Data Protection Declaration

This data protection declaration of e*Message Wireless Information Services Deutschland GmbH (hereinafter referred to as “e*Message”) explains to you the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and any associated websites, functions and content, as well as any external online presence, such as our social media profile, (hereinafter jointly referred to as “online offering”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Updated : 24.05.2018

e*Message Wireless Information Services Deutschland GmbH
Schönhauser Allee 10-11
10119 Berlin
Deutschland
Tel.: + 49 (0) 30 4171 - 0
E-Mail:info[at]emessage.de
Website: www.emessage.de

For general questions or suggestions regarding data protection, please contact e*Message’s company data protection officer at datenschutz[at]emessage.de.

Categories of persons affected by data processing 

Customer
contact data, such as telephone, fax and email data, contact history, as well as any other data necessary for fulfilling the contract
Interested parties
contact data, as well as any other data, such as data necessary for the use of the online offering
Employees
in particular employees, trainees, rehabilitants, applicants, retired persons, interns data necessary for the decision on establishing or implementing an employment relationship, such as contract and performance data
Suppliers
in particular suppliers, service providers, agents, brokers, agencies contact data such as telephone, fax and email data, contact and order history, as well as any other data necessary for the fulfilment of the contract
Visitors and users of the online offering
hereinafter collectively referred to as “users”

Types of data processed: 

• Inventory data (e.g. names, addresses)
  
• Contact data (e.g. email, telephone numbers)
  
• Content data (e.g. text input, photographs, videos)
  
• Contract data (e.g. contract object, validity period, customer category)
  
• Usage data (e.g. websites visited, links clicked, interest in content, access times)
  
• Meta/communication data (e.g. device information)
  
• Traffic data (IP addresses, phone numbers)

In principle, no special data categories are processed unless they are supplied by the user for processing, e.g. entered in online forms.

If personal data (e.g. names or email addresses) is collected on our website, this is done on a voluntary basis. We collect navigation information from website visitors, in order to further improve our offer, for marketing and website optimisation purposes. This is data about the computer and the visit to our website. Personal data is collected within the scope of the following tasks:

• Provision of the online offering, its content and functions
  
• Preparation of and responses to contact requests and communication with users
  
• Enabling of the use of our radio networks
  
• Provision of contractual services, service and customer care
  
• Further services for customers
  
• Marketing, advertising and market research
  
• Acquisition of new customers
  
• Safety precautions

We inform you about the legal basis of our data processing in accordance with Art. 13 GDPR.

If not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 (a) and Art. 7 GDPR. Art. 6 para. 1 (b) GDPR is applicable to the processing for the fulfilment of our services and the implementation of contractual measures, as well as to responses to enquiries. Art. 6 para. 1 (c) GDPR applies as the legal basis for the processing in order to fulfil our legal obligations and Art. 6 para. 1 (f) GDPR applies to the processing to safeguard our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. In the event that the essential interests of the data subject or another natural person necessitate the processing of personal data, we refer to Art. 6 para. 1 (d) GDPR.

The operation of the radio network also requires the collection of personal data on the basis of §§ 113a and 113b of the Telecommunications Act (TKG).

We request that you inform yourself regularly about the content of our data protection declaration. It will be adapted as soon as this is made necessary by changes in the data processing carried out by us. We will inform you if the changes require your cooperation (e.g. consent) or any other individual notification.

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of protection appropriate to the risk, taking into account the state of the technology, the implementation costs and the nature, scope, circumstances and purposes of data processing, as well as the different occurrence probability and the severity of the risk to the rights and freedoms of natural persons.

Measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as any access to, input, disclosure, securing and separation of data. In addition, we have established procedures to ensure that data subjects’ rights are exercised, that data is deleted and that we react to data threats.

We already take into account the principle of data protection through technology design when selecting hardware and software, when developing processing methods and through data protection-friendly default settings (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server or to the servers of our suppliers.

