The EU’s General Data Protection Regulation (GDPR) applies from 25 May 2018.
We are delighted that you are visiting our website and thank you for your interest in our company. The protection of your personal rights is very important to us. You can be sure that we handle your data responsibly and trustworthy.
Name and address of the responsible provider
Name and address of the Data Protection Officer:
Matthias Schlede, Managing Director
secrypt GmbH offers its customers and contractual distribution partners software solutions and services (such as consulting, training, installation and support) for the use of electronic signatures, e-seals, timestamps and encryption in various industries and applications. With the digiSeal® product family, secrypt ensures the authenticity, tamper protection and confidentiality of sensitive electronic data in digital business processes as well as the long-term probative value of electronic archives, for example for securing patients’ digital health records. The personal data are collected, processed and used in order to fulfil the aforementioned activities.
It is generally possible to use our website without providing personal data. However, personal data processing may be required if you wish to use our special services via our website. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.
Affected personal data includes, for example, data for customers, business partners, suppliers, staff, former employees, interested parties and job applicants. Recipients or categories of recipients of the data include, for example, public bodies that receive data as a result of legal regulations (for example, social security providers, tax authorities, supervisory authorities) as well as internal bodies involved in the execution of the respective business processes (essentially: human resources, accounting, invoicing, purchasing, marketing, general administration, sales, telecommunications and IT).
Data is only transferred to third countries in order to fulfil contracts, as part of required communication as well as other exceptions expressly provided for by law. Apart from that there is no transmission to third countries and this is also not planned.
Our website also includes content, offerings and services from other providers. These include Google Analytics, Google AdWords, Google Maps and Google reCAPTCHA. In order for this data to be accessed and displayed in the user’s browser, the transmission of the IP address may be necessary. The providers are therefore aware of the IP address of the respective user.
secrypt GmbH has taken measures to ensure comprehensive protection of personal data processed via this website. Nevertheless we would point out that transferring data via the Internet (for example when communicating via email) can pose security risks. It is not possible to fully protect the data against access by third parties. For this reason, every data subject is free to transfer personal data to us via alternative means, for example by telephone.
Cookies are used on the secrypt GmbH web pages. Cookies are text files that are stored on computer systems via an Internet browser.
The data subject can prevent our website from setting cookies at any time by accordingly setting the Internet browser used and thus permanently preventing the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all standard Internet browsers. However, not all functions of our website may be fully usable if the data subject deactivates the setting of cookies in the Internet browser used.
Collection of general data and information
Every time secrypt GmbH’s website is accessed by a data subject or an automated system, the website records a series of general data and information that are then stored in server log files. It can record the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website, the sub-web pages accessed via an accessing system on our website, the date and time of access to the website, an Internet protocol address (IP address), the accessing system’s Internet service provider and other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, secrypt GmbH does not draw any conclusions about the data subject. Rather, this information is needed to properly deliver the contents of our website, to optimise the content of our website and market it, to ensure the continued functioning of our information technology systems and the technology of our website, as well as to provide law enforcement with the information required to carry out criminal prosecution proceedings in the event of a cyber attack. This anonymously collected data and information is therefore statistically and further evaluated by secrypt GmbH with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.
If you sign up for our Infoletter, we use the data you have entered solely for this purpose or to inform you about circumstances relevant to this service or the registration. We do not disclose this data to third parties.
You require a valid email address to receive the infoletter. Also stored are the IP address you use to register for the Infoletter and the date on which you order the Infoletter. This data serves as verification of misuse if a third-party email address is registered for the newsletter.
You can at any time revoke your consent to the storage of the data, your email address and their use for sending the Infoletter. A link is provided in every Infoletter and on the website for revocation purposes. You can also inform us that you wish to revoke your consent using the contact options provided on this website.
If you contact us via one of the online forms or by email, we will save the information you have provided in order to answer your request and to ask possible follow-up questions.
Use of Google reCAPTCHA
To protect your requests, for example, via an online form, secrypt GmbH uses the reCAPTCHA request verification service from Google (Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA). The reCAPTCHA query is used to detect whether data is inputted on our website by humans or abusively through the use of automated, mechanical processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service. For this purpose the data entered by you will be transmitted to Google and used there.
Erasure of personal data
The data controller processes and stores the personal data of the data subject only for the duration necessary to achieve the data retention purpose or to the extent provided for by law. Once the respective purpose no longer applies or a duration prescribed by law expires, the personal data will be blocked or erased in accordance with the statutory provisions.
Rights of the data subject
Right to confirmation
Each data subject has the right, granted by law, to obtain from secrypt GmbH confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to make use of this confirmation right, he or she can contact our Data Protection Officer or another employee at any time.
Right of access
Each data subject has the right at any time to obtain information free of charge from the data controller regarding the personal data stored about him or her and to receive a copy of this information. Furthermore, the law grants data subjects access to the following information:
– The purposes of the processing
– The categories of personal data being processed
– The recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, in particular recipients in third countries or international organisations
– Where possible, the envisaged period for which the personal data will be stored or, if that is not possible, the criteria used for determining that period
– The existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
– The right to lodge a complaint with a supervisory authority
– Where the personal data is not collected from the data subject, any available information as to its sources
– The existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) of the EU-GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
– In addition, the data subject has a right to be informed as to whether personal data has been transmitted to a third country or to an international organisation. If that is the case, then the data subject has the right to be informed about the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right to access information, they can contact our Data Protection Officer or another employee at any time.
