Privacy Policy

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

data revolution UG (haftungsbeschränkt)

Roonstraße 43a

76137 Karlsruhe

Germany

Email: info[at]data-revolution.de

Website: www.data-revolution.de

II. General Information on Data Processing

1. Scope of Processing of Personal Data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is carried out regularly only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal Basis for Processing Personal Data

If we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

3. Data Deletion and Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by European or national legislators in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires unless there is a necessity for further storage of the data for a contract conclusion or contract fulfillment.

III. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting device.

The following data is collected:

(1) Referrer (previously visited website)
(2) Requested webpage or file
(3) Browser type and version
(4) Operating system used
(5) Device type used
(6) Time of access
(7) IP address in anonymized form (used only to determine the location of access)

These data are also stored in the log files of our system. The IP addresses of the user or other data that allow the assignment of the data to a user are not affected. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR.

2. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's device. For this purpose, the IP address of the user must remain stored for the duration of the session.

These purposes also constitute our legitimate interest in data processing according to Article 6(1)(f) GDPR.

3. Duration of Storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session is terminated.

4. Objection and Removal Possibility

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility of objection by the user.

IV. Use of Cookies

Our website does not use cookies.

V. Contact Form and Email Contact

1. Description and Scope of Data Processing

A contact form is available on our website that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored.

For the processing of the data, your consent is obtained as part of the submission process, and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the user's personal data transmitted with the email is stored.

In this context, no data is passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal Basis for Data Processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given consent.

The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact aims at concluding a contract, an additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of Data Processing

Processing of personal data from the input mask serves solely to process the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serve to prevent misuse of the contact form and ensure the security of our IT systems.

4. Duration of Storage

The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. For personal data from the contact form input mask and data sent via email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.

5. Objection and Removal Possibility

The user has the right to withdraw consent for processing personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.

All personal data stored in the course of contacting us will be deleted in this case.

VI. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

1. Right of Access

You have the right to request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing is taking place, you may request the following information from the controller:

(1) The purposes for which the personal data is being processed;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) The planned duration of the storage of the personal data concerning you, or, if specific information is not available, criteria used to determine the storage duration;
(5) The existence of a right to rectification or erasure of personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
(6) The existence of a right to lodge a complaint with a supervisory authority;
(7) All available information about the source of the data if the personal data was not collected from the data subject;
(8) The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject

You have the right to request information on whether your personal data is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to Rectification

You have the right to obtain from the controller the rectification and/or completion of personal data concerning you if it is incorrect or incomplete. The controller must rectify the data without undue delay.

3. Right to Restriction of Processing

You may request the restriction of processing of your personal data under the following conditions:

(1) If you contest the accuracy of the personal data for a period that allows the controller to verify its accuracy;
(2) The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) The controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims; or
(4) You have objected to processing pursuant to Article 21(1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller override yours.

If processing has been restricted under these conditions, the data may only be processed—apart from storage—with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been lifted, you will be informed by the controller beforehand.

4. Right to Erasure

a) Obligation to Erase

You have the right to request the immediate erasure of personal data concerning you, and the controller is obligated to erase this data without undue delay if one of the following reasons applies:

(1) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing;
(3) You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to processing pursuant to Article 21(2) GDPR;
(4) The personal data concerning you has been unlawfully processed;
(5) The erasure of personal data is required to comply with a legal obligation under Union or Member State law to which the controller is subject;
(6) The personal data was collected in relation to information society services offered pursuant to Article 8(1) GDPR.

b) Information to Third Parties

If the controller has made your personal data public and is obliged to delete it pursuant to Article 17(1) of the GDPR, they shall take reasonable measures, including technical measures, considering available technology and implementation costs, to inform other controllers processing the personal data that you, as the data subject, have requested the deletion of all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(1) For exercising the right to freedom of expression and information;
(2) For compliance with a legal obligation requiring processing under Union or Member State law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;
(4) For archival, scientific, or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, to the extent that the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) For the establishment, exercise, or defense of legal claims.

5. Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing, the controller must notify all recipients to whom the personal data was disclosed unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.

6. Right to Data Portability

You have the right to receive the personal data you provided to the controller in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance if:

(1) The processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR; an
(2) The processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of other individuals.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions.

The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You also have the option to exercise your right to object by automated means using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

8. Right to Withdraw Consent

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for entering into or performing a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests, or
(3) is based on your explicit consent.

However, such decisions must not be based on special categories of personal data as defined in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.

In the cases referred to in (1) and (3), the controller shall implement appropriate measures to safeguard your rights, freedoms, and legitimate interests, which must include at least the right to obtain human intervention from the controller, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, workplace, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.