Co-creating Digital Sovereignty

Data protection

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

ZenDiS GmbH
Suttner-Nobel-Allee 4
44803 Bochum Germany

Email: hallo@zendis.de
Phone: 0234 3671503-0

Name and address of the data protection officer

The data protection officer of the controller is:

dsgvoschutzteam.com - Lukmann Consulting GmbH
Packerstraße 131a
A-8561 Söding

Phone: +49 7223 95 666 77
Email: service@dsgvoschutzteam.com

General information on data processing

Legal basis for the processing of personal data

In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not specified in the data protection notice, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR. Art. 7 GDPR. The legal basis for the processing for the fulfillment of our services and the implementation of contractual measures as well as for answering inquiries is Art. 6 para. 1 lit. b GDPR. The legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c GDPR. If the processing of your data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Data erasure and storage duration

We adhere to the principles of data minimization in accordance with Art. 5 para. 1 lit. c GDPR and storage limitation in accordance with Art. 5 para. 1 lit. e GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the retention periods stipulated by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.

External links

This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to one of the websites outside our responsibility, please note that these websites have their own data protection information. We accept no responsibility or liability for these third-party websites and their data protection information. Therefore, before using these websites, please check whether you agree with their data protection declarations.

External links can be recognized either by the fact that they are displayed in a different colour from the rest of the text or underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. In particular, the operator of the other website will receive your IP address, the time at which you clicked on the link, the page on which you clicked on the link and other information that you can find in the data protection information of the respective provider.

Please also note that individual links may result in data being transferred outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal remedies against this data access. If you do not want your personal data to be transferred to the link destination or even to be exposed to unwanted access by foreign authorities, please do not click on any links.

Rights of the data subject

As a data subject within the meaning of the GDPR, you have the possibility to assert various rights. The data subject rights arising from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).

Right to object:
Some data processing can only take place with your express consent. You have the option to withdraw your consent at any time. However, this does not affect the lawfulness of the data processing up to the point of withdrawal.

Right to object:
If the processing is based on Art. 6(1)(e) or (f) GDPR, you as the data subject may object to the processing of your personal data at any time for reasons arising from your particular situation. You also have this right in the case of profiling based on these provisions within the meaning of Art. 4(4) GDPR. Unless we can demonstrate a legitimate interest in the processing that outweighs your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims, we will refrain from processing your data after the objection has been made.

If the processing of personal data is for the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling in connection with direct advertising. Here too, we will no longer process personal data as soon as you object.

Right to lodge a complaint with a supervisory authority: If you consider that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

Right to data portability:
If your data is processed automatically on the basis of consent or fulfillment of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. You also have the right to request the transfer and provision of the data to another controller, insofar as this is technically feasible.

Right to information, rectification and erasure:
You have the right to obtain information about your processed personal data regarding the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions on this topic or other topics relating to personal data, you can of course contact us using the contact details provided in the legal notice.

Right to restriction of processing:
You can request the restriction of the processing of your personal data at any time. To do so, you must meet one of the following requirements:

  • You contest the accuracy of the personal data. For the duration of the verification of the accuracy, you have the right to request the restriction of processing.

  • If processing is unlawful, you can request the restriction of the use of the data as an alternative to erasure.

  • If we no longer need your personal data for the purposes of processing, but you need the data for the assertion, exercise or defense of legal claims, you can request the restriction of processing as an alternative to erasure.

  • If you object to the processing in accordance with Art. 21 (1) GDPR, a balance will be struck between your interests and ours. Until this balancing has taken place, you have the right to request the restriction of processing.

Restriction of processing means that, apart from storage, the personal data may only be used with your consent or for the establishment, exercise or defense of legal claims or for the protection of personal data. The personal data may only be processed, with the exception of storage, with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Provision of the website (web host)

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s).
We automatically collect and store information in so-called server log files that your browser automatically transmits to us when you access the website. These are:

  • Browser type and browser version

  • Operating system used

  • Referrer URL

  • Host name of the accessing computer

  • Time of the server request

  • IP address

This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR, our legitimate interest in the technically error-free presentation and optimization of our website.
Our host(s) will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. For this purpose, we have concluded the necessary data protection contracts in accordance with Art. 28 GDPR.

We use the following hoster(s):
IPHH Internet Port Hamburg GmbH
Wendenstrasse 408
20537 Hamburg
Germany

Use of AWStats

We use AWStats on this website, a free web analysis software from the developer Laurent Destailleur (contact@destailleur.fr), which is available at www.awstats.org. AWStats is used to analyze log files (technical log files) that web servers create based on visitor requests. AWStats generates reports as HTML pages that can be viewed with a browser and, for example, linked directly from the analyzed website.

AWStats does not use cookies or similar technologies for the analysis. The analysis is carried out using the log files stored on our server, which also contain IP addresses. This data cannot be assigned to specific persons. This data is not merged with other data sources, and the log files are automatically deleted after one month following a statistical analysis. No data is passed on to third parties by the program. In particular, no data is transferred abroad, as our server is located in Germany. Further information on data protection in the measurement process can be found at www.awstats.org and on the IVW data protection page (only available in German): https://www.ivw.de/datenschutz

We use the AWStats software to analyze and regularly improve the use of our website. The statistics obtained help us to improve our offer and make it more interesting for you as a user. The legal basis for the use of the SZM procedure is Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with our legitimate interests mentioned above.

Use of local storage items, session storage items and cookies

Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables the storage of data within the browser on your end device. This data usually contains user preferences, such as the "day" or "night" mode of a website, and is retained until you delete the data manually. Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.

These objects can also be stored on your end device by third-party companies when you enter our site (third-party requests). This enables us as the operator and you as a visitor to this website to make use of certain third-party services that are installed on this website. Examples of this include the processing of payment services or the display of videos.

These mechanisms can be used in a variety of ways. They can improve the functionality of a website, control shopping cart functions, increase the security and convenience of website use and perform analyses of visitor flows and behavior. Depending on the individual functions, these must be classified in terms of data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or serve to optimize the website (e.g. cookies to measure visitor behavior), they are used on the basis of Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the storage of local storage items, session storage items and cookies for the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Art. 6 para. 1 lit. a GDPR).

If local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.

HR systems

We use software to better record, store and manage information relating to personnel administration. Personal data, in particular name, address and salary data, is stored in HR systems.

Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the lawfulness of the processing carried out prior to the withdrawal.

recruitee

We use the recruitee service on our website. The provider of the service is Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands.

Further information can be found in the provider's data protection information at the following URL: recruitee.com/en/privacy-policy

Presence on LinkedIn

Social networks process personal data of their users to a large extent. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to assign IP addresses to individual users. We have no influence on this data processing. We would like to point out that you use our profiles on the social networks and their functions on your own responsibility. Details on data processing can be found in the operator's privacy policy.

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

For more detailed information on the handling of personal data, please refer to the following LinkedIn privacy policy: linkedin.com/legal/privacy-policy

The purpose of our profiles on social media platforms is to increase our online presence and thus raise our profile. Therefore, the legal basis is legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Furthermore, with regard to the processing activities by the social networks, reference must be made to their own legal bases (e.g. consent pursuant to Art. 6 para. 1 lit. a GDPR), which you can find in the respective privacy policy.

In principle, we are jointly responsible with the social media platform for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with Art. 15 et seq. of the GDPR against both the social media platform and us. However, we would like to point out that we have no influence on data processing by the social media platform.