Data protection declaration website www.evolutionid.de and the social media presence

A. Privacy goals

We strive for long-term relationships with our employees and consistently high levels of user satisfaction. We focus in particular on shaping your individual relationship with you and align all of our other goals with this. An important part of these relationships is based on trust. We are therefore fully committed to protecting privacy and the right to data protection. Our goal is to offer employees and users a safe, risk-free service.

In order to ensure that personal data is processed only in accordance with the legal basis, we align our processes and technical design with the General Data Protection Regulation, the Federal Data Protection Act and other relevant laws. In particular, no more personal data should be collected than is necessary for the respective purpose and easy exercise of the rights of those affected should be ensured.

The following declaration concerns data processing within the context of our website. Even though we have taken organizational and technical measures to ensure the most consistent protection of the offer, the occurrence of a security gap in electronic communication channels cannot, of course, be completely ruled out. For this reason, visitors to the website are free to find out about us or to transmit information to us in other ways.

The usage and communication data generated by your visit to our website is processed by us for the purpose of displaying this website. There will be no use beyond this. Additional processing operations can be carried out by integrated third-party services, which we use to improve the presentation or functionality of this website.

B. Terminology

Personal data
Personal data is any information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Processing
Processing is any operation or series of operations carried out on personal data, whether or not by automated means, such as collecting, recording, organizing, classifying, storing, adapting or modifying, reading, querying, using , disclosure by transmission, distribution or other form of provision, alignment or association, restriction, deletion or destruction.

Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data Data is not assigned to an identified or identifiable natural person.

Controller or
controller is the natural or legal person, public authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.

Recipient
Recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

Third party
Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent
Consent is any voluntary, informed and unambiguous expression of the data subject’s wishes for a specific case, in the form of a statement or other clear affirmative action, by which the data subject indicates that he or she consents to the processing of personal data concerning him or her agrees.

Health data
“Health data” is personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and which reveals information about their health status.

C. General information

The person
responsible within the meaning of the General Data Protection Regulation is:

evolutionID GmbH
Nördliche Auffahrtsallee 19
80638 Munich
Telephone: +49 (0) 89-693 102-222
Telefax: +49 (0) 89-693 102-221
Email:
(hereinafter: evotutionID)

Data protection officer
You can reach our data protection officer at:


Telephone: 06841 9816-0
Telefax: 06841 9816-29

Our data protection officer will help you quickly and easily if you have any questions or assert your data subject rights.

Type and scope of data processed
Basically, usage data (e.g. websites visited, access times) and communication data (e.g. browser information, IP addresses) are processed.

Browser and server data
Please note that your browser transmits information to us when you simply use the website. The purpose of this transmission is to enable you to visit the website technically. The data is required to process the information request. The type of information transmitted therefore also depends on your settings and technical specifications. When you access our website, the following data may be collected:

  • IP address
  • Time of access
  • page accessed or name of the retrieved file (URL)
  • Status information (e.g. error codes)
  • amount of data transferred
  • Browser information (web browser used, operating system, language setting, etc.)

The data is used for statistical and security-related purposes. It will not be passed on to third parties. This website itself does not use any technologies aimed at evaluating the access behavior of individual users. Personal usage profiles are not created. The data will be stored for a maximum of 7 days for the stated purposes.

Cookies
When you use this offer, cookies are stored on your computer. The legal basis for use is Section 15 Paragraph 1 TMG and Section 15 Paragraph 3 TMG, taking into account Article 6 Paragraph 1 Letter f) GDPR. Cookies are small text files that are stored on your hard drive by the browser you use and through which certain information flows to the entity that sets the cookies. Cookies are a technical means of ensuring the functionality of the website and improving the user experience. For example, they are used to store information across multiple pages. We use cookies for the following purposes:

  • Storage of user settings.

We use the following types of cookies:

  • Transient cookies (temporary use)
  • persistent cookies (use for a limited time).

