With the following privacy policy we would like to inform you about the types of personal data (hereinafter also referred to as "data") we process, for which purposes and to what extent in the context of providing our application.
The terms used are not gender-specific. Last Update: 19. June 2020
1. Preamble
2. Controller
3. Overview of
processing operations
4.
Legal Bases for the
Processing
5.
Security Precautions
6. Transmission and
Disclosure of Personal Data
7.
Data Processing in Third Countries
8. Special Notes on
Applications (Apps)
9.
Purchase of applications via Appstores
10. Registration,
Login and User Account
11. Profiles in
Social Networks (Social Media)
12. Erasure of data
13. Changes and
Updates to the Privacy Policy
14. Rights of Data
Subjects
EDS Fahrzeugtechnik GmbH Zechenstraße 19
45772 Marl Germany
Authorised Representatives: Dipl. Ing. Arno Schindler
E-mail
address: info@eds-motorsport.de
Legal Notice: https://www.eds-motorsport.de/shop_content.php?coID=4
The following table summaries the types of data processed, the purposes for which they are processed and the concerned data subjects.
1. Inventory data
(e.g. names, addresses).
2.
Contact data (e.g. e-mail, telephone numbers).
3. Meta/communication
data (e.g. device information, IP addresses).
4.
Location data (Data that indicates the location of
the end device of an end user).
1. Customers.
2. contact requests and communication.
3. Security measures.
4.
Contractual services and support.
5. Managing and
responding to inquiries.
In the following we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that, in addition to the regulations of the GDPR, the national data protection regulations may apply in your country or in our country of residence or domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.
Consent (Article 6 (1) (a) GDPR) - The data
subject has given consent to the processing of his or her personal data for one or more specific purposes.
Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate Interests (Article 6 (1) (f) GDPR) - Processing is necessary
for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are
overridden
by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects' rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default. SSL encryption (https): In order to protect your data transmitted via our online services in the best possible way, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions within the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognised level of data protection, which includes US processors certified under the "Privacy Shield" or on the basis of special guarantees, such as a contractual obligation through so- called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Article 44 to 49 GDPR, information page of the EU Commission: https:// ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
We process the data of the users of our application to the extent necessary to provide the users with the application and its functionalities, to monitor its security and to develop it further. Furthermore, we may contact users in compliance with the statutory provisions if communication is necessary for the purposes of administration or use of the application. In addition, we refer to the data protection information in this privacy policy with regard to the processing of user data.
Legal basis: The processing of data necessary for the provision of the functionalities of the application serves to fulfil contractual obligations. This also applies if the provision of the functions requires user authorisation (e.g. release of device functions). If the processing of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimising the application or security purposes), it is carried out on the basis of our legitimate interests. If users are expressly requested to give their consent to the processing of their data, the data covered by the consent is processed on the basis of the consent.
Commercial use: We process the data of the users of our application, registered and any test users (hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our application and to develop it further. The required details are identified as such within the scope of the conclusion of a contract for the use of the application, the conclusion of an order, an order or a comparable contract and may include the details required for the provision of services and any invoicing as well as contact information in order to be able to hold any consultations.
Device authorizations for access to functions and data: The use of certain functions of our application may require access to the camera and the stored recordings of the users. By default, these authorizations must be granted by the user and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user's device and software. Users can contact us if they require further explanation. We would like to point out that the refusal or revocation of the respective authorizations can affect the functionality of our application.
Location history and movement profiles: The location data is only used selectively and is not processed to create a location history or a movement profile of the devices used or of their users.
1.
Processed data
types: Inventory data (e.g. names, addresses), Meta/communication data (e.g.
a. device information, IP addresses), Location data (Data that indicates the location of the end device of an end user).
2.
Data subjects: Users
3. Purposes of Processing: Contractual services and support.
4.
Legal
Basis: Consent (Article 6 (1) (a) GDPR), Performance of a
contract and prior requests (Article
6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
The purchase of our apps is done via special online platforms operated by other service providers (so-called "appstores"). In this context, the data protection notices of the respective appstores apply in addition to our data protection notices. This applies in particular with regard to the methods used on the platforms for webanalytics and for interest-related marketing as well as possible costs.
1.
