General Data Protection Regulation
I. Name and Address of the Data Protection Officer
The data protection officer of the person in authority is:
Phone.: +49 (0) 221 / 981 801 10
II. General Information Data Handling
1. Extent of Processing Personal Data
Personal Data is only ascertained and used if it is necessary in order to provide a functioning website and to provide our content or services. The ascertainment and utilization of personal data happens periodically. However, the user has to give their consent beforehand. An exception is applicable, if it was impossible to get the consent due to effective/ actual reasons and the processing of the data is legally permitted.
2. Legal Basis for the Processing of Personal Data
Art 6 Par. 1 lit. A GDPR is being used as a legal basis if we collect personal data for operations processing after the person has given their consent.
Art 6 Par. Lit 1 b GDPR is being used as a legal basis for the processing of personal data of the signatory party which is necessary in order to fulfill a contract. This is also applicable for processing operations which are necessary for the execution of per-contractual measures.
Art. 6 Par. 1 lit c GDPR is being used as a legal basis for processing personal data due to a legal obligation which expectus is subject to.
Art 6 Par 1 lit d GDPR is being used as a legal basis in the event that vital interests of the affected person or any other natural person make it necessary to process personal data.
Art. 6 Par. 1 lit. F GDPR is being used as a legal basis for the processing of personal data if the processing is of a reasonable interest of expectus or a third party and the processing does not outweigh the civil rights and fundamental liberties of the person affected.
3. File Deletion and Storage Period
The personal data of the affected person is going to be deleted or blocked once the purpose of storing the data becomes no longer valid. Additionally, the storage of data can take place, if the responsible person is liable to European enactments, laws or other regulations by European or national legislature and those enactments, laws or other regulations allow the storage of the data. A blockage or deletion of the data also occurs when one of the mentioned norms‘ storage period expires. However, this does not apply if the storage of data is necessary for the performance of a contract or a contract closing.
III. Provision of Website and Creation of Log Files
1. Description and Extent of Data Processing
Whenever this website is being opened the system collects data and information automatically from the user.
The following data is being collected:
Information about the browser type and its used version
The operating system that is being used
The anonymized IP-Address of the user
Date and time of the access
Websites, from which the system of the user reaches this website
Additionally, the data is stored in log files in our system. A storage with that data together with other personal data of the user does not occur.
Art. 6 Par. 1 lit f GDPR is being used as a legal basis for the temporary storage of data and log files.
3. Reason for Data Processing
Storing the IP-address temporarily is necessary in order to show the user the functioning website on their computer. Therefor, it is inevitable to store the IP-address of the user for the length of their session. The storing of log files takes place in order to ensure the operative readiness of the website. Moreover, the data serves expectus in order to optimize the website and the securing of information technology systems. An evaluation of the data for marketing purposes in this context does not occur.
This is why expectus‘ interest in Art. 6 Par. 1 lit f GDPR is valid.
4. Length of Storage
The data is going to be deleted as soon as it is not needed anymore for the goal achievement which it was collected for. In the event of storing data in order to provide the website to the user, their data will be deleted once their session ends.
In case data was stored as log files it can take up to 7 days for the data to be deleted. Exceeding this time period of storing the data is not possible. In this case the IP-address of the user is going to be deleted or modified so that it is impossible to make a correlation to the client.
5. Legal Caveat and Removal Options
The gathering of the described data and the storing of log files is necessary for the operation of the website. Therefore, it is not possible for the user to enter an objection.
1. Description and Extent of Data Processing
It is possible to contact the provided e-mail address. In this case the personal data which is transferred via the e-mail (sent by the user) is going to be stored.
In this context no passing on of the data to third parties will occur. The data will only be used for the processing of the conversation.
2. Legal Basis for Data Processing
Art. 6 Par. 1 lit a GDPR is being used as a legal basis in order to process data in case of an existing consent form the user. Legal basis for processing the data, that is being transmitted via email is Art. 6 Par. 1 lit. f GDPR. If the email contact aims to close on a contract Art. 6 Par. 1 lit. b GDPR is additionally used as a legal basis.
3. Reason for Data Processing
In case of making contact via email the necessary interest of processing data is valid and justified.
4. Length of Storage
Data will be deleted as soon as the purpose for storing it is fulfilled. When it comes to personal data stored from emails it will be deleted once the conversation ended. The conversation ended when it is reasonable to think that the concerned case is completely resolved.
5. Legal Caveat and Removal Options
The user has always the possibility to revoke their consent to store their personal data. If the user contacts expectus via email they can revoke their consent of storing personal data at any point in time. In a case like this the conversation cannot be continued. The revocation of the consent and the legal caveat of storage can be send in writing to the following address:
All personal data which was collected due to contacting expectus is going to be deleted in this case.
