Privacy Policy

Welcome To PTS Group AG!

PTS Group AG and its affiliates (collectively “PTS”, “we” and “us”) respect your privacy. We offer services that enable our customers to improve businesses.

This Global Privacy Policy describes the types of Personal Data we collect through our services and via our online presence, which include our main website at ptsgroup.de, as well as services and websites that we enable Internet users to access, such as adoptr. This policy also describes how we use Personal Data, your rights and choices, and how you can contact us about our privacy practices. This policy does not apply to third-party websites, products, or services, even if they link to our Services or Sites, and you should consider the privacy practices of those third-parties carefully.

Summary

  1. General Information
  2. Contact Person
  3. Name And Address Of The Data Protection Officer
  4. Extent Of Processing Of Data
  5. Transfer To Third Parties
  6. Legal Basis For Data Processing
  7. Erasure And Date Retention
  8. Rights Of The Data Subject
  9. Other Processing Of Data
      1. Provisioning Of Website / Logfiles
      2. Cookies
      3. Contact-formular /Email-Contact
  10. Additional Processing Of Data As A Part Of Our Service
    1. Purpose And Legal Basis For Data Processing Using „Google-Analytics“
    2. Purpose And Legal Basis For Data Processing Using „Microsoft Teams“
  11. Our social media appearances

1 General Information

We are delighted that you are interested in our company. Data protection is very important to the management of PTS. The website pages of PTS can generally be used without providing any personal data. However, if a person wishes to access particular services of our company through our website, we may need to process personal data. If personal data needs to be processed and no statutory basis for this processing activity exists, we will generally ask the data subject to consent to the processing.

Personal data such as the name, address, email address or phone number of the data subject is always processed in a way that is compliant with the General Data Protection Regulation (GDPR) and with country-specific data protection rules that apply for PTS. The aim of this privacy policy is to inform the public about the way in which our company collects, processes and uses personal data and the scope and purpose of this collection, processing and use. It also serves to inform data subjects about their rights.

In its capacity as the controller of the processing and the operator of the website and its pages, PTS has implemented a variety of technical and organisational measures to ensure that personal data processed through our website is protected as seamlessly as possible. However, internet-based data transfer always involves a certain vulnerability and we are thus unable to offer any absolute guarantee in relation to the protection of data. Data subjects are therefore free to provide their personal data to us by other means of communication, for example over the phone.

2 Contact Person

The controller as defined in the General Data Protection Regulation, and the entity responsible within the meaning of other data protection legislation and provisions in relation to privacy that apply in the member states of the European Union, is:

PTS Group AG
Cuxhavener Straße 10a
28217 Bremen
Germany
Tel.: +49 421 22494-0
E-Mail: dsgvo@ptsgroup.de
Website: www.ptsgroup.de

3 Name And Address Of The Data Protection Officer

The data protection officer of the controller is:

Martin Mielke
3G Business Datenschutz GmbH
Michaelkirchplatz 5
10179 Berlin
Germany
E-Mail: mielke@3g-business.de

Data subjects can contact our data protection officer directly with any questions or suggestions they may have in relation to data protection.

4 Extent Of Processing Of Data

We would like to clarify for you that in certain cases, the provision of personal data is required by law (e.g. tax laws) or contractual stipulations (e.g. information on the counterparty to an agreement). To form a contract, it may be necessary for a data subject to make personal data available to us that we will subsequently need to process. A data subject may, for example, be required to provide us with certain personal data if a contract is to be concluded between our company and the data subject. A failure to provide this personal data would make the conclusion of a contract with the data subject impossible. Before providing personal data, the data subject must contact our data protection officer. Based on the specifics of the individual case, our data protection officer will inform the data subject whether the provision of personal data is required by law or contract or is necessary to conclude a contract, whether the data subject is under any obligation to provide the personal data, and what the consequences of a failure to provide such personal data would be.

5 Transfer To Third Parties

On this webpage, we only process the amount of data, that is willingly supplied to us by the user. However, transfer of data to service providers or business partners may occur. Nevertheless, the protection of personal data is of high interest, therefore it is our aim to minimize transfer of data and we only refer to it, when there is no way around it (i.e. transfer of payment information due to payment processing). Also, these transfer will be carried with regard to the respective legal basis and in combination with your personal consent.

