as of December 2020
The controller in accordance with the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Safebridge GmbH
Raboisen 38, 20095 Hamburg, Germany
Deutschland
support@safebridge.net
+49 (40) 555 65 790
The data protection officer of the controller is:
DataCo GmbH
Dachauer Str. 65
80335 Munich,
Germany
datenschutz@dataguard.de
The following list includes all rights of the persons concerned according to the GDPR. Rights that are not relevant to the purposes of processing of personal data by Safebridge need not be mentioned.
If your personal data is processed by the controller, you are affected within the meaning of the GDPR and you are entitled to the following rights:
You can ask the controller to confirm whether personal data concerning you will be processed by us. If such processing has taken place, you can request the following information from the controller:
1.1. the purposes for which the personal data have been or are still being processed;
1.2. the categories of personal data processed;
1.3. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
1.4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage time;
1.5. the existence of a right to have personal data concerning you rectified or deleted; a right to restrict the processing of personal data by the controller; or a right of objection to processing;
1.6. the existence of a right of complaint to a supervisory authority;
1.7. any available information on the origin of the data if the personal data are not collected from the person concerned;
1.8. the existence of automated decision-making, including profiling in accordance with Art. 22 Paragraphs 1 and 4 GDPR and – at least in such cases – sound information on the logic involved as well as the scope and intended effects of such processing for the person concerned.
Further to the above, you have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of appropriate guarantees according to Art. 46 GDPR related to the transmission.
You have a right of rectification and/or completion of personal data if the personal data processed concerning you are incorrect or incomplete. Upon exercising this right, the controller shall make the correction without delay.
You can request the restriction of the processing of personal data concerning you under the following conditions:
3.1. you contest the accuracy of personal data concerning you; this will result to the restriction of processing of personal data for a period of time that enables the controller to verify the accuracy of the personal data;
3.2. the processing is unlawful and you oppose to the erasure of the personal data and request that the processing of the personal data be restricted instead;
3.3. the controller no longer needs the personal data for the purposes of the processing; however, you do need them to establish, exercise or defend legal claims; or
3.4. if you have objected to processing pursuant to Art. 21.1 GDPR and you request restriction of processing pending the verification whether the legitimate grounds of the controller override your reasons.
Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims and/or for the protection of the rights of another natural or legal person and/or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted according to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.
4.1. Obligation to delete:
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
4.1.1. the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
4.1.2. you withdraw the consent on which the processing is based, pursuant to Article 6.1(a) or Article 9.2(a) GDPR, and there is no other legal ground for the processing.
4.1.3. you object to the processing pursuant to Article 21.1 GDPR and there are no overriding legitimate grounds for the processing; or you object to the processing pursuant to Article 21.2 GDPR.
4.1.4. the personal data concerning you have been unlawfully processed.
4.1.5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
4.1.6. the personal data have been collected to offer ‘information society services’ as referred to in Article 8.1 GDPR.
4.2. information to third parties:
Where the controller has made the personal data related to you public and is obliged pursuant to Article 17.1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as person concerned has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
4.3. Exceptions:
The right to erasure shall not apply to the extent that processing is necessary:
4.3.1. for exercising the right of freedom of expression and information;
4.3.2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
4.3.3. for reasons of public interest in the area of public health in accordance with Article 9.2(h) and (i) as well as Article 9.3 GDPR;
4.3.4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89.1 GDPR, in so far as the right referred to in Section 4.1 of this document is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
4.3.5. for the establishment, exercise or defence of legal claims.
If you have exercised your right against the controller to have the processing corrected, deleted or restricted, he shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform you about those recipients if you request it.
You shall have the right to receive the personal data concerning you and which you have provided to a controller, in a structured, commonly used and machine-readable format. Further you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
6.1. the processing is based on consent pursuant to Article 6.1(a) or Article 9.2(a) GDPR or on a contract pursuant to Article 6.1(b); and
6.2. the processing is carried out by automated means.
In exercising this right, you shall also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You shall have the right to object to the processing of your personal data, being processed in accordance with the provisions (e) or (f) of Article 6.1 GDPR, at any time on grounds relating to your particular situation, which includes profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedom or the processing serves as the assertion, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You are entitled to revoke your consent to the contents of this data protection declaration at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of your consent until revocation.
