Privacy Policy

Privacy Policy

Data Protection at VAIVA GmbH

The protection of your personal data is very important to us. For this reason, we handle your details responsibly in all data processing operations and comply with the statutory provisions on data protection, in particular the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1.0 Scope
In particular, this privacy policy provides you with an overview of the following information:

  • Which of your data is processed via our websites (hereinafter also referred to as "offer")?

  • In what manner, to what extent, for what purposes and on what legal basis is this data used?

  • What security measures are taken to protect your data?

  • How can you object to individual data processing operations via our websites?

  • How can you obtain information about the data provided to us and, if necessary, assert other data subject rights to which you are entitled against us?


2.0 Who is your contact person (Controller) for your data protection concerns?
The controller within the meaning of the data protection regulations for all data processing activities carried out via our offer is:
VAIVA GmbH
Lilienthalstraße 11
85080 Gaimersheim

Phone: +49 841 89 95000
Fax: +49 841 89 8491999

dataprotection@vaiva.io

www.vaiva.io

Inquiries regarding data protection as well as the assertion of data subject rights (see below in this privacy policy) should be addressed to the attention of our data protection officer at the aforementioned address.

3.0 On what legal basis can data processing take place on our websites?

Insofar as we obtain your consent for the processing of personal data, Article 6 paragraph 1 lit. a GDPR serves as the legal basis.

When processing personal data required for the fulfillment of a contract to which you as the data subject are a party, Article 6 paragraph 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which we as the controller are subject, Article 6 paragraph 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of yours or of another natural person make processing of personal data necessary, Article 6 paragraph 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of ours or of a third party and your interests, fundamental rights, and freedoms as a data subject do not outweigh the former interest, Article 6 paragraph 1 lit. f GDPR serves as the legal basis for the processing.

You can find the concrete legal basis applicable to the respective processing in the corresponding section of this privacy policy.

4.0 Which technical access data/server log files are collected and stored when using our offer?

We (or our web space provider) collect and store your data about every access to the offer (so-called server log files or system and usage data). The access data includes:

Name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, your operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

The legal basis for storing this data and the log files is Article 6 paragraph 1 lit. f GDPR.

We only use the log data for statistical evaluations for the purpose of the operation, security, and optimization of the offer. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of illegal use based on concrete indications. Our legitimate interest in data processing according to Article 6 paragraph 1 lit. f GDPR also lies in these purposes. An evaluation for marketing purposes does not take place in this context.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of collecting data to provide the website, this is the case when the respective session is ended. If the data is stored in log files, this is the case after 3 months at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the calling client is no longer possible.

The collection of data to provide the website and the storage of data in log files is strictly necessary for the operation of the website. There is therefore no possibility of objection on your part.

5.0 How do we handle your personal data when using our offer?

Personal data is information that can be used to identify a person, i.e., details that can be traced back to a person. This includes the name, email address, or phone number. However, data about preferences, hobbies, memberships, or which websites have been viewed by someone also count as personal data.

Personal data is only collected, used, and passed on by us if this is legally permitted or if you consent to the data collection and use.

We point out that by order of the competent authority, we are entitled in individual cases to provide information about data, insofar as this is necessary for the purposes of criminal prosecution, hazard prevention by the state police authorities, to fulfill the statutory tasks of the federal and state authorities for the protection of the constitution, the Federal Intelligence Service, or the Military Counterintelligence Service, or to enforce intellectual property rights. The legal basis for this is Article 6 paragraph 1 lit. c GDPR.

6.0 Contacting us

When contacting us (for example, via contact form or email), your details are stored for the purpose of processing the inquiry and in the event that follow-up questions arise.

The legal basis for processing the data transmitted via the contact form or in the course of sending an email is Article 6 paragraph 1 lit. f GDPR. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6 paragraph 1 lit. b GDPR.

The processing of personal data from the contact serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. This includes the following data:

Date/time of contact, IP address, last name, first name, address, email address.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user is ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Personal data additionally collected during the sending process will be deleted after a period of 90 days at the latest.

Right of objection
The user has the possibility at any time to object to the processing of their personal data to the address mentioned above. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

7.0 What security measures have we taken to protect your data?

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from dangers during data transmissions and from knowledge acquisition by third parties. These are adapted in each case according to the state of the art.

