The protection of your personal data is important to us. Therefore, we would like to inform you in detail below which data we collect from you, on the one hand in the context of ongoing business relations and, on the other hand, when you visit our website and use our offers and how these are subsequently processed or used by us and which rights you are entitled to in this respect.
Your personal data, such as your name, address, e-mail address or telephone number, will only be processed by us on the basis of the statutory data protection law, i.e. the EU Data Protection Ordinance (GDPR), the Federal Data Protection Act (FDPA) and the Telemedia Act (TMA).
The scope of the data collected and processed by us differs depending on whether you only visit our website to call up information or also make use of services offered by us via our website or otherwise.
Our data protection declaration uses the terms of the EU basic data protection regulation (GDPR), which we would like to explain briefly for your convenience. These and other definitions can be found in Art. 4 GDPR.
a) Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical, physiological, genetical, psychological, economic, cultural or social identity of that natural person.
b) Persons affected
“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.
“Processing” means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data, such as collection, organization, classification, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
d) Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of restricting their future processing.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Responsible person
“Responsible person” means the natural or legal person, authority, body, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or certain criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.
g) Contract processors
“Processor” means a natural or legal person, authority, institution or other body processing personal data on behalf of the data controller.
“Receiver” means any natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. Authorities which may receive personal data under a specific investigation mandate under Union law or the law of the Member States shall not, however, be regarded as recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.
i) Third person
“Third person” means any natural or legal person, authority, institution or other entity other than the data subject, the data processor, the data processor and the persons authorized to process the personal data under the direct responsibility of the data processor or the data processor.
j) Data subject’s consent
“Data subject’s consent” means any voluntary declaration of consent in the specific case, in an informed and unequivocal manner, in the form of a declaration or other clear affirmative act, by which the data subject indicates his/her consent to the processing of personal data concerning him/her.
Nature of the personal data concerned / purposes of processing
The personal data to be processed by us includes salutation, surname, first name, a valid e-mail address, date of birth, address, telephone and fax numbers, bank data and, if applicable, pictorial material from you, provided that you make this available to us – i.e. all personal-related information that we need in order to be able to provide our contractual services for you. This data is collected in order to identify you as our customer, to process your customer order appropriately, to correspond with you, to issue invoices, to process any existing claims and to assert any claims against you. Failure to provide personal data (with the exception of telephone and fax numbers) will render the order infeasible. Failure to provide telephone and fax numbers limits our ability to communicate with you.
The data will be processed upon your request and is required for the purposes stated in Art. 6 para. 1 sentence 1 lit. b GDPR for the appropriate processing of your request or the use of the product and for the mutual fulfilment of obligations arising from the contract.
We do not carry out automated decision making (especially profiling).
Your data will not be passed on to third parties without your express consent. Excluded from this are only our service partners, such as data hosters, software providers, external consultants (bookkeepers/tax consultants) and similar, which we need to process the contractual relationship and to fulfil our services. In these cases, we strictly observe the requirements of the relevant data protection laws. The scope of data transmission is limited to a minimum. The data passed on will be used by the third parties exclusively for the purposes mentioned.
The personal data processed by us within the scope of the contractual relationship will be stored until proper fulfilment of the contract including the statutory periods for warranty of defects and subsequently deleted, unless we are obliged to store it for a longer period due to tax and commercial law or other statutory storage and documentation obligations (e.g. from HGB, StGB or AO) or you have consented to further storage in accordance with Art. 6 Para. 1 S. 1 a GDPR.
Name and address of the person responsible for the processing of personal data
The person responsible within the meaning of the Basic Data Protection Ordinance is:
Fanomena GmbH.,– www.fanomena.de –
Herr Marc Grewenig and Herr Max Ulbrich (Managing directors)
Phone: +49 (0) 681 84492557
Name and contact details of the data protection officer
The data protection officer of the controller:
Mr. Oliver Pikolleck, lawyer and certified external data protection officer (TÜV-cert.),
hiLevDATA GmbH & Co.KG
Any person concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
Special regulations regarding our website hileadzz.com
- Server data
If you use our website for purely informational purposes, the data is collected and processed, which your internet browser automatically transmits, such as:
- type of browser
- date and time of retrieval
- browser settings
- the operating system used
- the website from which you are visiting us and the website you are visiting
- your IP address
This data is anonymized and stored and processed separately from your personal data. The collection of data is necessary to enable the use of our Internet presence at all. The data is processed solely for statistical purposes and for the purpose of improving our website.
- Use of a contact option
On our website we offer you the possibility to contact us via a contact form “schedule your live demo” or “Send me this Businesskit”, by contact chat, by phone or by email. If you use the above contact options, the information provided by you will be stored for the purpose of processing your request. The data will not be passed on to third parties.
- Usage of a newsletter
In order to subscribe to our newsletter, we require your consent under data protection law and at least one e-mail address to which the newsletter is to be sent. All other information is voluntary and will be used to personalize the newsletter.
