Privacy Policy

Digital Foundations GmbH - Data Protection
Our top priority is compliance with data protection regulations under EU and national law. Of particular importance to us are the safeguarding of data subject rights and the consistent implementation of data protection processes. We aim to process the personal data of our customers, prospects, suppliers, employees, and other data subjects transparently and fairly.

Security:

We have implemented technical and organizational security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees, as well as third parties involved in data processing, are bound by the German Federal Data Protection Act and are required to handle personal data confidentially. Whenever personal data is collected and processed, the information is transmitted in encrypted form to prevent misuse by third parties. Our security measures are continuously updated in line with technological developments.

Data Protection when Using Our Website:

Digital Foundations GmbH is fully aware that protecting your privacy when using our websites is an important concern. We take the protection of your personal data very seriously. For this reason, we want you to know when we store which data and how we use it. With this privacy policy, we would therefore like to inform you about the measures we take to ensure data protection.

Management of Digital Foundations GmbH

Peter-Christoph Haider, Michael Stettner

Responsible Entity:
The responsible entity within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other applicable data protection regulations, is:

Digital Foundations GmbH
Bretonischer Ring 5
85630 Grasbrunn
Germany
Tel.: +49 (0)89 / 452383-0
Email: [email protected]
Website: www.difo.de

Purposes of Data Processing:
We generally process personal data of our users only to the extent necessary to provide a fully functional website as well as our content and services.
The processing of personal data of our users is usually carried out only with the user’s consent. An exception applies in cases where obtaining prior consent is not practically possible and the processing of data is permitted by legal provisions.
In accordance with the principles of data minimization and data economy, we collect personal data on our website only if it is required for the purpose requested by you and/or if you provide it to us voluntarily.

Accordingly, we collect personal data in the following cases:

• Correspondence with prospects, customers, suppliers, and business partners

• Exchange regarding contractually owed services

• Marketing campaigns

Your personal data will only be shared with third parties by us if:

• You have given your consent to do so

• The processing of this data is necessary to execute a contract with you

• The processing is required to fulfill legal obligations

Providing personal data (such as name, contact information, contact persons, etc.) is a prerequisite for entering into a contract with Digital Foundations GmbH and is necessary for the provision of our services. If you choose not to provide your personal data, it will unfortunately not be possible to continue the business relationship.

Legal Basis for the Processing of Personal Data:
Where we obtain consent from the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data that is necessary to fulfill a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing activities that are necessary to carry out pre-contractual measures.

Where the processing of personal data is required to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In cases where processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override this interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.

Data Deletion and Retention Period:
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may occur if required by European or national legislation, regulations, or other provisions to which the data controller is subject. Blocking or deletion of data will also take place when a retention period prescribed by these regulations expires, unless further storage is necessary for the conclusion or fulfillment of a contract.

Data Subject Rights:
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If such processing exists, you may request information regarding:

1. The purposes for which your personal data is being processed;

2. The categories of personal data being processed;

3. The recipients or categories of recipients to whom your personal data has been or will be disclosed;

4. The intended period for which your personal data will be stored, or, if specific details are not possible, the criteria used to determine the retention period;

5. The existence of a right to request correction or deletion of your personal data, a right to request restriction of processing by the data controller, or a right to object to such processing;

6. The existence of a right to lodge a complaint with a supervisory authority;

7. All available information on the source of the data, if the personal data was not collected directly from you;

8. The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and – at least in these cases – meaningful information about the logic involved as well as the significance and intended consequences of such processing for the data subject.

You also have the right to request information on whether your personal data is transferred to a third country or to an international organization. In this context, you may request information about the appropriate safeguards pursuant to Article 46 GDPR in connection with such transfers.

Right to Rectification:
You have the right to request correction and/or completion of your personal data from the data controller of Digital Foundations GmbH if the personal data concerning you is inaccurate or incomplete. The controller must carry out the correction without undue delay.

