Privacy policy

I Information about the collection of personal data

1. Name and address of the controller

In the following, we – Secufy GmbH, Weidmannstr. 28, 55131 Mainz, Germany, e-mail:[](mailto:) info@secufy.com (hereinafter referred to as “Secufy”), the controller within the meaning of the General Data Protection Regulation (hereinafter referred to as the “GDPR”) and other national data protection laws of the Member States as well as other data protection regulations, provide you with information regarding the collection of personal data when using our website, which is available at www.secufy.io (hereinafter referred to as the “Website”). Personal data are all data which can be linked back to the data subject, for example, name, address, e-mail addresses, user behavior.

2. Name and address of the data protection officer

Within the meaning of Art. 4 (7) of the EU General Data Protection Regulation, our data protection officer is:

3. General information about the processing of data

In the following, you will find general information about the processing of data by us. Detailed information on the individual functionalities offered by us on the Website and on the data protection-relevant technologies used can be found in subparagraph (b).

3.1 Scope of processing of personal data

In principle, we collect and use personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data takes place regularly only after you have granted your consent. An exception is made in such cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

3.2 Legal bases for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For the processing of personal data necessary for the fulfillment of a contract to which the data subject is a party, Article 6 (1) lit. b GDPR serves as the legal basis.

This also applies to processing operations required to carry out pre-contractual measures. Insofar as processing of personal data is required to fulfill a legal obligation to which our company is subject, Article 6 (1) lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, then Article 6 (1) lit. f GDPR serves as the legal basis for processing.

3.3 Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose for storage ceases to apply. Storage beyond this period may take place if provided for by European or national legislators in EU regulations, acts or other legislation to which the controller is subject. Blocking or erasure of data also occurs when a storage period prescribed by one of the aforementioned rules and regulations expires, unless there is a need for continued storage of the data for the conclusion or fulfillment of a contract.

3.4 Service provider

Should we use contracted service providers for individual functions of our Website or wish to use your data for advertising purposes, we will inform you in detail below about the respective transactions and, if necessary, obtain your separate consent at an appropriate time. While doing so, we will also provide the applicable storage duration criteria.

4. Your rights

4.1 Summary

You have the following rights with respect to the personal data concerning you:

You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

4.2 Your rights in detail

If your personal data is processed by us, you are the data subject within the meaning of the GDPR and have the following rights vis-à-vis us:

4.2.1 Right of access

You may request confirmation from us as to whether or not personal data concerning you are being processed by us. In the event of such processing, you may request the following information from us:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4) the envisaged period for which your personal data will be stored, or, if it is not possible to provide specific information in this regard, the criteria used for determining the storage period;

(5) the existence of the right to rectify or delete your personal data, the right to restrict our processing of your data or the right to object to such processing;

(6) the existence of the right to lodge a complaint with a supervisory authority;

(7) all available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and—at least in these cases—meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.

You have the right to request information as to whether your personal data will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

4.2.2 Right to rectification

You have the right to request that we rectify and/or complete data if the personal data processed concerning you are inaccurate or incomplete. We must rectify the data without delay.

4.2.3 Recht auf Einschränkung der Verarbeitung

Under the following conditions, you may request that the processing of your personal data be restricted:

(1) if you contest the accuracy of your personal data for a period of time enabling us to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;

(3) we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims; or

(4) you have objected to the processing pursuant to Art. 21 (1) GDPR, pending the verification whether our legitimate grounds override your grounds.

Where the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above requirements, we will notify you before the restriction of processing is lifted.

4.2.4 Right to erasure

4.2.4.1 Obligation to erasure

You have the right to request that we erase your personal data without undue delay, and we are obliged to erase such data without undue delay provided one of the following reasons applies:

(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(2) you withdraw consent on which the processing is based according to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and where there is no other legal ground for the processing;

(3) you object to the processing pursuant to Art. 21 (1) GDPR, and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;

(4) your personal data have been unlawfully processed;

(5) the personal data must be erased in order to comply with a legal obligation in Union or Member State law to which the controller is subject;

(6) your personal data have been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

4.2.4.2 Passing on of information to third parties

Where we have made your personal data public and are obliged pursuant to Art. 17 (1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

4.2.4.3 Exceptions

The right to erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defense of legal claims.

