Privacy Policy for website www.syncpilot.com

I. Name and address of controller

The controller within the meaning of the General Data Protection Regulation (hereinafter "GDPR") and other national data protection laws of EU countries and other data protection laws is:

SyncPilot GmbH
Junkerstr.5
82178 Puchheim

Tel.: +49 (89) 125 034 10
E-Mail: info@syncpilot.com
Website: www.syncpilot.com

 

II. Name and address of data protection officer (DPA)

Rechtsanwalt und Fachanwalt für Informationstechnologierecht
Dr. Christian Rauda

GRAEF Rechtsanwälte Digital PartG mbB
Jungfrauenthal 8

E-Mail: hamburg@graef.eu
Website: www.graef.eu

 

III. General information about data processing

1. Extent of processing personal data

We will generally collect and use personal data of our users only if and to the extent necessary to make available a functional website and/or to provide our content and services. Personal data of our users generally will be collected and/or used only with the prior consent of the user. An exception applies in cases where obtaining prior consent is practically impossible and where data processing is permitted by applicable law.

 

2. Legal basis for processing personal data

If we obtain the consent of a data subject for processing personal data, the legal basis for processing such personal data is Art. 6 para. 1 let. a) EU General Data Protection Regulation (hereinafter "GDPR"). If we process personal data that are necessary to perform a contract to which the data subject is a party, the legal basis for processing such personal data is Art. 6 para. 1 let. b) GDPR. The same applies if processing personal data is necessary to perform pre-contractual measures. If processing personal data is necessary to perform a legal obligation of our company, the legal basis for such data processing is Art. 6 para. 1 let. c) GDPR. If processing personal data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh that legitimate interest, the legal basis for such data processing is Art. 6 para. 1 let. f) GDPR.

 

3. Deletion of data, storage period

We will delete or block a data subject’s personal data as soon as the purpose of storing the data has been achieved. Personal data can be stored for longer periods if prescribed by a European or national legislator in EU regulations, laws or other regulations that govern the data controller. The data is also blocked or deleted at the end of a retention period prescribed by one of the above regulations, unless the data is required to be stored for a longer period for the purpose of performing or entering into a contract.

 

IV. Making available the website and creating logfiles

When our Website is accessed, our server will automatically collect data and information from the computer system of the terminal device accessing the Website.

In this connection the following data will be collected for a limited time period:

IP address of the user
Date/time of visit
Web browser

Such data will be stored in log files of our system. Such data are needed only to analyze any malfunctions and will be erased at the latest within seven days. The legal basis for temporarily storing data in log files is Art. 6 para. 1 let. f) GDPR. Temporary storage of the IP address for the system is necessary for making the Website available to the terminal device of the user. For this purpose the IP address of the user must be stored for the duration of the session. Data are stored in log files to ensure the functionality of our Website. In addition, such data are used to optimize the Website and to ensure the security of our IT systems. Data will not be analyzed for marketing purposes in this connection, and we will draw no inferences as to your identity. The aforementioned purposes also provide the basis of our legitimate interest in data processing within the meaning of Art. 6 para. 1 let. f) GDPR. Collecting data to make available the Website and storing data in log files is necessary for operating the Website. Consequently, users have no right to object to the collection or use of such data for the aforementioned purposes.

 

V. Use of cookies

1. Cookies required for the operation of the website

Our website uses so-called session or flash cookies. Cookies are text files that are stored in or by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change. The user data collected by technically necessary cookies are not used to determine your identity or to create user profiles. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 let. f) GDPR.

A list of the cookies used on our website and descriptions of these cookies can be found here.

 

2. Cookies for webanalysis

On the basis of a consent within the meaning of Art. 6 para. 1 let. a) GDPR Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). According to their terms of use, Google reserves the right to use personal data for its own purposes. However, Google will not disclose whether and which personal data is used by Google.

Google uses cookies if you have given your consent to do so. The information generated by a cookie about the use of the website by the user might be transferred to a Google LLC server in the USA. Google processes the data in the USA on the basis of EU Standard Contractual Clauses and thus offers sufficient guarantees within the meaning of Art. 46 para. 1, para. 2 let. c) GDPR. Personal data will only be processed by Google if you have given your consent. You can revoke your consent at any time in the cookie settings. Further information on this and on the cookies used by Google can be found here.