Right to rectification
Each data subject has the right to demand the immediate rectification of incorrect personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If a data subject wishes to exercise this right to rectification, they can contact our Data Protection Officer or another employee at any time.
Right to erasure / Right to be forgotten
Each data subject has the right to require the data controller to erase the personal data concerning him or her without undue delay, provided that one of the following reasons is satisfied and the processing is not required:
– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
– The data subject withdraws consent on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and where there is no other legal ground for the processing.
– The data subject objects to the processing pursuant to Article 21 (1) DS-GVO, and there are no overriding legitimate grounds for processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
– The personal data have been processed unlawfully.
– The erasure of personal data is required to fulfil a legal obligation under Union or Member State law, to which the data controller is subject.
– The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
Insofar as one of the above reasons is satisfied and a data subject wishes to arrange for the erasure of personal data stored by secrypt GmbH, he or she can, at any time, contact our Data Protection Officer or another employee who will arrange for the erasure request to be complied with without undue delay.
Where secrypt GmbH as the data controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, secrypt GmbH shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, unless the processing is required. The Data Protection Officer for secrypt GmbH or another employee will arrange the necessary erasure in individual cases.
Right to restriction of processing
Each data subject has the right to require the data controller to restrict processing if one of the following conditions is met:
– The accuracy of the personal data is contested by the data subject for a period of time that enables the data controller to verify the accuracy of the personal data.
– The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
– The data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
– The data subject has objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been verified whether the legitimate grounds of the data controller override those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by secrypt GmbH, he or she can at any time contact our Data Protection Officer or another employee who will ensure that the processing is restricted.
Right to data portability
Each data subject has the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format. Each data subject also has the right to transmit this data to another person without hindrance by the data controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6 (1) point (a) GDPR or Article 9 (2) point (a) of the GDPR or on a contract pursuant to Article 6 (1) point (b) GDPR and the processing is carried out by means of automated procedures, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible and provided that the rights and freedoms of others are not adversely affected.
In order to assert the right of data transferability, the data subject may at any time contact the Data Protection Officer for secrypt GmbH or another employee.
Right to object
Each data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 of the GDPR. This also applies to profiling based on these provisions.
Secrypt GmbH will no longer process personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
If secrypt GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing purposes. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to secrypt GmbH processing the personal data for direct marketing purposes, secrypt GmbH will no longer process the personal data for these purposes.
In addition, when data is processed at secrypt GmbH for scientific, historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to the processing of personal data concerning him or her unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may directly contact the Data Protection Officer for secrypt GmbH or another employee. Furthermore, in the context of the use of information society services, the data subject is also free to exercise his or her right to object by automated means using technical specifications.
Automated individual decision-making, including profiling
Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This shall not apply if the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller, is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or is based on the data subject’s explicit consent.
If the decision to conclude or fulfil a contract between the data subject and the data controller is required or if it is made with the explicit consent of the data subject, secrypt GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to assert rights with regard to automated decisions, he or she can contact the Data Protection Officer for secrypt GmbH or another employee at any time.
Right to withdraw consent under the General Data Protection Regulation
Each data subject has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to assert his or her rights with regard to withdrawing consent, he or she can contact the Data Protection Officer for secrypt GmbH or another employee at any time.
Data protection for job applications and during the job application process
secrypt GmbH collects and processes the personal data of job applicants for the purpose of handling the job application process. The processing can also be done electronically. This is the case in particular when a job applicant submits corresponding application documents by electronic means, for example by email, to secrypt GmbH. If secrypt GmbH concludes a contract of employment with a job applicant, the transmitted data will be stored for the purpose of executing the employment relationship in compliance with legal requirements. If no employment contract with the job applicant is concluded by secrypt GmbH, the job application documents will be automatically erased six months after notification of the rejection decision, provided that the erasure does not conflict with any other legitimate interests of the data controller. Other legitimate interests in this sense include, for example, the obligation to furnish evidence in proceedings in accordance with the German General Equal Treatment Act (AGG).
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google (Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Google Analytics uses so-called “cookies”, which are text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookies about your use of this website is generally transferred to a Google server in the USA and stored there. Due to the activation of IP anonymization on these web pages, your IP address will, however, be first truncated by Google in member states of the European Union or in other signatory states to the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and Internet usage on behalf of the website operator. The IP address transferred from your browser within the scope of Google Analytics is not associated with other data by Google. You can prevent the storage of cookies by changing the respective setting in your browser software. We point out, however, that in this case you may not be able to use all the functions of this website to their full extent.
In addition, you can prevent Google from logging the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout.
Use of Google AdWords
This website uses the online advertising program Google AdWords and, as part of that, the conversion tracking. The operating company for the Google AdWords service is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. Google Adwords sets a cookie on your computer if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, we and Google are able to recognise that the user clicked on the advertisement and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot therefore be tracked through the websites of AdWords advertisers.
The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who have clicked on their advertisement and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
If you do not want to participate in the tracking process, you can easily disable the Google Conversion Tracking cookie via your Internet browser under User Preferences. You will then not be included in the conversion tracking statistics. In addition, the data subject can object to Google’s interest-based advertising. To do this, the data subject must access the https://www.google.de/settings/ads link from each of the Internet browsers he or she uses and make the desired settings there.
Use of Google Maps
This website uses Google Maps from Google Inc. to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of the Google Maps functions by visitors to the website.
Static linking of Facebook, Google+, XING and Linkedin
secrypt GmbH, April 2018