Right to Restriction of Processing:
Under the following circumstances, you may request the restriction of the processing of your personal data:

1. If you contest the accuracy of your personal data for a period allowing the controller to verify its accuracy;

2. If the processing is unlawful and you oppose the deletion of the personal data, requesting restriction of its use instead;

3. If the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or

4. If you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet determined whether the legitimate grounds of the controller outweigh your reasons.

Where the processing of your personal data has been restricted, such data may only be processed – apart from storage – with your consent, for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been applied under the conditions above, you will be notified before the restriction is lifted.

Right to Deletion (Right to Erasure):
You may request that your personal data be deleted without undue delay. We are also obliged to delete this data immediately if one of the following reasons applies:

1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

2. You withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for processing;

3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for processing, or you object pursuant to Article 21(2) GDPR;

4. The personal data has been unlawfully processed;

5. Deletion of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject;

6. The personal data has been collected in relation to information society services offered in accordance with Article 8(1) GDPR.

Information to Third Parties:
If the controller has made your personal data public and is obliged under Article 17(1) GDPR to delete it, the controller shall take reasonable steps, considering available technology and implementation costs, including technical measures, to inform other controllers processing the personal data that you, as the data subject, have requested the deletion of all links, copies, or replications of this personal data.

Exceptions:
The right to deletion does not apply if processing is necessary:

1. For exercising the right of freedom of expression and information;

2. To comply with a legal obligation under Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3. For reasons of public interest in the area of public health pursuant to Articles 9(2)(h) and (i) and 9(3) GDPR;

4. For archiving purposes in the public interest, scientific or historical research, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right mentioned above is likely to render the achievement of the purposes of processing impossible or seriously impaired; or

5. For the establishment, exercise, or defense of legal claims.

Right to Notification:
If you have exercised the right to rectification, deletion, or restriction of processing, the controller is obliged to inform all recipients to whom your personal data has been disclosed about the rectification, deletion, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You also have the right to be informed about these recipients.

Right to Data Portability:
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:

1. The processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR; and

2. The processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You may exercise your right to object in connection with the use of information society services by automated means, regardless of Directive 2002/58/EC, using technical specifications.

Right to Withdraw Consent:
You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Automated Individual Decision-Making, including Profiling:
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

1. Is necessary for the conclusion or performance of a contract between you and the controller;

2. Is authorized by Union or Member State law to which the controller is subject and which contains appropriate safeguards to protect your rights, freedoms, and legitimate interests; or

3. Is based on your explicit consent.

Such decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate safeguards are implemented to protect your rights, freedoms, and legitimate interests.

In the cases mentioned under (1) and (3), the controller shall implement appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention, to express your point of view, and to contest the decision.

Right to Lodge a Complaint with a Supervisory Authority:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority where the complaint has been submitted shall inform the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Collection of General Information When Visiting Our Website:
Each time our website is accessed, our system automatically collects data and information of a general nature from the computer system of the accessing device using cookies. This information includes, among other things, details about the browser type and version, the user’s operating system, the Internet Service Provider (ISP), the IP address, as well as the date and time of access to our website. This information does not reveal any personal information about you.

This information is technically necessary for the operation of our website and is inevitably collected when using the Internet. These data are processed for the following purposes:

• Establishing a connection to the website

• Evaluating system security and stability

• Other administrative purposes

The legal basis for processing this data is our legitimate interest pursuant to Article 6(1)(f) GDPR.

Recipients of your personal data are exclusively Digital Foundations GmbH and, where applicable, processors engaged in accordance with the GDPR.

Changes to Our Privacy Policy:
We reserve the right to adapt this privacy policy at any time to ensure compliance with current legal requirements or to implement changes to our services in the privacy policy.

Information under the Consumer Dispute Resolution Act (VSBG):
Digital Foundations GmbH is neither willing nor obliged to participate in a dispute resolution procedure before a consumer arbitration board.

Questions to the Data Protection Officer:
If you have any questions regarding data protection, please send us an email or contact the person responsible for data protection in our organization directly:

Julian Sippl
Tel.: +49 (0)89 / 452383-0
Email: [email protected]