Insofar as we disclose data to other persons and companies (contract processors or third parties) within the context of our data processing, transfer data to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties in accordance with Art. 6 Para. 1 (b) GDPR is necessary for the fulfilment of the contract), if you have consented, if there is a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

If we have data processed in the context of the use of third party services in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done by disclosure or transfer of data to third parties, this is only done on the basis of your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we will only allow the data to be stored in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that data processing takes place on the basis of special guarantees, for example, such as the officially recognised determination of a data protection level corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or the observance of officially recognised, special contractual obligations (so-called “standard contractual clauses”).

You have the right

• to request information about which data concerning you is processed for which purpose and how long it is stored for (Art. 15 GDPR).
• to request the completion or rectification of the data concerning you (Art. 16 GDPR).
• to request the deletion (Art. 17 GDPR) or limitation of the processing (Art. 18 GDPR) of the data concerning you.
• to obtain the data relating to you and request its transfer to other responsible parties (Art. 20 GDPR).
• to submit a complaint to the competent supervisory authority (Art. 77 GDPR).

You have the right to revoke any consent granted pursuant to Art. 7 para. 3 GDPR with effect for the future.

You may object at any time to the future processing of the data concerning you in accordance with Art. 21 GDPR. The objection may in particular be lodged against processing for the purposes of direct marketing.

The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

According to legal requirements, the deletion will take place in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records etc.) or § 147 para. 1 AO (German Fiscal Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation etc.).

Further retention periods apply according to § 95 (3) TKG for inventory data (e.g. names and addresses, as well as user contact data).  Traffic data (e.g. telephone numbers, IP addresses) shall remain stored in accordance with Section 113b (1) sentence 1.

We process inventory data (e.g. names, addresses and user contact data) and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 (b) GDPR.

We process traffic data (e.g. telephone numbers, IP addresses) for the purpose of providing our telecommunications services.

We process usage data (e.g. the websites from our offering which have been visited, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes.

Prior to concluding a contract, we will share your data (name, address, email address, details of the company and, if applicable, contract and receivables data) with the IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, as well as other cooperating credit agencies if necessary, for a credit check in the event of a credit risk, to verify that the address provided is valid and for the purpose of debt collection processing. 

The legal basis for sharing your data is Art. 6 I b GDPR and Art. 6 I f GDPR. Sharing data on the basis of Art. 6 I f GDPR may only take place provided it is necessary to safeguard the legitimate interests of our company and does not outweigh the interests or fundamental rights and freedoms of the affected person which require the protection of personal data. For the purpose of deciding on the establishment, implementation or termination of the contractual relationship, we also collect or use automatically generated probability values, the calculation of which may include address data, among other things.

Detailed information on our contractual partner IHD, in accordance with Art 14 GDPR, i.e. the business purpose, the purpose of storing data there, the legal basis, the data recipients of IHD, the right to self-disclosure and the right to deletion and correction, and profiling, is available at
www.ihd.de/datenschutz/Artikel14.html.

Information on IHD’s contractual partners in the credit agency sector is available at: www.ihd.de/datenschutz#vertragspartner.

When contacting us (via contact form or email), the user’s details will be processed, in order to handle and complete the contact request in accordance with Art. 6 para. 1 (b) GDPR.

User data can be stored in our customer relationship management system and marketing automation platform (“CRM & Marketing System”) or a comparable enquiry system.

Among others, we use the CRM, registration and marketing automation system “HubSpot” from HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with branches in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Unter den Linden 26, 10117 Berlin) on the basis of our legitimate interests (efficient and rapid processing of user enquiries, applications and optimisation of our online services). For this purpose, we have concluded a contract with HubSpot with so-called standard contractual clauses, in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. HubSpot is also certified under the Privacy Shield Agreement, thereby offering an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/list). More information on HubSpot’s privacy policy is available at:: https://legal.hubspot.com/de/privacy-policy

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information. This information is stored on our software partner’s servers HubSpot. We may use them to contact visitors to our website and to determine which of our company’s services are of interest to them. All the information collected by us is subject to this data protection declaration. All the information collected is used exclusively for marketing optimisation purposes.