In ordert to protect the transferred data, PTS is making sure to only cooperate with service providers on the legal basis of Article 28 GDPR. When compliant to Article 28 of GDPR regulation, certain measures are implemented to protect data (technical and organistional measures).

Transfer Of Data To Third Countries

Within the territory oft he European Union (EU) des GDPR grants constant and high protection of personal data. This assures the correct transfer, retention and erasure of personal data processed by PTS or service providers.

With regard to the recent judgement by the European Court of Justice about the validity of the Privacy Shield, we would like to express that transfer into third countries (i.e. US) is still backed by standard contractual clauses of our service providers. Therefore, there still exists a legal basis for cooperation. However, a soon as the next step towards a new regualtion is made, we will adjust immediately in order to keep data protection granted.

6 Legal Basis For Data Processing

Article 6 (1) lit. a GDPR provides the legal basis for our company’s processing activities for which we obtain the consent of the data subject for a particular processing purpose. If personal data needs to be processed to perform duties under a contract to which the data subject is a party, as for example in the case of processing activities required to deliver goods, perform a service or provide a consideration, such processing activities are based on Article 6 (1) lit. b GDPR. The same applies for processing activities required to perform steps prior to entering into a contract, e.g. in relation to enquiries about our products or services. Where our company needs to process personal data to comply with legal obligations such as tax requirements, such processing activities are based on Article 6 (1) lit. c GDPR. In rare cases, personal data may need to be processed to protect the vital interests of the data subject or of another natural person. This might, for example, be the case if a person visiting our company premises sustains an injury and the person’s name, age, health insurance details or other vital information need to be provided to a doctor, a hospital, or another third party. Such processing activities would be based on Article 6 (1) lit. d GDPR.

Last but not least, processing activities may also be based on Article 6 (1) lit. f GDPR. This provision forms the legal basis for processing activities that are not covered by any of the above legal bases, provided that the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing activities are permitted, in particular, because European legislators have expressly provided for them. The legislators were of the opinion that a legitimate interest could be assumed to exist where the data subject is a client of the controller (recital 47 sentence 2 GDPR).

7 Erasure And Date Retention

The duration for which personal data will be stored is determined by the applicable statutory retention period. At the end of the prescribed retention period, standard procedure is to erase the data, provided it is no longer required for the performance of a contract or to take steps prior to entering into a contract.

Further, as soon as the legal basis for data storing and processing does no longer exist or permission is withdrawn by the data subject, it is our duty to erase all data connected to the supplicant.

8 Rights Of The Data Subject

Right To Be Informed

The GDPR grants every data subject the right to be informed about the collection and use of their personal data. If a data subject wants to exercise this right to obtain information, the data subject may contact our data protection officer or any other employee of the controller at any time.

Right Of Access

The GDPR grants every data subject the right to access the personal data that is being stored and processed and to obtain a copy of this information from the controller free of charge. It furthermore grants every data subject the right to obtain information about:

  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data is not collected from the data subject, any available information as to its source
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

The data subject also has the right to obtain information as to whether their personal data was transferred to a third country or an international organisation. Where personal data is transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wants to exercise this right to obtain such information, he or she may contact our data protection officer or any other employee of the controller at any time.

Right To Rectification

The GDPR grants every data subject the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or any other employee of the controller at any time.

Right To Erasure (‘Right To Be Forgotten’)

The GDPR grants every data subject the right to demand that their personal data be erased without undue delay if one of the following reasons applies and if the processing is not required:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • The data subject withdraws the consent on which the processing is based according to Article 6 (1) a GDPR or Article 9 (2) a GDPR and there is no other lawful basis for the processing.
  • The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (1) GDPR.
  • The personal data has been unlawfully processed.
  • The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

If one of the aforementioned reasons applies and a data subject wishes to arrange for the erasure of the personal data that PTS holds about the data subject, he or she may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of PTS will ensure that the erasure request is executed without undue delay.

If the personal data has been published by PTS and if our company – in its capacity as the controller – is obliged to erase the personal data pursuant to Article 17 (1) GDPR, PTS will take appropriate measures, including technical measures, to inform other controllers in charge of processing the published personal data that the data subject has submitted a request for these controllers to erase any links to its personal data or copies or replicas of its personal data, unless the data is required for processing purposes; PTS will take account of available technological means and implementation costs when determining what measures are appropriate in this context. The data protection officer or other employee of PTS will initiate the necessary steps on a case-by-case basis.

