Privacy Policy

As a user of our website, you will receive all necessary information in this Privacy Policy about how, to what extent, and for what purpose we or third parties collect and use data from you. The collection and use of your data strictly follows the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telemedia Act (TMG). We feel particularly committed to the confidentiality of your personal data and therefore work strictly within the boundaries set by legal requirements. The collection of this personal data takes place on a voluntary basis where possible. We also only pass this data on to third parties with your explicit consent. We ensure high security for particularly sensitive data — such as in payment transactions or regarding your enquiries to us — by using SSL encryption. We would not, however, fail to point out the general risks of internet use, over which we have no control. Especially in e-mail communication, your data is not secure without further precautions and may under certain circumstances be captured by third parties.

Controller under GDPR

Definitions

This Privacy Policy of Artessa Information Technology GmbH is based on the terminology used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the general public, our customers and business partners. To ensure this, we would like to explain the terminology used in advance. Definitions can be found in Art. 4 GDPR.

We use, among others, the following terms in this Privacy Policy:

Personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Information, Erasure, Blocking

You are entitled at any time to free information about the personal data stored about you, its origin, recipient and purpose of data collection and processing. You also have the right to request correction, blocking or erasure of your data, except for data that must be retained due to statutory provisions or that is required for proper business operations. To enable a data block at any time, data is kept in a blocking file for control purposes. Where data is not subject to a legal archiving obligation, we will delete your data upon request. Where an archiving obligation applies, we will block your data. For all questions and concerns regarding correction, blocking or erasure of personal data, please contact our data protection officer at the contact details in this Privacy Policy or at the address stated in the Legal Notice.

Cookies

We use cookies on our website. These small text files are stored on your PC by our server. They support the display of our website and help you navigate it. Cookies collect data about your IP address, browser, operating system and internet connection. We do not link this information with personal data and do not pass it on to third parties. Cookies are never used by us to install malware or spyware on your computer. You can also use our website without cookies, although this may restrict some features and functions. You can disable cookies through specific settings in your browser — please use its help function to make the necessary changes. Online advertising cookies can be managed via the following links: http://www.aboutads.info/choices (USA), http://www.youronlinechoices.com/uk/your-ad-choices (Europe), http://optout.networkadvertising.org/?c=1#!/ (Network Advertising Initiative opt-out page).

Provision of Paid Services

If you wish to use paid services offered on our website, we may need to collect additional data from you for billing and security purposes. This regularly includes your name, a valid e-mail address and, where applicable, your address and telephone number, as well as further information in individual cases. We must ensure for legal reasons that you actually wish to receive the services offered and that we can invoice them correctly. We use the SSL encryption standard for payment transactions to protect your data, recognisable by the browser bar showing "https://".

Collection of Access Data

The delivery and display of content via our website technically requires the collection of certain data. When you access our website, these so-called server log files are captured by us or the web space provider. These log files do not allow any conclusions about you personally. The relevant information consists of the name of the website, the file, the current date, the amount of data, the web browser and its version, the operating system used, the domain name of your internet service provider, the referrer URL as the page from which you came to our website, and the corresponding IP address. We use this data to display and deliver our content and for statistical purposes. The information supports the provision and continuous improvement of our offering. We also reserve the right to retrospectively review the data mentioned if there is suspicion of unlawful use of our offering.

Third-Party Content and Services

Our website may also include content, services and features from other providers that supplement our offering. Examples include Google Maps, YouTube videos, third-party graphics or web fonts. Accessing these third-party services regularly requires the transmission of your IP address. This enables these providers to receive and store your user IP address. We make every effort to only include third parties that use IP addresses solely for delivering content. However, we have no influence over whether a third party stores the IP address. Such storage may for example serve statistical purposes. Should we become aware of storage operations by third parties, we will immediately notify our users of this fact. Please also refer to the specific privacy policies of individual third parties and service providers whose services we use on our website.

Newsletter

On the website of Artessa Information Technology GmbH, users are given the opportunity to subscribe to our company newsletter. The personal data transmitted to us when subscribing to the newsletter are set out in the input form used for this purpose.

We inform our customers and business partners at regular intervals by means of a newsletter about our company's offers. Our newsletter can generally only be received by a data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for newsletter delivery. A confirmation e-mail will be sent to the e-mail address first entered for newsletter delivery by a data subject, using the double opt-in procedure. This confirmation e-mail is used to verify that the owner of the e-mail address, as the data subject, has authorised receipt of the newsletter.

The personal data collected during newsletter registration are used exclusively for sending our newsletter. Subscribers may also be informed by e-mail where this is necessary for the operation of the newsletter service or registration. The personal data collected in connection with the newsletter service is not passed on to third parties. The subscription to our newsletter may be cancelled by the data subject at any time. Consent to the storage of personal data that the data subject has given us for the purpose of newsletter delivery may be withdrawn at any time. Each newsletter contains a corresponding link for the purpose of withdrawing consent.

Contact Options

Our website contains information that enables quick electronic contact with our company as well as direct communication with us, including a general e-mail address. If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily by a data subject to the controller is stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.

Personal Data

We collect personal data in the context of data avoidance and data minimisation only to the extent and for as long as it is necessary for the use of our website, or as required by the legislator. We take the protection of your personal data seriously and strictly adhere to the relevant statutory provisions and this Privacy Policy when collecting and processing personal data. Where the purpose of data collection no longer applies or the statutory retention period has expired, the collected data is blocked or deleted. Our website can usually be used without disclosing personal data. If we do collect personal data — such as your name, address or e-mail address — this is done on a voluntary basis. Without your explicit consent, this data will not be disclosed to third parties.

