Data Protection Declaration of Zessions-Service GmbH
(Art. 13, 14 and 21 DSGVO)
The protection of your privacy when using our websites is important to us. Therefore, please take note of the following information.
When we refer to the processing of personal data in this statement, this means that we collect (request), store, use, transmit, otherwise process or delete this data.
In addition, we would like to use this privacy statement to inform you about the nature, scope and purpose of the personal data we process. Likewise, we would like to inform you about your rights.
1. Contact details responsible person/ data protection officer
Person responsible:
Zessions-Service GmbH
Martin-Behaim-Straße 20
63263 Neu-Isenburg
Telephone: +49 (0) 61 02 – 8 83 50 – 850
Fax: +49 (0) 61 02 – 8 83 50 – 22
E-mail: support@zessions-service.de
Data protection officer:
Attorney Andreas Bär
E-mail: a.baer@baer-invest.ch
If you have any questions about data protection at Zessions-Service GmbH or about your rights, please contact our data protection officer. You can also reach him at the above address of our company.
2. Personal data that we process
2.1 Order data
Personal data is only collected if you provide it to us of your own accord, for example, to carry out a contract, a survey or when registering for personalized services. Within the scope of the personalized services of Zessions-Service GmbH, your registration data will be processed, subject to your consent, for the purposes of advertising and market research, as well as for the needs-based design of electronic services. This data is transmitted in encrypted form to prevent misuse of the data by third parties.
2.2 Data that you store on our IT systems
We process the data that you store yourself when you use our services (e.g. contact form, e-mail). This includes the creation of data backups in our systems.
2.3 Log data
Zessions-Service GmbH automatically processes log file information in its servers that your browser transmits to us. These are:
- browser type/version
- operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time of the server request.
This data cannot be assigned by Zessions-Service GmbH to specific or identifiable persons. A combination of this data with other data sources is not made, the data is also deleted after a statistical analysis.
2.4 Tracking
We do not use any tracking procedures.
2.5 Applicant data
We process the data we receive from you in the application process.
For example:
- Name, first name
- Date of birth
- Address
- Telephone numbers
- E-mail addresses and all other
- Other data you provide us with (e.g. certificates, job references, previous income, etc.).
2.6 E-mail contact
If you contact us by e-mail, we will store your data for the purpose of processing your inquiry and in the event that follow-up questions arise. We only process further personal data if you consent to this or if this is legally permissible without special consent. We expressly point out that data transmission over the Internet (eg communication by e-mail) security gaps and can not be completely protected against access by third parties.
2.7 Contact form
If you wish to use the contact form to make an inquiry, we process the personal data you provide in the contact form for this purpose. In addition, we store the date and time of the request. We process the data transmitted via the contact form exclusively for the purpose of being able to answer your inquiry or request.
You can decide for yourself what information you send us via the contact form. The legal basis for the processing of your data is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. We do not pass on your personal data to third parties, unless they are required, for example, for the processing of business transactions. The transmitted data is limited to the minimum necessary.
After processing the matter, the data is initially stored for any queries. You can request a deletion of the data at any time, otherwise the deletion will take place after the complete completion of the matter.
3. Legal basis of the processing
We process and use your data to perform the contract and provide our services, to improve and customize our services and our websites to your needs, to provide updates and upgrades and to send you notifications related to the service, as well as to generate invoices and collect our receivables. Article 6(1)(a) DSGVO serves as our legal basis for processing operations where we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract, the processing is based on Art. 6 (1) (b) DSGVO. The same applies to processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services. If we are subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para 1 lit. c DSGVO.
Finally, processing operations could be based on Art. 6 (1) (f) DSGVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect our legitimate interests or those of a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.
Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. A legitimate interest can usually be assumed if the data subject is a customer of the controller.
If the processing of personal data is based on Article 6 (1) lit. f DSGVO, our legitimate interest is the performance of our business activities.
Applicant data is processed in accordance with Article 88 DSGVO and Section 26 Data Protection Adaptation and Implementation Act EU (DSAnpUG-EU).
4. Categories of recipients
If the opportunity for the input of personal or business data is given, the input of these data takes place voluntarily. Your personal data is stored on protected servers and is only accessible to specially authorized persons who are charged with processing your data. In connection with your access, data is stored on our servers for security purposes that may allow identification (for example, IP address, date, time and pages viewed). No personal exploitation takes place.
4.1 Order processors
Various service providers process personal data on our behalf. With the help of appropriate contracts in accordance with § 62 DSAnpUG-EU, the security of your data is guaranteed. These processors are:
- Companies in the IT sector
- Tax consultants
- Lawyers
- Companies for the destruction of data media
4.2 Authorities
Under certain circumstances, we may have to transfer data to authorities due to legal requirements (e.g. for the prosecution of criminal offenses). These are, for example:
- Court order (e.g. search warrant).
- Public prosecutor’s offices (or equivalent authorities)
- Police on behalf of a public prosecutor’s office
5. Data transfer to third countries
A transfer to third countries (countries outside the EU) does not take place.
6. Duration of storage
We store data that we receive from you only for the duration of the purpose.
We store data from interested parties who contact us via the contact form for 24 months, as our experience shows that subsequent business contacts develop.
Not in all cases is the termination of the contract the same as the deletion of your data, as we must comply with legal retention periods (e.g. by the Tax Code, AO). After expiration of the respective period, they will be deleted.
After the end of the contract, we delete the data from our systems. Backups are automatically deleted after the specified period.
In the applicant process, data that we receive from you is processed for 6 months.
