Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and, in particular, on our websites and within external online presences, e.g. our social media profiles (hereinafter referred to as "online offers").

The terms used are not gender-specific.

Status: 6 March 2024

Content overview

Preamble
Responsible party
Overview of processing
Indicative legal bases
Security measures
Deletion of data
Rights of the persons concerned
Provision of online offers and web hosting
Change and update of the privacy policy

Responsible party (referred to as the "controller" in the GDPR)

The data processing controller on this website is:

Zealience GmbH

Schumannstraße 27, 60325 Frankfurt am Main

info@zealience.com

zealience.com

Overview of processing

The following overview summarizes the types of data processed and the purposes of its processing and refers to the data subjects.

Types of processed data

Usage data
Meta, communication and process data

Categories of persons affected

Users

Purposes of Processing

Security measures
Provision of our online offers and user- friendliness
Information technology infrastructure

Indicative legal bases

Indicative legal basis according to GDPR: We provide below an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or place of residence. Should more specific legal bases be decisive in individual cases, we will inform you about it in the data protection declaration.

Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the law on the protection against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, to the processing of special categories of personal data, to the processing for other purposes and for the transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states can be applied.

Security measures

In accordance with the legal requirements, we take appropriate technical and organizational measures in accordance with the state of the art, the cost of implementation and the nature, the scope, the circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the risk to the data. We also take into account the protection of personal data already during development or selection of hardware, software and procedures according to the principle of data protection, through technology design and through data protection-friendly default settings.

Reduction of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not required, the IP address will be shortened (also known as "IP masking"). Here, the last two digits, or the last part of the IP address, are removed according to one point, or replaced by placeholders. By shortening the IP address, the identification of a person is to be prevented or made significantly more difficult by means of his IP address.

TLS/SSL encryption (HTTPS): To protect the data of users which is transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing Internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as its consent permitted for processing is revoked or other permissions cease (e.g. if the purpose of the processing of this data has ceased to apply or if it is not necessary for the purpose). If the data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Our privacy policy may also include further information on the retention and deletion of data that applies as a priority to the respective processing.

Rights of the persons concerned

Rights of data subjects arising from the GDPR: You have various rights under the GDPR, according to Art. 15 to 21 GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

Right of withdrawal for consent: You have the right to revoke your consent at any time.

Right to information: You have the right to request confirmation as to whether the data in question is being processed and for information about this data as well as further information and a copy of the data in accordance with the legal requirements.

Right to rectification: In accordance with legal requirements, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.

Right to erasure and restriction of processing: You have the right to demand that data concerning you be deleted immediately in accordance with the legal requirements, or alternatively to demand a restriction of the processing of the data in accordance with the statutory requirements.

Right to data portability: You have the right to receive data concerning you that you have provided to us in accordance with the legal requirements in a structured, commonly used and machine-readable format or to request its transmission to another person responsible.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.

Provision of online offers and web hosting

We process the user's data in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or the device of the users. Our website also makes use of web analytics, and tracking and logging are enabled by default. The data is determined either by a pixel or by a log file. Web analytics do not use cookies to protect personal data. The IP address of the user visiting our website is transmitted when a page is retrieved, processed directly anonymously after transmission and without personal reference. The data will not be disclosed to third parties and there is no transfer to third countries.

Processed types of data: Usage data (e.g. websites, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
Affected persons: Users (e.g. Website visitors, users of online services).
Purposes of processing: Provision of our online offers and user-friendliness; technical information infrastructure (operation and provision of information systems and technical devices (computer, server, etc.) .); security measures. For web analytics, the data is collected exclusively for statistical evaluation and for the technical optimization of the website.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing, procedures and services:

Collection of access data and log files: Access to our website and online offers is logged in the form of so-called "server log files". The server log files may include the address and name of the requested websites and files, date and time of access, transferred amounts of data, notification of successful retrieval, browser type and version, the operating system used, referrer (the previously visited website) and, in general, IP addresses (in anonymous form, only used to determine the location of access) and the used device type. The data is collected out of legitimate interest in order to ensure the security and stability of the offer and to be able to provide website visitors with the highest level of quality. The server log files can be used for security purposes, e.g. to avoid overloading of the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand, to ensure the utilization of the servers and their stability.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Deletion of data: Server log files are stored for 8 weeks. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Data processing for e-mail and telephone communications: If you contact us by e-mail or telephone, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass this data on without your consent. This data is processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time. The data sent by you to us via contact requests remains with us until you request us to delete, revoke your consent to the storage, or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Change and update of the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We adjust the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes have an action to help you (e.g. consent) or any other individual notification is required.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before using them.