The latter may be used by third parties. The cookies serve our interest in making our website easier to use and improving.

The transient cookies are automatically deleted when you close the browser. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The deletion periods correspond to the specifications of the relevant third-party provider.

You can delete cookies at any time in your browser’s security settings. You can also set your browser to reject certain or all cookies. However, we would like to point out that in this case the functionality of the website may be limited. We store the information related to cookies separately from other data that we may provide. This data is expressly not linked to your other data.

Categories of data subjects
The visitors to the website are affected by data processing through our website.

Purpose of processing

  • Providing an online presence
  • Possibility of interaction for users
  • Safety measures

Storage period
The criterion for the duration of storage of personal data is the respective statutory retention period and the processing purpose. After the deadline has expired, the relevant data will be routinely deleted unless it is no longer required to achieve the purpose of processing.

The specific storage periods are stated within this declaration for the individual data processing operations.

Legal basis
Several permissible facts of the GDPR can be considered as legal bases: First of all, Art. 6 Para. 1 lit. a) GDPR serves as the basis for processing operations in which your consent for the processing operation is obtained. For those processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our services, the processing is based on Art. 6 Para. 1 lit. b) GDPR. In the case of fulfilling tax obligations, processing is based on Art. 6 Para. 1 lit. c) GDPR. In the case of this website, the processing of data is primarily based on Art. 6 Para. 1 lit. f) GDPR. This basis for permission applies if processing is necessary to protect a legitimate interest of the person responsible or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not outweigh them.

The specific interests are reflected at the point of the processing process.

Technical security measures
We maintain current technical and organizational measures to ensure data security, in particular to protect your personal data from dangers during data transfers and from third parties gaining knowledge of it. These are adapted to the current state of the art.

D. Third Party Service Providers

If we allow third parties to participate in the processing, this is done exclusively on the basis of a legal permission standard and in compliance with the legal provisions. This permission standard may consist of your consent, a legal obligation or our legitimate interests.

Hosting
The hosting services we may use serve to provide the following services: infrastructure and platform services, software tools, computing capacity, storage space and maintenance services that we need for the purpose of operating this online offering.

The hosting provider processes the usage data based on our legitimate interest in the effective and secure provision of this online offer in accordance with Article 6 Paragraph 1 Letter f) GDPR.
The usage data includes the data described under “Type and scope of the data processed”. This data will be deleted after seven days.

Links to other websites
Our website contains links to third-party websites. This data protection declaration only applies to the content of our website and does not include third-party websites linked to this page. We have no influence on the legality of the content of these sites or how they handle personal data. If you have any questions about the content or data protection of such third parties, please contact the respective provider.

Plugins:

Google Tag Manager
We use the so-called Tag Manager from the provider Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA. The service’s privacy policy is available at: https://policies.google.com/privacy . A control option for the processing of your data by the provider is offered at: https://adssettings.google.com/authenticated . The tags set up via the Google Tag Manager ensure the collection of data that is passed on to the target system. Because the data is only passed on, the system does not collect or store the data itself. According to the provider, the Google Tag Manager is a cookieless domain and therefore cannot collect any personal data in this way.

Google Fonts
We incorporate the fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA. The service’s privacy policy is available at: https://policies.google.com/privacy . A control option for the processing of your data by the provider is offered at: https://adssettings.google.com/authenticated . This service serves to improve the visual design of the website. It cannot be ruled out that data will also be transferred to other Google servers. Google LLC guarantees and offers sufficient guarantees to comply with European data protection law.