The databases of our offer are protected by physical and technical measures as well as procedural measures that restrict access to the information to specifically authorized persons in accordance with this privacy policy. The information system of our offer is behind a software firewall to prevent access from other networks connected to the Internet. Only employees and agents who need this information to perform a specific task are granted access to personal information. Employees and agents are trained in security and privacy practices.

When collecting and transmitting data via our offer, standardized SSL encryption technology is used.

When communicating by email, complete data security cannot be guaranteed.

8.0 Use of cookies: What does this mean for my data?

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Through the use of session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without the placement of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Cookies that are required to carry out the electronic communication process, to provide certain functions you desire (e.g. for the shopping cart function), or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent was requested for the storage of cookies and comparable recognition technologies, processing takes place exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); consent can be revoked at any time: Open

9.0 Use of analysis tools: What happens to my data in the process?

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. Here, the website operator receives various usage data, such as page views, duration of stay, operating systems used, and origin of the user. This data is assigned to the respective end device of the user. Assignment to a device ID does not occur.

Furthermore, with Google Analytics we can record, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the recorded data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://privacy.google.com/businesses/controllerterms/mccs/.

We use Google signals. When you visit our website, Google Analytics records, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google signals. If you have a Google account, the visitor data from Google signals will be linked to your Google account and used for personalized advertising messages. The data is also used to generate anonymous statistics on user behavior on our website.

Crazy Egg

Our website uses a website analysis tool from Crazy Egg (Crazy Egg Inc., 16220 E. Ridgeview Lane, La Mirada, CA 90638) to record interactions (only with anonymized IP address). Crazy Egg uses cookies to evaluate how the website is used by customers (e.g. which content is clicked on). We use this information to improve the functions and displays of our website, thereby enabling you to use our website more optimally. Consequently, visual usage profiles are created (e.g. so-called heatmaps). When using Crazy Egg, no personal data is collected, processed, or used. The use of Crazy Egg takes place with consent. The legal basis for this processing is Art. 6 para. 1 lit. a) GDPR.

If you do not want data collection by Crazy Egg, you can object by activating the tracking functions in your web browser. More detailed information is offered by Crazy Egg under the following link: https://www.crazyegg.com/opt-out/

Further information on data protection at Crazy Egg can be found at https://www.crazyegg.com/privacy/.

10.0 What rights do you have as a data subject?

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

10.1 Information, rectification, restriction of processing, and erasure.
You have the right at any time to obtain free information about the data stored about you by us, its origin and recipients, and the purpose of data processing via our websites. In addition, you have the right to rectification, erasure, and restriction of processing of your personal data, provided that the legal requirements for this are met.

10.2 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us as the controller, in a structured, commonly used, and machine-readable format. We can fulfill this right by providing a csv export of the customer data processed about you. You can also request that we transmit this to a third party.

10.3 Right to be informed
If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right against the controller to be informed about these recipients.

10.4 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 paragraph 1 lit. e or lit. f GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

10.5 Revocability of declarations of consent under data protection law
In addition, you can revoke any consent you have given to us at any time with effect for the future using the contact details provided below.

10.6 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the EU General Data Protection Regulation.

The supervisory authority with which the complaint has been lodged will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

All requests for information, inquiries, the exercise of other data subject rights, or objections to data processing can be addressed to the attention of our data protection officer at the address mentioned above.

DATA SUBJECT RIGHTS

Here you will find further information on how you can assert your data protection rights.

1. European General Data Protection Regulation (EU GDPR)
The European General Data Protection Regulation (EU GDPR) is a European regulation to protect natural persons with regard to the processing of personal data. Personal data is any information relating to an identified or identifiable natural person (data subject). This new regulation enters into force in all European member states on May 25, 2018.

This results in, among other things, the following relevant rights for data subjects against VAIVA GmbH:

The right to (i) data access, (ii) data portability, (iii) data erasure, (iv) data rectification, (v) withdrawal of declaration of consent, and (vi) restriction of processing.

2. Data Subject Rights: Groups of Data Subjects
In order to ensure a transparent representation of the requested data and targeted processing of your inquiry, a distinction is made between the following groups of data subjects:

(former) employees of VAIVA GmbH, relatives of an employee, applicants, suppliers and service providers or business partners as well as their employees or visitors and persons in general road traffic.

