Data Protection Declaration

This data protection declaration of e*Message Wireless Information Services Deutschland GmbH (hereinafter referred to as “e*Message”) explains to you the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and any associated websites, functions and content, as well as any external online presence, such as our social media profile, (hereinafter jointly referred to as “online offering”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Updated : 26.03.2021

e*Message Wireless Information Services Deutschland GmbH
Schönhauser Allee 10-11
10119 Berlin
Deutschland
Tel.: + 49 (0) 30 4171 - 0
E-Mail:info[at]emessage.de
Website: www.emessage.de

For general questions or suggestions regarding data protection, please contact e*Message’s company data protection officer at datenschutz[at]emessage.de.

Categories of persons affected by data processing 

Customer
contact data, such as telephone, fax and email data, contact history, as well as any other data necessary for fulfilling the contract
Interested parties
contact data, as well as any other data, such as data necessary for the use of the online offering
Employees
in particular employees, trainees, rehabilitants, applicants, retired persons, interns data necessary for the decision on establishing or implementing an employment relationship, such as contract and performance data
Suppliers
in particular suppliers, service providers, agents, brokers, agencies contact data such as telephone, fax and email data, contact and order history, as well as any other data necessary for the fulfilment of the contract
Visitors and users of the online offering
hereinafter collectively referred to as “users”

Types of data processed: 

• Inventory data (e.g. names, addresses)
  
• Contact data (e.g. email, telephone numbers)
  
• Content data (e.g. text input, photographs, videos)
  
• Contract data (e.g. contract object, validity period, customer category)
  
• Usage data (e.g. websites visited, links clicked, interest in content, access times)
  
• Meta/communication data (e.g. device information)
  
• Traffic data (IP addresses, phone numbers)

In principle, no special data categories are processed unless they are supplied by the user for processing, e.g. entered in online forms.

If personal data (e.g. names or email addresses) is collected on our website, this is done on a voluntary basis. We collect navigation information from website visitors, in order to further improve our offer, for marketing and website optimisation purposes. This is data about the computer and the visit to our website. Personal data is collected within the scope of the following tasks:

• Provision of the online offering, its content and functions
  
• Preparation of and responses to contact requests and communication with users
  
• Enabling of the use of our radio networks
  
• Provision of contractual services, service and customer care
  
• Further services for customers
  
• Marketing, advertising and market research
  
• Acquisition of new customers
  
• Safety precautions

We inform you about the legal basis of our data processing in accordance with Art. 13 GDPR.

If not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 (a) and Art. 7 GDPR. Art. 6 para. 1 (b) GDPR is applicable to the processing for the fulfilment of our services and the implementation of contractual measures, as well as to responses to enquiries. Art. 6 para. 1 (c) GDPR applies as the legal basis for the processing in order to fulfil our legal obligations and Art. 6 para. 1 (f) GDPR applies to the processing to safeguard our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. In the event that the essential interests of the data subject or another natural person necessitate the processing of personal data, we refer to Art. 6 para. 1 (d) GDPR.

The operation of the radio network also requires the collection of personal data on the basis of §§ 113a and 113b of the Telecommunications Act (TKG).

We request that you inform yourself regularly about the content of our data protection declaration. It will be adapted as soon as this is made necessary by changes in the data processing carried out by us. We will inform you if the changes require your cooperation (e.g. consent) or any other individual notification.

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of protection appropriate to the risk, taking into account the state of the technology, the implementation costs and the nature, scope, circumstances and purposes of data processing, as well as the different occurrence probability and the severity of the risk to the rights and freedoms of natural persons.

Measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as any access to, input, disclosure, securing and separation of data. In addition, we have established procedures to ensure that data subjects’ rights are exercised, that data is deleted and that we react to data threats.

We already take into account the principle of data protection through technology design when selecting hardware and software, when developing processing methods and through data protection-friendly default settings (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server or to the servers of our suppliers.

Insofar as we disclose data to other persons and companies (contract processors or third parties) within the context of our data processing, transfer data to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties in accordance with Art. 6 Para. 1 (b) GDPR is necessary for the fulfilment of the contract), if you have consented, if there is a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Categories of recipient:
CRM solution providers (HubSpot), providers of web analytics services (Google and its partner companies), service providers for the destruction of data, shipping providers, web hosting providers, payment service providers.

If we have data processed in the context of the use of third party services in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done by disclosure or transfer of data to third parties, this is only done on the basis of your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we will only allow the data to be stored in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that data processing takes place on the basis of special guarantees, for example, such as the officially recognised determination of a data protection level corresponding to that of the EU or the observance of officially recognised, special contractual obligations (so-called “standard contractual clauses”), available at: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32010D0087&from=DE.

You have the right

• to request information about which data concerning you is processed for which purpose and how long it is stored for (Art. 15 GDPR).
• to request the completion or rectification of the data concerning you (Art. 16 GDPR).
• to request the deletion (Art. 17 GDPR) or limitation of the processing (Art. 18 GDPR) of the data concerning you.
• to obtain the data relating to you and request its transfer to other responsible parties (Art. 20 GDPR).
• to submit a complaint to the competent supervisory authority (Art. 77 GDPR).