Right To Restrict Processing

The GDPR grants every data subject the right to restrict the processing of their personal data where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, whereby the restriction applies for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21 (1) pending verification of whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions applies and a data subject wishes to request a restriction of the processing of their personal data held by PTS, the data subject may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of PTS will initiate the restriction of processing accordingly.

Right To Data Portability

The GDPR grants every data subject the right to receive the personal data they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) a GDPR or on a contract pursuant to Article 6 (1) lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and provided the rights and freedoms of others are not adversely affected.

If a data subject wants to exercise this right to data portability, they may contact the data protection officer of PTS or any other employee of the company at any time.

Automated individual decision-making, including profiling

The GDPR grants every data subject the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless this decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision is (1) necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) based on the data subject’s explicit consent, PTS will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise their rights in relation to automated decision-making, they may contact our data protection officer or any other employee of the controller at any time.

As a responsible business, we do not use automated decision-making processes or profiling.

Right To Withdraw Consent To Data Processing

The GDPR grants every data subject the right to withdraw consent to the processing of their personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, they may contact our data protection officer or any other employee of the controller at any time.

Right To Appeal To Regulating Authority / Right To Object

The GDPR grants every data subject the right to object at any time, on grounds relating to their own particular situation, to processing of their personal data which is based on Article 6 (1) lit. e or lit. f GDPR. This also applies to profiling based on those provisions.

In the event of an objection, PTS will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or if the processing is for the establishment, exercise or defence of legal claims.

Where personal data is processed by PTS for direct marketing purposes, the data subject shall have the right to object at any time to processing of their personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing by PTS for direct marketing purposes, PTS will no longer be process personal data for such purposes.

Where personal data is processed by PTS for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If a data subject wishes to exercise this right to object, he or she may approach the data protection officer of PTS directly or contact any other employee of the company. In relation to the use of information society services, the data subject may, at its free discretion, exercise its right to object by means of automated processes based on technical specifications, notwithstanding the provisions of Directive 2002/58/EC.

Further, there is the possibility to appeal to a regulatory authority. In this case, please note the following adress:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit

Arndtstraße 1
27570 Bremerhaven
Tel.: +49 421 3612010 oder +49 471 5962010
Fax: +49 421 49618495
office@datenschutz.bremen.de

9 Other Processing Of Data

I Provisioning Of Website / Logfiles

I.I. General Information

For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.

The data thus collected will be temporarily stored, but not in association with any other of your data.

I.II. Legal Basis

The basis for this storage is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

I.III. Purpose Of Processing
  • Temporary retention of IP-adress is mandatory in order to properly display the contents of our webpage within the chosen browser and device oft he user
  • Temporary rentention of logfiles is mandatory in order to ensure funcitonality of our webpages. Also, security of our information technology systems is guaranteed by rentaining this data.
  • Apart from that, personal data is anonymized before retention. This safeguards the identity oft he user.

This data is not enriched with additional data, nor will it be used in for marketing or commercial measures.

I.IV. Erasure and Retention

The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

I.V. Withdrawal Of Consent

Die Erfassung der Daten zur Bereitstellung der Website und die Speicherung der Daten in Logfiles ist für den Betrieb der Internetseite zwingend erforderlich. Es besteht folglich seitens des Nutzers keine Widerspruchsmöglichkeit.

II. Cookies

II.I. Beschreibung und Umfang der Datenverarbeitung

This website is making use of cookies. A cookie is a small piece of text stored on the device or within the browser used while accessing our page. We are implementing cookies to further improve our service and the design of our website. Additionally, certain elements of our website require the user to be recognized when returning to our webpage after surfing other webpages.

A certain set of cookies are mandatory in order to properly access our webpage:

a) Session-Cookies

These are temporary cookies that are stored on your hard drive only for the duration of your visit to our website and will be deleted automatically when the browser is closed.
PTS uses session cookies to make sure that the user identification during visits to the PTS customer website section is uninterrupted, which ensures seamless functionality.
Using the customer section of the PTS website therefore requires the browser settings to be configured in such a way that session cookies are accepted.

(1)           Configuration of site (i.e. language, browser-settings)

(2)           Log-In

(3)           Browser information and IP

(4)           Consent of user

b) Third-Party Cookies

Our website may also use cookies from companies with whom we cooperate for the purpose of advertising or improving the features of this website.

