Data protection policy

The responsible body in accordance with data protection law, especially the EU General Data Protection Regulation (GDPR), is:

Legal Notice of fortiss GmbH

 

Your rights as a data subject

You can exercise the following rights at any time by contacting our data protection officer at the address provided:

  • Right to obtain information about your stored data and how we process it (Art. 15 GDPR),
  • Right to amend incorrect personal data (Art. 16 GDPR),
  • Right to delete your stored data (Art. 17 GDPR),
  • Right to restrict the data processing, if we are not yet permitted to delete your data due to legal obligations (Art. 18 GDPR), Right to object to your data being processed by us (Art. 21 GDPR), and
  • Right to data portability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us consent, you can revoke it permanently at any time.

You can also contact a supervisory authority at any time with a complaint, e.g. the competent supervisory authority of the federal state of your domicile or the authority responsible for us as the competent authority.

A list of supervisory authorities (for the non-public sector) and their addresses are available at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html..

 

Collection of general information when visiting our website

Nature and purpose of processing:

If you access our website, that is, if you do not register or otherwise provide information, information of a generic nature will be automatically collected. This information (server log files) includes the type of browser used, the operating system used, the domain name of your internet service provider, your IP address and other similar data.

It is processed for the following purposes:

  •     Ensuring a smooth connection to the website,
  •     Ensuring our website works properly,
  •     Evaluating system security and stability, as well as
  •     For other administrative purposes.

We do not use your data to draw conclusions about you personally. Information of this kind may be evaluated statistically in order to optimise our website and the underlying technology.

Legal basis:

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients:

Recipients of the data may be technical service providers who work on operating and maintaining our website as contractual processors.

Storage duration:

The data will be deleted as soon as it is no longer needed for its designated purpose. This is usually the case for data that serves to make the website available, once the session has ended.

Prescribed or required data provision:

The provision of personal data is neither required by law nor contractually prescribed. However, without the IP address, the service and functionality of our website is not guaranteed. Additionally, individual services may be unavailable or limited. For this reason, an objection is not possible.

 

Use of script libraries (Google Web Fonts)

Nature and purpose of processing:

In order to display our content correctly and so that it is graphically appealing for all browsers, we use "Google Web Fonts" by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google") to display fonts on this website. These fonts are stored locally on our web server, so that no cookies are stored in your browser.

The privacy policy of the library operator Google is available at: https://www.google.com/policies/privacy/

Legal basis:

The legal basis for the integration of Google Web Fonts and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

Recipients:

Accessing script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible - but currently unclear if and for what purposes - that in such cases the operator collects Google data.

Storage duration:

We do not collect any personal data by integrating Google Web Fonts.

Further information about Google Web Fonts is available at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://www.google.com/policies/privacy/.

Transfer to third countries:

Google processes your data in the USA and is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Prescribed or required data provision:

The provision of personal data is neither required by law nor contractually prescribed. However, correct display of the content of standard fonts is not possible otherwise.

Revocation of consent:

The programming language JavaScript is regularly used to display the contents. You can therefore object to the data processing by deactivating JavaScript in your browser or by installing an integrated JavaScript blocker. Please note that this may result in limited functioning of the website.

 

Embedded YouTube videos

Nature and purpose of processing:

We embed YouTube videos on some of our webpages. The operator of the respective plug-ins is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter "YouTube"). When you visit a page with a YouTube plug-in, a connection to YouTube servers will be established. This will inform YouTube which pages you are visiting. When you are logged in to your YouTube account, YouTube can associate your browsing habits with you personally. You can prevent this by logging out of your YouTube account beforehand.

As soon as a YouTube video starts, the provider uses cookies that collect information about user behaviour.

For more information on the purpose and extent of your data collection and processing by YouTube, please refer to the provider's privacy policy, where you can also find out more about your rights and preferences to protect your privacy (https://policies.google.com/privacy). Google processes your data in the USA and is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Legal basis:

The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

Recipients:

Clicking on YouTube automatically triggers a connection to Google.

Storage duration and revocation of consent:

If you have deactivated the storage of cookies for the Google Ad program, you will not have to deal with such cookies when viewing YouTube videos. However, YouTube also stores non-personal usage information in other cookies. You must configure your browser to block cookies if you wish to prevent this.

Further information on data protection at "YouTube" is available in the provider's data protection policy at https://www.google.de/intl/de/policies/privacy/

Transfer to third countries:

Google processes your data in the USA and is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Prescribed or required data provision:

The provision of your personal data is voluntary and solely on the basis of your consent. If you block access, this may result in limited functioning of the website.

 

SSL encryption

We use state-of-the-art encryption methods (e.g. SSL) via HTTPS to protect the security of your data during transmission.

 

Changes to our data protection policy

We reserve the right to adapt this data protection policy so that it continually meets current legal requirements or in order to incorporate changes to our services, e.g. when introducing new ones. Subsequent website access will then be subject to the terms of the new data protection policy.

 

Questions for the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection at our company directly at:

Data Protection Officer of fortiss GmbH
c/o activeMind AG
Potsdamer Str. 3, 80802 Munich
Tel.: +49 89 9192949 00
datenschutzbeauftragter@fortiss.org

 

Review by:

Michael Plankeman
Data Protection & Data Security Consultant
c/o activeMind AG
Potsdamer Str. 3, D-80802 Munich
Tel.: +49 89 9192949 00
www.activemind.de

 

Your objection rights

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data, which may be processed on the basis of Art. 6, para. 1 lit. f GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art 4, no. 4 GDPR.

If you raise an objection, we will no longer process your personal data, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.

The objection can be made without any form requirement to: datenschutzbeauftragter@fortiss.org