Privacy policy cysmic GmbH
I. Introduction
The following information is intended to provide you as the “data subject” with an overview of the collection, use, and processing of your personal data by us and your rights under data protection laws. As soon as you wish to make use of our company’s services via our website, it is necessary to process personal data. If there is no legal basis for such processing, this will generally only take place with your consent.
The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the data protection regulations otherwise applicable to cysmic GmbH.
Our offer is generally aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect it, and do not pass it on to third parties.
Information on the protection of your data:
As the controller, we have implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, you are free to send personal data to us by alternative means, for example by post.
You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. We would therefore like to take this opportunity to give you some tips on how to handle your data securely:
• Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with secure passwords (secure passwords should consist of at least 10 characters, contain upper and lower case letters, numbers, and special characters).
• Only you should have access to the passwords.
• Make sure that you only ever use your passwords for one account (login, user, or customer account).
• Do not use one password for different websites, applications, or online services.
• The following applies in particular when using publicly accessible IT systems or IT systems shared
with other people: you should always log out after logging in to a website, application, or online service.
II. Controller and data protection officer
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
cysmic GmbH
Auf der Trift 1
66127 Saarbrücken
Saarbrücken, Germany
represented by the managing director:
Dr. Stephan Quint
E-mail: info@cysmic.de
Phone: +49 176 3078 4328
Website: www.cysmic.de
III. General information on data processing
1. Scope of the processing of personal data
We only process the personal data of users of our website to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Art. 6 para. 1 lit. a) GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfillment of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.
In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details, or other vital information would have to be passed on to a doctor, hospital, or other third party. The processing would then be based on Art. 6 para. 1 lit. d) GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
3. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
• You have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR,
• the disclosure is permitted in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• if there is a legal obligation for the disclosure under Art. 6 para. 1 sentence 1 lit. c) GDPR, and
• this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.
We pass on collected data for processing to the respective internal departments or external service providers, and processors (e.g. hosting, shipping, processing service providers, web analysis) in accordance with the required purposes (to carry out the sending of products, advertising, communication). If the processing of data by third parties involves order processing, we have concluded order processing agreements based on the standard contractual clauses of the European Commission in accordance with Art. 28 GDPR with the processors we use to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA).
Our website is hosted by our hosting provider united-domains AG. In Germany, united-domains AG is based at Gautinger Straße 10, 82319 Starnberg. united-domains AG offers the following web hosting services: Domain, Website & Shop, Hosting & WordPress, Marketing, E-Mail & Office, united-domains AG Cloud and Server. As explained in the section “IV. In detail”, web servers, such as those of United Domains, store data of every website visit. If you would like to learn more about the data protection practices at united-domains AG, please visit: https://www.united-domains.de/unternehmen/datenschutz/
You can find out more about the purpose of hosting and your individual rights in this regard in the section “IV. In detail”.
4. Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
5. Your rights as a “data subject”“
In principle, you are entitled to the following rights as a “data subject”:
5.1 Right to confirmation
You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed.
5.2 Right to information Art. 15 GDPR
You have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
5.3. Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
5.4. Erasure Art. 17 GDPR
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
5.5. Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
5.6. Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
5.7 Objection Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) of the GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
In individual cases, we may process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the fulfillment of a task carried out in the public interest.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you are free to exercise your right to object by automated means using technical specifications.
5.8. Revocation of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
5.9. Complaint to a Supervisory Authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection.
6. Definitions of terms
The data protection declaration is based on the terms used by the European legislator for the adoption of the GDPR. Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance how the terms used are to be understood:
6.1. Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
6.2. Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
6.3. Processing
Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
6.4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
6.5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
6.6. Pseudonymisation
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
6.7. Processor
A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
6.8. Recipient
Recipient is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
6.9. Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data.
6.10. Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
7. Up-to-dateness and amendment of the privacy policy
This privacy policy is currently valid and is dated: September 2022.
It may become necessary to amend this privacy policy due to the further development of our website and offers or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at https://cysmic.de/datenschutzerklaerung/.
If you require further information that you cannot find here or in the data protection declaration, please contact our data protection officer in confidence.
IV. In detail
Below you will find an overview of the scope, purpose, and legal basis of the individual data processing operations at cysmic GmbH and your rights in this regard:
1. Provision of the website and creation of log files
a. Description and scope of data processing
If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (in so-called “server log files”). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following can be recorded
• Browser types and versions used,
• the operating system used by the accessing system
• the website from which an accessing system reaches our website (so-called referrer)
• the sub-websites which are accessed via an accessing system on our website
• the date and time of access to the website
• an internet protocol address (IP address),
• the Internet service provider of the accessing system.
Furthermore, as already described in the section “III. General information on data processing”, we have our website hosted by our hosting provider united-domains AG. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties, and visitors to our website.
b. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. Art. 28 GDPR also forms the legal basis for hosting the website.
c. Purpose of the data processing
1. Purpose of the data processing
d. Duration of storage
The data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
e. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
2. Use of cookies
a. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
Note on “Avoiding cookies” in all common browsers:
You can delete cookies, allow only selected cookies, or deactivate them completely at any time via the settings of the browser you are using. Further information can be found on the support pages of the respective providers.
b. Legal basis for data processing
The legal basis for the processing of personal data using functional cookies, such as those processed by us, is Art. 6 para. 1 lit. f GDPR.
c. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
The user data collected by technically necessary cookies is not used to create user profiles.
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.
d. Duration of storage, objection, and removal options
Cookies are stored on the user’s computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated from our website, it may no longer be possible to use all functions of the website to their full extent.
3. Contact form and e-mail contact
a. Description and scope of data processing
For questions of any kind, we offer you the option of using a contact form on our website to contact us electronically. If a user makes use of this option, the (free text) data entered in the input mask will be transmitted to us and stored. These data are
(1) Name
(2) Email address
(3) Subject
(4) Message
The following data is also stored when the message is sent:
(1) The IP address of the user
(2) Date and time of sending
Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.
Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
Otherwise, the data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.
b. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
c. Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
d. Duration of storage
The data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
e. Right of objection and cancellation
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
The revocation of consent and the objection to further storage can be sent by e-mail to the e-mail address info@cysmic.de.
All personal data stored in the course of contacting us will be deleted in this case.