Please refer to the following for details, in particular for the legal basis and purpose of such third-party cookies. For instance, here are a few of the informaiton collected by third-party cookies:

(1)           Queries on the webpage

(2)           Frequency of visits oft he webpage

(3)           Analysis of specific contents of the webage

In order to properly protect privacy rights, we undertake precautions to anonymize the data collected. For example, the IP-adress is changed beyong recognition before further proecessing. In order to be able to analyse the browsing behaviour of our users, PTS uses the Google Analytics tools. It is not possible for us to infer the identity of individual persons from this data. This data will not be combined with other data sources.

III. Contact-formular /Email-Contact

III.I. General Information

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

III.II. Legal Basis

The legal basis for this data processing is Art. 6 (1) lit. a) GDPR. In the case of processing of data sent to us via e-mail, legal basis for this processing Art. 6 (1) lit. f) GDPR.

III.III. Purpose Of Processing

If you contact us by e-mail, we process the personal data communicated in the e-mail only for the purpose of processing your request.

III.IV. Erasure and Retention

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

III.V. Withdrawal Of Consent

The user can opt to withdraw consent fort he processing of data sent to us via e-mail. This can be managed by contacting the data protection officer. However, no further communication is possible.

Changes To Privacy Policy

In order to make sure that our privacy policy is compliant to current jurisdiction, we will make changes to the one on hand. This also refers to changes made due to newly added service providers or enhanced services on our behalf. The then changed privacy policy will be the new legal basis for your future visit.

10 Additional Processing Of Data As A Part Of Our Service

Dear Customers,   

In line with Articles 13, 14 and 21 of the GDPR we hereby inform you about additional processing of data unique to this website and your personal rights in accordance to this. Thus, take notice of the following information presented to you in order to be fully aware of the additional processing of data as part of a service of PTSGroup AG.

Responsible authority  / controller for data processing: 

PTSGroup AG
Cuxhavener Strafe 10a
28217 Bremen
Germany
Tel.: +49 421 22494-0
E-Mail: dsgvo@ptsgroup.de
Website: www.ptsgroup.de   

The data protection officer of the controller is: 

Martin Mielke
3G Business Datenschutz GmbH
Postadresse:
Michaelkirchplatz 5
10179 Berlin 

Germany
T.: 0162 1007910
E-Mail: mielke@3g-business.de   

Data subjects can contact our data protection officer directly with any questions or suggestions they may have in relation to data protection.

a) Purpose And Legal Basis For Data Processing Using „Google-Analytics“

Implementation of „Google-Analytics“ allows us to generate valuable insights into how users interoperate with our websites. These insights are used in order to optimize our web-presence and provide a smooth experience for future usage.

Legal basis for this analysis is Article 6 (1) lit. a). Consent is supplied by the user via our consent-banner. Consent is supplied on a voluntary basis, meaning that each user may choose to use our website without giving consent to the implementation of „Google-Analytics“. In this case, no data will be transferred to Google.

Categories Of Personal Data

After consent is given by the user, the following categories of data will be collected and used for analysis:

IP-Adress

On the basis of every IP-adress supplied to us by each user, Google-Analytics generates a unique user-ID. This user ID is used by Google-Analytics in order to track the behavior of each user on the website. Also, it is used for user-distinction. However, it is important to notice, that the IP-adress is not being retained in plain text, but anonymized by a script and stored in a truncated version. This creates a protection against simple identification of users through their IP-adresses.

Further Data Being Processed Via Google-Analytics
  • Information on the used operating system of the user as well as the implemented browser
  • Visited pages, as well as the sub-pages
  • Date and time of visit, as well as the dwelling time
  • So-called referrer-adress: Webpage the user has visited just before visiting one of our websites
Source Of The Data

We only process the kind of data, that the individual has agreed to through the consent-banner. Also, the processing of data is limited to the website-experience provided by us and is only taking place for as long as the visit lasts.

Recipient Of Data

Personal data generated in the time of visit is only transferred to the service providers in need of this data. Data is not transferred to any other third party, as long as data is not meant to be shared with additional third parties (i.e. lawsuits or collection of evidence in a legal process). Therefore, we only transfer the data to the appointed service provider – in this case Google – and act on the legal basis given above.

