Privacy Policy
I. General Information
1. Contact Information of the Controller
Protectra GmbH
Lerchenweg 3
40789 Monheim am Rhein
Phone: +49 2173 9930312
Email: datenschutz@protectra.de
2. Categories of Recipients
Depending on the specific processing activity, categories of recipients may include IT service providers or hosting providers acting as processors bound by confidentiality.
II. Specific Information on the Collection of Personal Data
1. Website Visit
a) Purpose of Data Processing
Each time a user accesses a page of our offering and each time a file stored on the website is called up, access data relating to this process is stored in a log file. Each data record consists of:
(1) the page from which the file was requested,
(2) the name of the file,
(3) the date and time of the request,
(4) the amount of data transferred,
(5) the access status (file transferred, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) the referrer URL,
(8) the hostname of the accessing computer,
(9) the client IP address.
We use this data to operate our website, particularly to determine the website's load and identify any malfunctions for further adjustments or improvements. The client IP address is used solely for transmitting the requested data and is anonymized by deleting the last block (IPv4) or last octet (IPv6) once the technical requirement ceases to exist.
b) Duration of Storage
The data is stored each time a user accesses a page of our offering or visits our website and is deleted once it is no longer needed for the purpose of collection, which is no later than three months after the visit.
c) Legal Basis
The temporary storage of the aforementioned data is based on Art. 6 para. 1 lit. f of the EU General Data Protection Regulation (GDPR). The legitimate interest lies in providing our website and preventing misuse.
2. Cookies
a) Purpose of Data Processing
To enable the use of our website and the ordering process technically, we transmit so-called session cookies to the user's device. Cookies are small text files that can identify the user's device by typically capturing the domain name from which the cookie data was sent, information about the cookie's age, and an alphanumeric identifier. By storing the session cookie on the user's device without interfering with the operating system, the use of our login forms is made possible.
b) Duration of Storage
Session cookies are deleted once the online offering is exited, and the browser is closed.
c) Legal Basis
Session cookies are technically necessary cookies, their use is based on Art. 6 para. 1 lit. b GDPR as they are required for contract initiation and fulfillment.
d) Opt-out Option
Users can block the use of cookies on their devices or delete them after use. However, certain features of our offering may then no longer be usable. Instructions on how to block and delete cookies can be found in the browser software's help menu.
3. Contract Execution / Claims Enforcement
a) Purpose of Data Processing
We provide forms on our website for contract execution. Users can enter their data, which allows us to process their requests. Regularly collected and stored data include: name, address, email address, date, and time of the request, and any other data specified in the form. Data is collected, stored, and processed solely for the purpose of contract formation or execution, including contract processing.
Personal data is only transferred to third parties when necessary for contract execution, for example, when engaging a law firm for claims enforcement.
b) Duration of Storage
Personal data collected and processed for contract execution is stored until three years after the end of the mutual performance obligations. If the data is part of business correspondence as defined by §§ 147 para. 1 no. 2 and 3, 257 para. 1 no. 2 and 3 HGB, the data is deleted after six years at the end of the year. This also applies to data relevant to taxation as defined by § 147 para. 1 no. 5 AO unless shorter retention periods are permitted by other tax laws. If data is part of accounting records as defined by §§ 147 para. 1 no. 1, 4, 4a AO, 257 para. 1 no. 1 and 4 HGB, it is deleted after ten years at the end of the year.
c) Legal Basis
The storage of this data is based on Art. 6 para. 1 lit. b and lit. c GDPR, for fulfilling contractual obligations, performing required services, and complying with statutory retention obligations.
4. Contacting Us
a) Purpose of Data Processing
Users can contact us via a contact form, email, messages to our social media accounts, or phone. We store the data provided for processing the request, including name, address, email, phone number, date, and time of the request, and a description of the concern, including contract data if the request relates to a contract.
Data is only disclosed to third parties to fulfill contracts (e.g., lawyers) or send messages (e.g., mail providers, social media providers). This facilitates the processing of the user's contact request.
No data transfer to persons outside the EU occurs, nor is it planned.
b) Duration of Storage
Personal data collected and processed for contact purposes is stored until three years after the end of mutual performance obligations. If data is part of documents as defined by §§ 147 para. 1 no. 2, 3, and 5 AO, 257 para. 1 no. 2 and 3 HGB, it is deleted after six years at the end of the year unless shorter retention periods are permitted by other tax laws. If data is part of documents as defined by §§ 147 para. 1 no. 1, 4, 4a AO, 257 para. 1 no. 1 and 4 HGB, it is deleted after ten years at the end of the year. The periods begin at the end of the calendar year in which the data was collected.
c) Legal Basis
The storage of this data is based on Art. 6 para. 1 lit. b GDPR for contract initiation or fulfillment.
5. Direct Marketing
a) Purpose of Data Processing
We use data obtained in connection with the use of our services for direct marketing of our offerings, where legally permitted.
If direct marketing is carried out via service providers who facilitate advertisement delivery (e.g., mail providers, plugin providers), personal data is disclosed to them.
b) Duration of Storage
Data is deleted once it is no longer necessary for achieving the purpose, which occurs when the user objects to direct marketing or after twelve months following the last marketing action with notice of the right to object.
c) Legal Basis
The legal basis for promoting our services is Art. 6 para. 1 lit. f GDPR, as it serves the legitimate interest of advertising our services.
III. Data Subject Rights
When personal data of users is processed on our website, the data subject has the following rights according to the GDPR.
1. Right of Access under Art. 15 GDPR
The data subject has the right to obtain information about:
a) the purposes of the processing;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations;
d) where possible, the intended period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data, restriction of processing of personal data, or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the personal data is not collected from the data subject, any available information as to its source;
h) the existence of automated decision-making, including profiling as referred to in Art. 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject;
i) where personal data is transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
We will provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, we may charge a reasonable fee based on administrative costs.
2. Right to Rectification under Art. 16 GDPR
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to Erasure under Art. 17 GDPR
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR;
d) the personal data has been unlawfully processed;
e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data has been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.
4. Right to Restriction of Processing under Art. 18 GDPR
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
d) the data subject has objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.
5. Right to Notification under Art. 19 GDPR
If the data subject has exercised his or her right to rectification, erasure, or restriction of processing against the controller, and the controller has informed all recipients to whom the personal data has been disclosed (unless this proves impossible or involves disproportionate effort), the data subject shall have the right to be informed about those recipients.
6. Right to Data Portability under Art. 20 GDPR
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, and
b) the processing is carried out by automated means.
The exercise of this right shall not adversely affect the rights and freedoms of others.
The data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
7. Right to Object under Art. 21 GDPR
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
8. Right to Withdraw Consent
Where processing is based on consent, the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making, Including Profiling, under Art. 22 GDPR
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This does not apply if the decision:
a) is necessary for entering into, or the performance of, a contract between the data subject and us;
b) is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c) is based on the data subject's explicit consent.
Such decisions must not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject are in place.
In cases referred to in points a) and c), we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, which at least include the right to obtain human intervention on our part, to express his or her point of view, and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority under Art. 77 GDPR
Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work, or place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority to which the complaint has been submitted shall inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
11. Right to an Effective Judicial Remedy under Art. 79 GDPR
Every data subject shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning him or her and without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.
Proceedings against us or against a processor shall be brought before the courts of the Member State where we or the processor have an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence unless we or the processor is a public authority of a Member State acting in the exercise of its public powers.