Google Apis
We use Google Apis from the provider Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA. The service’s privacy policy is available at: https://policies.google.com/privacy . A control option for the processing of your data by the provider is offered at: https://adssettings.google.com/authenticated . In this way, we make our website more resistant to bottlenecks in the available bandwidth and enable our visitors to have a quick and reliable connection to our website. When you access a page, your browser loads the required files (especially web fonts) into your browser cache via the Content Delivery Network (CDN) via the address in order to display texts and fonts correctly. The service enables the operator to find out that our website was accessed with your IP address. The use of the CDN is in the interest of a uniform and attractive design of the website as well as a fast and reliable connection to our website. The basis for authorization is Art. 6 Para. 1 lit. a), f) GDPR. It cannot be ruled out that data will also be transferred to other servers. Google LLC guarantees and offers sufficient guarantees to comply with European data protection law.

Gstatic
We use a web service from Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA. The service’s privacy policy is available at: https://policies.google.com/privacy . A control option for the processing of your data by the provider is offered at: https://adssettings.google.com/authenticated . The legal basis for data processing is Article 6 Paragraph 1 Letter a), f) GDPR. The legitimate interest lies in the error-free functioning of the website and in the constant improvement and optimization as well as the economically sensible operation of our website. The use only serves the purpose that coincides with our interests. Further information on the handling of the transferred data can be found in Google’s data protection declaration. A control option for the processing of your data by the provider is offered at: https://adssettings.google.com/authenticated . During processing, it cannot be ruled out that data will also be transferred to other servers. Google LLC guarantees and offers sufficient guarantees to comply with European data protection law.

Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data entry on this website (e.g. in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place. The storage and analysis of the data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in the Google data protection regulations and the Google terms of use under the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de

Google Analytics
Based on your consent, primarily via our consent banner (Art. 6 Para. 1 lit. a) GDPR), we use Google Analytics, an analysis service provided by Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA constant improvement and optimization as well as economically sensible operation. The use only serves the purpose that coincides with our interests. Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website can also be transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection and transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by using the browser information available under the following link. Download and install plugin: http://tools.google.com/dlpage/gaoptout?hl=de .

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in abbreviated form, which means that any personal connection can be ruled out. If the data collected about you is personally related, this will be excluded immediately and the personal data will be deleted immediately.

We use Google Analytics to analyze the use of our website and to regularly improve it. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google LLC guarantees and offers sufficient guarantees to comply with European data protection law.

Third-party information: Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html , data protection overview : http://www.google.com/intl/de/analytics/learn/privacy.html , as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy .

This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account.

A large number of websites use Google Analytics in the manner described. You can permanently prevent the collection of data by installing a plug-in in your browser: http://tools.google.com/dlpage/gaoptout?hl=de . You can also prevent the storage of cookies using your basic browser settings. You also have the option to deactivate Google Analytics for your visit to our site by opting out:

Block Google Analytics from tracking me

DoubleClick
We use the DoubleClick service from Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA. Google’s privacy policy is available at: https://policies.google.com/privacy . DoubleClick is used to serve ads when you visit our website and is used for website functionality and monetization. DoubleClick uses information (but not personal information such as your name or email address) about your visits to this and other websites in order to provide advertisements about goods and services that are or may be of interest to you. You can find out more information about DoubleClick and what options you have to ensure that this information cannot be used by DoubleClick here: http://www.google.de/policies/technologies/ads/ . Google LLC guarantees and offers sufficient guarantees to comply with European data protection law.

WordPress/Plugins
Our website uses a web service from Automattic Inc., 94043 San Francisco, CA. We use the WordPress web service and corresponding plugins to ensure and improve the full functionality of our website. In this context, your browser may transmit personal data to WordPress.com or the plugin creators. The legal basis for data processing is Article 6 Paragraph 1 Letter f) GDPR. The legitimate interest lies in the error-free functioning and continuous improvement of the website. Automattic Inc. and, if applicable, the plugin creators ensure and offer sufficient guarantees to comply with European data protection law. Further information on how to handle the transferred data can be found in the WordPress.com privacy policy at https://automattic.com/privacy/ .

YouTube
We use the option to integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheater Parkway Mountain View, CA94043, USA. The service’s privacy policy is available at: https://policies.google.com/privacy . A control option for the processing of your data by the provider is offered at: https://adssettings.google.com/authenticated .
During the course of processing, it cannot be ruled out that data will be transferred to other Google servers. Google LLC guarantees and offers sufficient guarantees to comply with European data protection law.