Further, personal data is only processed on the basis of a data processing-contract (see: Article 28 GDPR). This is an additional measure to make sure, that personal data is protected.  Article 28 GDPR invokes each data-processor to apply technical and organisational measures within their company. This can be seen in Google’s very own data processing terms.

Transfer To Third Countries

Tranfsers to third countries beyond the boundaries of the European Union only take place, if it is needed for completion of contracts or in order to comply with jurisdiction and complete precontractual measures. Other cases of transfer to third countries are not intended and would require consent of the user.

Further, during the transfer through the internet, data is protected though TLS and SSL encryption and cannot be intercepted in plain text.

Since the Privacy Shield has been declared as insufficient for data protection overseas, Google reverts to the validity of their standard contractual clauses.

Retention Period

Generally, data is deleted whenever there is no reason for it to be retained any longer. It can however be the case that data needs to be retained for additional time, i.e it may be needed in order to complete contractual obligations. When regarding the statuary retention period, data deletion ensues with the end of this period.

Rights Of The Data Subject

The GDPR grants every data subject the right to be informed about the collection and use of their personal data (Article 15 GDPR). GDPR also grants every data subject the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her (Article 16 GDPR).

The GDPR grants every data subject the right to demand that their personal data be erased without undue delay (Article 17 GDPR). Further, GDPR grants the right to restrict the processing of their personal data (Article 18 GDPR).

The GDPR grants every data subject the right to receive the personal data they have provided to a controller, in a structured, commonly used and machine-readable format (Article 20 GDPR)

In the event of an objection, PTS will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or if the processing is for the establishment, exercise or defence of legal claims.

In case the data subjects wants to make use oft he right to appeal to legal authority, please contact the following adress with your concern:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Dr. Imke Sommer  

Arndtstraße 1 
27570 Bremerhaven 
Tel.: +49 421 3612010 oder +49 471 5962010 
Fax: +49 421 49618495 
E-Mail: office@datenschutz.bremen.de  

Right To Withdraw

If the data subject wishes to exercise the right to withdraw consent, they may contact our data protection officer or any other employee of the controller at any time.

It may also be the case, that the user wants to opt out of processing of data by Google. This may have negative consequences for the user when re-visiting the website, since certain preferences have to be set once again. For this case, please make use of the following link place below:

Click here to opt-out of Google Analytics

Processing of data only serves the protection of legitimate interest on our behalf (Article 6 (1) lit. f)). However, the data subject has the right to contradict processing of data. In this case, we will no longer process any data oft he subject, unless PTS can bring forward legitimate reasons to keep processing. These reasons need to override the personal interests, rights and freedoms of the data subject. Another exaple can be made, whenever PTS needs to keep processed data in order make legal claims.

b) Purpose And Legal Basis For Data Processing Using „Microsoft Teams“

PTS is taking the regulations of the GDPR very seriously. Therefore it is our aim to always comply by the rules and regulations set for data protection in the European Union. In the case of precontractual negotiations or in order to execute set terms of a contract, we process personal data with our service providers. Legal basis for this processing is given consent, in accordance to Article 6 (1) lit. b) of the GDPR and therefore lawful.

Apart from that, processing may occur in order to assert our legitimate interest or when fending off lawsuits. Legal basis for this processing of data is Article 6 (1) lit. f) of the GDPR. In terms of the processing by „Microsoft Teams“, this means that our legitimate interest is located in our interest to effectively communicate with customers and potential customers, while making use of the provided services of Microsoft and their communication-tools.

This Microsoft service is also portrayed as a data processing operation within their Data Protection Addendum and secured again in their „Appendix 3“, depicting the regulations for their business-services in regard to the GDPR.

Categories Of Personal Data

After consent is given by the user, the following categories of data will be collected and used for analysis:

IP-Adress

For the sake of completing a Microsoft-Teams meeting, IP-adress data needs to be collected. Logging of this adress is not part of the processing and therefore does not take place, meaning the data is erased after the meeting has ended. Further, it is not the aim to enrich collected data with additional information to perform follow-ups or commercial actitivies.

E-Mail-Adress

Users can be recognized in the meeting through their e-mail-adresses. This is most likely the case, when a user has been invited into a meeting via a e-mail invitation. Additionally, users can opt to give themselves a personal identifier (i.e. name). As well as the IP-adress-data, this data will be erased after a meeting has ended.