4.2.5 Right to information

If you have asserted your right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data have been disclosed of the corresponding rectification or erasure of data or of the restriction of processing, with the exception of cases where such notification by us proves impossible or unreasonable. You have the right to be informed of who these recipients are.

4.2.6 Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to which the personal data have been provided, where

(1) the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR, and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the liberties and rights of others. The right to data portability does not extend to the processing of personal data where such processing is necessary for fulfilling a task carried out in the public interest or for exercising an official authority vested in the controller.

4.2.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) lit. e or f GDPR, including profiling based on these provisions.

We shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

4.2.8 Right to withdraw your consent under data protection law

You have the right to withdraw your consent under data protection law at any time. Your withdrawing consent does not affect the legitimacy of any processing that has occurred with your consent prior to the withdrawal.

4.2.9 Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you or significantly affects you in a similar way. This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and us;

(2) is authorized under Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

These decisions, however, shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) lit. a or g applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.

In the cases referred to in points (1) and (3), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your own point of view and to contest the decision.

4.2.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

II Information about the collection of personal data

  1. Revocation of consent

If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing of your personal data after you notify us of your revocation of consent.

  1. Information on the right to object to the processing of data in the context of balancing interests

You can object to the processing of your personal data insofar as we base the processing on the balance of interests. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we describe in each case in the following description of functions.

In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. If your objection is justified, we will assess the situation and either stop or adjust the processing of data, or demonstrate to you the compelling legitimate grounds for our continued processing.

  1. Information on the right to object to direct marketing

Of course, you have the right to object at any time to the processing of your personal data for marketing and data analysis purposes. Please inform us about your objection by contacting us at: Secufy GmbH (“Secufy”), Weidmannstr. 28, 55131 Mainz, Germany, e-mail info@secufy.com

COLLECTION OF PERSONAL DATA UPON VISITING OUR WEBSITE

  1. Creation of log files

If you use our Website for information purposes only, meaning that you do not register or otherwise provide us with data, our system automatically records data and information from the computer system of the visiting computer. The following data are collected in this process:

The data are also stored in our system’s log files. This data is not stored together with the user’s other personal data.

Legal basis for processing data

The legal basis for the temporary storage of data and log files is Article 6 (1) lit. f GDPR.

  1. Purpose of processing data

The data is stored in log files to ensure the functionality of the Website. We also use the data to optimize the Website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.

  1. Duration of storage

The data will be erased once they are no longer necessary to achieve the purpose for which they were collected. In the case of data collection for the provision of the Website, this is the case when the session in question is concluded.

For data stored in log files, this is the case after seven days at the latest. A longer storage period is possible. In this case, the IP addresses of the users are deleted or obfuscated so that it is no longer possible to identify the accessing client.

  1. Right to object and to erasure

The collection of data for the provision of the Website and the storage of data in log files is absolutely necessary for the operation of the Website. You therefore have no right to objection.

III. Usage of cookies

  1. Functionality and scope

So that you can order our products and your order is collected in a shopping cart, we use so-called session cookies (also called session IDs). Session cookies are small pieces of information that a provider stores in the memory of the visitor’s computer. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. A cookie also contains information about its origin and storage period. These cookies cannot save any other data. The session ID is used to compile orders in the shopping cart.

  1. Legal basis for processing data

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

  1. Purpose of processing data

The purpose of utilizing technically necessary cookies is to simplify the use of our Website for users. Some of our Website’s functions cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognized even after a page change. We require cookies for the following applications:

User data collected by technically necessary cookies are not used to prepare user profiles.

  1. Duration of storage, right to object and right to erasure

4.1 General information

Cookies are stored on the user’s computer, which transmits them to our Website. For this reason, you, the user, have full control over the placement of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also occur automatically. If cookies for our Website are deactivated, you may find not all of the Website’s functions can continue to be utilized in full.

IV Further functions and offers of our Website

Aside from the purely informational use of our Website, we offer various services that you can make use of if you are interested. To this end, you will generally need to provide additional personal data that we use to provide the respective service and for which the previously stated data processing principles shall apply.

