The protection and security of personal data is a high priority for us. We stand for transparency of data processing. Therefore, we will clarify the nature, scope and purpose of your personal data and the legal basis of the processing as well as the persons involved. We also present your rights regarding the data collected by us.
As the responsible party (“controller”) for this website we,
agree to take all legally required actions to protect your personal data especially in regards to the General Data Protection Regulation (GDPR).
1. Definition of terms
I.a. we use the following terms:
- “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- „processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
- “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- “recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- “third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies indicates agreement to the processing of personal data relating to him or her.
- “supervisory authority” means an independent public authority which is established by a Member State pursuant to Article 51 GDPR.
2. Types of personal data we process
We process the following personal data:
- Personal data (name, adress etc.)
- Contact data (e-mail, phone numbers)
- Content data (text, pictures, videos etc.)
- Usage data (calls of our website, access time, etc.)
- Meta-/communication data (device information, IP-address, etc.)
3. Categories of data subjects
4. Involved persons
Within our organization, only those individuals who have the responsibility to safeguard our legitimate interests or to fulfill our contractual and legal obligations will be given access to your data.
Furthermore, the transmission of data to processors is possible and permitted, provided that they fulfill special confidentiality requirements.
5. Security of your personal data
Your personal data made available to us will be protected in accordance with Art. 32 GDPR by taking all technical and organizational security measures in such a way that they are inaccessible to unauthorized third parties. When sending very sensitive data or information, it is recommended to use the post office, as complete data security cannot be guaranteed by e-mail.
6. Server data
For technical reasons, the following data sent to us or to our server provider by your internet browser will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, from which website you entered (referrer URL), the webpages visited on our site, the date and time of your visit and the IP address from which you visited our site.
The data thus collected will be temporarily stored, but not in association with any other of your data.
The basis for this storage is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
Our website uses so-called “session cookies” to make the use of our web pages easier. These are small text files which are stored on your hard drive only for the duration of your visit to our website and are deleted when the browser is closed, depending on the setting of your browser program. These cookies do not retrieve information stored on your hard drive and do not affect your PC or its files.
8. Hosting and e-mailing
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mailing, security and technical maintenance services we use to operate this online service.
Here we or our hosting provider (processor), process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 (1) lit. f) GDPR in conjunction with Art. 28 GDPR.
If you contact us via e-mail or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
The legal basis for processing this data is Art. 6 (1) lit. b) GDPR.
Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted from it.
10. Transfer to third countries
If we transfer data in a third country (meaning outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR, that the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses“).
11. Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with visiting customers, prospects and users and to inform them about our services.
We point out that data of users from outside of the area of the European Union can be processed. This may result in risks for the users e.g. because enforcement of user rights could be made more difficult. With respect to US providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards.
Furthermore, the data of the users are is usually processed for market research and advertising purposes. Thus, e.g. user profiles are created from the user behavior and the resulting interests of the users. The usage profiles can in turn be used to e.g. place advertisements inside and outside the platforms that are allegedly in line with users’ interests. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in).
The processing of the personal data of users is based on our legitimate interest in an effective information of users and communication with users in accordance with Art. 6 (1) lit. f. GDPR. If the users are asked for a consent to the data processing by the respective providers (meaning they declare their agreement, for example by checking a box or clicking a button), the legal basis of the processing is Art. 6 (1) lit. a.), Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities of opting out, we refer to the following linked information of the provider.
Also in the case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers directly. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.
- Facebook (Facebook Ink., 1601 S. California Avenue, Palo alto, CA 94304, USA)
- OptOut: https://www.facebook.com/settings?tab=ads
- Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
- Instagram (Instagram Ink., 1601 Willow Road, Menlow Park, California, 94025, USA)
- Privacy/OptOut: http://instagram.com/about/legal/privacy/
- Twitter (Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
- OptOut: https://twitter.com/personalization
- Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
- OptOut: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
- XING (XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland)
- Facebook (Facebook Ink., 1601 S. California Avenue, Palo alto, CA 94304, USA)
12. Your rights as a data subject
Since we take your rights seriously, we would like to introduce them to you. They result from the respective provisions of the GDPR:
You may request information about your personal data processed by us, Art. 15 GDPR. You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement, Art. 16 GDPR.
According to Art. 17 (1) GDPR you have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- You withdraw consent on which the processing is based and there is no other legal ground for the processing
- You objects to the processing and there are no overriding legitimate grounds for the processing
- the personal data have been unlawfully processed
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the BlockAxs GmbH is subject.
- According to Art. 17 (3) GDPR the right to delete your data may be excluded if a legitimate reason requires the processing of your data.
Acc. Art. 18 (1) GDPR you have the right to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims
- you have objected to processing pursuant pending the verification whether the legitimate grounds of the controller override those of the data subject
We will disclose any rectification or deletion of personal data or restriction of processing to all recipients who who’s personal data has been disclosed, unless this proves impossible or disproportionate. We will inform you about these recipients if you request it.
According to Art. 21 GDPR you also have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning you, including profiling based on those provisions. We no longer process such personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as the data subject or for the establishment, exercise or defence of legal claims.
The objection can be free of form and should be directed to:
Furthermore, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, Art. 7 (3) GDPR.
The withdrawal can be free of form and should be directed to:
You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, Art. 20 (1) GDPR.
Finally, you have the right to file a complaint with the relevant data protection supervisory authority, Art. 77 GDPR.
13. Data minimization
We do not store your data longer than necessary for the respective processing purposes.
If the data is no longer required for the fulfillment of contractual or legal obligations, these are deleted on a regular basis. In addition, however, there may be a (temporary) retention requirement in individual cases. Under the German statutory statute of limitations, evidence may be obtained for legal disputes. By Civil law, periods of limitation may be up to 30 years, whereby the regular limitation period is three years.