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
9.1. is necessary for entering into, or the performance of, a contract between you and the controller; or
9.2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedom and legitimate interests; or
9.3. is based on your explicit consent.
These decisions shall not be based on special categories of personal data referred to Article 9.1 GDPR, unless provisions (a) or (g) of Article 9.2 GDPR apply and suitable measures to safeguard your rights and freedom and legitimate interests are in place.
In the cases referred to in 9.1 and 9.3, the controller shall implement suitable measures to safeguard your rights and freedom and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art.78 GDPR.
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.
Provided we obtain the consent of the data subject for the processing of personal data, Art.6.1(a) GDPR serves as the legal basis.
For the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6.1(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6.1(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6.1(d) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedom of the data subject do not outweigh the former interest, Article 6.1(f) GDPR serves as the legal basis for processing.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Every time our website is visited, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
1.1. Information about the browser type and version used
1.2. The user’s operating system
1.3. The internet service provider of the user
1.4. The IP address of the user
1.5. Date and time of access
1.6. Websites from which the user’s system reaches our website
1.7. Websites accessed by the user’s system via our website
The data are also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Article 6.1(f) GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data serve us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing for this purpose is in accordance with Article 6.1(f) GDPR.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, the purpose of collection of personal data is achieved when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
1.1. Items in shopping cart
1.2. Log-in information
1.3. Session cookies
1.4. Entered search keywords
1.5. Frequency of page views
1.6. Use of website functions
The legal basis for the temporary storage of data and log files using cookies is Article 6.1(f) GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognised even after a page change.
We need cookies for the following applications:
3.1. Shopping cart
3.2. Improving the quality or content of our website
Our legitimate interest in the processing of personal data in accordance with Article 6.1(f) GDPR is also caused by these purposes.
Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask, transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process:
1.1. E-mail address
1.2. Surname
1.3. First name
1.4. Address
1.5. Phone / Mobile phone
1.6. Nationality
1.7. Place of birth
1.8. Date of birth
The user’s consent to the processing of this data is obtained in the course of the registration process.
The legal basis for the processing of data collected upon registration is Article 6.1(a) GDPR provided that the user has given his consent. If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Article 6.1(b) GDPR.
A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
The data will be deleted upon receiving a request for deletion via e-mail as soon as they are no longer necessary to achieve the purpose of their collection. This is the case for personal data collected during the registration process, for the performance of a contract or for the execution of pre-contractual measures, if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contracting party in order to fulfil contractual or legal obligations.
As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time.
There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. The data are:
1.1. E-mail address
1.2. Surname
1.3. First name
At the time the message is sent, the following data are also stored: IP address of the user
Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation and/or correspondence.
The legal basis for the processing of the data is Article 6.1(a) GDPR provided that the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6.1(f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is Article 6.1(b) GDPR.
The processing of the personal data from the input mask serves us only for the treatment of the establishment of contact. If you contact us by e-mail, we have a legitimate interest in the processing of your data. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. With regards to personal data from the input mask of the contact form and those sent by email, the purpose of collection is achieved when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us will be deleted.
We use “AI” to automatically record calls made to and by our Sale department for quality assurance and training purposes. We use the following tools: Speech to text analysis, Natural Language Processing, Telecom, Sentimental Analysis function and Machine Learning. All recorded data are saved on “PBC” platform under separate customer records. The recorded data are available only to PBX/IT Admin via the PBX Admin dashboard.
The following data is collected:
1.1. Date and time of the call
1.2. Record of the call
1.3. Telephone number
We inform you when a call is recorded and we obtain your consent prior to collecting and/or processing any data.
The legal basis for the processing of the data is Article 6.1(a) GDPR provided that the user has given his consent.
The purpose of processing of the personal data can be:
3.1. For the quality assurance of our services (i.e. to ensure that information we provide regarding our services is consistent and accurate);
3.2. For staff training purposes and establishment of call handling standards;
3.3. For investigation of a complaint;
3.4. For the prevention of a threat to the health and safety of staff.
All call records will be automatically stored on the “PBC” platform for 90 days. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. However, if there is a justified need to maintain a specific record for a longer period, it will be reviewed by us in conjunction with the Data Protection Officer.
