17. May 2018

Privacy Policy

As at: 22.05.2018

Privacy Policy

1. Name and address of the Data Controller

The Data Controller within the meaning of the Datenschutz-Grundverordnung (General Data Protection Regulation) and other national data protection legislation of the member states and other data protection legislative provisions is:

Peak Performance Apps GmbH
Nikolaistraße 28-32
04109 Leipzig
Germany
Tel.: +49 (0) 341 35592050
Email: info[ersetzendurch@zeichen]ppapps.de

2. Name and address of the Data Protection Officer

Christian Stache
Peak Performance Apps GmbH
Nikolaistraße 28-32
04109 Leipzig
Germany
Tel.: +49 (0) 341 35592050
Email: info[ersetzendurch@zeichen]ppapps.de

3. General information about data processing

3.1 Extent of the processing of personal data

We only ever process personal data of our users in so far as this is necessary for the provision of a functioning website and our content and services. Personal data of our users are processed as a rule only with the prior consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legislation.

3.2 Legal basis for the processing of personal data

Provided that we obtain the consent of the person affected (Data Subject) for the processing of personal data, Art. 6 Para. 1. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

With the processing of personal data necessary for fulfilling a contract to which the Data Subject is a party, Art. 6 Para. 1 b GDPR serves as the legal basis. This also applies to the processing activities necessary for the implementation of pre-contractual measures.

If processing of personal data is necessary for the fulfilment of a legal duty to which our company is subject, Art. 6 Para. 1 c GDPR serves as the legal basis.

In the event that the vital interests of the Data Subject or of another natural person make the processing of personal data necessary, Art. 6 Para. 1 d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, basic rights and basic freedoms of the Data Subject do not have precedence over the first-named interest, Art. 6 Para. 1 f GDPR serves as the legal basis for the processing.

3.3 Data deletion and retention period

The personal data of the Data Subject are deleted or quarantined as soon as the purpose of the storage lapses. Storage may continue beyond that if this has been stipulated by European or national legislation in EU regulations, acts or other legislation to which the Data Controller is subject. Quarantining or deletion of the data will also occur when a retention period specified by the above-mentioned legislation lapses unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4. Provision of the website and production of log files

4.1 Description and extent of the data processing

With every instance of access to our website, our system automatically gathers data and information from the accessing system’s computer. Here the following data are recorded:

  1. Information about the browser type and the version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The user’s IP address
  5. Date and time of access
  6. Websites from which the user’s system comes to our website
  7. Websites accessed by the user’s system via our website

The data are also stored in our system’s log files. This does not apply to the user’s IP address or other data that would permit association of the data with a user. There is no storage of these data with other personal data of the user.

4.2 Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 Para. 1 f GDPR.

4.3 Purpose of the data processing

The temporary storage of the IP address by the system is necessary to permit delivery of the website to the user’s computer. For this purpose the user’s IP address must be stored for the duration of the session.

Storage in log files occurs to ensure that the website works. In addition, the data allow us to optimise the website and to guarantee the security of our IT systems. The data are not evaluated for marketing purposes in this context.

These purposes also encompass our legitimate interest in the data processing per Art. 6 Para. 1 f GDPR.

4.4 Retention period

The data are deleted as soon as they are no longer required for the achievement of the purpose for which they were recorded. With the gathering of the data for the provision of the website, this is the case when the relevant session has ended.

With the gathering of the data in log files, this is the case after seven days at the latest. Storage beyond that is possible. In that event, the users’ IP addresses are deleted or altered so that it is no longer possible to associate them with the accessing client.

4.5. Options for withdrawal of consent and deletion

The gathering of the data for the provision of the website and the storage of the data in log files is essential to the operation of the website. So there is no option for withdrawal of consent by the user.

5. Email contact

5.1 Description and extent of the data processing

On our website, it is possible to make contact via the email address provided. In that event, the user’s personal data transmitted with the email are stored. No data are passed on to third parties in this context. The data are used exclusively for the processing of the conversation.

5.2 Legal basis for the data processing

The legal basis for the processing of the data if the user’s consent is given is Art. 6 Para. 1 a GDPR. The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 Para. 1 f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 b GDPR.

5.3 Purpose of the data processing

The processing of the personal data from the input mask serves us only for the processing of the contact made. In the case of contact made via email, the necessary legitimate interest in the processing of the data also applies.

The other personal data processed during the send process serve to prevent misuse of the contact form and to guarantee the security of our IT systems.

5.4 Retention period

The data are deleted as soon as they are no longer necessary for the achievement of the purpose for which they were recorded. For the personal data from the input mask of the contact form and those that are sent via email, that is the case if the conversation concerned with the user has been ended. The conversation is ended if it may be ascertained from the situation that the relevant matter has been definitively dealt with.