(We generally use the so-called double opt-in procedure for sending the newsletter, i.e. you will not receive the newsletter until you have confirmed your registration for the newsletter by means of a confirmation e-mail sent to you for this purpose via the link contained therein. We would like to make sure that only you, as the owner of the given e-mail address, can register for the newsletter.
Your data will not be passed on to third parties.
- Usage of a registration function
Our website offers you the opportunity to register. The data entered by you for this purpose will only be collected and stored for the use of our offer. The data will not be passed on to third parties.
- Usage of cookies
We use the technology of cookies for our internet presence. Cookies are small text files that are sent from our web server to your browser during your visit to our website and are then stored on your computer. These are mainly so-called session cookies, which are only stored for the duration of your visit to our website and then deleted again.
You can determine in your browser whether cookies can be set and retrieved. For the full range of functions on our website, however, session cookies must be permitted for technical reasons.
- Usage of Google Analytics
For our website we use the analysis service “Google Analytics” of the company Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (hereinafter Google). This enables us to analyze your use of the website. Cookies are also used for this purpose. The information generated by the cookies is sent to a Google server in the USA and stored there. By activating IP anonymization on this website, your IP address within the EU member states or other signatory states to the Agreement on the European Economic Area will be reduced by Google and thus made anonymous.
On our behalf, Google then uses this information to evaluate your use of our website, to compile reports on website activities and to provide us as website operator with further services associated with website and Internet use.
The IP address transmitted within the framework of Google Analytics is not combined with other Google data.
In addition, you have the possibility to prevent Google from collecting the data generated by the cookie and relating to your use of the website, as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:
- Usage of Google Tag Manager
- Usage of Mouseflow
An opt-out option is available at the following link: http://mouseflow.com/opt-out/.
We use Hubspot on our site for the purpose of our online marketing activities. This is an integrated software solution with which content management (website and blog), e-mail marketing (newsletters and automated mailings, e.g. for the provision of downloads), social media publishing & reporting, reporting (e.g. traffic sources, accesses, etc…), contact management (e.g. user segmentation & CRM), landing pages and contact forms operate.
This information and the contents of our website are stored on servers of our software partner Hubspot. They can be used by us to contact visitors to our website and to determine which services of our company are of interest to them.
HubSpot is a software company from the USA with a branch in Ireland.
2nd Floor 30 North Wall Quay
Dublin 1, Ireland,
Phone: +353 1 5187500.
Hubspot is certified under the terms of the” EU – U.S. Privacy Shield Framework” and is subject to the TRUSTe’s Privacy Seal and the U.S. – Swiss Safe Harbor Framework.
More information about the data protection regulations of HubSpot
- Google Web fonts
Our website uses so-called web fonts to display the font. Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Your browser loads the required web font into your browser cache once you visit our site. This is necessary to make sure that your browser can also show an optically improved representation of our texts. If your browser does not support this function, a standard font of your computer is used for display. The integration of the web fonts takes place via a server call, usually a Google server in the USA. In that process the pages that you have visited on our website are transferred to that server. The IP address of the browser of the visitor’s terminal device is also stored by Google.
More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq?hl=en-GB&csw=1
General information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/
- Social media
We use the following social media plugins on our website.
Our website uses plugins from the social network Facebook, the provider Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
By using our website, this plugin establishes a direct connection between your browser and the Facebook server, and Facebook receives the information that you have visited our page with your IP address. By clicking on the Facebook “Like-Button” while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our site with your account.
Please note that as the provider of our website, we have no knowledge of the data transmitted to and used by Facebook. For more information on data usage, please visit http://de-de.facebook.com/about/privacy/.
Please log out of your Facebook account before visiting our site if you do not want Facebook to associate visiting our site with your account.
Our website uses plugins from Twitter, offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
By using Twitter and the Re-Tweet function, the websites you visit are linked to your Twitter account and made known to other users. Data is also forwarded to Twitter.
Please note that as the provider of our website we have no knowledge of the data transmitted to and used by Twitter. For more information on data usage, please visit http://twitter.com/privacy.
You can change your Twitter privacy settings in your Twitter account settings.
Our website uses plugins from LinkedIn, offered by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
By using our website, this plugin establishes a direct connection between your browser and the LinkedIn server and LinkedIn receives the information that you have visited our site with your IP address. By clicking on the LinkedIn Recommend button while logged into your LinkedIn account, you can link the contents of our pages to your LinkedIn profile. LinkedIn may associate your visit to our site with your user account.
Please note that as the provider of our website, we have no knowledge of the data transmitted to and used by LinkedIn. For more information on data usage, please visit http://www.linkedin.com/legal/privacy-policy.
Our website uses plugins from YouTube, offered by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. By using our website, this plugin establishes a direct connection between your browser and the YouTube server and gives YouTube the information that you have visited our site with your IP address.
If you are logged into your YouTube account, YouTube may associate the content of our pages with your account. This can be prevented by logging out of the YouTube account.