  1. Commissioned data processing

We sometimes use external service providers to process your data. These external service providers have been carefully selected and commissioned by us. They are bound to our instructions and are regularly monitored.

Use of PayPal as a payment method

If you decide to pay with the online payment service PayPal during the ordering process, your contact details will be transmitted to PayPal as part of the order triggered in this way. PayPal is a service offered by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal acts as an online payment service provider and trustee and offers buyer protection services.

The personal data transmitted to PayPal is usually the first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as the number of items, item number, invoice amount and taxes in percent, invoice information, etc.

This transfer is necessary to process your order using the payment method you selected, in particular to confirm your identity, to administer your payment and the customer relationship.

However, please note: Personal data may also be disclosed by PayPal to service providers, subcontractors or other affiliated companies if this is necessary to fulfill the contractual obligations arising from your order or if the personal data is to be processed on behalf of PayPal.

Depending on the payment method selected via PayPal, for example, invoice or direct debit, the personal data transmitted to PayPal is transmitted by PayPal to credit agencies. This transfer serves to verify your identity and creditworthiness with regard to the order you have placed.

You can find out which credit agencies are involved and which data are generally collected, processed, stored and passed on by PayPal in the PayPal Privacy Policy.

  1. Data transfers outside the EEA

Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.

We use the analytics tool “Google Analytics.” For this purpose, the data will be sent to Google in the USA. Further details on Google Analytics are provided under section VIII Web analytics and online advertising.

V Registration on our Website

  1. Functionality and scope of data processing

On our Website we offer users the opportunity to register by providing personal data. The data are entered into an input mask and transmitted to us and stored. These data are not transferred to third parties. The following data are collected during the registration process:

MANDATORY INFORMATION:

E-mail address
First and last name
Address

OPTIONAL INFORMATION:

Company
VAT ID
Telephone number

AT THE TIME OF REGISTRATION, THE FOLLOWING DATA WILL BE STORED:

The user’s IP address
Date and time of registration

The user’s consent for the processing of these data is obtained during the registration process.

  1. Legal basis for processing data

The legal basis for the processing of data when the user’s consent has been granted is Article 6 (1) lit. a GDPR.

If the registration is undertaken for the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, Article 6 (1) lit b. GDPR is the additional legal basis for the data’s processing.

For an order to be placed and then processed, it is necessary for the data provided by you to be collected and processed accordingly.

  1. Purpose of processing data

User registration is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures. For an order to be placed and then processed, it is necessary to collect your data.

  1. Duration of storage

The data will be erased once they are no longer necessary to achieve the purpose for which they were collected.

The data collected during the registration process to fulfill a contract or to implement pre-contractual measures will be erased when they are no longer required for the contract’s execution. Even after the contract’s conclusion, it may still be necessary to store the contractual partner’s personal data to fulfill contractual or legal obligations.

  1. Right to object and to erasure

As a user, you may cancel the registration at any time. You can have your stored personal data amended at any time.

You can amend your data under “My account.” To have your account deleted, please contact us at: info@secufy.io.

Early erasure of data required to fulfill a contract or implement pre-contractual measures is only possible if there are no contractual or statutory obligations which prevent the erasure.

VI Use of our web shop

If you want to place an order online, submission of your personal data is required to conclude a contract and to process your order. Where relevant, this also applies to the transfer of data necessary for the processing of your order to payment service providers and, in the case of purchases made on account, the transfer to credit reporting agencies for the purpose of credit inquiries.

In this regard, however, we would like to point out that if you want to pay the invoice amount via a payment service provider such as “Paypal” or “paydirekt,” you may have to be registered there or register there, verify your identity with your access data and confirm the transfer of payment to us. Please observe any privacy notices of the respective payment service provider.

The fields required for the performance of contracts are marked separately; all other information is optional. We use the data submitted by you for the processing of your order. For this purpose, we may transmit your payment details to our principal bank. The legal basis for this procedure is Art. 6 (1) (1) lit. b GDPR.