7. Your rights /strong>
7.1 Right of confirmation and information
According to Art. 15 DSGVO, you have the right to have it confirmed whether the respective controller is processing personal data of yours. You can obtain information from us free of charge about the personal data stored about you.
7.2 Right of rectification
According to Art. 16 DSGVO, you have the right to demand the immediate correction of any inaccurate personal data concerning you. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.
7.3 Right of deletion
Pursuant to Art. 17 DSGVO, you have the right to have the personal data concerning you erased without undue delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:
- The personal data was collected or otherwise processed for such purposes for which it is no longer necessary.
- You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
- The personal data has been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
7.4 Right to restriction of processing
According to Art. 18 DSGVO, you have the right to request the restriction of processing if one of the following conditions is met:
- You dispute the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data.
- The processing is unlawful, you object to the erasure of the personal data and instead request the restriction of the use of the personal data.
- We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
- You have objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether our legitimate grounds outweigh yours.
7.5 Right to data portability
According to Art 20. DSGVO, you have the right to receive the personal data concerning you, which you provided to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art 6(1)(a) DSGVO or Art 9(2)(a) DSGVO or on a contract pursuant to Art 6(1)(b) DSGVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller to the extent technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
7.6 Rights of objection against processing
Pursuant to Art. 21 DSGVO, you have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) DSGVO.
We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You have the right to object at any time to the processing of personal data for the purpose of direct marketing.
7.7 Right to revoke consent under data protection law
According to Art. 7 DSGVO, you have the right to revoke your consent to the processing of personal data at any time. This revocation shall apply for the future.
7.8. Right to complain to the supervisory authority
You have the right to contact the Hessian Data Protection Commissioner in the event of a complaint. However, we would appreciate it if you contact us first (see point 1).
The supervisory authority responsible for us is:
Postal address:
Der Hessische Datenschutzbeauftragte
Postfach 3163
65021 Wiesbaden
E-mail: Poststelle@datenschutz.hessen.de
Telephone: +49 611 1408 – 0
Fax: +49 611 1408 – 900
8. Automated decision incl. profiling
Automated individual decisions including profiling (Art. 22 DSGVO) are not used by us.
9. Privacy policy for the web analytics service Google Analytics
This website uses Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We appreciate the trust you place in us and understand the responsibility to protect your data. Therefore, we inform you about what data we collect when you use Google Analytics, why we collect the data and how we optimize our products and services based on this data.
In Google Analytics, interactions are recorded using our own cookies. Cookies are text files that are stored on your computer and allow an analysis of your use of this website (including the shortened IP address). You can disable cookies or delete them individually. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics is supported by an optional browser add-on. If you install and activate it, your data will not be collected by Google Analytics when you visit websites. However, the add-on only disables Google Analytics.
Google Analytics also collects IP (Internet Protocol) addresses to ensure the security of the service and to provide website owners with information about which country, region, or city their users come from. This is also known as IP location tracking. Your collected IP address will be anonymized.
In the event that IP anonymization is activated on this website, your IP address will be shortened by Google beforehand. We would like to point out that on this website Google Analytics has been extended by IP anonymization to ensure anonymized collection of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Purpose of the processing
On our behalf, Google will use information to evaluate your use of our website, compile reports on website activity and provide us with other services relating to website activity and internet usage.
Legal basis:
The legal basis for the use of Google Analytics is your consent pursuant to Article 6 (1) DSGVO.
Categories of recipients:
The recipient of the collected data is Google Ireland Limited.
Duration of data storage:
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs, are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
Data subject rights:
You can revoke your consent at any time with effect for the future by preventing the storage of cookies through an appropriate setting of your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the following link:
http://tools.google.com/dlpage/gaoptout?hl=de
More information on the Google Analytics privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de
10. Google tag manager
This website uses the Google Tag Manager. Through this service, website tags can be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
11. Use of Instagram plug-in
When you actively click on the Instagram button, direct contact is established between Instagram and you. Consequently, the full data control lies with you.
This website uses plug-ins from the provider Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA. Users of our website are informed that the plugin establishes a connection to Instagram. There is a transmission to your browser so that the plug-in appears on the website. We have no influence on the data collected, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage period. We also have no information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores collected data as usage profiles and uses them for purposes of advertising, market research and demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website.
By clicking the Instagram plug-in, according to Art. 6 para. 1 lit. a DSGVO, the following data may be transmitted to the provider:
- IP address
- Browser information
- Operating system
- Screen resolution
- Installed browser plug-ins, for example Adobe Flash Player
- Previous website, if you followed a link (referrer)
- The URL of the current website, etc.
Logged-in Instagram users are assigned to your personal account and can publicly link and comment on the corresponding content.
The processing operations are carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of the legitimate interests of Instagram. If you do not want Instagram to directly assign the data collected via our website to your Instagram profile, you must log out of Instagram before visiting our website.
Instagram Inc., based in the USA, is certified for the EU-U.S. Privacy Shield. The data protection agreement ensures compliance with the level of data protection applicable in the EU..
When using the Instagram plug-in via our website, our data protection rights no longer apply. Further information regarding the data use of Instagram can be found here: http://instagram.com/about/legal/privacy/
12. Security notice
We protect your personal data by taking all possible technical and organizational measures to comply with the protection goals.
When communicating by e-mail, data security cannot be guaranteed by us, so we recommend that you send confidential information by post.
13. Topicality and change of this data protection explanation
This privacy policy is currently valid and has the status January 2021.
In the event of changes to our website, we reserve the right to always adapt the data protection declaration to the current legal requirements.
Neu-Isenburg, January 22, 2021