Management System GRC Compliance Tool

Slide-1
Slide-1

Privacy Policy

The following data protection declaration applies to the processing of personal data on our websites https://www.under-controls.org/, https://www.under-controls.net, https://www.under-controls.com/ and on our social media presences.

Responsible body

The data controller is:

Scope of the processing of personal data

Visit our website

When you access our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our justified

Interest follows from the purposes for data collection listed under point 3. In no case do we use the collected data for the purpose of drawing conclusions about your person.

In addition, we use cookies when you visit our website. You can find more detailed explanations on this under point 4 of this data protection declaration.

Processing on contact

When contacting us by phone, email, via our chat function or via the contact form, the data you provide will be stored by us on the basis of Art. 6 (1) lit. a GDPR in order to answer your questions. The contact is logged in order to be able to prove the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and the facts concerned have been conclusively clarified. If an enquiry from existing customers is made for the purpose of support, the data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, as this is necessary to fulfil our contractual obligations. In this case, the call logs are stored for the duration of the regular limitation period.

Legal basis for the processing of your personal data

We process personal data for the following purposes:

We base the processing of personal data on the following legal basis:

Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of consent granted in accordance with Art. 6 para. 1 lit. a. GDPR) Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

Google uses the so-called standard data protection clauses of the European Commission and thereby offers a guarantee of compliance with European data protection law.

Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles of the users can be created from the processed data.

We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

The users’ personal data is deleted or anonymised after 14 months.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.

The data processing is based on Art. 6 para. 1 lit. a GDPR, due to voluntarily given consent.

For more information on Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Google Tag Manager

This website uses the Google Tag Manager. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

This service allows website tags to be managed via an interface. The Google Tag Manager itself does not set cookies but only tags and does not collect any personal data. The service triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Google Translate

This site uses the translation service Google Translate via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

To use the functions of Google Translate, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

Google Translate is used in the interest of easy accessibility and accessibility of our online offers on the basis of consent given, cf. Art. 6 para. 1 lit. a GDPR.

More information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

Facebook & Instagram

We maintain a presence on the social media platform Instagram and Facebook of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

As the operator of this Instagram/Facebook presence, we are jointly responsible for data processing with Facebook Ireland Ltd. pursuant to Art. 26 GDPR. This means that we must also be responsible for ensuring that your personal data is processed lawfully via this LinkedIn page and that you can also exercise your rights regarding your data against us. We have concluded a joint responsibility agreement with Facebook Ireland Ltd. pursuant to Art. 26 GDPR.

When you visit our Instagram or Facebook page, Instagram and/or the associated company Facebook collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the social media pages, with statistical information about the respective use of the social media pages.

In the following, we inform you about the handling of your personal data. Here, personal data is any data by which you can be personally identified. Please check carefully which personal data you share with us via Instagram and Facebook. As long as you are logged into your social media account and visit our respective profile, this can be assigned to your respective profile. We expressly point out that Instagram / Facebook and thus Facebook Ireland Ltd. stores the data of its users (e.g. personal information, IP address, etc.) and may also use this for business purposes.

We have no influence on the data collection and further processing by Instagram/Facebook. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored, to what extent Instagram and Facebook comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid Instagram and Facebook processing personal data that you have transmitted to us, please contact us by other means.

The data collected about you in this context is processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union. Instagram / Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements.

The use of the associated plugins on this website is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring the greatest possible visibility in social media.

LinkedIn

We also maintain our own presence on the social media platform LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter: “LinkedIn”).

As the operator of this LinkedIn page, we are jointly responsible with LinkedIn for data processing pursuant to Art. 26 GDPR. This means that we must also be responsible for ensuring that your personal data is processed lawfully via this LinkedIn page and that you can also exercise your rights regarding your data against us. We and LinkedIn have concluded a joint responsibility agreement in accordance with Art. 26 GDPR.

When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information on the use of the LinkedIn page (so-called page insights), which are available in the form of cookies on your PC.

This information is used to provide us, as the operator of the LinkedIn page, with statistical information about the use of the LinkedIn page.

In addition, LinkedIn processes both the URL of the website you came from and the URL of the website you navigate to next, the time of your visit, your IP address, your proxy server, your operating system, your web browser, your add-ons, your device identifiers and features, your cookie IDs and/or your ISP or mobile operator and, after your consent, your location data.