You have the right to revoke any consent granted pursuant to Art. 7 para. 3 GDPR with effect for the future.

You may object at any time to the future processing of the data concerning you in accordance with Art. 21 GDPR. The objection may in particular be lodged against processing for the purposes of direct marketing.

The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

According to legal requirements, the deletion will take place in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records etc.) or § 147 para. 1 AO (German Fiscal Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation etc.).

Further retention periods apply according to § 95 (3) TKG for inventory data (e.g. names and addresses, as well as user contact data).  Traffic data (e.g. telephone numbers, IP addresses) shall remain stored in accordance with Section 113b (1) sentence 1.

We process inventory data (e.g. names, addresses and user contact data) and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 (b) GDPR.

We process traffic data (e.g. telephone numbers, IP addresses) for the purpose of providing our telecommunications services.

We process usage data (e.g. the websites from our offering which have been visited, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes.

When contacting us (via contact form or email), the user’s details will be processed, in order to handle and complete the contact request in accordance with Art. 6 para. 1 (b) GDPR.

User data can be stored in our customer relationship management system and marketing automation platform (“CRM & Marketing System”) or a comparable enquiry system.

Among others, we use the CRM, registration and marketing automation system “HubSpot” from HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with branches in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Unter den Linden 26, 10117 Berlin) on the basis your consent. More information on HubSpot’s privacy policy is available at: https://legal.hubspot.com/de/privacy-policy

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information. This information is stored on our software partner’s servers HubSpot. We may use them to contact visitors to our website and to determine which of our company’s services are of interest to them. All the information collected by us is subject to this data protection declaration. All the information collected is used exclusively for marketing optimisation purposes.

We will delete the requests provided they are no longer required. Enquiries from customers with customer accounts are assigned to this account, so we refer to the customer account details for deletion. The data collected will furthermore be deleted in accordance with section 12 of this data protection declaration

Users can only write comments and contributions after prior registration. This requires consent to data storage and use, as well as acceptance of our data protection declaration.

We collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. The access data includes the name of the website accessed, file, date and time of access, amount of data transmitted, notification of successful access, browser type and version, user’s operating system, referrer URL (the website visited beforehand), IP address and requesting provider.

Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify cases of abuse or fraud) and then deleted. Data which needs to be stored beyond this time for evidence purposes is excluded from deletion until the respective incident has been clarified conclusively.

We use temporary and permanent cookies, i.e. small files which are saved on the user’s device. Cookies are partly for security purposes or are required for our online service to function properly (e.g. to display the website) or to save the user’s decision when confirming their choices in the cookie banner. The use of such essential cookies is based on our legitimate interest according to Art. 6 para. 1 (f) GDPR. In addition, we or our technology partners use cookies to measure our reach and for marketing purposes, which users are informed about in our Cookie Policy.

You can generally object to the use of cookies for online marketing purposes for a large number of services, especially in the case of tracking, via the US website https://optout.aboutads.info/?c=2&lang=EN or the EU website https://www.youronlinechoices.com/. In addition, you can prevent the storage of cookies via the settings in your browser. Please note that you will then not be able to use all functions of our online service.

We use Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4. Irland (“Google”), on the basis of your consent. In order to protect your data, we have extended Google Analytics with the configuration parameter “anonymizeIP”. This means that your IP address will only be processed in truncated form and your personal data will be anonymised in Google Analytics.

Furthermore, data processing by Google is only carried out in anonymised form, which means that it is not possible to draw conclusions about your person. You can find additional information about the Google Analytics Terms of Service and the Privacy Policy at: https://marketingplatform.google.com/about/analytics/terms/de/ and https://www.google.de/intl/de/policies/. Tracking by Google Analytics can also be deactivated via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Dispatch of the newsletter and the performance measurement are based on the recipients’ consent in accordance with Art. 6 para. 1 (a), Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the legal permission according to § 7 para. 3 UWG. The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR and serves as proof of consent to receiving the newsletter.

Cancellation/revocation
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.

We maintain online presences within social networks and platforms, in order to communicate with customers, interested parties and users who are active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in this data protection declaration, we process the data of users who communicate with us within social networks and platforms, e.g. posting on our online presence or sending us messages.

We embed YouTube videos on our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. A connection to the YouTube servers is established when you visit a page with the YouTube plugin. YouTube will be informed of which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies to evaluate user behaviour.

If the saving of cookies is deactivated for the Google Ad programme, no such cookies are used when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you will need to block the storage of cookies in the browser.

Data protection declaration: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

We offer links to third-party providers within our online offering. e*Message has no influence whatsoever on the content and design of these websites belonging to other providers. The guarantees of this data protection declaration do not apply there. If the links are used, the provider in question will be able to see the user’s IP address

The following presentation provides an overview of third party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data.

1. Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
   Data Protection Declaration: https://twitter.com/de/privacy 
2. Facebook ( Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland ) Data Protection Declaration: https://de-de.facebook.com/policy.php
3. XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland)
   Data Protection Declaration: https://privacy.xing.com/de/datenschutzerklaerung
4. Youtube ( YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ) Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
5. LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) Datenschutzerklärung: https://de.linkedin.com/legal/privacy-policy