Server Log Files

Server log files are anonymised data that are collected when you access our website. This information does not allow any personal conclusions about you but is technically indispensable for delivering and displaying our content. They also serve our statistics and the continuous optimisation of our content. Typical log files include the date and time of access, the amount of data, the browser used and its version, the operating system used, the domain name of your provider, the page from which you came to our offering (referrer URL), and your IP address. Log files also enable a precise review where there is suspicion of unlawful use of our website.

SSL Encryption

Our website uses SSL encryption when transmitting confidential or personal content from our users. This encryption is activated, for example, when you submit enquiries to us via our website. Please ensure that SSL encryption is activated on your side for the relevant activities. You can easily recognise SSL encryption: the display in your browser bar changes from "http://" to "https://". Data encrypted via SSL cannot be read by third parties. Please transmit your confidential information only when SSL encryption is activated.

Objection to Advertising E-Mails

As part of our legal notice obligations, we must publish our contact details. These are sometimes used by third parties to send unsolicited advertising and information. We hereby expressly object to any transmission of advertising material of any kind that we have not explicitly authorised. We also expressly reserve the right to take legal action against the unwanted and unsolicited sending of advertising material. This applies in particular to so-called spam e-mails, spam letters and spam faxes.

Use of Google reCAPTCHA

To ensure sufficient data security when submitting forms, we use the reCAPTCHA service from Google Inc. in certain cases. This serves primarily to distinguish whether input is made by a natural person or by abusive automated processing. The service includes the transmission of the IP address and, where applicable, further data required by Google for the reCAPTCHA service. The separate privacy policy of Google Inc. applies. Further information on Google Inc.'s privacy policy can be found at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.

Use of Google AdSense

We embed advertising from Google AdSense on our website. Google AdSense is a remarketing function of Google Inc. that enables visitors to our website to be offered tailored, interest-based advertisements. Cookies are used for this purpose. You can prevent the remarketing function by making the appropriate settings at http://www.google.com/settings/ads. You can also prevent cookies from being stored via http://www.networkadvertising.org/managing/opt_out.asp.

Google AdWords

We use Google AdWords on our website, an online advertising programme of Google Inc. Conversion tracking is also used. If you do not wish to participate in tracking, you can disable the cookie for Google conversion tracking via your internet browser. Further information on Google's privacy policy can be found at http://www.google.de/policies/privacy/.

Use of Google Analytics

We use Google Analytics, a web analysis service from Google Inc., on our website. Google Analytics uses cookies — text files stored on your PC that allow analysis of your use of our website. You can prevent the storage of cookies by adjusting your browser settings. You can also prevent the collection and use of the data generated by the cookies by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=de. Learn more about Google Analytics privacy terms at http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.

Google Analytics Remarketing

We use Google Inc.'s remarketing function on our website. You can prevent the remarketing function by making the appropriate settings at http://www.google.com/settings/ads. You can also disable cookies via http://www.networkadvertising.org/managing/opt_out.asp. More information on Google Remarketing at http://www.google.com/privacy/ads/.

Google Maps Plugin

We use a plugin from the Google Maps internet service on our website. The operator of Google Maps is Google Inc., located in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. By using Google Maps on our website, information about the use of this website and your IP address is transmitted to a Google server in the USA and also stored there. More information on the privacy terms and terms of use for Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html.

Google Fonts

We use Google Fonts functions on our website, provided by Google Inc., located in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. Details on data usage and the privacy policy can be viewed at http://www.google.de/intl/de/policies/privacy/.

Legal Basis for Processing

Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. Where processing personal data is necessary for the performance of a contract to which the data subject is party — for example processing operations necessary for the delivery of goods or the provision of a service — the processing is based on Art. 6(1)(b) GDPR. Where our company is subject to a legal obligation requiring the processing of personal data — such as for the fulfilment of tax obligations — the processing is based on Art. 6(1)(c) GDPR. Processing operations may also be based on Art. 6(1)(f) GDPR where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Legitimate Interests Pursued by the Controller or a Third Party

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and our shareholders.

Period for Which Personal Data Will Be Stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment or initiation of a contract.

Statutory or Contractual Requirements to Provide Personal Data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). To conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data which must subsequently be processed by us. Failure to provide the personal data would mean that the contract could not be concluded with the data subject. Before any provision of personal data by the data subject, the data subject must contact our Data Protection Officer, who will inform the data subject whether the provision of personal data is required by law or contract, or is necessary for the conclusion of the contract.

Existence of Automated Decision-Making

As a responsible company, we do not use automatic decision-making or profiling.

Intellectual Property

The intellectual property rights held by us — such as the copyright in published objects created by us on our pages — remain solely with us. Reproduction and/or editing and/or distribution and/or any other exploitation of such objects (e.g. images, graphics, design, audio documents, video sequences, programs and texts) in other electronic or printed publications is not permitted without our express written consent. Where intellectual property rights are held by third parties, the express written consent of the respective rights holder (e.g. author, photographer, programmer or other creator) is required.

Where content on our pages was not created by us, the intellectual property rights of third parties are respected. In particular, third-party content is identified as such. Should you nevertheless become aware of a copyright infringement, please notify us accordingly. Upon becoming aware of infringements, we will remove such content immediately.

Overview of image rights available on request.

Liability for Links

We are not responsible for the content of third-party websites to which hyperlinks or similar connections are made, as we have no influence over such content. The respective provider or operator of the linked pages is always responsible for the content of those pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognisable at the time of linking. Permanent content monitoring of the linked pages is not reasonable without concrete indications of a legal violation. Upon becoming aware of legal violations, we will remove such links immediately.