Epteca Privacy Statement and Policy
Last updated: May 29th, 2018
Epteca GmbH (hereinafter only referred to as “Epteca” or ”we” or “our”) takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the provisions of data protection law. This Privacy Statement tells you about the information we collect from you when you use our websites or app. In collecting this information, we are acting as a Data Controller and, by law, we are required to provide you with information about us, about why and how we use your Personal Data, and about the rights you have over your Personal Data.
I. SUBJECT OF DATA PROTECTION
Subject of data protection is personal data. Data is personal if it can be assigned to an identified or identifiable natural person. This includes information such as names, addresses, email addresses and telephone numbers.
II. COLLECTION, PROCESSING AND USE OF PERSONAL DATA ON REQUEST
The use of our websites and app is generally possible without providing personal data. You are neither obliged to visit this website or app nor to provide any personal data. If you do not provide us with personal data, you might not be able to use individual functionalities of this website. Otherwise there will be no consequences for you. The collection of users’ personal data on Epteca site and app is always on a voluntary basis, except in the cases described in the following. We would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible. We collect, process and use your personal data which you have provided us, to the extent necessary in each case for the following purposes:
1. Registration and execution of the contract
» Data that you provide when setting up an account, such as your name, email address, telephone number, mobile phone number, address and data which will be provided depending on the service you use
» We collect, process and use transaction data regarding your activities on the websites (e.g. purchases, content that you generate or that relates to your account)
» Billing and other data you provide for the purchase
» Data collected in the context of reviews, chats and correspondence on the website or by email, fax and post
» Other personal data that we may ask you to provide for special purposes
» If you voluntarily provide us with additional personal data during registration or employment inquiry, this data will also be used for the implementation of the usage relationship.
2. Contact establishment
If you provide us with personal data for the purpose of contacting us, this data will be used by us as this is necessary for the purpose of the respective communication.
Epteca may process and use your personal data for marketing purposes, e.g. to send emails with general information or of an advertising nature (newsletter), on the basis of the declaration of consent you have given us. You can revoke the declarations of consent granted to us in this regard at any time with effect for the future. If you wish to opt-out of receiving these emails from us, please follow the instructions contained in an applicable email you receive from us, which will allow you to opt-out of receiving these types of email communications from us. In addition, you can object to this use - insofar as we use your personal data within the legally permissible framework for e.g. postal marketing measures. In both cases, an email to the following address is sufficient: firstname.lastname@example.org.
4. Information you provide to Payment Processors
All payments made are processed by a PCI/DSS-compliant (these are payment card industry security standards) payment processing service engaged by us. All information collected by these third-party providers for purposes of processing your payments is not available to us.
5. Aggregate Information
We may share information with affiliated third parties on an anonymous, aggregate basis.
III. DATA PROCESSING TO ENABLE THE USE OF THE WEBSITE
When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end and subject of your use of the website as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to users’ preference. This data is always deleted as soon as it is no longer required and if there are no storage obligations. For information on the processing of pseudonymous usage profiles, see item VII.
IV. DATA PROCESSING FOR MOBILE APPLICATIONS AND DEVICES
When you download data, use our mobile applications or access one of our websites or apps optimized for mobile devices, we may collect information about you and your mobile device as described above in this statement. This can include location data, for example, if you release it for our mobile application. We use this information to provide you with location-based services such as search results and other personalized content, if approved by you and your device. You can control or deactivate location services from the settings menu on most mobile devices. If you have questions about deactivating location services on your device, we recommend that you contact your mobile service provider or the manufacturer of your device.
V. DATA COLLECTED FROM OTHER SOURCES
We may obtain additional information about you from third parties to supplement our account information to the extent permitted by law. This includes demographic and navigation data, credit check data and other information from credit agencies, to the extent permitted by law.
When you visit our websites or app, information may be stored on your computer in the form of a cookie.
1. What are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a certain webpage. Cookies are then sent back to the originating webpage on each subsequent visit, or to another webpage that recognizes that cookie. Cookies are widely used to make website work, or to work more efficiently, as well as to provide information to the owners of the website. Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. Cookies may tell us, for example, whether you have visited our websites before or whether you are a new visitor. There are two broad categories of cookies:
» first party cookies served directly by us to your computer or mobile device;
» third party cookies, which are served by a third party on our behalf. We may use third party cookies for functionality, performance, analytics, advertising, tracking and social media purposes.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are session cookies, meaning that they are stored only temporarily during a browsing session and expire when you close your browser. Other cookies are persistent cookies, meaning that they are saved on your computer or mobile device for a fixed period and are not deleted when browser is closed. They can be used to recognize your computer or mobile device when you open your browser and browse the Internet again.