We ask you to always send your request to us by post so that we can ensure a correct authentication and identification of the requesting person.

The rights of the data subjects in accordance with Art. 15 to 21 EU GDPR are as follows:

You have the right to (i) data access. This includes information about the data stored about you at VAIVA GmbH and the scope of data processing and transfer carried out by VAIVA GmbH, as well as a copy of the personal data stored about you.

Should you make use of your right to data access, you will receive information from us about the data that VAIVA GmbH has stored about you as a data subject. This information will be sent to you exclusively by post.

You have the right to (ii) data portability. Insofar as we process your personal data provided by you dynamically on the basis of your consent or a contract with you (including your employment contract) using automated procedures, you have the right to receive the data in a structured, commonly used, and machine-readable format. You may transmit this data to another controller without hindrance from VAIVA GmbH. You also have the right to have the personal data transmitted directly from VAIVA GmbH to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

Should you make use of your right to data portability, you will receive the data that VAIVA GmbH has stored about you as a data subject in a machine-readable format. This information, including a description of how to download your data, will be sent to you exclusively by post.

You have the right to (iii) data erasure. This means the immediate deletion of the personal data stored about you at VAIVA GmbH, provided that the legal requirements are met. If we have passed your data on to third parties, we will inform them of the erasure as far as legally required.

Please note that your right to erasure is subject to limitations. For example, we do not have to or must not delete data that we still need to retain due to statutory retention periods. Data that we need for the establishment, exercise, or defense of legal claims is also excluded from your right to erasure.

Should you make use of your right to data erasure, all your personal data will be deleted immediately and irrevocably from the systems of VAIVA GmbH, unless we are entitled or obliged to further processing.

You have the right to (iv) data rectification. This means the immediate rectification and/or completion of the personal data stored about you at VAIVA GmbH.

Should you make use of your right to data rectification, we will make the desired changes in all our systems. The confirmation of this will be sent to you exclusively by post.

You have the right to (v) withdrawal of declaration of consent. If you have given consent to the processing of your personal data, you can withdraw it at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected by it.

Should you make use of your right to withdraw declarations of consent, you withdraw all declarations of consent you have given to VAIVA GmbH. All personal data processed based on your declarations of consent will then be deleted immediately and irrevocably from the systems of VAIVA GmbH, unless we are entitled or obliged to further processing. An example of such an obligation is the fulfillment of a contract to which the data subject is a party.

You have the right to (vi) restriction of processing. This means that, under certain conditions, you can request the restriction of processing (i.e. the marking of stored personal data with the aim of limiting its future processing). The data will be marked accordingly and, apart from being stored, will only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or an EU Member State.

Should you make use of your right to restriction of processing, we will block your personal data in accordance with the legal requirements. The confirmation of this will be sent to you exclusively by post.

3. Process Flow for Data Subject Inquiries
Upon receipt of your postal query, the GDPR inquiry form will be sent to you. If you have made several inquiries at the same time, they will be processed as follows:

  1. Data erasure,

  2. Restriction of processing,

  3. Withdrawal of all declarations of consent,

  4. Data portability/Data access,

  5. Data rectification.

We would like to point out that the inquiry only concerns VAIVA GmbH. Other personal data may also be held by third parties, for example, a partner of VAIVA GmbH. Consent declarations given to third parties must be withdrawn there.

After VAIVA GmbH receives your signed GDPR inquiry form, it will be processed within the deadline. Feedback, including data if applicable, will be delivered exclusively by post. We ask for your understanding in this matter.

If you, as a data subject of another group, wish to exercise your data subject rights, we ask you to contact us by post.

VAIVA GmbH
Data Protection
Lilienthalstr. 11
85080 Gaimersheim

4. Data Protection Officer
Contact details of our operational Data Protection Officer:

VAIVA GmbH
Data Protection Officer
Lilienthalstr. 11
85080 Gaimersheim
dataprotection@vaiva.io

5. Templates
Note: Please only send these templates to us if you have been requested to do so by us.

Power of attorney: You need a power of attorney if you are not inquiring in your own name. The data subject can authorize you to exercise the desired data subject right for them using the enclosed power of attorney.

6. Further Information
Below you will find the official information on the European General Data Protection Regulation (EU GDPR).

EU-DSGVO (Europäische Datenschutzgrundverordnung)
EU GDPR (General Data Protection Regulation)