Vimeo
We use the opportunity to integrate videos from the “Vimeo” platform of the provider Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011. The service’s privacy policy is available at https://vimeo.com/privacy and further information can be found here https://vimeo.com/privacy/california-privacy .
The legal basis for data processing is your consent in accordance with Article 6 Para. 1 lit. a GDPR, which you can give either in the form of the cookie banner or when you view the video. During the processing, it cannot be ruled out that data will be transferred to other Vimeo servers. Vimeo LLC guarantees and offers sufficient guarantees to comply with European data protection law.

Social Plugins – Links
Our site contains links to our offers on social media sites. When the corresponding links are displayed, no data is transferred to the platforms. If you wish to visit one of these pages, please note that you are leaving the scope of this data protection declaration regarding platform operation.

E. Contact form

You can use the contact form to send a message to our specialist departments. It is primarily used to contact interested parties with a view to our products and services. Please note that your message cannot initially be assigned to a specific recipient, but will be distributed to the contact person in our company by the designated location. If you would like to send your inquiry directly to a specific contact person without the knowledge of other contact persons, we ask you to send us a telephone or postal inquiry, naming the specific contact person.

The mandatory information for sending the contact form is your last name, your email address, a subject and your message. Providing additional data that is not specifically marked is voluntary and is used to be able to address or contact you personally. If you do not want to provide a name, you can also provide a pseudonym.

We delete the requests if they are no longer necessary and there is no further legal obligation to retain them. We regularly check whether it is necessary; the statutory archiving obligations also apply, which may arise in particular from tax law or commercial law.

F. Social media sites

We maintain the social media sites listed below in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations as the person responsible for the content that we ourselves post on the respective social media site. We have no influence on the technical design of the social media site(s) nor how the platform operator, as the person responsible for data protection, handles personal data. The operating company as the technical platform operator of the social media platform, as stated on the social media platform, for example in the legal notice, is specified below for the respective social media platform. In order to comply with the General Data Protection Regulation (GDPR) by the platform operator as the person responsible and other data protection regulations of the social media platform, reference is made in full to the respective data policy of the social media platform and further information on data protection, which are also provided below:

Purpose and legal basis
We operate this social media page(s) to draw attention to our services and products and to get in touch with you as a visitor and user of this social media page(s) and our website. Further information about us and our activities, structures, etc. can be found on our website. The operation of this social media site(s), including the processing of users’ personal data, is based on our legitimate interests in providing timely and supportive information and interaction options for and with our users and visitors in accordance with Art. 6 Para. 1 lit. f. GDPR. For this purpose, so-called tracking data about the use of the social media site(s) can also be collected and evaluated in order to constantly improve our offering for customers, interested parties and users.

Type, scope, sources and category of those affected by the personal data
Those affected by data processing are the visitors and users of our social media page(s).

Browser and server data
Please note that your browser transmits information when you simply use the social media site. The purpose of this transmission is to technically enable you to visit our social media page(s). The data is required to process the request for information. The type of information transmitted also depends on your settings and technical specifications. When accessing our social media page(s), it is generally possible to collect the following data:

  • IP address
  • Time of access
  • Page accessed or name of the file accessed (URL)
  • Status information (e.g. error codes)
  • amount of data transferred
  • Browser information (web browser used, operating system, language setting, etc.)