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.

We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other data from Google. You can - in addition to the default setting at the beginning of the use of the website - prevent the storage of cookies by means of a corresponding setting in your browser software; you can also prevent the collection of the data generated by the cookie and related to your use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information on the use of data by Google, setting and objection possibilities on the websites of Google:  https://www.google.com/intl/de/policies/privacy/partners  ("Google's use of data when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to serve ads to you").

 

VI. Contact form and e-mail contact

On our website there is a contact form which can be used for electronic contact. If a user takes this opportunity, the data entered in the input mask will be transmitted to us and stored. These data are: Name, title, email address, optionally also company, address, telephone number

At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy. Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, it does not pursue the transfer of data to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing of the data is Art. 6 para. 1 let. a) GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 let. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 let. b) GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified. Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

 

VII. Social Media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.

Xing link

We have also set a link to the website of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (“xing”). No further data exchange with Xing takes place on our site. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages. Privacy policy of Xing: https://www.xing.com/app/share?op=data_protection.

LinkedIn link

We have also provided a link to LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). No further data exchange with LinkedIn takes place on our site. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages. Privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy.

 

VIII. Rights of data subjects

If we process your personal data, you will be a data subject within the meaning of the GDPR and you will have the following rights against the controller:

 

1. Right to information

You may demand that the controller confirm whether or not personal data about you are processed by us.

If we do process such data, you may demand the following information from the controller:

the purposes for which your personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4) how long we plan to store your personal data or, if that time period cannot be ascertained yet, the criteria used to determine how long we will store your personal data;

(5) whether you have a right to rectification or erasure of your personal data, a right to restricted processing by the controller, or a right to object to such processing;

(6) whether you have a right to lodge a complaint with a supervisory authority;

(7) any available information about the origin of data if they were not collected directly from the data subject; and

(8) whether your personal data will be transferred to any third country or international organization; in connection with such transfers you may demand to be informed of appropriate safeguards within the meaning of Art. 46 GDPR.

 

2. Right to rectification

You have a right against the controller to have incorrect personal data rectified and/or to have incomplete personal data completed if the personal data we process are incorrect or incomplete. The controller must rectify data without undue delay.

 

3. Right to restricted processing

Under the following conditions you may demand restricted processing of your personal data:

(1) if you dispute the correctness of your personal data for a time period that allows the controller to review whether your personal data are correct;

(2) if processing is unlawful and you decline to have your personal data erased and instead demand restricted use of your personal data;

(3) if the controller no longer needs your personal data for the purposes for which they are processed, but you need such data to assert, exercise, or defend legal rights or claims, or

(4) if you have objected to processing of your personal data in accordance with Art. 21 para. 1 GDPR and it has not yet been determined whether there are overriding legitimate reasons of the controller.

If processing of your personal data is restricted, such data may – except for their storage – be processed only with your consent, or to assert, exercise, or defend legal rights or claims, to protect the rights of another natural person or legal entity, or for reasons related to an important public interest of the European Union or any member state.

If processing of your personal data has been restricted under the aforementioned conditions, you will be notified by the controller before the restriction is lifted.

 

4. Right to erasure

a) Erasure obligation

You may demand that the controller erase your personal data without undue delay and the controller has an obligation to do so if one of the following reasons applies:

(1) your personal data are no longer needed for the purposes for which they were collected or are otherwise processed;

(2) you have revoked your consent on which the processing of your data is based in accordance with Art. 6 para. 1 let. a) or Art. 9 para. 2 let. a) GDPR, and there is no other legal basis for processing your personal data;

(3) you have objected to processing of your personal data in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for processing your personal data, or you object to processing in accordance with Art. 21 para. 2 GDPR;

(4) your personal data have been processed unlawfully;

(5) erasing your personal data is necessary to comply with a legal obligation under European law or member state law to which the controller is subject; or

(6) your personal data were collected with respect to offered information society services within the meaning of Art. 8 para. 1 GDPR.

 

b) Information to third parties

Where the controller has made personal data public and has an obligation under Art. 17, para. 1 to erase such personal data, the controller, taking into account available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing such personal data that the data subject has requested the erasure by such controllers of any links to, or copies or duplicates of, such personal data.

