With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data" for short) that we process, for what purposes and to what extent in the context of providing our application.
The terms used are not gender-specific.
Status: December 2, 2021
Table of contents
Responsible
Andreas Haas
ProCon Management GmbH
Ulmer Strasse 68
Proviantamt
73431 Aalen
Germany
E-mail address: service@procon-management.de
Phone: +49 (0) 7361 52 58 69-10
Imprint: https://www.procon-management.de/impressum.html
Overview of the processing operations
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.
Types of data processed
Categories of data subjects
Purposes of processing
Relevant legal bases
The following is an overview of the legal basis of the DSGVO on the basis of which we process personal data. Please note that in addition to the provisions of the DSGVO, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Transmission of personal data
In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or allow the processing of data in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose).
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.
Within the scope of our data protection notices, we may provide users with further information on the deletion as well as on the retention of data that specifically applies to the respective processing operations.
Business services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.
We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the data subjects (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.
We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes generally 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.
If we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Special notes on applications (apps)
We process the data of the users of our application insofar as this is necessary to provide the application and its functionalities to the users, to monitor its security and to further develop it. We may also contact users in compliance with legal requirements, provided that the communication is necessary for purposes of administration or use of the application. In all other respects, we refer to the data protection information in this privacy policy with regard to the processing of users' data.
Legal basis: the processing of data required for the provision of the functionalities of the application serves the fulfillment of contractual obligations. This also applies if the provision of the functionalities requires authorization of the users (e.g. releases of device functions). If the processing of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for purposes of optimizing the application or security purposes), it is based on our legitimate interests. If users are explicitly asked for their consent to the processing of their data, the processing of the data covered by the consent is based on the consent.
Commercial use: we process the data of users of our application, registered users and any test users (hereinafter uniformly referred to as "users") in order to be able to provide our contractual services to them and on the basis of legitimate interests in order to be able to ensure the security of our application and to develop it further. The required information is identified as such in the context of the conclusion of the use, order, purchase order or comparable contract and may include the information required for the provision of services and for any billing, as well as contact information in order to be able to hold any consultations.
Device Authorizations for Access to Functions and Data: The use of our application or its functionalities may require user authorizations for access to certain functions of the devices used or to the, data stored on the devices or accessible by means of the devices. By default, these permissions must be granted by users and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the users' device and software. If clarification is needed, users can contact us. We would like to point out that denial or revocation of the respective permissions may affect the functionality of our app.
Access to the camera as well as stored recordings: In the course of using our Application, image and/or video recordings (which also includes audio recordings) of Users (and of other persons covered by the recordings) are processed by accessing the camera functions or stored recordings. Access to the camera functions or stored recordings requires an authorization by the users that can be revoked at any time. In each case, the processing of the image and/or video recordings serves only to provide the respective functionality of our application, in accordance with its description to users, or its typical and expected functionality.
Purchase of applications via app stores
Our application is obtained via special online platforms operated by other service providers (so-called "app stores"). In this context, the privacy notices of the respective app stores apply in addition to our privacy notices. This applies in particular with regard to the methods used on the platforms for reach measurement and interest-based marketing, as well as any obligation to pay costs.
Services and service providers used:
Contact and inquiry management
When contacting us (e.g. via contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.
The response to the contact inquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries and maintaining user or business relationships.
Change and update of the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.
Rights of the data subjects
As a data subject, you are entitled to various rights under the DSGVO, which arise in particular from Art. 15 to 21 DSGVO:
Definitions of terms
This section provides you with an overview of the terms used in this privacy statement. Many of the terms are taken from the law and defined primarily in Art. 4 of the DSGVO. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.