Geraldine Kahl & Sarah Andersen
AWAKE Communications GmbH
Management Board: Geraldine Kahl & Sarah Andersen
Link to Legal Notice: https://www.awake-communications.com/impressum/
Contact Data Protection Officer: firstname.lastname@example.org
Types of data processed:
– Inventory data (e.g. names, addresses)
– Contact data (e.g. email, telephone numbers)
– Contents data (e.g. text entries, photographs, videos)
– Use data (e.g. websites visited, interest in contents, access times)
– Meta/Communications data (e.g. device information, IP addresses)
Categories of persons affected
Visitors and users of the online range.
Purpose of processing
– Providing the online range, its functions and contents
– Answering contact enquiries and communicating with users
– Security measures
– Reach measurement/Marketing
“Personal data” is all information that relates to an identified or identifiable natural person (in the following “data subject”); a natural person is seen to be identifiable if they can be identified, directly or indirectly, in particular by allocation to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, financial, cultural or social identity of this natural person.
“Processing” is every procedure carried out with or without the help of automatic processes or every such range of procedures in connection with personal data. This term is wide-ranging and encompasses practically all data handling.
“Pseudonymisation” is the processing of personal data in a manner so that the personal data cannot be allocated to a specific data subject without drawing on additional information, if this additional information is separately stored and subject to technical and organisational measures that guarantee that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” is every type of automated processing of personal data that consists of this personal data being used in order to evaluate certain personal aspects that relate to a natural person, in particular in order to analyse or forecast aspects regarding work performance, their financial situation, health, personal preferences, interests, reliability, conduct, place of stay or change of location of this natural person.
The “controller” or data controller describes the natural person or legal entity, public authority, institution or other centre that decides on the purpose and means of processing personal data alone or together with others.
The “order processor” is a natural person or legal entity, public authority, institution or other centre that processes personal data on behalf of the controller.
Relevant legal basis
In accordance with Art. 32 GDPR and taking the current status of technology into account, the implementation costs and the type, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, we take suitable technical and organisational measures to guarantee a level of protection appropriate to the risk. These measures include in particular securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input and transferral, as well as securing the availability and the separation relating to these. Moreover, we have set up procedures that guarantee the safeguarding of the rights of data subjects, the erasure of data and to react to dangers to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection by the design of technology and through data protection-friendly pre-settings (Art. 25 GDPR).
Cooperation with order processors and third parties
If within the scope of our processing we disclose data to other persons and companies (order processors or third parties), transmit the data to these or otherwise grant them access to the data, this will only occur on the basis of legal permission (e.g. if transmission of the data to a third party, such as a payment services provider, is required as per Art. 6 (1) b GDPR to fulfil the contract), you have given consent, a legal obligation requires this or on the basis of our legitimate interest (e.g. when using representatives, web hosts etc.). If we commission third parties to process data on the basis of a so-called “order processing agreement”, this will be done on the basis of Art. 28 GDPR.
Rights of data subjects
You have the right to demand a confirmation of whether relevant data is processed and to information about this data, as well as to further information and copies of the data in accordance with Art. 15 GDPR. According to Art. 16 GDPR you have the right to demand the completion of data relating to you or the rectification of inaccurate data relating to you. In accordance with Art. 17 GDPR you have the right to demand that relevant data is erased without delay or alternatively, in accordance with Art. 18 GDPR to demand the restriction of processing of the data. You have the right to demand that you receive data relating to you that you have provided to us in accordance with Art. 20 GDPR and request its transmission to another controller. Furthermore, as per Art. 77 GDPR you have the right to submit a complaint to the supervisory authorities responsible.
Right of withdrawal
You have the right to withdraw any consent you have given as per Art. 7 (3) GDPR with effect in the future.
Right to object
You can object to the future processing of data relating to you at any time in accordance with Art. 21 GDPR. Such an objection can be made against processing for purposes of direct advertising.
Cookies and the right to object to direct advertising
Data protection information for application procedures
Hosting and sending emails
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, sending emails, security services and technical maintenance services that we use for the purposes of operating this online range. Here, we or our hosting provider process inventory data, contact data, contents data, contractual data, usage data, meta and communications data from customers, potential customers and visitors to this online range on the basis of our legitimate interest in efficient and secure provision of this online range as per Art. 6 (1) f GDPR in combination with Art. 28 GDPR (concluding an order processing agreement).
Collecting access data and logfiles
We or our hosting provider collect, on the basis of our legitimate interest in accordance with Art. 6 (1) f. GDPR, data about every access made to the server on which this service can be found (so-called server logfiles). Access data includes the name of the website called up, file, date and time of the call-up, the data quantity transmitted, a report that the call-up was successful, browser type and version, the user’s operating system, referrer URL (the site previously visited), IP address and the requesting provider.
For security reasons (e.g. clarifying cases of misuse or fraudulent actions), logfile information is stored for a maximum of 7 seven days and then erased. Data that has to be stored for longer periods for evidence purposes will be excluded from erasure until the relevant incident has been conclusively clarified.
Jetpack (WordPress Stats)
Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate there with active customers, potential customers and users and to inform them about our services there. When calling up the relevant networks and platforms the terms and conditions and data processing of the respective operator apply.
Inclusion of third-party services and contents
Within our online range and on the basis of our legitimate interest (i.e. interest in analysing, optimising and efficiently operating our online range in accordance with Art. 6 (1) f. GDPR), we use contents or service ranges from third-party providers in order to include their contents and services, such as videos or fonts (subsequently referred to as “contents”). The condition for this is always that the third-party provider of these contents becomes aware of the user’s IP address, because without the IP address they would not be able to send the contents to their browser. Thus, the IP address is required to present these contents. We make efforts only to use contents whose providers merely use the IP address to deliver the contents. Furthermore, third-party providers can use so-called Pixel tags (invisible graphics, also known as “Web Beacons”) for statistical or marketing purposes. Using the “Pixel tags” information, such as visitor traffic on the pages of this website, can be evaluated. Furthermore, the pseudonymous information in cookies can be stored on the user’s device and receive among others technical information about the browser and operating system, referring websites, visit time and further disclosures about the use of our online range, and also be connected with such information from other sources.
Drawn up by Data Protection Generator.de from RA Dr. Thomas Schwenke