top of page

Data Protection

Privacy Policy

 

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). With regard to the terms used, such as "processing" or "controller," we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

 

Person responsible

VRQ-Concepts GmbH

Krimmerstraße 14
63067 Offenbach

Germany

Managing Director

Jochen Brenneis

CONTACT INFORMATION
Phone: +49 151 15723059
Email: info@vrq-concepts.com
Website: www.vrq-concepts.com

Types of processed data:

– Inventory data (e.g., names, addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects


Visitors and users of the online offering (hereinafter referred to as "users").

Purpose of processing

– Provision of the online offering, its functions, and content.
– Responding to contact inquiries and communication with users.
– Security measures.
– Reach measurement/marketing.

Used terminology

"Personal data" are all information related to an identified or identifiable natural person (hereinafter referred to as "data subject"); a natural person is considered identifiable if they can be directly or indirectly identified, particularly through allocation to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means. This term is broad and encompasses practically any handling of data.

"Pseudonymization" refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and subject to technical and organizational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person.

"Profiling" means any type of automated processing of personal data that involves using personal data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning the person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The "controller" is the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.

"Processor" is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

Applicable legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures, as well as responding to inquiries, is Art. 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

Security measures

We implement appropriate technical and organizational measures in accordance with Art. 32 GDPR, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure an appropriate level of protection.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data through control of physical access to the data, as well as its access, entry, transmission, security of availability, and separation. We have also established procedures that ensure the exercise of data subject rights, data deletion, and response to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit data to them, or otherwise grant them access to the data, this will only occur on the basis of a legal permission (e.g., if data transmission to third parties, such as payment service providers, is necessary for the performance of a contract according to Art. 6(1)(b) GDPR), if you have consented, if a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosting services, etc.).

If we engage third parties to process data based on a so-called "data processing agreement," this will be done in accordance with Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the course of using services of third parties or disclosing or transmitting data to third parties, this will only happen if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special conditions of Arts. 44 et seq.

 

GDPR are met. This means that processing is carried out, for example, based on special guarantees, such as the officially recognized determination of an adequate level of data protection corresponding to that of the EU (e.g., for the USA through the "Privacy Shield") or adherence to officially recognized specific contractual obligations (so-called "Standard Contractual Clauses").

Rights of the data subjects

You have the right to request confirmation as to whether your data is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

You have the right to request the completion of your data or the correction of incorrect data concerning you according to Art. 16 GDPR.

Right to Deletion and Restriction of Processing


Under Article 17 GDPR, you have the right to request the immediate deletion of your personal data, or alternatively, under Article 18 GDPR, to request the restriction of data processing.

Right to Data Portability


You have the right to request the personal data you have provided to us under Article 20 GDPR, to be received in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Lodge a Complaint


You also have the right under Article 77 GDPR to lodge a complaint with the competent supervisory authority.

Right to Withdraw Consent


You have the right to withdraw any consents you have given under Article 7(3) GDPR with effect for the future.

Right to Object


You may object to the future processing of your personal data under Article 21 GDPR at any time. The objection can especially be made against processing for direct marketing purposes.

Cookies and Right to Object to Direct Marketing


Cookies are small files that are stored on the user's devices. Within these cookies, various information can be stored. A cookie primarily serves the purpose of storing information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or "session cookies," are cookies that are deleted after the user leaves an online service and closes their browser. For example, the contents of a shopping cart in an online store or a login status can be stored in such a cookie. "Persistent" cookies are cookies that remain stored even after the browser is closed. For instance, a login status may be saved for users when they return after several days. Likewise, the interests of users can be stored in such a cookie, which are used for reach measurement or marketing purposes. "Third-party cookies" are cookies placed by parties other than the controller operating the online service (in contrast, "first-party cookies" refer to cookies from the controller).

We may use temporary and permanent cookies and will provide further details in our privacy policy.

If users do not wish cookies to be stored on their device, they are asked to disable the corresponding option in their browser settings. Stored cookies can be deleted in the browser settings. Excluding cookies may lead to limitations of this online service's functionality.

A general objection to the use of cookies for online marketing purposes can be made via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Additionally, cookies can be disabled in the browser settings. Please note that some features of this online service may not be available if cookies are disabled.

Data Deletion


The data we process will be deleted or restricted in its processing under Articles 17 and 18 GDPR. Unless otherwise stated in this privacy policy, data stored by us will be deleted once it is no longer needed for its intended purpose and no legal retention obligations apply. If data cannot be deleted, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to German law, data must be retained for 10 years as per §§ 147(1) AO, 257(1) No. 1 and 4, 4 HGB (books, records, annual reports, accounting documents, etc.) and for 6 years according to § 257(1) No. 2 and 3, 4 HGB (commercial correspondence).

According to Austrian law, data must be retained for 7 years according to § 132(1) BAO (accounting documents, invoices, accounts, business papers, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states, where the Mini-One-Stop-Shop (MOSS) is used.

Contacting Us


When contacting us (e.g., via contact form, email, phone, or social media), the user's information is processed for the purpose of handling the contact request and its processing under Article 6(1) lit. b. (within the scope of contractual/pre-contractual relationships), Article 6(1) lit. f. (other inquiries) GDPR. The information may be stored in a Customer Relationship Management (CRM) system or a comparable inquiry organization.

We delete the inquiries as soon as they are no longer required. We check the necessity every two years; statutory archiving obligations apply.

Hosting and Email Dispatch


The hosting services we use provide the following: infrastructure and platform services, computing capacity, storage space, database services, email dispatch, security services, and technical maintenance services, which we use for operating this online service.

In this context, we process or our hosting provider processes inventory data, contact details, content data, contract data, usage data, meta- and communication data of customers, prospects, and visitors of this online service based on our legitimate interests in providing this online service efficiently and securely under Article 6(1) lit. f GDPR in conjunction with Article 28 GDPR (processing agreement).

Google Analytics


Based on our legitimate interests (i.e., interest in analyzing, optimizing, and operating our online service economically in the sense of Article 6(1) lit. f GDPR), we use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about your use of the online service is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement, offering a guarantee of compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online service by users, to compile reports on activities within the online service, and to provide other services related to the use of this online service and internet use. Pseudonymous usage profiles of users may be created from the processed data.

We use Google Analytics with IP anonymization enabled. This means the user's IP address will be shortened by Google within EU member states or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser will not be merged with other data by Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online service by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at:

http://tools.google.com/dlpage/gaoptout?hl=en.

Further information on data processing by Google, opt-out options, and privacy settings can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for Google ad personalization (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymized after 14 months.

Online Presence in Social Media


We maintain online presences within social networks and platforms to communicate with active customers, prospects, and users there and to inform them about our services.

Please note that data of users may be processed outside the European Union. This may result in risks for users, as enforcing their rights could be more difficult. In the case of US providers certified under the Privacy Shield, they commit to complying with EU data protection standards.

Furthermore, the data of users is processed according to the respective terms of use of the respective platform.

Processed Data Categories


Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text input, photographs, videos), usage data (e.g., visited web pages, interest in content, access times), meta-/communication data (e.g., IP addresses, device information).

Legal Basis


The processing of personal data of users is based on our legitimate interests according to Article 6(1) lit. f GDPR. Our interest lies in conducting our business and marketing activities. Processing beyond these purposes will only take place if we have obtained explicit consent from the users or if it is legally required.

bottom of page