Privacy Policy

Privacy Policy and Agreements

The use of our Internet pages is basically possible without any indication of personal data. However, if you wish to use special services of our company provided on our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the basic data protection regulation and in accordance with the German data protection regulations applicable to schaal @it UG. With this data protection declaration we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, we inform you about your rights with this data protection declaration.

Table of Contents
1. objective and responsible agency
2. basic information on data processing
3. processing of personal data
4. collection of access data
5. cookies & range measurement
6. Facebook Social Plugins
7. integration of third-party services and content
8. rights of users and deletion
9. changes to the data protection policy

1. objective and responsible agency

This privacy policy explains the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data within our online offer and the associated websites, functions and contents (hereinafter jointly referred to as “online offer” or “website”). This privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed.

The provider of the online offer and the body responsible for data protection is schaal @it UG, Waltersdorfer Chaussee 19A, 12355 Berlin (hereinafter referred to as “Provider”, “we” or “us”). For the contact possibilities we refer to our imprint.

The term “user” includes all customers and visitors to our online offering. The terms used, such as “user”, are to be understood as gender-neutral.

2. basic information on data processing

We process personal user data only in compliance with the relevant privacy policy in accordance with the requirements of data economy and data avoidance. This means that the user’s data will only be processed if there is a legal permission, in particular if the data is required for the provision of our contractual services and online services or is prescribed by law or if there is a consent.

We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

If content, tools or other means from other providers (hereinafter jointly referred to as “third-party providers”) are used within the scope of this data protection declaration and their named registered office is abroad, it is to be assumed that data is transferred to the countries in which the third-party providers have their registered office. Data is transferred to third countries either on the basis of a legal permit, user consent or special contractual clauses that guarantee the data security required by law.

3. processing of personal data

In addition to the use expressly stated in this privacy policy, personal data will be processed for the following purposes on the basis of legal permits or user consents:
– The provision, execution, maintenance, optimization and safeguarding of our services and user benefits;
– Ensuring effective customer service and technical support.

We only transfer user data to third parties if this is necessary for billing purposes (e.g. to a payment service provider) or for other purposes if these are necessary to fulfil our contractual obligations towards the users (e.g. address notification to suppliers).

When contacting us (via contact form or email), the user’s details are stored for the purpose of processing the enquiry and in the event that follow-up questions arise.
Personal data will be deleted as long as they have fulfilled their intended purpose and there is no obligation to store them.

4. collection of access data

We collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

We use the log data without assignment to the user or other profiling according to the legal regulations only for statistical evaluations for the purpose of operation, security and optimization of our online offer. However, we reserve the right to check the log data subsequently if there is a justified suspicion of illegal use based on concrete evidence.

The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer necessary for the fulfilment or initiation of the contract.

If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions. In detail, you will find here our respective deletion periods for the various data categories:

Type: Webserver

Stored data: When and from which IP address was our platform accessed.
Purpose: Protection against misuse and unauthorized access
Deletion period: after 10 days.
Access by: System administration, support/helpdesk, programmer

Type: Mail-Server SMTP, Spam- and Virusfilter

Stored data: Sender, recipient, message ID and size of a sent or received e-mail. Parts of the content or the subject of an e-mail are not saved in this context.
Purpose: To verify that the e-mails entrusted to us have been correctly delivered/received if users complain of the loss of an e-mail and protection against misuse.
Deletion period: after 10 days.
Access by: System administration, support/helpdesk

Type: client support

Stored data: E-mails incl. content and, if applicable, attachments in the ticket system
Optional data: If specified by you, also street/house number, zip/city, country, optional callback telephone number, alternative e-mail address.
Purpose: Provision of customer support services, traceability, verifiability and documentation of contracts and agreements
2 years after the end of the calendar year (statutory limitation claims)
Access by: System administration, support/helpdesk, programmer

5. cookies & range measurement

Cookies are information that is transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Users will be informed about the use of cookies in the context of pseudonymous range measurement within the scope of this data protection declaration.

The viewing of this online offer is also possible under exclusion of cookies. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

It is possible to manage many corporate online ad cookies via the US site http://www.aboutads.info/choices or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/

6. Facebook Social Plugins

Our website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can be recognized by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offer. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

By integrating the plugins, Facebook receives information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users’ privacy, can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his membership data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

7. integration of third-party services and content

It can happen that within our online offer contents or services of third providers, such as city maps or fonts of other websites are integrated. The integration of third-party providers’ content always requires that the third-party providers perceive the IP address of the users, as they would not be able to send the content to the users’ browser without the IP address. The IP address is therefore required for the display of this content. Furthermore, the providers of the third-party content can set their own cookies and process the user’s data for their own purposes. The processed data can be used to create user profiles. We will use this content in a data-saving and data-avoiding manner as far as possible and select reliable third-party providers with regard to data security.

The following presentation provides an overview of third-party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):

External fonts from Google, Inc., https://www.google.com/fonts (“Google Fonts”). The integration of the Google Fonts takes place via a server call with Google (usually in the USA). Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

Maps of the service “Google Maps” of the third party provider Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

SendOwl from Concept Den Limited, Unit 2736, PO Box 6945, London, W1A 6US, United Kingdom for online payment processing. Privacy Policy: https://www.sendowl.com/privacy

Stripe, 185 Berry StreetSuite 550San Francisco, CA 94107 as part of credit card payment via third-party provider SendOwl. Privacy Policy: https://stripe.com/de/privacy

PayPal (Europe) S.à.r.l & Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg for online payment processing.

8. rights of users and deletion

Users have the right, upon request and free of charge, to receive information about the personal data that we have stored about them.
In addition, users have the right to correct inaccurate data, revoke consent, block and delete their personal data and, in the event that unlawful data processing is assumed, to file a complaint with the competent supervisory authority.

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to keep it in safekeeping.

9. changes to the data protection policy

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users’ consent.
Users are asked to inform themselves regularly about the contents of the data protection declaration.

Date: 17.05.2018 11:55