Further Data Being Processed Via Microsoft Teams

  • Information on the used operating system of the user as well as the implemented browser
  • Visited pages, as well as the sub-pages
  • Date and time of visit, as well as the dwelling time

For the completion of the service, a unique user-ID will be generated in the system. This ID is limited for the time of the service and is not further used for commercial activity by Microsoft.

 

Source Of The Data

We only process the kind of data, that the individual has agreed to through the consent-banner. Also, the processing of data is limited to the time of the meeting provided by us and is only taking place for as long as the meeting lasts.

Recipient Of Data

Personal data generated in the time of visit is only transferred to the service providers in need of this data. Data is not transferred to any other third party, as long as data is not meant to be shared with additional third parties (i.e. lawsuits or collection of evidence in a legal process). However, please take note that the data given in online-meetings with intentions to do business is meant ot be shared to involved parties, at least to some extent. Nonetheless, data is only shared with persons in this company affected with customers‘ business intentions.

Therefore, we only transfer the data to the appointed service provider – in this case Microsoft – and act on the legal basis given above.

Further, personal data is only processed on the basis of a data processing-contract (see: Article 28 GDPR). This is an additional measure to make sure, that personal data is protected.  Article 28 GDPR invokes each data-processor to apply technical and organisational measures within their company.

Transfer To Third Countries

Tranfsers to third countries beyond the boundaries of the European Union only take place, if it is needed for completion of contracts or in order to comply with jurisdiction and complete precontractual measures. Other cases of transfer to third countries are not intended and would require consent of the user.

Further, during the transfer through the internet, data is protected though TLS and SSL encryption and cannot be intercepted in plain text.

Since the Privacy Shield has been declared as insufficient for data protection overseas, Microsoft reverts to the validity of their standard contractual clauses.

Retention Period

Generally, data is deleted whenever there is no reason for it to be retained any longer. It can however be the case that data needs to be retained for additional time, i.e. it may be needed in order to complete contractual obligations. When regarding the statuary retention period, data deletion ensues with the end of this period.

Rights Of The Data Subject

The GDPR grants every data subject the right to be informed about the collection and use of their personal data (Article 15 GDPR). GDPR also grants every data subject the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her (Article 16 GDPR).

The GDPR grants every data subject the right to demand that their personal data be erased without undue delay (Article 17 GDPR). Further, GDPR grants the right to restrict the processing of their personal data (Article 18 GDPR).

The GDPR grants every data subject the right to receive the personal data they have provided to a controller, in a structured, commonly used and machine-readable format (Article 20 GDPR).

In the event of an objection, PTS will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or if the processing is for the establishment, exercise or defence of legal claims.

In case the data subjects wants to make use oft he right to appeal to legal authority, please contact the following adress with your concern:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Dr. Imke Sommer  

Arndtstraße 1 
27570 Bremerhaven 
Tel.: +49 421 3612010 oder +49 471 5962010 
Fax: +49 421 49618495 
E-Mail: office@datenschutz.bremen.de  

Right To Withdraw

If the data subject wishes to exercise the right to withdraw consent, they may contact our data protection officer or any other employee of the controller at any time.

Processing of data only serves the protection of legitimate interest on our behalf (Article 6 (1) lit. f)). However, the data subject has the right to contradict processing of data. In this case, we will no longer process any data oft he subject, unless PTS can bring forward legitimate reasons to keep processing. These reasons need to override the personal interests, rights and freedoms of the data subject. Another exaple can be made, whenever PTS needs to keep processed data in order make legal claims.

11 Our social media appearances

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Google+ etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

When you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.

We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can customize your advertising settings independently in your user account. Click on the following link and log in:
https://www.facebook.com/settings?tab=ads.

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can customize your Twitter privacy settings in your user account. Click on the following link and log in:
https://twitter.com/personalization.

For details, see the Twitter Privacy Policy:
https://twitter.com/privacy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal information, see the Instagram Privacy Policy:
https://help.instagram.com/519522125107875.

Pinterest

We have a profile at Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Details on how they handle your personal data can be found in the privacy policy of Pinterest:
https://policy.pinterest.com/de/privacy-policy.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy:
https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For details on how they handle your personal information, please refer to LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy:
https://policies.google.com/privacy?hl=en.