PURPOSE OF OUR POLICY
THE INFORMATION WE COLLECT
In order to run our business and to provide the Services it is necessary for us to collect data. This information allows us to identify who an individual is for the purposes of the Services, share data when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
- Company Information. We may collect company details such as name, location other information that allows us to identify who the company is;
- Contact Information. We may collect information such as an individual’s email address, telephone number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
- Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, and other information for statistical purposes;
- Error reports. We may collect technical trace information of any failure
- Information individuals send us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities, including activities with our partners.
HOW INFORMATION IS COLLECTED
Most information will be collected in association with an individual’s use of theServices. However, we may also receive data from other sources such as advertising, individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information couldbe collected as follows:
- Registrations. When an individual registers to the Services, or anaccount, whereby they enter data details or grant access to information;
- Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
- Partners. When an individual grants us access to their accounts with our business partners;
- Supply/Contact. When an individual supplies us with contentor contacts us in any way.
We may also collect anonymous data such as traffic, IP addresses and transaction statistics, which may be used and shared on an aggregated and anonymous basis. You hereby grant your express consent that we may collect the data according to this clause 3.
HOW DATA IS STORED
WHEN DATA IS USED
Data and information is used to enable us to operate our business and the Services. This may include:
- The provision of the Services between an company and us;
- Verifying an individual’s/company’s identity;
- Communicating with an individual/ company;
- Logging for security purposes;
- Investigating any complaints about or made by an individual/ company, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
- As required or permitted by any law.
You hereby grant your express consent that we may use the data according to this clause 5.
WHEN DATA IS DISCLOSED
It may be necessary for us to disclose an individual’s data to third parties in course of the Services. We will not disclose or sell an individual’s data to unrelated third parties under any circumstances, except for sponsors and where we employ other companies to perform tasks on our behalf and we need to share the information with them to provide the Services. All partners are well selected and have the duty according to Art. 28 of the GDPR to comply with data protection laws. There are some circumstances in which we must disclose an individual’s information:
Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
As required by any law including court orders; and/or
In order to sell our business (as we may transfer data to a new owner).
LEGAL BASIS FOR DATA PROCESSING
Legal basis for processing your data according to clauses 2 – 7 are Art. 6 No. 1 (a) and (b) of the GDPR. If no contract has been concluded yet between you and us, Art. 6 No. 1 (f) of the GDPR is the legal basis, especially for transmitting the IP address. Legal basis for cookies according to clause 9 below is Art. 6 No. 1 (a) of the GDPR.
OPT OUT TO COLLECTION OF DATA; LIMITATION OF DATA PROCESSING
An individual may opt out to not have us collect their data and communicate with them. This may prevent us from offering them some or all of our Services and may terminate their access to some or all of the Services they access with or through us. The same applies if you want us to limit certain aspects of processing your data. If an individual believes that it has received information from us that it did not opt in to receive, it should contact us via e-mail to: firstname.lastname@example.org. The same applies for requests regarding the limitation of collecting or processing the data.
THE SAFETY & SECURITY OF DATA
We will take all reasonable precautions to protect an individual’s data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks. We have implemented the following technical and logic security measures:
- Personal computers of all employees are required to have full disk encryption, firewall enabled and to have all available security patches applied.
- Network and infrastructure security and data processing of end-user is handled on infrastructure provided by AWS, which is annually audited against ISO/IEC 27001:2013 and ISAE 3402 II.
We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s data to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies. The following sub-processors shall be considered approved by the User:
- AWS. Primary data center: Frankfurt.
If an individual suspect any misuse or loss of, or unauthorised access to, their data, they should let us know immediately. We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.
DATA RETENTION PERIOD
We only save your data as long as necessary to provide our Services or for the time we have a legitimate interest in retaining the data. Deletion of your data is executed after expiring of the periods as required by law or contract. Data which is not subject to such mandatory retention periods will be deleted after omission of said purposes.
HOW TO ACCESS AND/OR UPDATE DATA; TRANSFER OF DATA
If an individual cannot update his or her own information on its own, we will correct any errors in the data we hold about an individual within 7 days of receiving notice from them about those errors. It is an individual’s responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect. We safeguard on your request the transmission of your personal data in a suitable manner.
DELETION OF ACCOUNTS AND DATA
At any time, you can request your account to be deleted, by contacting us via e-mail to email@example.com or sending us a letter to Trackmydrum, c/o THINKT digital GmbH, Alt-Moabit 92, 10559 Berlin. If you request that your account shall be deleted, your data will be deleted, unless other retention times with respect to deletion are provided for by the applicable laws, or retention is required in order to conclude contractual performance, complete relevant services, or for other compliance, accounting and settlement purposes. Your activity and communications on our Services will continue to be stored, provided that we would then anonymise your name upon request.
RIGHT TO WITHDRAW
If our use of your personal data and information is based on consent which you have granted, you may withdraw such consent at any time for the future by sending us an e-mail to firstname.lastname@example.org or a letter to Trackmydrum c/o THINKT digital GmbH, Alt-Moabit 92, 10559 Berlin.
COMPLAINTS TO DATA PROTECTION AUTHORITIES
If you have complaints regarding processing your personal data you have the right to lodge a respective complaint to the competent supervisory authority. You may contact the data protection authority which is responsible for your place of residence or your federal state. You may also direct your complaint to the data protection authority in charge for our Services.