Imprint
tecways AG
Waldtruderinger Str. 23
81827 Munich
Germany
tel: +49 89 439 87 534
fax: +49 89 430 0047
mail: info@tecways.com
web: www.tecways.com
USt-ID : DE811175473
Registration office: Amtsgericht München
Registration number: HRB 41894
Chief Executive Officer: Dr. S. Gerl
Chairman of the Supervisory Board: Michael Arul
declaration on data protection
It is important to us that we use your personal data only in accordance with the applicable data protection laws and that we act in a transparent manner towards you, with regard to the use of your data. This privacy policy explains what data we collect from you on our website, why we collect it, how we use the collected data and what options and rights you have with regard to the processing of your personal data.
I. Name and address of the data controller
The data controller in accordance with data protection regulation is tecways AG, Waldtruderinger Str. 23, 81827 Munich, Germany
Email: info(at)tecways.com, Web: www.tecways.com
Tel. +49 89 439 87 534, Fax +49 89 430 0047
II. Contact data of the data protection officer
You can contact our data protection officer as follows:
Data Protection Officer, tecways AG, Waldtruderinger Str. 23, 81827 Munich, Germany,
dpo(at)tecways.com, tel. +49 89 439 87 534, fax +49 89 430 0047
III. General information on data processing
1. Scope of the processing of personal data
We collect and use the personal data of our users only to the extent necessary for the provision of a functioning website and of our content and services.
The collection and use of the personal data of our users generally occurs only with the user's consent.
An exception applies in those cases where the prior obtention of consent is not possible for practical reasons, and where the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain consent for the processing of personal data from the person concerned, Section 6(1a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
With regard to the processing of personal data required for the performance of a contract to which the affected person is party, Section 6(1b) GDPR shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. As far as the processing of personal data is required for compliance with a legal obligation to which our company is subject, Section 6(1c) GDPR shall serve as the legal basis.
If processing is required in order to maintain a legitimate interest of our company or that of a third party, and if the interests, fundamental rights and freedoms of the party concerned do not outweigh the former interest, then Section 6(1f) GDPR shall serve as the legal basis for the processing.
3. Deletion of data and duration of storage
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer exists.
In addition, storage may occur if provision is made for it by European or national legislators in EU legal regulations, laws or other rules to which the data controller is subject.
The blocking or deletion of data is then also carried out if the specified storage period specified under the standards referred to expires, unless the data needs to be stored for a further period of time for the purpose of the conclusion of a contract or contract performance.
IV. Provision of website and creation of log files
1. Description and scope of data processing
Upon every visit to our website, our web server automatically collects data and information from the system of the computer used to visit the website. The following data is collected:
1. Information about the browser type and version used
2. Operating system of the user
3. IP address of the user
4. Date and time of access
5. Websites from which the user's system accessed our website
The data is also stored in the log files of our web server. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Section 6(1f) GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the web server is necessary to enable the website to be delivered to the user's computer. This requires the storage of the user's IP address for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us to optimise the website and to ensure the safety of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.
Our legitimate interest in the processing of data also lies within these purposes, pursuant to Section 6(1f) GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required for the achievement of the purpose of its collection. In the case of the collection of data for the provision of the website, this is the case if the session has finished.
In the case of storing the data in log files, this is the case after seven days at the latest. Storage which exceeds these time periods is possible. In this case, the IP addresses of the users are deleted or altered, so that assignment to the accessing client is no longer possible.
5. Opting out and removal options
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the internet page. There is therefore no possibility of the user opting out of this.
V. Contact form, email contact, telephone contact
1. Description and scope of data processing
Contact forms on our website are available and can be used for electronic contact. If a user takes this option, the data entered in the input mask is sent to us and stored. This data comprises:
a) Title, name
b) Company
c) Email, telephone number
d) Reason for making contact
e) In addition, the following data is stored at the time the message is sent:
f) Date and time the message is sent
Within the scope of the sending process, your consent is requested for the processing of the data, and reference made to this privacy policy.
Alternatively, contact us via the provided email addresses. In this case, the user's personal data sent via email is stored.
An other option is to make contact via telephone. In this case, the user's telephone number is communicated along with the call, as necessary.There is no transfer of data to third parties in this respect. The data will be used exclusively for handling the conversation.
2. Recipients
The data will be used exclusively within the tecways Group for processing the conversation. As a rule, the tecways Group company responsible for your location will contact you regarding your request. Should your site be within the EU, your data will not be forwarded to companies in the tecways Group outside the EU without your consent. Data is not transferred to other third parties in this context.