The data is used for statistical and security-related purposes. We do not know whether further processing and disclosure to third parties is carried out by the operator(s) of the social media platform(s) as the responsible party and cannot be ruled out by us.
Statistical data of different categories may be available to us on the social media site(s) through the platform operator, for example via the so-called “Insights”. These statistics are generated and provided by the platform operator. We have no influence on the generation and presentation and we cannot prevent the generation and processing of the data. For a selectable period of time and for different categories, the platform operator may provide us with the following data, based on our social media page(s):

  • Total number of page views
  • “Likes
  • Page activities
  • Post interactions
  • Range
  • Video Views
  • Post reach
  • Comments
  • Shared content
  • Answer
  • Proportion of men and women
  • Origin related to country and city
  • Language
  • Views and clicks in the shop
  • Clicks on route planner
  • Clicks on phone numbers

Data on the groups linked to our social media page(s) may also be provided in this way. Due to the constant development of the social media platform(s), the availability and processing of data changes, so we refer to the data protection guidelines of the respective social media platform above for further details and information.

Cookies
The social media platforms use cookies to store and further process information, i.e. small text files that are stored on the users’ various devices. If the user has a social media platform profile and is logged in to it, storage and analysis also takes place across devices.

Links
Our social media site(s) may contain links to third party websites. Our privacy policy applies only to the content of our social media page(s) and does not include linked third-party websites or third-party social media pages. We have no influence on the legality of the content of these sites or how they handle personal data. If you have any questions about the content or data protection of such third parties, please contact the respective provider.

Deletion of data/transfer to third countries/technical organizational measures
We do not know whether the platform operator(s) as the person responsible will delete or block the personal data in a timely manner. In this regard, we refer to the data policy of the respective social media platform(s). The transmission and further processing of users’ personal data by the platform operator(s) as the controller in third countries, such as the USA, as well as the associated possible risks for the users are our responsibility is not known and cannot be excluded by us. We do not know whether technical and organizational measures to ensure the data security of personal data are taken by the platform operator(s) as the person responsible. In this regard, we refer to the data policy of the respective social media platform(s).

Rights of those affected regarding social media sites
Since only the platform operator(s) has full access to the user data for which they are responsible under data protection law, we recommend that you also contact the platform operator(s) of the respective social media platform directly if you have any requests for information or would like to ask other questions about your legal rights as a user set out in this privacy policy or would like to assert these rights. We are responsible under data protection law for the content we post, which is why you can contact us in this regard and assert your rights as a data subject.

G. Rights of those affected

You have the right to receive free information about your data stored by us at any time, without giving reasons, as well as the origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage. You can correct, delete or restrict processing of the data we have collected at any time, as well as exercise your right to data portability. You also have the opportunity to object.

Correction, deletion or restriction of processing: You have the right to immediately request evolutionID to correct incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary statement.

Right to object: If the processing of personal data concerning you is based on Article 6 Paragraph 1 Letter f) GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless evolutionID can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right of withdrawal: If the processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal. To do this, you can contact us or our data protection officer at any time using the details mentioned above.

Right to deletion: You have the right to request that evolutionID delete personal data concerning you immediately, and evolutionID is obliged to delete personal data immediately if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You object to the processing and there are no overriding legitimate reasons for the processing.
  • The deletion of personal data is necessary to comply with a legal obligation under Union or Member State law to which we are subject. This does not apply to the extent that processing is necessary for compliance with a legal obligation that requires processing under Union or Member State law to which we are subject.

Right to restrict processing: You have the right to request evolutionID to restrict processing if one of the following conditions is met:

  • The accuracy of your personal data is contested for a period of time enabling us to verify the accuracy of the personal data.
  • The processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data.
  • evolutionID no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or you have objected to the processing, and as long as it is not yet clear whether our legitimate reasons outweigh yours.
  • If processing has been restricted, these personal data, apart from their storage, may only be used with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State are processed.

If you have obtained a restriction on processing, we will inform you before the restriction is lifted.

Right to lodge a complaint: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR. You can also contact evolutionID’s data protection officer. You can reach this at:


Telephone: 06841 9816 0
Telefax: 06841 9816 29

We are happy to answer any further questions you may have about our information, data protection and the processing of your personal data. Further information on the subject of data protection in the Federal Republic of Germany can also be found at www.bfdi.bund.de.