The user has the possibility to object the recording of the call at any time. In such case the conversation cannot be continued, and the call will be terminated. Furthermore, user can revoke his consent to the processing of personal data at any time after the phone call. In such case, all personal data stored will be deleted.
Use of Facebook Pixels:
We use the so-called “Facebook Pixel” of the social network Facebook, Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025 United States or, if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With this analysis tool, Facebook can determine the users of our website as target group in order to display ads.
The legal basis for the processing of personal data is Article 6.1(f) GDPR.
The use of Facebook Pixels serves to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes. This allows future advertising measures to be optimised.
We have no information on the duration of storage.
The data collected remain anonymous to us. They are stored and processed by Facebook. It is possible to establish a connection to your Facebook profile. Facebook may use this data for their own promotional purposes under the Facebook Data Usage Policy (http://www.facebook.com/about/...).
If you do not want Facebook to be able to link the use of our website to your Facebook profile, please log out of your Facebook account. You can object to the collection by Facebook Pixels and the use of your data to display Facebook ads under the following link: http://www.facebook.com/settin....
Use of Facebook Plugin:
We use the plug-in of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025 United States or, if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By activating this plug-in, your browser connects to Facebook’s servers. Facebook learns that you visit our website with your IP address. In addition, Facebook receives information about date, time, browser type and version, operating system and version as well as Facebook cookies already stored in the browser. With this Facebook can see which websites with Facebook content you have visited. The plug-in is part of Facebook and is only displayed on our page. Any interaction with the plug-in is an interaction on “facebook.com”. If you are logged in to Facebook your Facebook login number will also be transferred when you activate the plug-in. Visiting our website can therefore be linked to your Facebook account. Depending on the settings of your Facebook account, clicking on the Plug-in is also published on Facebook. You can avoid this by logging out of your Facebook account before activating the plug-in and deleting all Facebook cookies after visiting pages with Facebook plug-ins.
The legal basis for the processing is Article 6.1(a) GDPR.
Facebook processes this data to find errors in their own system, to improve their own products and adapt them to user behaviour, for the purpose of control, placement and individualisation of advertising. In addition, the processing serves in terms of localisation, and recording the way of using websites with Facebook content and the purpose of market research.
According to their own statements, Facebook stores the data for up to 90 days. After that, the data will only be used in anonymous form.
Further information on data use and collection can be found in Facebook’s privacy policy at: http://facebook.com/about/priv....
Use of Google AdWords:
On our website, we use Google AdWords of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. This is an online advertising programme which uses conversion tracking. If you are using our website via a Google ad Google AdWords places a cookie on your computer. A different cookie will be assigned to each Google AdWords customer.
The legal basis for the processing is Article 6.1(f) GDPR.
We are only informed of the total number of users who have reacted to our ad. No information will be passed on that we can use to identify you. The use is not for tracking.
The cookie expires after 30 days.
You can disable Google Conversion Tracking by deactivating the tracking procedure in your browser. Further information can be found at https://www.google.com/intl/de....
Use of Google Analytics:
On our website we use Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files saved on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of this website will be transferred to a Google server in the United States and stored there.
If IP anonymisation is activated on this website, your IP address will previously be shortened by Google, within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be sent to a Google server in the United States and shortened there. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information in order to evaluate your use of the website, to compile reports on website activities and to provide further information about services related to the use of the website and the internet to the website operator. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
You may prevent the use of cookies by selecting the respective settings in your browser software, however, we would like to point out that in this case you might not be able to use all functions of our website to their full extent.
The legal basis for the processing is Article 6.1(f) GDPR.
The purpose of the processing of personal data is to specifically address a target group that has already expressed an initial interest by visiting the site.
According to their own statements, Google anonymises advertising data in server logs by deleting parts of the IP address and cookie information after 9 and 18 months, respectively.
In addition, you may prevent the acquisition of data created by the cookie and data related to your use of the website (incl. your IP address) by Google as well as prevent the processing of this data by Google by downloading and installing the browser plugin available via the following link:
http://tools.google.com/dlpage....
For more information, please visit https://www.google.com/intl/de....
This privacy policy was created with the support of DataGuard
Safebridge GmbH
Data Protection Declaration (“DPD”) V.1.1
Update: 12/2020