3. Legal basis for data processing
The legal basis for the processing of the data is Section 6(1a) GDPR, where the user has provided consent.
The legal basis for the processing of the data in the course of sending an email is Section 6(1f) GDPR. If the email sent has the aim of concluding a contract, Section 6(1b) GDPR forms the additional legal basis for processing.
4. Purpose of the data processing
The processing of the personal data from the input mask is performed solely for handling your email/telephone call etc. The other personal data processed during the course of the sending the contact form serves to prevent the misuse of the contact form.
In the event of contact via email or telephone, this also constitutes the legitimate interest in the processing of the data.
5. Duration of storage
The data will be deleted as soon as it is no longer required for the achievement of the purpose of their collection.
For that personal data from the input mask of the contact form which has been sent by email, and for data logged in the contact process, this is the case when the given conversation with the user has ended. The conversation is ended at the latest when it is clear from the circumstances that the relevant facts have been conclusively clarified.
In the case of a telephone call, the number will be overwritten cyclically by the next call, chronologically speaking.
6. Opting out and removal options
The user has the option of revoking his/her consent for the processing of personal data at any time.
If the user has email or telephone contact with us, he/she may object to the storage of his/her personal data at any time. In such a case, the conversation cannot be continued.
Please send your objection to:
tecways AG, Waldtruderinger Str. 23, 81827 Munich, Germany,
dpo(at)tecways.com, tel. +49 89 439 87 534, fax +49 89 430 0047
All personal data that has been stored in the course of the contact process will in this case will be deleted.
The transfer of the telephone number is handled via your telephone or via your telephone provider, and is communicated to us. Therefore, you as a user have full control over the disclosure of your telephone number:
By modifying the settings on your phone, or by your service provider modifying your phone system, you can disable the communication of the number.
VI. Web analytics by Google Analytics, use of cookies
1. Scope of the processing of personal data
On our website, we use the analysis software Google Analytics for analysing our users' surfing behaviour. The software places a cookie on the user's computer.
Cookies are text files that are stored in the internet browser or on the user's computer system by the internet browser. When a user visits a website, a cookie is stored on the user's operating system. This cookie contains a characteristic string, enabling the unique identification of the browser when you revisit the website.
If individual pages of our website are visited, the following data is stored:
a) The first two bytes of the IP address of the user's system used for the visit
b) The webpage visited
c) The website via which the user accessed the webpage (referrer)
d) The subpages visited via the visited webpage
e) The duration of visit to the website
f) The frequency with which the webpage is visited
In this respect, the software runs on the servers of the service provider, Google Analytics. The software is set up such that the IP addresses will not be stored completely; rather the last two bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, the assignment of the truncated IP address to the accessing computer is no longer possible.
2. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of users is Section 6(1f) GPDR.
3. Purpose of the data processing
The processing of users' personal data allows to analyse our users' surfing behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continually improve our website and its user friendliness. Our legitimate interest in processing data also lies within these purposes, pursuant to Section 6(1f) GDPR. By anonymising the IP address, sufficient account is taken of the users' interest in protecting their personal data.
4. Duration of storage; options for raising objections and for removal
Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies:
By modifying the settings in your internet browser, you can disable or restrict the transfer of cookies.
Previously stored cookies can be deleted at any time. This can also be done in an automated manner. If cookies are disabled for our website, it may be that not all of the features of the website can henceforth be used to their full extent.
You can prevent collection by Google Analytics by clicking on the link below. An opt-out cookie will be used, which will prevent the future collection of data upon visiting this website. In this way, another cookie is placed on your system, which tells our system signals not to store the user's data. If, in the meantime, the user deletes the appropriate cookie from his/her own system, he/she must once again accept the opt-out cookie.
More information about terms of use and privacy by Google can be found here:
http://www.google.com/analytics/terms/gb.html or here http://www.google.com/intl/de/analytics/privacyoverview.html.
VII. Your rights
If your personal data is processed, then you are the "party concerned" within the meaning of the GDPR, and you have the following rights vis-à-vis the data controller:
1. Right to information
You can request confirmation from the data controller as to whether personal data relating to you is being processed by us.
If such processing is indeed taking place, you can request the following information from the data controller:
a) the purposes for which the personal data is being processed;
b) the categories of personal data which are being processed;
c) the recipients and/or categories of recipients to whom the personal data has been or will be disclosed;
d) the planned duration of the storage of personal data relating to you or, if specific details are not available in this respect, the criteria for determining the duration of storage;
e) the existence of a right to correction or deletion of personal data concerning you, of the right to limitation of processing by the data controller or of the right to object to this processing;
f) the existence of a right of appeal to a supervisory authority;
g) all available information concerning the source of the data, if the personal data is not collected from the person concerned;
h) the existence of an automated decision-making system including profiling according to Section 22(1) and (4) of the GDPR and – at least in these cases – significant information as to the logic involved and the scope and desired impact of such processing for the person concerned.