 

c) Exceptions

There is no right to erasure if processing personal data is necessary

(1) to exercise the right to freedom of expression and information;

(2) to comply with a legal obligation which requires processing of your personal data under EU or member state law to which the controller subject, or to perform a task that is in the public interest, or to exercise official authority vested in the controller;

(3) for reasons of the public interest in the area of public health within the meaning of Art. 9 para. 2 let. f) and i) and Art. 9 para. 3 GDPR; or

(4) to assert, exercise, or defend legal rights or claims.

 

5. Right to notification

If you have exercised your right to rectification, erasure, or restricted processing against the controller, the controller has an obligation to notify all recipients to whom your personal data have been disclosed of such rectification, erasure, or restricted processing, unless this proves impossible or would be associated with unreasonable expense.

You have a right to be informed of all such recipients by the controller.

 

6. Right to data portability

You have a right to receive personal data you have made available to the controller in a structured, standard, and machine-legible format. You also have the right to transfer your personal data to another controller without any interference by the controller to whom the personal data were made available, if

(1) processing is based on consent within the meaning of Art. 6 para. 1 let. a) GDPR or Art. 9 para. 2 let. a) GDPR or on a contract within the meaning of Art. 6 para. 1 let. b) GDPR, and

(2) data processing is automated.

In exercising the right to data portability you further have the right to have your personal data transferred directly from one controller to another controller, if and to the extent that this is technically feasible. No rights or freedoms of any other persons may be infringed thereby.

The right to data portability does not apply to processing of personal data that is necessary to perform a task that is in the public interest or to processing of personal data in the exercise of official authority vested in the controller.

 

7. Right of objection

You have the right for reasons related to your particular situation to object to processing of your personal data at any time based on Art. 6 para. 1 let. e) or f) GDPR; the same applies to any profiling based on the aforementioned provisions.

If you object, the controller will no longer process your personal data, unless the controller can show that there are compelling protected reasons for processing your personal data that override your interests, rights and freedoms, or if your data are processed to assert, exercise, or defend legal rights or claims.

If your personal data are processed for direct advertising purposes, you have a right to object to processing of your personal data for purposes of such advertising at any time; the same applies to any profiling associated with such direct advertising.

If you object to processing of your personal data for purposes of direct advertising, your personal data will no longer be processed for such purposes.

In connection with use of information society services you may exercise your right of objection – regardless of Directive 2002/58/EC – by using automated processes for which technical specifications are used. For this purpose you may send an email to us.

 

8. Right to revoke consent to data processing

You have a right to revoke your consent to data processing at any time. If you exercise your right of revocation, the lawfulness of data processing that occurs before revocation based on your consent will remain unaffected.

 

9. Automated decision in a particular case, including profiling

You have a right not to be subjected to a decision that is made exclusively by means of automated processing – including profiling – if such a decision has legal consequences for you or otherwise substantially impairs your interests. This does not apply if the decision

(1) is necessary to enter into or perform a contract between you and the controller,

(2) is permitted under EU or member state law to which the controller is subject and such law provides for appropriate safeguards to protect your rights, freedoms, and legitimate interests, or

(3) is made with your express consent.

However, such decisions may not be made with respect to special categories of personal data within the meaning of Art. 9 para. 1 GDPR, unless Art. 9 para. 2 let. a) or g) GDPR applies and appropriate safeguards have been implemented to protect your rights, freedoms, and legitimate interests.

In cases 1) and 3) above the controller must implement appropriate safeguards to protect your rights, freedoms, and legitimate interests, which must include, at a minimum, a right to have a person acting on behalf of the controller take action, a right to present your own point of view, and a right to contest the decision.

 

10. Right to lodge complaint with supervisory authority

Without prejudice to any other available administrative or judicial remedies, you have a right to lodge a complaint with a supervisory authority, in particular a supervisory authority located in the member state of your habitual residence, at your workplace, or at the place of the purported infringement, if in your opinion the processing of your personal data violates the GDPR.

The supervisory authority where the complaint is lodged will then notify the complainant of the progress and outcome of the complaint, including judicial remedies available under Art. 78 GDPR.

We'll be right there for you.
Call us at +49 (0) 89 125 034 10 Contact form