VI. Rights of the Affected Person
If your personal data is being processed your are within the meaning of GDPR the person concerned. The following rights are at your disposal:
1. Right to Information
You can require a confirmation about if your personal data has been processed by us. In case expectus did process your personal data you can you can require to get the following information:
reasons why the personal data was processed
the categories of personal data that is being processed
the receiver resp. categories of receivers with which the personal data will or has been shared
the planned period of storage of your personal data or if this cannot be provided criteria for determination of storage period.
the existence of the right to get your personal data deleted
a right to constraint the processing of data by the person responsible or the right to object the processing of your data
the existence of the right to appeal at a regulatory authority
all available information about the origin of the data in case the personal data is not ascertain by the person concerned
the existence of an automatic decision making including profiling according to Art. 22 Par. 1 and 4 GDPR and - at least in these cases - convincing information about the involved logic as well as the scope and the intended implications of such data processing for the person concerned
You have the right to obtain information about if your concerned personal data will be forwarded to a third country or an international organization. In this regard you can require appropriate guarantees according to Art. 46 GDP to get notified about the forwarding.
2. Right of Correction
You have the right to correct or complete your personal data in case your processed data is false or incomplete.
3. Right to Constraint the Processing
You can require the constraint of the processing of your personal data under the following requirements:
if you dispute the validity of your personal data for a period of time, which gives the person in charge the opportunity to review the correctness of the personal data
the processing is unlawful and you deny the deletion of your personal data but instead require the constraint of your personal data
the person in charge does not need the personal data any longer for the purpose of processing, however, you need them to enforce, exert or to plead for legal claims
if you objected to the processing in line with Art. 21 Par. 1 GDPR and it is not certain if valid reasons of the person responsible outweigh your reasons
Once the processing of your personal data has been constrained; this data can only - except of your storing – only be processed for the following reasons: your consent, your enforcement, exercise or defense of interests or in order to protect the rights of another natural person or entity or because of a public interest of the Union or one of its member states. If the constraint is limited because of one of the above premises; you will get notified by the responsible person before the constraint is going to get rescind.
4. Right of Deletion
a) Obligation of Deletion
You can require the deletion of your personal data and the person authority has to do so immediately if one of the following reasons is applicable:
The reasons why your personal data was stored or processed are no longer applicable.
You revoke your consent which you gave under the legal basis of Art. 6 Par. 1 lit a or Art. 9 Par. 2 lit a GDPR and there is no other legal basis for the processing.
You enter an objection against the processing under Art. 21 Par. 1 GDPR and there is no other major eligible reason to process your personal data. You can enter an objection also under Art. 21 Par. 2 GDPR.
Your personal data was unlawfully processed.
The deletion of your personal data is necessary in order to fulfill a legal commitment in accordance with European Union Law or the law of the member states.
Your personal data collected in connection with offered services of the information society according to Art. 8 Par. 1 GDPR.
b) Information to Third Parties
In case the person in authority published your personal data and they are obliged to delete the data in accordance to Art. 17 Par. 1 GDPR they will take appropriate actions (considering the available technology, cost of implementation etc.) in order to inform the people who are processing your personal data to stop doing so.
The right of deletion does not exist if the processing is necessary:
exercise of freedom of speech and information;
feasance of a legal obligation, which makes the processing of data necessary in accordance to European Union law and its member states or in order to fulfill a task that lies in public interest.
reasons which are public interest in the sector of public health according to Art. 9 Par. 2 lit. h and Art. 9 Par. 3 GDPR
archiving purposes in public interest, scientific or historical research purposes or for statistical reasons according to Art. 89 Par. 1 GDPR, in case the right mentioned under a) make it impossible to realize goals of the processing or seriously affects the goals or:
in order to enforce, execute, defend interests
5. Right of Notification
In case you used your right of correction, deletion or constraint of your personal data the person in authority who collected your data has to make sure to inform all third parties of correcting, deletions or removing certain details; unless this demonstrates itself as impossible or is associated with unproportional effort. However, you do have the right to be informed about those third parties by the person in authority.
6. Right of Data Portability
You have the right to get the personal data you provided to the person in authority in a structured, machine-readable format from the person in authority. Furthermore, you have the right to forward your personal data to a different person in authority in case the processing is in accordance to Art. 6 Par. 1 lit a GDPR or is based on a contract in accordance with Art. 6 Par. 1 lit. b GDPR and takes place by means of automated processes.
Additionally, you also have the right that one person in charge sends them to a different person in charge directly in case this is technically doable. Freedoms and rights of other people are not allowed to be affected by this.
The right of data portability does not apply to processing personal data which is necessary in order to fulfill a task that rests in public interest or happens through which was transferred to the person in authority.
7. Right to Object
You have the right - in case reasons arise due to your specific situation - to object to the processing of your personal data (in accordance to Art. 6 Par. 1 lit. e or f GDPR). This also applies to a supported profiling by these proclamations. The person in authority does not process your personal data any longer unless he can prove necessary protect worthy reasons which outweigh your interests, rights and freedoms or the processing serves the enforcement, processing or defense of legal claims.
In case your personal data is being used for direct advertising you have the right to object, This also applies to profiling in case it is related to the direct advertising.
In case you do object the direct advertising; your personal data is not going to be used for the said purposes any longer. You can use your right to object through automated procedures linked to the usage of services by the information society - despite policy 2002/58/EG.
8. Right of Revocation of Data Protective Consent
You have the right to revoke your data protective consent at any point in time. The revocation does not change the processing of data which was done before receiving the revocation of the consent.