Privacy Statement under GDPR

Volume of processing of personal data - General
In principle, we only collect and use the personal data of our users to an extent necessary for the provision of a functional website as well as for our content and services. The collection and use of personal data from our users occurs regularly, and only with the consent of the user. An exception may apply to cases in which prior consent cannot be obtained for reasons of fact and the processing of data is permitted by law.

Legal basis for the processing of personal data
In cases where we obtain the consent of the concerned person for the processing of personal data, art. 6 (1) lit. a of the General Data Protection Regulation (GDPR) serves as the legal basis. In the case of the processing of personal data necessary for the fulfillment of a contract wherein the contractual party is the concerned person, art. 6, (1) lit. b of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions. In the event that a processing of personal data is required in order to fulfil a legal obligation that our company is subject to, art. 6 (1) lit. c of the GDPR serves as the legal basis. In the event that vital interests of the concerned person or other natural person necessitate a processing of personal data, art. 6 (1) lit. d of the GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the concerned person do not outweigh the former interest, art. 6 (1) lit. f of the GDPR serves as the legal basis.

Data erasure and storage duration
The personal data of the concerned person are deleted or blocked as soon as the purpose of the storage no longer applies. Data may be kept for a longer period of time if this is intended by a European or national legislator through EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when the storage period prescribed by the standards mentioned above expires, unless there is a need for further storage of the data due to the end or fulfillment of a contract.

Provision of the website and creation of log files
Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the visiting user.
The following data is collected this way:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the system of the user came from when reaching our website
(7) Websites accessed by the user’s system through our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

Legal basis for data processing
The legal basis for the temporary storage of data and log files is art. 6 (1) lit. f of the GDPR.

Purpose of data processing
The temporary storage of the IP address by our system is necessary to allow provision of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Based on these purposes, our interest in the processing of data is legitimate as per art. 6 (1) lit. f of the GDPR.

Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the provision of the website, this data is deleted when the session is completed. In the case of storage of data in the log files, this data will be deleted after no longer than seven days. Additional storage of this data is possible. In this case, the IP address of the user is deleted or made anonymous, so that it is impossible to assign the information to any further clients.

Right of objection and possibility of removal
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no right of objection on behalf of the user.

Contact
Description and scope of data processing
On our website, we offer users the opportunity to contact us by providing personal information. The data may be sent from you via email contact request and are stored with us. This information is not shared with third parties. The following data is collected in this process:
  • Name
  • Company and address
  • Email address

  • In submitting the inquiry, the user must consent to having their data processed.

    Legal basis for processing
    The legal basis for the processing of data in the case where the user provides consent is art. 6 (1) lit. a of the GDPR. If the establishment of contact is necessary for the fulfillment of a contract of which the user is a party, or the implementation of pre-contractual measures, then the additional legal basis for the processing of the data is art. 6 (1) lit. b of the GDPR.

    Purpose of data processing
    Establishing contact with the user is required for the provision of certain content and services from our company.

    Duration of storage
    The data is deleted as soon as it is no longer necessary for the purpose for which it was collected.

    Right of objection and possibility of removal
    The user has the ability to revoke their consent to the processing of their personal data at any time. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, further conversation cannot continue. All personal data stored in the course of making contact will be deleted in this case, unless otherwise specified by law.

    Rights of the person concerned
    If your personal information is being processed, you are covered by the GDPR and have the following rights:

    Right of access
    You may ask the person in charge to confirm if personal data concerning you is being processed by us.
    If such processing has occurred, you may request information from the person responsible regarding the following information:
    (1) the purposes for which the personal data are processed;
    (2) the categories of personal data being processed;
    (3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
    (4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
    You have the right to request information about whether your personal information is being sent to a third country or an international organization. In this context, you can request the appropriate guarantees in accordance with art. 46. GDPR regarding the transfer of information within this context.

    Right of rectification
    You have a right to rectification and/or correction of data towards the responsible person if the personal data being processed relating to you is incorrect or incomplete. The responsible person must make the correction without delay.