If you wish, you can optionally create a customer account so we can save your personal data for future purchases. Upon creating an account under “My account,” the data submitted by you is saved; you may revoke your consent at any time.

You can delete all other data, including your user account, at any time in the customer area. Due to commercial and tax law requirements, we are obliged to store your address, payment and ordering details for a period of ten years. However, after two years we place a restriction on processing, i.e. your data will only be used for compliance with statutory obligations. The ordering process is TLS-encrypted in order to protect your personal data, especially financial information, from unauthorized access by third parties.

VII Web analytics and online advertising

  1. Google Analytics

This Website uses Google Analytics, a web analytics service of Google Inc. (hereinafter referred to as “Google”). Google Analytics uses “cookies,” text files which are saved on your computer and allow us to analyze your use of the Website.

The information generated by the cookie about your use of this Website is usually transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this Website, your IP address will be shortened beforehand by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

At the request of the operator of this Website, Google uses this information to evaluate your use of the Website, to compile reports on Website activities and to provide other services related to Website and Internet use to the Website operator.

The IP address provided by your browser in the context of Google Analytics will not be merged with other Google data. You can prevent cookies being stored by setting your browser software accordingly; however, we wish to point out that if this is the case, you may not be able to use all functions on this Website in full.

You may furthermore prevent the logging of the data generated by the cookie and related to your use of the Website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:

This Website uses Google Analytics with the extension “_anonymizeIp ().” This ensures that IP addresses are further processed in shortened form, meaning individual identification of the user is not possible. Should the data gathered about you enable personal identification, this will be immediately excluded and the personal data shall be immediately deleted.

We use Google Analytics to analyze and regularly improve use of our Website. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. For exceptional cases in which personal data are transmitted to the USA, Google is subject to the EU-US Privacy Shield.

The legal basis for using Google Analytics is Article 6 (1) (1) lit. f GDPR. Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436?1001.

User conditions
Privacy overview
Privacy policy

We have concluded an agreement for contract data processing with Google.

  1. Use of Google’s DoubleClick

This Website also uses the online marketing tool “DoubleClick” by Google. DoubleClick uses cookies to place ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are shown in which browser and can thus prevent them from being displayed multiple times.

In addition, DoubleClick uses cookie IDs to track so-called conversions related to advertising requests. This is the case if, for example, a user sees a DoubleClick advertisement and later goes to the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and therefore inform you according to our level of knowledge:

By integrating DoubleClick, Google receives the information that you have accessed the relevant part of our Website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.

You can prevent participation in this tracking process in several ways:

a) by adjusting your browser software settings accordingly; in particular, the suppression of third-party cookies results in you not receiving any third-party ads;

b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com,” www.google.de/settings/ads, although this setting will be deleted if you delete your cookies;

c) by deactivating the interest-based advertisements of providers that are part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices, although this setting will be deleted if you delete your cookies;

d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser under the link www.google.com/settings/ads/plugin. We would like to point out that, in this case, you may not be able to use all features of this offer in full.

The legal basis for the processing of your data is Art. 6 (1) (1) lit. f. GDPR. Further information on DoubleClick by Google is available at the following links: www.google.de/doubleclick and support.google.com/adsense/answer, as well as the general privacy information available at Google. Alternatively, you can visit the Network Advertising Initiative (NAI) website.

Google is subject to the EU-US Privacy Shield.

  1. Use of ajax.googleapis.com/jQuery

We use the Javascript library jQuery on our Website. To increase the loading speed of our Website and to give you a better user experience, we use Google’s content delivery network (CDN) to load this library.

There is a high probability that you have already used jQuery on another page of the Google CDN. If so, your browser can use the copy saved in the cache and it does not need to be downloaded again.

If your browser does not have a saved copy in the cache or for any other reason downloads the file from the Google CDN, then data will be transferred from your browser to Google. For exceptional cases in which personal data are transmitted to the USA, Google is subject to the EU-US Privacy Shield.

The legal basis for using Google Analytics is Article 6 (1) (1) lit. f GDPR. Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436?1001.

User conditions
Privacy overview
Privacy policy

We have concluded an agreement for contract data processing with Google.