» enable, facilitate and streamline the functioning of and access to our websites and app;
» track traffic flow and patterns in connection with our websites and app;
» understand the total number of visitors to our websites and app on an ongoing basis and the types of internet browsers (e.g. Firefox, Chrome or Internet Explorer) and operating systems (e.g. Windows or Mac OS) used by our visitors;
» monitor the performance of our websites and app and continually improve it;
» customize and enhance your online experience.
3. What types of Cookies do we use?
The types of cookies that we may use in connection with our website can be classified into one of four categories, namely “cookies necessary for essential purposes”, “performance and analytics cookies”, “functionality cookies”, “advertising and tracking cookies”.
» Cookies necessary for essential purposes: these are required for the operation of our website e.g. cookies that enable you to log into secure areas of our website.
» Performance and analytics cookies: they allow us to recognise and count the number of visitors and see how visitors move around our website when they are using it. This helps us improve the way our website and app work by identifying and rectifying any errors, and ensuring that users are finding what they are looking for easily.
» Functionality cookies: these are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences e.g. your choice of language or region.
» Advertising and tracking cookies: these record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
» Third Party Cookies: On some pages of our websites, third parties that provide applications (e.g. maps) through our websites may set their own cookies to track the success of their applications or customize applications for you. Because of how cookies work, we cannot access these cookies, nor can the third parties access the data in cookies used by us.
4. How to control or delete Cookies?
You have the right to accept or stop cookies from being stored on your device at any time by modifying the settings in your web browser to reflect your cookie preferences. Please be aware that you may not be able to use all the interactive features of the website and/or online courses and content once cookies are disabled. Most browsers offer instructions on how to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser.
VII. PSEUDONYMOUS USAGE PROFILES (WEB TRACKING AND ANALYSIS)
Epteca uses web tracking systems for market research and to make your use of our websites and apps as pleasant as possible. This allows us to further develop our websites and app and tailor content to your needs. For information about how tracking works for online advertising purposes, and what happens when you elect a do-not-track option, visit http://www.aboutads.info/choices.
VIII. LEGAL BASIS FOR DATA PROCESSING
If you reside within the European Economic Area (EEA), our processing of your personal information will be legitimized as follows:
(i.) Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article in the GDPR describes when processing can be done lawfully.
(ii.) If the processing of your personal data is necessary for the performance of a contract between you and Epteca or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).”). If this data is not processed, Epteca will not be able to execute the contract with you.
(iii.) Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), for example complying in the fields of employment law.
(iv.) And where the processing is necessary for the purposes of Epteca legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f), for example to detect fraud.
XIX. DATA PROCESSOR ON BEHALF OF THE DATA CONTROLLER
Where Epteca are a Data Processor on behalf of the Data Controller for your Personal Data, we will:
» only act on the written instructions of the Data Controller;
» not use a sub-processor without the prior written authorisation of the Data Controller;
» co-operate with the relevant supervisory authority;
» ensure the security of its Processing;
» keep records of our Processing activities; and
» notify any Personal Data breaches to the Data Controller.
X. SOCIAL NETWORKS
Our websites contains links to social networks (Facebook, Instagram, Twitter, Google+, Pinterest, LinkedIn). These social networks are operated exclusively by third parties. If you follow the links, information may be transmitted to these third parties.
XI. TRANSMISSION TO THIRD PARTIES
Your personal data will only be transmitted to third parties if this is legally permitted or if you have given your prior consent. In particular, we will not sell your data to third parties or market it in any other way. We will only disclose your data to government authorities as part of legal obligations or as a result of an official order or court decision. We have bound our employees and partners to secrecy and to comply with data protection regulations.
XII. HOW WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
Except as set forth in this Privacy Statement or when specifically agreed to by you, we will not disclose personal information we gather from you to third parties unless we are required to share this information to complete your request or for legitimate business purposes. Epteca shares personal information in the following circumstances: We may share your information with vendors or third parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of Epteca. These third parties may include, for example, our third-party (technology) providers, Suppliers and partners. These third-party service providers will only have access to the information needed to perform these limited functions on our behalf.
