Privacy Policy

Privacy Policy

Thank you for visiting our homepage. The safe handling of your data is particularly important to us. We would, therefore, like to inform you in detail about the use of your data when visiting our website.

Content

  1. Definition
  2. Controller and data protection officer
  3. Collection of data
  4. Transfer of data
  5. Legal or contractual regulations for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision
  6. Data usage when registering for an email newsletter
  7. Contact opportunity via the website
  8. Use of Cookies
  9. Description of used Cookies
  10. Notification of changes
  11. Update and cancellation of your personal data
  12. Rights of the Data Subject
  13. Legal basis of processing
  14. Authorized interests in the processing of data which are being pursued by the controller or a third party
  15. Topicality

1. Definition

This data protection declaration is based on the terminology used by the European Legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.

Among other things, we use the following terms in this privacy policy:

  • Personal data: Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. /li>
  • Data subject: A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
  • Processing: Processing means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing: Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Pseudonymization : Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Controller: Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor: Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient: Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  • Third party: The third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Consent: Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Controller and data protection officer

Name and address of the controller

anevis solutions GmbH
Friedrich-Bergius-Ring 15
97076 Würzburg
Telefon: +49 931 466 217 10
E-Mail: info@anevis-solutions.com

Data protection officer

anevis solutions GmbH
Datenschutzbeauftragter
Friedrich-Bergius-Ring 15
97076 Würzburg
Telefon: +49 931 466 217 17
E-Mail: privacy@anevis-solutions.com

3. Collection of Data

Our website collects a series of general data and information every time the website is accessed by a data subject or an automated system. These general data and information are stored in the log files of the servers. These data will be collected

  1. Used browser types and versions,
  2. The operating system used by the accessing system,
  3. The website from which an accessing system can be found on our website (the so-called referrer),
  4. The sub-webpages, which are accessed via an accessing system on our website,
  5. The date and time of access to the website,
  6. Name and URL of the retrieved data,
  7. An internet protocol address (IP address),
  8. Date and time of access
  9. The internet service provider of the accessing system and
  10. Other similar data and information used in the case of attacks on our information technology systems

When using this general data and information, we draw no conclusions about the data subject. Rather this information is needed to

  1. Deliver the contents of our website correctly,
  2. Ensure a smooth connection of our website,
  3. Optimize the content of our website as well as the advertising of it,
  4. Ensure the permanent functionality, as well as the evaluation of the system security and stability of our information technology systems and the technology of our website as well as,
  5. Provide law enforcement with the necessary information for prosecution in the event of a cyber-attack.

This anonymously collected data and information is therefore statistically and further evaluated by us with the aim of increasing the privacy and data security of our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.

The legal basis for data processing is based on point (f) of Article 6 (1) page 1 GDPR. Our legitimate interest results from the data collection purposes listed above. On no account will we collect data for the purpose of drawing conclusions about you.

4. Transfer of data

Transmission of your personal data to third parties for purposes other than those listed below only occurs if:

  • You have given your explicit approval based on point (a) of Article 6 (1) GDPR,
  • The transfer based on point (f) of Article 6 (1) GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in non-disclosing your data,
  • In the event that the disclosure pursuant to point (c) Article 6 (1) GDPR is a legal obligation, as well as
  • This is permitted by law and based on point (b) of Article 6 (1) GDPR is required for the settlement of contractual relationships with you.

5. Legal or contractual regulations for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision

We clarify that the provision of personal information is in part required by law (such as tax regulations) or may result from contractual arrangements (such as details of the contractor). Occasionally it may be necessary for a contract to be concluded that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal information when entering into a contract with our company. Failing to provide personal data would consequently lead to a non-completion of the contract. Before data provision, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or required contractually or is required for the conclusion of the contract. Furthermore, the data protection officer will inform the data subject whether there is an obligation to provide personal information and the consequences of not providing these.

6. Data usage when registering for an email newsletter

On our website we will give users the option of subscribing to our company newsletter, in which case:

We only use your email address to send a newsletter if you have explicitly consented to it based on point (a) of Article 6 (1) GDPR.

Which personal data is transmitted to the controller when the newsletter is ordered results from the input mask used for this purpose.