Processed data
types: Inventory data (e.g. names, addresses), Payment Data (e.g. bank details, invoices,
payment history), Contact data (e.g. e-mail, telephone numbers), Contract data
(e.g. contract object, duration, customer category), Usage data (e.g. websites
visited, interest in content, access times), Meta/communication data (e.g.
device information, IP addresses).
2.
Data subjects: Customers.
3.
Purposes of
Processing: Contractual services and support.
4.
Legal
Basis: Performance of a contract and prior requests (Article
6 (1) (b) GDPR), Legitimate
Interests (Article 6 (1) (f) GDPR).
1.
Apple
App Store: App and software distribution platform; Service
provider: Apple Inc., Infinite Loop,
Cupertino, CA 95014, USA; Website: https://www.apple.com/ios/app-store/;
Privacy Policy: https://www.apple.com/privacy/privacy-policy/.
2.
Google Play: App and software
distribution platform; Service provider: Google Ireland Limited Gordon House, Barrow Street,
Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA; Website:
https://play.google.com/store/apps?hl=en; Privacy Policy:
https://policies.google.com/privacy.
When using the system for the first time, users must enter their customer data. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of contractual fulfilment of obligations. The data entered during registration will be used for the purposes of using the user account and its purpose.
Users may be informed by e-mail of information relevant to their device, such as technical changes. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of using our registration as well as the use of the device, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
1. Processed data types: Inventory
data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers),
Meta/communication data (e.g. device information, IP addresses).
2.
Data subjects: Users
3. Purposes of Processing: Contractual
services and support, Security measures, Managing and responding to inquiries.
4.
Legal Basis: Consent (Article
6 (1) (a) GDPR), Performance of a contract and prior requests (Article
6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users' rights. With regard to US providers certified under the Privacy Shield or offering comparable guarantees of a secure level of data protection, we would like to point out that they thereby commit themselves to comply with EU data protection standards.
In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networs or will become members later on).
For a detailed description of the respective processing operations
and the opt-out options, please refer to the respective data protection
declarations and information provided by the providers of the respective
networks. Also in the case of requests for information and the exercise of
rights of data subjects, we point out that these can be most effectively
pursued with the providers. Only the providers have access to the data of the
users and can directly take appropriate measures and provide information. If
you still need help, please do not hesitate to contact us.
1.
Processed data
types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone
numbers), Content data (e.g. text input, photographs, videos),
Usage data (e.g. websites visited, interest in content, access times),
Meta/communication data (e.g. device information, IP addresses).
2.
Data subjects: Users (e.g.
website visitors, users of online services).
3.
Purposes
of Processing: contact requests and communication, Targeting (e.g. profiling based on
interests and behaviour, use of cookies), Remarketing, Web Analytics (e.g. access statistics,
recognition of returning visitors).
4.
Legal Basis: Legitimate
Interests (Article 6 (1) (f) GDPR).
1. Instagram : Social
network; Service provider: Instagram Inc., 1601
Willow Road, Menlo Park, CA, 94025,
USA; Website: https://www.instagram.com; Privacy Policy:
https://instagram.com/about/ legal/privacy.
2. Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https:// www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-Out: Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on the joint controll of processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or they are not required for the purpose).
If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Further information on the erasure of personal data can also be found in the individual data protection notices of this privacy policy.
We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.
As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:
2.
Right of
withdrawal for consents: You have the right to revoke
consents at any time.
3.
Right
of access: You have the
right to request confirmation as to whether the data in question will be
processed and to be informed of this data and to receive further information
and a copy of the data in accordance with the provisions of the law.
4.
Right to
rectification: You have the right, in accordance with the law,
to request the completion of the data concerning you or the rectification of the incorrect
data concerning you.
5.
Right
to Erasure and Right to Restriction of Processing: In
accordance with the statutory provisions, you have the right to demand that the
relevant data be erased immediately or, alternatively,
to demand that the processing of the data be restricted in accordance with the
statutory provisions.
6.
Right to data
portability: You have the right to receive data concerning you
which you have provided to us in a structured, common and machine-readable format
in accordance with the legal requirements, or to request its transmission to
another controller.
7.
Complaint to the
supervisory authority: You also have the right, under
the conditions laid down by law, to lodge a complaint with a supervisory authority, in
particular in the Member State of your habitual residence, place of work or
place of the alleged infringement if you consider that the processing of
personal data relating to you infringes the GDPR.