Article 9(2) lit. a GDPR or on a contract pursuant to of Article 6(1) Sentence 1 lit. b GDPR; and
the processing is carried out by automated means. In exercising your right to data portability, you also have the right to have the Personal Data concerning you transmitted directly from one Controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to the processing of Personal Data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you which is based on Article 6(1) Sentence 1 lit. e or f GDPR, including profiling based on those provisions.
The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
Where Personal Data are processed for direct marketing purposes, you have the right to object at any time to processing of Personal Data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the Personal Data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

is necessary for entering into, or performance of, a contract between you and a data Controller;
is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent. Such decisions, however, may not be based on special categories of Personal Data referred to in Article 9(1) GDPR, unless Article 9(2) lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view, and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

V. Provision of Website and Creation of Log Files

1. Description and scope of data processing

Our system automatically collects data and information about the retrieving computer’s system every time our website is visited. The following data are collected:

browser type and version used;
the user’s operating system;
the user’s internet provider;
the user’s IP address;
access date and time.

These data are also stored in our system’s log files. They are not stored together with any other of the user’s Personal Data.

2. Legal grounds for processing

The legal grounds for the temporary storage of the data and log files are Article 6(1) Sentence 1 lit. f GDPR.

3. Purpose of processing

The system must temporarily store the IP address in order to facilitate the delivery of websites to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Data storage in log files ensures website functionality. Moreover, the data serve us to optimize the website and ensure the safety of our information technology systems. The data are not evaluated for marketing purposes in this context.
These purposes also correspond to our legitimate interests pursuant to Article 6(1) Sentence 1 lit. f GDPR.

4. Duration of storage

The data shall be erased as soon as they are no longer necessary for the purpose for which they have been collected. Where data are being collected to provide the website, this shall be the case as soon as the respective session is over.
Where data are being stored in log files, this shall be the case after no later than seven days. It is possible for data to be stored longer than that. In that case, the users’ IP addresses shall be erased or anonymized to make sure that the retrieving client can no longer be attributed.

5. Possibility of objection and elimination

The collection of data is absolutely necessary to provide the website, and the storage of data in the log files is absolutely necessary to operate the internet site. Hence the user has no possibility of objection.

VI. Use of Cookies

Description and scope of data processing

Our website uses cookies. Cookies are small text files which are stored in the internet browser or, respectively, by the internet browser on the user’s computer system. Whenever a user accesses a website, a cookie may be stored in the user’s operating system. This cookie contains a specific string which enables the website to clearly identify the browser the next time the site is accessed.
We use cookies to make our website more user-friendly. Some elements on our internet site require the browser to be recognized even after a different site has been accessed.  The following data are stored and transmitted in the cookies:

language settings.

Legal grounds for processing

The legal grounds for the processing of Personal Data using cookies is Article 6(1) Sentence 1 lit. f GDPR.

Purpose of processing

The purpose of using technically necessary cookies is to make the use of the website easier for the user. Some functionalities on our internet site could not be offered without the use of cookies. They require for the browser to be recognized even after a different site has been accessed.

We require cookies for the following applications:

application of language settings,
remembering search terms.

The user data collected by technically necessary cookies is not used to create user profiles.
These purposes also correspond to our legitimate interests in the processing of Personal Data pursuant to Article 6(1) Sentence 1 lit. f GDPR.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted to our site by the latter. That also means that you, the user, have full control over the use of cookies. By adjusting the settings in your internet browser, you can disable or restrict the transmission of cookies. You can also delete cookies that have already been stored at any time. This may also be done automatically. If cookies for our website are disabled, it may no longer be possible to use all functionalities of the website to the fullest extent.

VII. Email Contact

1. Description and scope of data processing

It is possible to use the provided email address to get in touch with us. In that case, the user’s Personal Data transmitted in the email will be stored.
The data will not be shared with any third parties in this context. The data will be used exclusively to process the conversation.

2. Legal grounds for processing

The legal grounds for processing the data shall be Article 6(1) Sentence 1 lit. a GDPR if user consent has been granted.
The legal grounds for the processing of data transmitted within the context of sending an email is Article 6(1) Sentence 1 lit. f GDPR. If the intended purpose of the email contact is the conclusion of a contract, another legal ground for the processing shall be Article 6(1) Sentence 1 lit. b GDPR.

3. Purpose of processing

The Personal Data from the input mask is processed for the sole purpose of processing the established contact. If contact is established via email, this shall also correspond to our legitimate interests in the processing of Personal Data.

4. Duration of storage

The data shall be erased as soon as they are no longer necessary for the purpose for which they have been collected. In the case of Personal Data transmitted via email, this shall mean the end of the conversation with the respective user. The conversation shall be deemed ended when circumstances indicate conclusively that the matter at hand has been cleared up.

5. Possibility of objection and elimination

The user may withdraw their consent to the processing of Personal Data at any time. If the user contacts us via email, they may object to the storage of their Personal Data at any time. In that case, the conversation cannot be continued.
All Personal Data which have been stored as part of the established contact shall be erased in that case.