We regularly inform our customers and business partners by means of a newsletter about offers of the company. The newsletter of our company can only be received by the data subject if

  1. the data subject has a valid email address and
  2. the data subject registers for the newsletter.

For legal reasons, a confirmation email will be sent to the email address provided by the data subject for the first time for newsletter mailing using the double-opt-in procedure. This confirmation email is used to check whether the owner of the email address as the data subject authorized the receipt of the newsletter.

When subscribing to the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to understand the (possible) misuse of a data subject’s email address at a later date and therefore serves as a legal safeguard for the controller.

The personal data collected in the context of registering for the newsletter will be used exclusively in order to send out our newsletter. In addition, subscribers to the newsletter may be notified via email – if this is necessary for the operation of the newsletter service or registration – as may be the case in the event of changes to the newsletter offer or technical changes. There is no transfer of the collected personal data as part of the newsletter service to third parties.

Subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the controller’s website, or to inform the controller in a different way.

7. Contact opportunity via the website

Due to legal regulations, our website contains information that enables quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal data, voluntarily transmitted by an individual to the controller, is stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

8. Use of Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device.

The data processed by cookies are for the purposes mentioned to protect our legitimate interests as well as third parties based on point (f) of Article 6 (1) GDPR.

Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. The non-acceptance of cookies may limit the functionality of our website.

9. Description of used Cookies

_icl_current_language – Stores your selected language and is deleted after 24 hours
_icl_visitor_lang_js – Stores the language that is auto-selected by the default language settings in your browser
_wpml_browser_redirect_test – Does not store anything and is deleted when the browser session ends
tz_cookie_ok – Stores that you clicked on “ok” on the cookie banner and is deleted after 26 hours

10. Notification of changes

Changes to the law or changes to our internal processes may necessitate an adaptation of this privacy policy.

In the event of such a change, we will notify you of this no later than six weeks prior to inception. You are generally entitled to revoke your consent (see paragraph 6).

Please note that (unless you make use of your right of withdrawal) the current version of the privacy policy is the valid one.

11. Update and cancellation of your personal data

You have the opportunity at any time to review, change or delete the personal data provided to us by sending us an email to the email address stated at the end of this text. If you are our customer, you can also exclude the receipt of further information for the future there.

You also have the right – at any time – to withdraw your consent for the future.

The deletion of your stored personal data occurs when you revoke your consent to storage.

The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of the storage or, as the case may be, by the European legislator or by any other legislator in laws or regulations for which the controller was intended for.

If the storage purpose is omitted or if a storage period prescribed by the European legislator or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

12. Rights of the Data Subject

Each data subject has the right, as granted by the European legislator, to demand the controller to confirm whether personal data relating to him / her is being processed. If a data subject wishes to make use of this confirmation right, they can contact our data protection officer or another employee of the controller at any time.

Any data subject affected by the processing of personal data shall have the right granted by the European legislator at any time to obtain free information from the controller about the personal data stored about him /her and a copy of that information (Article 15 GDPR). Furthermore, the European legislator has granted the data subject access to the following information:

  • The processing purposes
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data have been disclosed or are yet to be disclosed, in particular to recipients in third countries or to international organizations
  • If possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
  • The existence of the right to request rectification or erasure of personal data or restriction of processing concerning the data subject or to object to the processing
  • The existence of a right of appeal to a supervisory authority
  • If the personal data are not collected from the data subject: All available information on the source of the data
  • The existence of an automated decision making including profiling according to Articles 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject

In addition, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If that is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.

If a data subject wishes to exercise this right to information, they can contact our data protection officer or another employee of the controller at any time.

Any data subject affected by the processing of personal data shall have the right granted by the European legislator to demand the immediate correction of inaccurate personal data concerning them (Article 16, GDPR). Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If a data subject wishes to exercise this right of rectification, they can contact our data protection officer or another member of the data controller at any time.

Any data subject affected by the processing of personal data shall have the right granted by the European legislator to demand the controller to immediately delete the personal data concerning him/her (Article 17 GDPR), if either of the following is true and if so processing is not required:

  • The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
  • The data subject revokes their consent, to which the processing according to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.
  • The data subject’s objection to the processing according to Article 21 (1) GDPR, and there are no prior justifiable reasons for the processing, or the data subject submits opposition to processing in accordance with. Article 21 (2) GDPR.
  • The personal data was processed unlawfully.
  • The deletion of personal data is necessary to fulfil a legal obligation under Union law or national law to which the controller is subject.
  • The personal data has been collected in relation to information society services offered according to Article 8 (1) GDPR.