The additional personal data recorded during the send process are deleted after a period of seven days at the latest.

5.5 Options for refusal and deletion

The user has an option at any time to withdraw his consent to the processing of his personal data. If the user contacts us via email, he may withdraw his consent to the storage of his personal data at any time. In that event, the conversation cannot be continued. In this case all the personal data stored in the course of contact are deleted.

6. Applications and application procedure

The Data Controller responsible for the processing records and processes the personal data of applicants for the purpose of completing the application procedure. Processing may also be done by electronic means. This is in particular the case where an applicant transmits relevant application documents to the Data Controller by electronic means, for example by email or via a web form located on a website. If the Data Controller concludes an employment contract with an applicant, the data transmitted for the purpose of setting up the employment relationship are stored, observing the legislation. If no employment contract is concluded by the Data Controller with the applicant, the application documents will be automatically deleted two months after the decision not to employ the applicant has been issued in so far as deletion would not be in conflict with any other legitimate interests of the Data Controller. Another legitimate interest in this sense is for instance a burden of proof in proceedings under the Allgemeine Gleichbehandlungsgesetz (AGG, General Equal Treatment Act).

7. Rights of the Data Subject

If personal data of yours are processed, you are a Data Subject within the meaning of GDPR and you have the following rights vis a vis the Data Controller:

7.1 Right to information

You may demand confirmation from the Data Controller of whether personal data concerning you are processed by us. If such processing occurs, you may demand to be told about the following information by the Data Controller:

  1. The purposes for which the personal data are being processed
  2. The categories of personal data being processed
  3. The recipients and/or the categories of recipients to which the relevant personal data have been disclosed or are still being disclosed
  4. The planned retention period of the personal data concerning you or, if concrete statements about this are not possible, criteria for determining the retention period
  5. The existence of the right to the correction or deletion of the personal data concerning you, a right to restriction of the processing by the Data Controller or a right to refuse consent to h23 processing
  6. The existence of a right to complain to a supervisory authority
  7. All available information about the origin of the data if the personal data are not gathered from the Data Subject
  8. The existence of an automatic decision process including profiling per Art. 22 Paras. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and the effects sought with such processing upon the Data Subject.

You are entitled to demand information about whether the personal data concerning you are transmitted to a non-EU country or an international organisation. In this context you may demand to be informed per the appropriate guarantees under Art. 46 GDPR in connection with the transmission.

7.2 Right to correction

You have a right vis a vis the Data Controller to correction and/or completion if the personal data concerning you that are being processed are incorrect or incomplete. The Data Controller must make the correction without delay.

7.3 Right to restriction of the processing

Subject to the following preconditions you may demand the restriction of the processing of the personal data concerning you:

  1. If you dispute the correctness of the personal data concerning you for a period that permits the Data Controller to check the correctness of the personal data
  2. The processing is unlawful and you refuse deletion of the personal data and instead demand restriction of the use of the personal data
  3. The Data Controller no longer requires the personal data for the purposes of processing but you need it for the claiming, exercise or defence of your legal rights or
  4. If you have given notification of refusal of consent to the processing per Art. 21 Para. 1 GDPR and it has not yet been established whether the Data Controller’s legitimate interests take precedence over yours.

If the processing of the personal data concerning you has been restricted, these data may, apart from being stored, only be processed with your consent or for the claiming, exercise or defence of legal rights or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a member state.

If the restriction of the processing was imposed in accordance with the above preconditions, you will be informed by the Data Controller before the restriction is lifted.

7.4 Right to deletion

7.4.1 Duty to delete

You may demand that the Data Controller deletes the personal data concerning you without delay and the Data Controller is obliged to delete these data without delay provided that one of the following reasons applies:

  1. The personal data concerning you are no longer needed for the purposes for which they were recorded or otherwise processed.
  2. You withdraw the consent on which the processing relied per Art. 6 Para. 1. a or Art. 9 Para. 2 a GDPR and there is no other legal basis for the processing.
  3. You give notification of refusal to allow the processing per Art. 21 Para. 1 GDPR and there are no legitimate reasons with precedence for the processing or you give notification of refusal to allow the processing per Art. 21 Para. 2 GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. The deletion of the personal data concerning you is necessary for fulfilment of a legal duty under European Union law or the law of the member states to which the Data Controller is subject.
  6. The personal data concerning you were recorded with regard to services offered by the IT company per Art. 8 Para. 1 GDPR.
7.4.2 Information to third parties

If the Data Controller has disclosed personal data concerning you and if it is obliged per Art. 17 Para. 1 GDPR to delete them, it shall, taking into account the available technology and the cost of implementation, take reasonable measures, including of a technical nature, to inform the Data Controllers who are processing the personal data that you as the Data Subject have demanded that they delete all links to these personal data or copies or replications of these personal data.