    Right to restrict the processing
    You may request a restriction of the processing of your personal data under the following conditions:
    (1) if you contest the accuracy of your personal information for a period of time which enables the controller to verify the accuracy of your personal information;
    (2) if you object to the processing pursuant to art. 21 (1) of the GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

    If the processing of personal data concerning you has been restricted, this data may, with the exception of data storage, only be used with your consent or for the purpose of asserting, exercising or defending legal claims, or protecting the rights of another natural or legal person, or for reasons of important public interest of the EU or a member state. If the restriction of processing mentioned above has been put into place, you will be informed by the responsible person before the restriction is lifted.

    Right of deletion
    Obligation of deletion
    You may require the responsible party to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following grounds is true:

    (1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
    (2) You revoke your consent, wherein the legal basis for processing your data was art. 6 (1) lit. a or art. 9 (2) lit. a of the GDPR, and there is no other legal basis for processing.
    (3) You object to the processing of your data based on art. 21 (1) of the GDPR and there is no other legal basis for processing, or you contest the processing based on art. 21 (2) of the GDPR.
    (4) Your personal data is being processed unlawfully.
    (5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under EU law or the law of a member state to which the controller is subject.
    (6) The personal data concerning you were collected in relation to information society services pursuant to art. 8 (1) of the GDPR.

    Information to third parties
    If the responsible person has made the personal data concerning you public and is obligated to deleting this information as per art. 17 (1) of the GDPR, they shall take appropriate measures, taking into account available technology and implementation costs, to inform data collectors, who process personal data, that you have requested the deletion of all links to such personal data or of copies or replications of such personal data.

    Right to information
    If you have the right of rectification, deletion or restriction of processing to the responsible party, they are obligated to notify all recipients to whom your personal data have been disclosed, and must notify them of the relevant correction, deletion or restriction, unless this proves impossible or requires an excessive effort. You have a right to the person responsible to be informed about who these recipients are.

    Right to data portability
    You have the right to receive the personal information which you have provided to the responsible person in the form of a structured, conventional and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that:

    (1) the processing is based on consent, as per art. 6 (1) lit. a of the GDPR or art. 9 (2) lit. a of the GDPR, or is based on a contract as per art. 6 (1) lit. b of the GDPR, and
    (2) the processing is performed automatically.

    In exercising this right, you also have the right of your personal data being transferred directly from one responsible person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be violated in this process. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible person.

    Right of objection
    You have the right, for reasons that arise from your particular situation, to object to the processing of your personal data at any time, pursuant to art. 6 (1) lit. e or f of the GDPR; this also applies to profiling based on these provisions. The responsible person will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or demonstrate that the processing is for the purpose of enforcing, exercising or defending legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the option, in the context of using information society services not pertaining to the 2002/58/EG guidelines, to exercise your right of objection through automated procedures that use technical specifications.

    Right to revoke the data protection consent declaration
    You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent prior to the revocation.

    Automated decision on an individual basis including profiling
    You have the right not to be subjected to a decision based solely on automated processing – including profiling – that may have legal repercussions or similarly affect you negatively. This does not apply if the decision:

    (1) is required for the conclusion or fulfillment of a contract between you and the responsible person,
    (2) is permitted by EU or a member state’s legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
    (3) with your express consent.

    However, these decisions must not be based on special categories of personal data under art. 9 (1) of the GDPR, unless art. 9 (2) lit. a or g of the GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
    With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights, freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the responsible person, to express their own position and be heard on challenge of the decision .

    Right to complain to a supervisory authority
    Regardless of any other administrative or judicial rights, you shall have the right to complain to a supervisory authority, in particular within the member state of your residence, your place of work or the place of alleged infringement, if you believe that the processing of the personal data concerning you violates GDPR law. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to art. 78 of the GDPR.

    Please contact us for further information:

    medways e.V.
    Keßlerstraße 21 b
    07745 Jena
    Telefon: 03641 / 87 610 40
    Fax: 03641 / 87 610 50
    e-mail:info@medways.eu