If one of the above-mentioned reasons is correct and a data subject wishes to arrange for the deletion of personal data held by us, they may, at any time, contact our data protection officer or another member of the controller’s team. Our data protection officer or another employee will arrange for the deletion request to be fulfilled immediately.

Where the controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Our data protection officer or another employee will arrange the necessary in individual cases.

Any data subject affected by the processing of personal data shall have the right, granted by the European legislator, to require the controller to restrict the processing if one of the following conditions applies:

  • The accuracy of the personal data is contested by the data subject for a period of time that enables the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject requires them to assert, exercise or defend legal claims.
  • The data subject objects to the processing according to Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

If one of the above-mentioned conditions is met and a data subject wishes to request the restriction of personal data stored by us, they may at any time contact our data protection officer or another employee of the controller. Our data protection officer or another employee will arrange for the restriction of the processing.

Any data subject affected by the processing of personal data shall have the right, conferred by the European legislator to obtain the personal data concerning him/her provided to a controller by the data subject in a structured, common and machine-readable format. The data subject shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1); and the processing is carried out by automated means, provided that processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability, the data subject has according to Article 20 (1) GDPR the right to obtain that the personal data is transmitted directly from one controller to another controller, as far as this is technically feasible and provided that the rights and freedoms of other persons are not compromised.

To assert the right to data portability, the data subject may at any time contact the data protection officer or another employee appointed by us.

Any data subject affected by the processing of personal data shall have the right, conferred by the European legislator at any time, for reasons arising from its particular situation, to prevent the processing of personal data relating to it under Article 6 (1) (b), (e) or (f) GDPR. This also applies to profile based on these provisions.

In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject or serve to process, assert, exercise or defend legal claims.

If we process personal data in order to operate direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profile, as far as it is associated with such direct advertisement. If the data subject objects to our processing for direct marketing purposes, we will no longer process the personal data for these purposes.

Furthermore, the data subject shall have the right to appeal, for reasons arising out of their particular situation, against the processing of personal data concerning them, which are used by us for scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, unless such processing is necessary to fulfil a public interest task.

In order to exercise the right of opposition, the data subject can directly contact our data protection officer or another employee. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EG, to exercise his right of opposition by means of automated procedures using technical specifications.

Any data subject affected by the processing of personal data shall have the right, as granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on it or, in a similar manner, significantly affects it; provided the decision

  1. is not required for the conclusion or performance of a contract between the data subject and the controller, or
  2. is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or
  3. is made with the express consent of the data subject.

Is the decision

  1. required for the conclusion or performance of a contract between the data subject and the controller or
  2. carried out with the express consent of the data subject, we shall take appropriate measures to uphold the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and contest the decision.

If the data subject wishes to enforce automated decision-making rights, they may contact our data protection officer or other data controller at any time.

Any data subject affected by the processing of personal data shall have the right, granted by the European legislator, to revoke consent to the processing of personal data at any time.

If the data subject wishes to assert their right to withdraw consent, they may at any time contact our data protection officer or another member of the data controller.

13. Legal basis of processing

Article 6 (1) point (a) GDPR serves as a legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or service in return, processing shall be based on Article 6 (1) point (b) GDPR. The same applies to process operations that are necessary to carry out pre-contractual measures, e.g. in cases of inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 (1) point (c) GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or other natural persons. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third parties. In that case, the processing would be based on Article 6 (1) point (d) GDPR. Finally, processing operations could be based on Article 6 (1) point (f) GDPR. On this legal basis, processing operations that are not covered by any of the aforementioned legal bases are required if the processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail. We are allowed to use such processing operations because they have been specifically mentioned by the European legislator. In this regard, the European legislator considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, GDPR).

14. Authorized interests in the processing of data which are being pursued by the controller or a third party

If the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is the performance of our business for the benefit of all our employees and our shareholders.

15. Topicality

This privacy policy is currently valid and is valid as of September 2020.