Please note that as the provider of our website, we have no knowledge of the data transmitted to and used by YouTube. Further information on the use of data can be found at https://www.google.de/intl/de/policies/privacy.
- Publication of job advertisements
If you apply for one of our jobs via our website, your data will be collected and processed by us for the purpose of handling the application procedure.
If the application is followed by the conclusion of an employment contract, the transmitted data serve us for the usual organization and administration. The data is then stored in your personnel file in compliance with the relevant legal regulations.
If your application is rejected, your data will automatically be deleted two months after rejection. This does not happen if a longer storage is necessary due to legal requirements or if you have expressly agreed to a longer storage in our database of interested parties.
Rights of the data subject
a) Right to be informed, Art 15 GDPR
Every person affected by the processing of personal data has the right granted by the Basic Data Protection Ordinance to receive information at any time and free of charge from the person responsible for the processing about the personal data stored about his person and a copy of this information. Furthermore, the person concerned has the right to request disclosure about the following information:
- the processing purposes
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right of rectification or deletion of personal data concerning him or of a restriction on processing by the controller or of a right of opposition to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject
Furthermore, the data subject has a right of access to information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information on the appropriate guarantees in connection with the transmission.
If a data subject wishes to make use of this right of information, he may contact us at any time at the contact details given in paragraph I.2. of the person responsible for the processing.
b) Right to correction, Art. 16 GDPR
Any person concerned by the processing of personal data has the right granted by the Basic Data Protection Regulation to request the immediate correction of inaccurate personal data concerning him/her. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
If a data subject wishes to exercise this right of rectification, he may contact us at any time using the contact details of the controller referred to in paragraph I.2.
c) Right to cancellation (right to be forgotten), Art. 17 GDPR
Every person concerned by the processing of personal data has the right granted by the Basic Data Protection Regulation to require the data controller to demand that the personal data concerning him be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
- The data subject withdraws his/her consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for processing.
- The data subject objects to processing under Article 21(1) GDPR and there are no overriding legitimate grounds for processing or the data subject objects to processing under Article 21(2) GDPR.
- The personal data have been processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data was collected in relation to services offered by the information society pursuant to Art. 8 para. 1 GDPR.
If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored with us deleted, he/she can contact us at any time under the contact data of the person responsible for processing stated in paragraph I.2. We will immediately comply with your justified request for deletion.
If the personal data has been made public by us and our company is responsible pursuant to Art. 17 Para. 1 GDPR, our company shall take appropriate measures, including technical measures, taking into account the technology available and the costs of implementation, to inform other data processors who process the personal data published, that the data subject has requested the deletion of all links to such personal data or of copies or replications of such personal data from such other data processors, unless such processing is lawful.
d) Right to limitation of processing, Art. 18 GDPR
Any person concerned by the processing of personal data has the right granted by the Basic Data Protection Regulation to require the controller to restrict the processing if one of the following conditions is met:
- the accuracy of the personal data is disputed by the data subject for a period which enables the data controller to verify the accuracy of the personal data.
- the processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data.
- the data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the assertion, exercise or defense of legal claims.
- the data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data subject outweigh those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data held by us, he/she may contact us at any time using the contact details of the controller referred to in paragraph I.2.
e) Right to data transferability, Art. 20 GDPR
Any person concerned by the processing of personal data shall have the right granted by the Basic Data Protection Regulation to receive the personal data concerning him/her which he/she has provided to a controller in a structured, current and machine-readable format and shall have the right to transmit such data to another controller without interference by the controller to whom the personal data have been provided, provided that
- o processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
- processing is carried out using automated methods.
Furthermore, in exercising his right to data transferability in accordance with Art. 20 para. 1 GDPR, the data subject has the right to obtain that the personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
In order to assert the right to data transferability, the data subject may contact us at any time using the contact details of the data controller referred to in paragraph I.2.
f) Right of objection, Art. 21 DSGVO
Any person concerned by the processing of personal data has the right granted by the Basic Data Protection Regulation to object at any time to the processing of personal data concerning him/her on the basis of Article 6(1)(e) or (f) of the GDPR for reasons arising from his particular situation. This also applies to profiling based on these provisions.
As the data controller, we will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to carry out direct advertising, the person concerned has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If the data subject objects to our processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data concerning him/her which is carried out by us as data controller for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR for reasons arising from his particular situation unless such processing is necessary to fulfil a task in the public interest.
In order to exercise the right of opposition, the data subject may contact us at any time using the contact details of the controller referred to in paragraph I.2.
f) Right to revoke consent under data protection law
Any person affected by the processing of personal data has the right granted by the Basic Data Protection Ordinance to revoke his or her consent to the processing of personal data at any time.
If the data subject wishes to exercise his/her right to withdraw his/her consent, he/she may contact us at any time at the contact details of the controller referred to in paragraph I.2.
g) Right of appeal; Art. 77 GDPR
Any person concerned by the processing of personal data has the right to complain to a supervisory authority under the Basic Data Protection Regulation. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
Fanomena GmbH, April 2018