We will delete the requests provided they are no longer required. Enquiries from customers with customer accounts are assigned to this account, so we refer to the customer account details for deletion. The data collected will furthermore be deleted in accordance with section 12 of this data protection declaration

Users can only write comments and contributions after prior registration. This requires consent to data storage and use, as well as acceptance of our data protection declaration.

We collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. The access data includes the name of the website accessed, file, date and time of access, amount of data transmitted, notification of successful access, browser type and version, user’s operating system, referrer URL (the website visited beforehand), IP address and requesting provider.

Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify cases of abuse or fraud) and then deleted. Data which needs to be stored beyond this time for evidence purposes is excluded from deletion until the respective incident has been clarified conclusively.

Cookies are pieces of information which are transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

We use “session cookies” which are only stored for the duration of the current visit to our online presence (e.g. to enable the use of our online offering in the first place). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online service and log out or close your browser, for example.

Users are informed about the use of cookies within the context of pseudonymous reach measurement in this data protection declaration.

If users do not want cookies stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies can lead to functional restrictions of our online offering.

You may object to the use of cookies used for reach measurement and advertising purposes by selecting the appropriate settings on the Network Advertising Initiative deactivation page  (http://optout.networkadvertising.org/) as well as the American website (http://www.aboutads.info/choices)  or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

We use Google Analytics, a web analysis service of Google LLC (“Google”), on the basis of our legitimate interests (analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 para. 1 (f) GDPR). Google uses cookies. The information generated by the cookie about the use of the online offering by users is generally transferred to a Google server in the US and stored there.

Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf, in order to evaluate the use of our online offering, compile reports on activities and provide us with further services associated with the use. Pseudonymous usage profiles can be created from the processed data.

We use Google Analytics to display ads placed by Google and its partners within our advertising services only to those users who have shown an interest in our online services or users with specific characteristics (e.g. interests in specific topics or products determined on the basis of the websites visited) which we transmit to Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). We also use Remarketing Audiences to ensure that our ads are in line with the potential interests of users and are not annoying.

We only use Google Analytics with the IP anonymisation enabled. This means that the user’s IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not merged with other Google data. The storage of cookies can be prevented by a corresponding setting in the browser software. In addition, users can prevent the sharing of the data generated by the cookie and related to their use of the online offering with Google, as well as the processing of this data by Google by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data by Google, settings and objection options can be found on the Google websites:https://www.google.com/intl/de/policies/privacy/partners („Google’ use of data in your use of our partners’websites or appsr“), https://policies.google.com/technologies/ads („Use of data for advertising purposes“), https://adssettings.google.com/authenticated („Information Google uses to display advertisements“).

Dispatch of the newsletter and the performance measurement are based on the recipients’ consent in accordance with Art. 6 para. 1 (a), Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the legal permission according to § 7 para. 3 UWG. The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR and serves as proof of consent to receiving the newsletter.

Cancellation/revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.

We maintain online presences within social networks and platforms, in order to communicate with customers, interested parties and users who are active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in this data protection declaration, we process the data of users who communicate with us within social networks and platforms, e.g. posting on our online presence or sending us messages.

We embed YouTube videos on our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. A connection to the YouTube servers is established when you visit a page with the YouTube plugin. YouTube will be informed of which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies to evaluate user behaviour.

If the saving of cookies is deactivated for the Google Ad programme, no such cookies are used when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you will need to block the storage of cookies in the browser.

Data protection declaration: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

We offer links to third-party providers within our online offering. e*Message has no influence whatsoever on the content and design of these websites belonging to other providers. The guarantees of this data protection declaration do not apply there. If the links are used, the provider in question will be able to see the user’s IP address

The following presentation provides an overview of third party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data. The companies based in the USA (incl. Facebook) are certified under the Privacy Shield Agreement and thus offer a guarantee of compliance with European data protection law
(https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

1. Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
   Data Protection Declaration: https://twitter.com/de/privacy 
2. Facebook ( Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland ) Data Protection Declaration: https://de-de.facebook.com/policy.php
3. XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland)
   Data Protection Declaration: https://www.xing.com/app/share?op=data_protection
4. Youtube ( YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ) Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de