You have the right to demand information as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may demand information regarding the appropriate guarantees according to Section 46 GDPR, in connection with such transfer.
2. Right to correction
You have a right to have the data controller corrected and/or complete your processed personal data, where it is inaccurate, or incomplete. We will undertake this correction immediately.
3. Right to restriction of processing
In the following situations, you may demand the restriction of the processing of personal data concerning you:
if you dispute the accuracy of your personal data for a period of time which allows the data controller to check the correctness of the personal data;
the processing is unlawful and your waive the right to have your personal data deleted, and instead demand the restriction of the use of the personal data;
the data controller no longer requires the personal data for the purposes of processing, but does require it for the assertion, exercise or defence of legal claims, or
if you raise an objection to the processing in accordance with Section 21(1) GDPR and it has not yet been decided whether our legitimate reasons as the data controller prevail over the grounds you cite.
If the processing of personal data has been restricted, this data – irrespective of its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interests of the European Union or of a Member State.
If the restriction on processing has itself been restricted according to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You may demand of the data controller that your personal data is deleted immediately, and the data controller is obliged to immediately delete this data insofar as one of the following reasons applies:
Your personal data is no longer necessary for the purposes for which they were collected or processed in any other way.
You revoke your consent to processing based on Section 6(1a) or Section 9(2a) GDPR, and there is a lack of any legal basis for the processing.
Your raise an objection against the processing of the data, pursuant to Section 21(1) GDPR, and no legitimate reasons for processing exist, or you raise an objection against the processing pursuant to Section 21(2) GDPR.
Your personal data has been processed unlawfully.
The deletion of your personal data is required in order to comply with a legal obligation in accordance with EU law or the law of the Member States to which the data controller is subject.
Your personal data is collected in relation to services rendered by the information society in accordance with Section 8(1) GDPR.
b) Information for third parties
If the data controller has made your personal data public and if it is obliged to delete it pursuant to Section 17(1) GDPR, then it shall perform appropriate measures – taking into account the available technology and the implementation costs – including measures of a technical nature, in order to inform the party responsible for the data processing that you, as a person concerned, have demanded the deletion of all links to this personal data and of any copies or replicas of this personal data.
c) Exceptions
The right of deletion does not apply if the processing is required:
i. to ensure the exercise of the right to freedom of expression and information;
ii. for the fulfillment of a legal obligation, where the latter requires processing in accordance with EU law or the law of the Member States to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of public authority, where this has been transferred to the data controller;
iii. for the assertion, exercise or defence of legal claims.
5. Right to information
If you have asserted the right to correction, deletion or restriction of the processing of the data vis-à-vis the data controller, then the latter is obliged to communicate this correction, deletion or restriction to all recipients to whom the personal data has been disclosed, unless this proves to be impossible or would involve disproportionate effort.
You have the right to demand that the data controller informs you about these recipients.
6. Right to data portability
You have the right to receive the personal data you have provided to the data controller in a structured, common and machine-readable format. You also have the right to communicate this data to another data controller without interference from the data controller to whom the personal data were first provided, if the processing is based on a consent according to Section 6(1a) GDPR or Section 9 (2a) GDPR or on a contract pursuant to Section 6(1b) GDPR and the processing is performed using automated procedures.
In exercising this right, you also have the right to have your personal data transferred directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.
7. Right of objection
You have the right to raise objections – at any time and for reasons related to your specific situation – to the processing of your personal data, where this processing occurs pursuant to Section 6(1e) or (1f) GDPR.
The data controller shall no longer process your personal data, unless it can state grounds worthy of defence which outweigh your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defence of legal claims.
8. Right of revocation of the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. By revoking consent, the lawfulness of the processing carried out on the basis of the consent up until the time of revocation shall not be affected.
9. Right to file a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you are entitled to file a complaint with a supervisory authority in the Member State where you reside, the Member State in which your place of work is located or where the alleged infringement took place, if you are of the opinion that the processing of personal data breaches the GDPR.
The supervisory authority to which the complaint is filed will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Section 78 GDPR.
Your competent supervisory authority is that of your place of residence:
Supervisory authorities in Europe:
http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Supervisory authorities in Germany are organised by federal state.