Processing of personal data
1. Personal data of natural persons
Personal data is deemed to be specific information on personal or factual characteristics which relate to a particular or identifiable natural person. For example: data such as a person’s name, address, e-mail address, phone number and date of birth. Data which cannot be directly linked with your identity, such as preferred websites or the number of users of a page, is not deemed to be personal data.
The Provider shall process any personal data which is necessary to guarantee or provide its services and the related performances. The Provider shall also process personal data which users of the service enter themselves; for example, to register for the customer portal. The Provider may process such personal data with the assistance of services provided by third parties, have it processed by third parties as well as pass it on to affiliated companies which are allowed to process such data for similar purposes as the Provider.
2. Data connected with the use of the websites
Further data shall be collected when accessing the offer, such as the date and time stamp, Internet Protocol (IP) addresses used, addresses and names of the pages accessed, information about the operating systems used and browsers as well as any location data released. The Provider shall use such data for statistical evaluation of the use of the offer and to detect technical problems so that the offer can be improved on an ongoing basis. The Provider shall not identify any users with such data. The Provider can process such data with the help of services provided by third parties or have said data processed by third parties, as well as pass it on to affiliated companies which are allowed to process such data for similar purposes as the Provider.
3. Passing on data
The Provider shall not pass on personal data to third parties without permission from the data subjects. This shall exclude statutory obligations to pass on data, passing on data to be able to guarantee the offer and provide and improve services related to the offer, passing on data with the consent of the data subjects, passing on data to affiliated companies which are permitted to process such data for the same purposes as the Provider, and passing on data to assert legal claims as well as guarantee legitimate interests insofar as the basic rights or interests of the affected users who require data protection outweigh these.
4, Protecting processed data
The Provider shall take appropriate organisational and technical measures to guarantee data protection and data security.
Cookies and tracking pixels
The Provider as well as third parties can place cookies and tracking pixels (web beacons). Cookies and tracking pixels as well as those from third parties (third-party cookies) provide a statistical evaluation of the use of the offer and help to detect technical problems so that the offer can be improved on an ongoing basis.
Cookies are small text files which are stored on end devices such as the users’ PCs. Tracking pixels are accessed when using the offer. The Provider stores cookies and data related to cookies and tracking pixels for the period necessary to be able to guarantee the offer and provide services connected with the offer.
Cookies can be deactivated in the browser settings in full or in part, as well as deleted, at all times. Tracking pixels can be blocked in the browser settings or with the corresponding browser extensions at all times. If cookies are fully or partially deactivated and tracking pixels are blocked, the offer can no longer be used to its full extent.
The Provider uses Google Analytics, a web service of Google Inc.(“Google”). Google Analytics uses “cookies”, i.e. text files, which are stored on your computer and enable an analysis of your use of the website. The information about your use of the website generated by the cookie is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will truncate your IP address beforehand within Member States of the European Union or in other states which are party of the Agreement on the European Economic Area.
The full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases. Google will use this information to evaluate your use of the website, to compile reports on the website activities for the website operator and to provide further services connected with the website use and Internet use. Google may also transmit this information to third parties where it is required to do so by law, or if these third parties process this data on Google's behalf. The IP address transmitted from your browser within the scope of Google Analytics will not be associated with any other data of Google.
You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to inform you that you will not be able to make full use of all the functions of this website. By using this website, you hereby consent to the processing of the data which Google has collected about you in the above manner and for the aforementioned purpose.
The Provider can inform and contact users about the offer by e-mail and other communication channels.
Notifications can contain graphics or Web links which record whether an individual notification has been read and which Web links were clicked on during the course of this. Such graphs and Web links record the use of notifications for statistical evaluation and to detect technical problems so that notifications can be improved on an ongoing basis.
Users who receive notifications can unsubscribe at any time and object to the use of the mentioned graphics and Web links at the same time. Notifications deemed by the Provider to be mandatory for the use of the offer shall be excluded from this.
Rights of users
Users and other persons whose personal data is processed by the Provider can demand written information about the processing of their personal data, have their data corrected, deleted or blocked and object to the processing of their personal data. Under data protection law, such claims and information must be reported by letter post to the following address:
Planzer Support AG
z.Hd. des Datenschutzbeauftragten
The measures listed below are of a general nature and shall apply unless measures to the contrary were agreed in a contract.
If the data processing is undertaken by third parties, a relevant contract on order processing shall ensure that the third party takes comparable measures and adheres to them.
a) Physical access control
The data centres used by the Provider meet the most stringent security requirements. Access shall only be granted and requested for a select, well-known group of people, along with prior registration and two separate security features. Access shall also be logged.
b) System access control
Access to the Provider’s system shall take place with personalised user accounts. A password policy shall be instituted which meets modern standards through the use of technical as well as organisational measures. If authentification fails, the account shall be temporarily disabled; after further unsuccessful attempts, the account shall be permanently disabled. All log-in attempts shall be logged.
Firewall systems shall protect against external access. VPN technology shall protect against external data connections.
c) Data access control
The rights to the systems are structured into groups. One or more groups that are required to perform the function of the respective employee are assigned to the individual employee accounts. The groups are structured so that they can only access the data that is required to fulfil the task. Mutations of the group assignments are documented and logged.
The primary identification features of the personal data shall be removed from the respective data use and stored separately if the respective data processing allows this.
a) Transmission control
Personal data shall only be transmitted with the consent of the data subject or on the basis of a legal obligation.
b) Entry control
The systems of the Provider in general and the systems which process personal data in particular shall log access & events (log-ins, log-outs, amendments, etc.).
3) Availability control
- High-availability architecture (storage, server, network, data centre & connection)
- Local emergency power (UPS)
- Backup system with offsite backup
- Anti-virus protection
- Regular patching of operating systems and applications
4) Procedure for regular review, assessment and evaluation
a) Data protection-friendly defaults
The principles of “Privacy by design” and “Privacy by default” shall be taken considered during IT operations and IT development.
b) Order control
No order processing shall be undertaken without the requisite instructions from the Client, e.g.: clear contractual design, formalised order management, strict selection of service provider, duty of impartiality, follow-up inspections.