7.4.3 Exceptions

There is no right to deletion if the processing is necessary:

  1. for the exercise of the right to the free expression of opinion and information
  2. for the fulfilment of a legal duty which the processing in accordance with the law of the European Union or of the member states to which the Data Controller is subject requires or for the performance of a task that is in the public interest or which occurs in the exercise of official authority that has been delegated to the Data Controller
  3. for reasons of the public interest in the area of public health per Art. 9 Para. 2 h and i and Art. 9 Para. 3 GDPR
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes per Art. 89 Para. 1 GDPR in so far as the right mentioned in Section a) apparently makes the realisation of the aims impossible or seriously restricts it or
  5. for the claiming, exercise or defence of legal rights.

7.5 Right to notification

If you have claimed the right to correction, deletion or restriction of the processing vis a vis the Data Controller, the latter is obliged to notify all recipients to which personal data concerning you has been disclosed of this correction or deletion of the data or restriction of the processing unless this has proved to be impossible or is associated with excessive expense.

You have a right vis a vis the Data Controller to be informed about these recipients.

7.6 Right to data transferability

You are entitled to receive the personal data concerning you that you have provided to the Data Controller in a structured, conventional and machine-readable format. In addition, you are entitled to transfer these data to another Data Controller without any hindrance by the Data Controller to which personal data were provided in so far as

  1. the processing relies on consent per Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 a GDPR or on a contract per Art. 6 Para. 1 b GDPR and
  2. the processing is performed with the aid of an automated procedure.

In exercising this right, you also have a right to have the personal data concerning you transferred directly from one Data Controller to another Data Controller in so far as this is technically possible. The freedoms and rights of other persons must not be adversely affected by this.

The right to data transferability does not apply to the processing of personal data that is necessary to the performance of a task that is in the public interest or which occurs in the exercise of official authority which has been delegated to the Data Controller.

7.7 Right of refusal

You have the right to give notification of refusal to allow the processing of personal data concerning you on the basis of Art. 6 Para. 1 e or f GDPR at any time for reasons arising from their special situation. This also applies to profiling relying on these provisions.

The Data Controller will cease to process the personal data concerning you unless it is able to prove mandatory reasons for the purpose of the processing worthy of protection that take precedence over your interests, rights and freedoms or the processing serves the claiming, exercise or defence of legal rights.

If the personal data concerning you are processed for direct advertising purposes, you are entitled to give notification at any time of refusal to allow the processing of the personal data concerning you for the purpose of such advertising. This also applies to profiling in so far as it is in connection with such direct advertising.

If you refuse to allow the processing for the purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

You have the option in connection with the use of services provided by the IT company and regardless of Directive 2002/58/EC to exercise your right of refusal by means of automatic procedures in which technical specifications are used.

7.8 Right to withdraw the data protection law declaration of consent

You are entitled to withdraw your data protection law declaration of consent at any time. This withdrawal of consent does not affect the legality of the processing performed on the basis of the consent up to the date of its withdrawal.

7.9 Automatic decision in the individual case including profiling

You are entitled not to be subject to a decision based solely on automatic processing, including profiling, that has a legal effect on you or that adversely affects you in a similar way. This does not apply if the decision:

  1. is necessary for the conclusion or fulfilment of a contract between you and the Data Controller
  2. is permitted on the basis of legislative provisions of the European Union or of the member states to which the Data Controller is subject and these legislative provisions contain reasonable measures for safeguarding your rights, freedoms and legitimate interests or
  3. is made with your express consent.

However, these decisions must not be based on special categories of personal data per Art. 9 Para. 1 GDPR in so far as Art. 9 Para. 2 a or g GDPR does not apply and reasonable measures have been taken to protect your rights, freedoms and legitimate interests.

Regarding the cases referred to in (1) and (3), the Data Controller takes reasonable measures to safeguard your rights, freedoms and legitimate interests, which as a minimum includes the right to effect the intervention of a person at the location of the Data Controller, to presentation of his own viewpoint and to contest the decision.

7.10 Right to complain to a supervisory authority

Without prejudice to any other administrative law or in-court legal remedy, you are entitled to complain to a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged breach if you are of the opinion that the processing of the data concerning you is in breach of GDPR.

The supervisory authority to which the complaint has been submitted, informs the complainant of the situation and the results of the complaint including the opportunity of a legal remedy via the courts per Art. 78 GDPR.

This data protection declaration is amended from time to time. You will find the date of the last update at the start of this declaration.