Privacy

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “Data”) within our online offering and the related websites, features and content, as well as external online presence, e.g. our social media profiles on. (collectively referred to as “online offer”). With regard to the terminology used, e.g. “Processing” or “Responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1. Name and contact details of the controller and the company data protection officer

This privacy policy applies to data processing by:

Responsible:

Grobmeier Solutions GmbH
GF: Christian Grobmeier
Wiesenring 84i
86899 Landsberg am Lech
E-Mail: cg@grobmeier.de
Telefon: 08191 3318186

2. Collection and storage of personal data and the nature and purpose of their use

a) When visiting the website

When you visit our website https://www.timeandbill.de/, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file,
  • website from which access is made (referrer URL),
  • The browser used and, if applicable, the operating system of your computer and the name of your access provider.

The data mentioned are processed by us for the following purposes:

  • ensuring a smooth connection of the website,
  • ensuring comfortable use of our website,
  • Evaluation of system security and stability as well
  • for further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case we use the collected data for the purpose of drawing conclusions about you. In addition, we use cookies and analysis services when visiting our website. Further details can be found under no. 4 and 5 of this privacy policy.

b) Registration / Registration

Users can create a user account. All you need to do is enter an e-mail address and a password. The data entered during registration will be used for the purpose of using the offer. Users can record working hours in their user account. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is for commercial or tax law reasons according to Art. 6 para. 1 lit. c DSGVO necessary. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

As part of the use of our Regsitrierungs- and registration functions and the use of user accounts, the IP address and the time of the respective user action will save. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c DSGVO. The IP addresses will be anonymized or deleted after 7 days at the latest.

3. Disclosure of data

A transfer of your personal data to third parties for purposes other than those listed below does not take place. We only share your personal information with third parties if:

 - You your according to Art. 6 para. 1 p. 1 lit. a GDPR have given express consent to this  - disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,  - in the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR is a legal obligation, as well  - as permitted by law and according to Art. 6 para. 1 sentence 1 lit. b GDPR is required for the settlement of contractual relationships with you.

4. External service providers

Grobmeier Solutions uses the following external service providers who help to optimize the service. Insofar as these service providers process data on behalf of Grobmeier Solutions, agreements have been concluded with them which set the European data protection standards as binding and in particular prohibit the use of the data for other purposes. If we commission third parties to process data on the basis of a so-called “contract processing contract”, this is done on the basis of Art. 28 GDPR.

(a) MailChimp - newsletter delivery + success measurement

Grobmeier Solutions uses the MailChimp service, 512 Means St. Suite 404, Atlanta, GA 30318, USA, to send the newsletter. This service allows Grobmeier Solutions to manage a database of email contacts internally to communicate with users via email.

The service manages data on which date and time emails were read, as well as when the user interacted with incoming emails, for example by clicking on links contained in the email. This is done by so-called web beacons, also called tracking pixels. These are small image files that allow an evaluation of user behavior. The user can object to this tracking at any time by unsubscribing from the newsletter. Such an evaluation is not possible even if the user has disabled the display of images in his email program by default. However, in this case, the newsletter can not be fully displayed and the user may not be able to fully use all features.

(b) Amazon Web Services:- Hosting

Grobmeier Solutions uses the Amazon Web Services (“AWS”) service of Amazon Web Services, Inc., P.O., for hosting the database and web content. Box 81226, Seattle, WA 98108-1226, USA. The data is stored exclusively in a German data center (Frankfurt / Main), which is certified to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. Of course, we have tight access rights and the data is automatically encrypted.   AWS has joined the so-called Privacy Shield Agreement as a company. For more information about AWS and privacy, visit https://aws.amazon.com/en/compliance/eu-data-protection/ and https://aws.amazon.com/privacy/.

(c) Postmark

Shipping Service E-mails: The confirmation and reminder emails are sent by “Postmark”, a newsletter shipping platform of the US provider Wildbit LLC, 225 Chestnut St. Philadelphia, PA 19106, USA. The newsletter is sent by the same provider, as far as no other provider for the sending of newsletters is called. The privacy policy of the shipping service provider can be viewed here: https://wildbit.com/privacy-policy/. Postmark is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt00000004EKYAA2&status=Active).

5. Social Media Plug-ins

We rely on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR social plug-ins from the social networks Facebook, Twitter and Instagram to make our company better known. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the operation compliant with data protection is to be guaranteed by their respective providers. The integration of these plug-ins by us is done by means of the so-called two-click method to protect visitors to our website in the best possible way.

a) Twitter

On our website plugins of the short message network of Twitter Inc. (Twitter) are integrated. The Twitter plugins (tweet button) can be recognized by the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons). When you visit a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter “tweet button” while logged in to your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account. More information can be found in the privacy policy of Twitter (https://twitter.com/privacy).

b) Youtube

On our website we have integrated components from YouTube. YouTube is an internet video portal that allows video publishers to freely watch video clips and other users for free viewing, rating and commenting. YouTube allows the publication of all types of videos, so that both complete film and television broadcasts, but also music videos, trailers or user-made videos via the Internet portal are available.

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Each visit to one of the pages of this site operated by the controller and incorporating a YouTube component (YouTube video) will automatically cause the Internet browser on the subject’s information technology system to be represented by the respective YouTube component to download an illustration of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google are aware of the specific bottom of our site visited by the person concerned. If the data subject is logged in to YouTube at the same time, YouTube recognizes by calling a sub-page containing a YouTube video, which specific bottom of our website the affected person visits. This information is collected by YouTube and Google and associated with the individual YouTube account.

YouTube and Google will always receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube at the time of access to our website; this happens regardless of whether the person clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not wanted by the data subject, it can prevent the transmission by logging out of their YouTube account before calling our website.

YouTube’s privacy policy, available at https://www.google.com/intl/en/policies/privacy/, identifies the collection, processing, and use of personally identifiable information by YouTube and Google.

6. Amazon Affiliate Program

On the basis of our legitimate interests (ie interest in the economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), we are participants in the Amazon EU Affiliate Program, which was designed to provide a medium for websites by means of which the placement of advertisements and links to Amazon.de advertising fee refund can be earned (so-called affiliate system). Amazon uses cookies to track the origin of orders. Among other things, Amazon may recognize that you have clicked the affiliate link on this site and subsequently purchased a product from Amazon. For more information about Amazon’s data usage and opt-out options, please visit the company’s privacy policy: http://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.

7. Affected rights

You have the right:

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can provide information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a The right to complain, the source of their data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
  • in accordance with Art. 16 GDPR, immediately demand the correction of incorrect or complete personal data stored with us;
  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of Legal claims is required;
  • to demand the restriction of the processing of your personal data according to Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you assert this, Exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another person responsible;
  • according to Art. 7 para. 3 GDPR, to revoke your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future and
  • to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our office.

8. Right to object

If your personal data are based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR are processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation. If you would like to exercise your right of revocation or objection, please send an e-mail to cg@grobmeier.de.

9. Data security

We use the popular SSL (Secure Socket Layer) method within the site visit, in conjunction with the highest level of encryption supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we’ll use 128-bit v3 technology instead. Whether a single page of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser.

We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Updating and changing this privacy policy

This privacy policy is currently valid and is valid as of May 2018.

As a result of the further development of our website and offers thereof or due to changed legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be viewed and printed by you at any time on the website at https://www.timeandbill.de.