Deutsche Version

Privacy statement

The following information is to be provided pursuant to Art. 13 et sqq. GDPR where personal data are collected from the data subject.

Identity and contact details of the controller

Compliance Essentials GmbH
Lochhamer Str. 31
82152 München-Planegg
Germany

Phone+49 (0) 89 / 1 25 01 56 30
Email
(hereinafter "Compliance Essentials", "we, "us")

Purposes and legal basis for processing personal data

We process personal data for the performance of the contract with registered users of our GDPR-Portal as well as for processing support requests. Personal data is generally processed in accordance with Art. 6 para. 1 lit. f GDPR. A data protection impact assessment has been conducted with the conclusion that the interests of the data subjects do not override the interests of the contract parties, in part due to the technical and organisational measures taken. In cases where a natural person commissions us to process their own personal data, such processing is done in accordance with Art. 6 para. 1 lit. b GDPR. In case of a registration in the GDPR portal the following data is processed:

  • Saluation
  • First name
  • Last name
  • Email address
  • Company affiliation
  • User preferences like language settings
  • Password hash

If you request support for the usage of the GDPR-portal, your data is processed to for working on your request and for the case, that follow up questions arise.

For technical reasons as a registered user of the GDRP-Portal while signing in and after the sign-in procedure a limited amount of data (so-called connection data) is processed each time when accessing the GDPR-Portal. This data is technically required in order to establish and execute a connection between your end device and our servers as well as for the functionality of the services we offer. This data is also processed to keep the user session alive and to prevent unauthorized access to this session. We process the following data for the purposes described in accordance with Art. 6 para. 1 lit. f GDPR:

  • IP address
  • Date and time of your visit
  • Browser type and version
  • Used operating system
  • Refereri-URL
  • Name of the visited web page

A session cookie will be placed on your device after signing in to the GDPR-Portal. This cookie is used for securing your log-in sessions and keeping it alive.

Furthermore, we process personal data of visitors to the GDRP-portal in order to improve its quality and content. The analysis of the usage is done with the help of the tool Matomo, which we host ourselves. Your IP address will only be processed in abbreviated form and is thus anonymized. A conclusion to a certain person is therefore not possible. The processing of personal data takes place regularly on the basis of Art. 6 para. 1 lit. f DSGVO. A data protection impact assessment has been conducted with the conclusion that the interests of the data subjects do not override the interests of us to improve the quality and content of the GDRP-Portal, in part due to the technical and organisational measures taken. If you do not want the processing for analysis purposes, you can object or withdraw your objection at any time by clicking on the following button:

In this case, an opt-out cookie will be set in your browser to prevent the collection of usage data. Please note that this setting is only valid within your browser and only works if cookies are permitted. If you use a different browser, an opt-out cookie must also be set here to prevent the collection of usage data. In case all cookies are deleted in your browser, the opt-out cookie must be again.

Automated individual decision-making, including profiling

Your personal data will not be processed for automated decision-making, including profiling, as referred to in Art. 22 para. 1 GDPR and Art. 4 GDPR.

Categories of recipients of personal data

We may transfer personal data to the following categories of recipients:

  • Public sector entities due to legal requirements.
  • Affiliates for contractual performance or for providing services.
  • Processors within the meaning of Art. 28 GDPR in the course data processing on behalf.
  • Other third parties for auxiliaries.

Transfer to third countries

Personal data will not be transferred to countries outside of the European Union or the EEA. Data is processed on servers located in Germany only.

Security

Compliance Essentials employs the legally required technical and organisational measures to protect personal data from loss, destruction, manipulation, theft and other unauthorised access.

Period of retention

Personal data will be stored only as long as it’s required for the fulfilment of the purposes for which the data was collected originally and to establish, execute or defend legal claims, or as long as it is legally required. The legal requirements for retention periods primary result from trade and tax law (particularly sections 147 AO and 257 HGB). Data due for deletion respectively after omission of legal claims will be securely erased in accordance with all legal requirements.

Rights of the data subject

You may exercise the following rights as a data subject:

If you want to exercise your rights please send your request via email or letter post to the contact details specified above.

Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 para. 1 GDPR you may engage a supervisory authority with a complaint at any time. The Bayerische Landesamt für Datenschutzaufsicht, Postfach 606, D-91511 Ansbach is in charge of as generally. Alternatively you may contact your local supervisory authority.