If you are a member of LinkedIn, LinkedIn processes the personal data that you provide to LinkedIn, such as your education, work experience, professional skills, employment status or profile photo.

If you are logged into your user account while visiting our LinkedIn page, LinkedIn may be able to assign the collected information of the specific visit to your user account.

If you wish to avoid this, you should log out of LinkedIn, delete the cookies present on your device and close and restart your browser. In this way, information by which you can be directly identified will be deleted.

For more information, please refer to LinkedIn’s Cookie Policy and LinkedIn’s Data Policy.

The legal basis for the processing of personal data is Art 6 para 1 p. 1 lit. f GDPR. Our interest in using this social media platform is to interact with users and increase awareness. We use the LinkedIn presence for public relations work.

Bing Webmaster

Bing Webmaster Tools is an application of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, which is integrated on our website. This is used for search engine optimisation (SEO) and does not process any personal data. Information on the collection, processing and use of the service can be found in the data protection information of Microsoft Corporation.

Microsoft’s Bing Webmaster Tools store one or more “cookies” on your computer. For example, Bing uses a cookie with a unique ID, also known as a search ID, to run the service and enable certain search features. Microsoft uses these cookies to provide the Bing services and to provide a search environment with more relevant results. Cookies can be removed or blocked from your computer through your browser settings.

In addition, Microsoft uses web beacons to store cookies and provide analytics. These may also be third-party web beacons that may not collect any personal information.

For Bing services, this information allows Microsoft to provide relevant search results. The information collected is also used to help ensure and improve the quality, security, and integrity of Microsoft’s services. For example, this information is used for research and to improve the relevance of Bing search results. Microsoft also needs this information to detect security vulnerabilities and protect you from security threats, such as botnet attacks, click fraud, worms and other threats.

At http://www.bing.com/webmaster/help/webmaster-guidelines-30fba23a and at Microsoft https://privacy.microsoft.com/de-de/privacystatementhttps://privacy.microsoft.com/de-de/privacystatement, the user can obtain further information and data protection notices on the collection and use of data by Bing Webmaster Tool and Microsoft.

If you do not wish to do this, you can make settings for Bing at the following link: https://choice.microsoft.com/de-de/opt-out

Yoast SEO Analysis Tool

We use plugins from Yoast SEO on our website. This is an offer from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands. This plugin takes care of the complete technical optimisation of our websites for search engines. It also assists with content development. For more information, please refer to Yoast BV’s privacy policy, which can be found at https://yoast.com/privacy-policy/. Google Hosted Libraries are also used in this plugin. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Disclosure of personal data to third parties

Your data will be passed on to third parties who work for us in connection with the processing of the contract on the basis of Art. 6 para. 1 lit. b, c, f GDPR. These are, for example, service providers for the payment of products, or hosting and analysis service providers, tax consultants and lawyers to whom we pass on the data required for the fulfilment of tasks.

Data subjects’ rights

As a data subject, you have the following rights vis-à-vis us:

For your own protection, we reserve the right, in the case of an existing request, to obtain further information necessary to confirm your identity and, if identification is not possible, to refuse to process the request.

Right to information

You have the right to request information from us about the personal data stored about you.

Right of rectification

You have the right to request that personal data concerning you be corrected and/or completed without delay.

Right to restrict processing

You have the right to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing.

Right to erasure

You have the right to request the deletion of your personal data stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims. Data that we have to store due to legal or contractual retention obligations will be blocked instead of being deleted in order to prevent use for other purposes.

Right to information

If you have exercised the right to rectification, erasure or restriction of processing, we will communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data relating to you has been disclosed, unless this proves impossible or involves a disproportionate effort.

Right to data portability

You have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.

Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing at any time pursuant to Art. 21 GDPR.

Right of withdrawal of consent

You have the right to revoke your consent to the collection of data at any time with effect for the future. The data collected until the revocation becomes legally effective remains unaffected. Please understand that the implementation of your revocation may take a little time for technical reasons and that you may still receive messages from us in the meantime.

Right to complain to a supervisory authority

If the processing of your personal data violates data protection law or if your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority.

To assert these rights, it is sufficient to send a simple e-mail to

info@under-controls.com

or a letter to:

Kopiaconsulting GmbH

Jan Kopia

Rapsweißlingstr. 19

12683 Berlin

Scroll to Top