Data privacy

Please note that the legally binding version of our privacy policy (Datenschutzerklärung) is available in German, while the English translation is provided for your convenience and reference purposes only.

Name and address of the person responsible

The responsible person, as defined by the General Data Protection Regulation (GDPR), and in accordance with other national data protection laws of the member states, as well as additional data protection regulations, is

Klaus Hannes
Klaus Hannes IT Consulting
Niederhöchstädter Str. 48a
61476 Kronberg
Germany

Tel.: +49 160 9674 6282
E-Mail: kontakt (at) itc-klha.de
Web: https://itc-klha.de

If you wish to rectify, restrict, delete, or request information about the personal data we have stored about you, or if you have any inquiries regarding the collection, processing, or usage of your personal data, or if you want to withdraw previously granted consents, please reach out to us at the following email address: kontakt (at) itc-klha.de

General information on data processing

Scope of the processing of personal data

We process personal data of our users only to the extent necessary for the provision of a functional website and our content and services. Typically, the processing of personal data of our users is carried out with the user's consent. However, exceptions may apply in cases where obtaining prior consent is not feasible for legitimate reasons or when data processing is permitted by legal regulations.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.

Data storage and retention period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Provision of the website and creation of log files

Description and scope of the data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

• Websites that are accessed by the user's system via our website
• Date and time of access
• Amount of data sent in bytes
• Websites from which the user's system accesses our website
• The user's Internet service provider
• Information about the browser type and the version used
• The user's operating system
• The IP address of the user

Legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

Duration of the storage

The server log files are stored for a maximum of seven days and then deleted. The data is stored for security reasons, e.g. to be able to investigate cases of misuse. If data must be retained for evidentiary reasons, it is excluded from storage until the incident has been definitively resolved.

Option for objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Cookies usage

Description and scope of data processing

Our website does not use cookies.

Contact Inquiries

In the course of contacting us, for example through the contact form or via email, personal data is collected. The data collected during this transmission is used exclusively for processing your inquiry. The data is not disclosed to third parties.

Type of Collected Data

When you use the contact form to get in touch with us, the following data is recorded:

1. Name
2. Company name (optional)
3. Email address
4. Phone number (optional)
5. Your message

When contacting us, we process the data of the inquirer to the necessary extent to respond to or process the request.

The legal basis for this is Art. 6(1)(a) GDPR (consent) and, if applicable, Art. 6(1)(b) GDPR (fulfillment of contract or pre-contractual measures).

Rights of the person concerned

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the data controller:

Right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If there is such processing, you can request information from the controller about the following:

1. the purposes for which the personal data are processed;
2. the categories of personal data which are processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
4. the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;
5. the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
6. the existence of a right of appeal to a supervisory authority;
7. any available information on the origin of the data, if the personal data are not collected from the data subject;
8. the existence of automated decision-making, including profiling pursuant to Article 22 (1) and (4) of the GDPR and — at least in these cases — meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards in accordance with Art. 46 of the GDPR in connection with the transfer.

Right to rectification

You have the right to correction and/or completion against the data controller if the processed personal data concerning you is incorrect or incomplete. The data controller must make the correction without delay.

Right to restrict processing

Under the following conditions, you can request the restriction of the processing of personal data concerning you:

1. if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data.;
2. the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
3. the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
4. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

If the processing of personal data concerning you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to erasure / Obligation to erase

You can demand from the data controller that the personal data concerning you be erased without undue delay, and the data controller is obligated to erase this data without undue delay if one of the following reasons applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing according to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR was based, and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The erasure of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.
6. The personal data concerning you have been collected in relation to the offer of information society services according to Art. 8(1) of the GDPR.

Information to third parties

If the data controller has made the personal data concerning you public and is obligated to erase them according to Art. 17(1) of the GDPR, they shall, taking into account available technology and implementation costs, take reasonable steps, including technical measures, to inform data processors who are processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, such personal data.

Exceptions

The right to erasure shall not apply where processing is necessary:

1. for the exercise of the right to freedom of expression and information;
2. for the performance of a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
   
4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise, or defense of legal claims.

Right to information

If you have exercised your right to rectification, erasure, or restriction of processing with the data controller, the data controller is obligated to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients by the data controller.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used, and machine-readable format. Additionally, you have the right to transmit these data to another data controller without hindrance from the data controller to whom the personal data were provided, provided that:

1. the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one data controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

The data controller shall no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You have the option to exercise your right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if the decision:

1. is necessary for entering into or performing a contract between you and the data controller,
2. is authorized by Union or Member State law to which the data controller is subject and that law contains adequate measures to safeguard your rights, freedoms, and legitimate interests, or
3. is based on your explicit consent.

Nevertheless, such decisions shall not be based on special categories of personal data as referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies, and adequate measures have been taken to protect your rights, freedoms, and legitimate interests.

Regarding cases mentioned in (1) and (3), the data controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to express your point of view, and to contest the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of personal data relating to you violates the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.