XIII. DATA TRANSMISSION TO COUNTRIES OUTSIDE THE EU
As far as this is necessary for the initiation or execution of the contract - e.g. to process bookings for activities in countries outside the EU - we will transmit your data outside the EU.
The same applies if such a transmission turns out to be necessary for our purposes. In this respect, we ensure that the data recipient guarantees an appropriate level of data protection and that no other interests worthy of protection conflict with the data transmission.
Epteca relies on derogations as set forth in Article 49 of the GDPR in the event no “adequacy” decision and no other safeguards under the GDPR are in place (for example binding corporate rules on the transfer outside the EEA).
In particular, we collect and transfers to countries outside the EU personal data only: with your explicit consent; to perform a contract with you; in a manner that does not outweigh your rights and freedoms. If this data is not processed and transferred, Epteca will not be able to execute the contract with you or you will not have access to any or all of the benefits and features associated with your transaction. We endeavour to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Epteca and the practices described in this Privacy Statement. In the event that you have any questions to this end, please contact our Data Protection Officer at email@example.com.
XIV. HOW LONG WE KEEP DATA AND DELETION OF DATA
We retain data for the duration of your business relationship with us and otherwise as required under applicable law. Personal data will be kept for no longer than is necessary for the purposes for which your personal data are processed. We must also consider periods for which we might need to retain personal data to meet our legal obligations or to deal with complaints and queries.
If you are in the European Economic Area, at the moment you withdraw your consent for the processing of your personal data, all your personal data received and stored are erased if no longer needed by us. Unless we are required to retain this personal data by law or to comply with our regulatory obligations. In such a case, we will only keep this personal data for as long as necessary.
XV. DATA SECURITY
Epteca has taken the necessary technical and organisational measures to protect the personal data provided by you against loss, destruction, manipulation and unauthorized access. Our employees and all persons involved in data processing are obliged to comply with the data protection laws and to treat personal data confidentially. Our employees have been trained accordingly. We use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission, to protect the personal data of our users. You can see this from the fact that an "s" (https://) is added to the address component http://, or a green, closed lock icon is displayed. By clicking on the icon, you will receive information about the SSL certificate used. The display of the icon depends on the browser version used by you. The SSL encryption guarantees that your data is transmitted in an encrypted and complete way.
XVI. EUROPEAN UNION DATA SUBJECTS RIGHT
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. If you wish to confirm that Epteca is processing your personal data, or to have access to the personal data Epteca may have about you, or have other questions, please contact us via firstname.lastname@example.org.
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Epteca might have received the data from us; what the source of the information was (if you did not provide it directly to Epteca); where the personal data is stored and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by us if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also ask us for your personal data to be supplemented or updated, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. You may withdraw your consent for the processing of personal data or the further processing of personal data by us at any time. You may also request that Epteca ceases using your data for direct marketing purposes. In many countries (including EEA countries), you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Epteca processes your personal data. When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller. You have the right to receive your personal information in a structured and standard format.
In addition to the information contained in this Privacy Statement, you may be provided with additional and contextual information concerning particular services or the collection and processing of your personal data upon request.
XVII. NO AUTOMATED INDIVIDUAL DECISION
We do not use your personal data for automated individual decisions.
XVIII. HOW CAN YOU CONTACT US?
Or by sending an e-mail to our Data protection Officer at: email@example.com.
XIX. CHANGES TO THE PRIVACY STATEMENT
From time to time, we may need to update or modify this Privacy Statement, to reflect changes in our business practices, data collection practices or organization. We reserve the right to amend this Privacy Statement at any time, for any reason, without notice to you, other than the posting of the amended Privacy Statement on our website, or, if you have provided your email address to us, sending you an email notifying you of the amended Privacy Statement. It is strongly recommended to check the Website often, referring to the date of the last modification listed at the top. We will in any case not reduce your rights under this Privacy Statement without your explicit and informed consent. If you do not agree to the changes, you should discontinue your use of the Website, and cease providing personal information to us, prior to the time the modified Privacy Statement takes effect. If you continue using the Website or provide personal information after the modified Privacy Statement takes effect, you will be bound by the modified Privacy Statement.