Data Protection Privacy Statement
1. We are controller according to Article 13 (1)(a) GDPR:
SmartWe World SE
represented by Martin Hubschneider
2. Contact details of our data protection officer:
Thomas Heimhalt (External Data Protection Officer)
DATENSCHUTZ perfect e.K.
3. Your personal data will be processed for the following purposes:
a) on the basis of a given consent according to Article 6 (1) (a) GDPR
If you have given consent to the processing of your personal data, this is the legal basis of the affecting processing of data. You can revoke your consent at any time with effect for the future. The legality of the processing based on your consent until your revocation is not affected by this.
b) to fulfil contractual obligations and pre-contractual measures according to Article 6 (1) (b) GDPR
- for the execution of our contracts with you
- for the implementation of measures and activities within the framework of pre-contractual relationships
c) for compliance with legal obligation according to Article 6 (1) (c) GDPR
We process your personal data if this is necessary to fulfil legal obligations (e.g. commercial, tax laws).
d) if processing is necessary for the purposes of the legitimate interests pursued by us or a third party according to Article 6 (1) (f) GDPR
Your personal data may be used by us or by third parties on the basis of a balance of interests to protect a legitimate interest. This is done for the following interests and purposes:
- temporary storage of automatically generated session data in log files
- advertising or market research, provided you have not objected to the use of your data
- the anonymous determination and evaluation of your user behaviour by third parties such as Matomo
- the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
- internal and external investigations and/or safety reviews
- operation of social media services
e) your obligation to provide data
It is required that you provide information that is necessary for us to enter into a business relationship or to enter into a pre-contractual relationship or that we are required to collect by law. Without these data, we can not conclude or execute a contract with you. This may also apply to data required later in the business relationship.
4. categories of personal data we process:
- personal data (first name, surname)
- contact data (address, email address, phone number and comparable data)
- date of birth (as far as specified by you)
- location (as far as specified by you, e.g., for the claim of place-related services given)
- bank account data (IBAN, BIC) (as far as specified by you)
- Internet Protocol (IP) addresses in anonymized form
- session data as well as data required for the anonymous identification and analysis of your user behavior; these include the IP address and metadata such as the browser you use, the browser language, date and time, user preferences, e.g. by setting cookies
5. recipients of your personal data:
- companies in the same group,
- processors according to Article 4 (8) GDPR
- companies that use anonymous data of users to identify, analyze and exploit the behavior of Internet users for marketing purposes, such as: Matomo, yext, google, wiredminds. This doesn‘t affect your personal contact information.
- advertising partners
- social media services, such as Facebook, and their users
6. We store the data given by you other than by consent according to Article 6 (1) (a) GDPR for the following duration:
- session data until completion of the session
- As long and as far as this is necessary for the duration of our business relationship. This also includes the initiation and execution of a contract.
- If we are obliged to do so on the basis of storage and documentation obligations, e.g. in accordance with the German Civil Code (BGB), the German Commercial Code (HGB) or the Tax Code (AO). The periods for storage or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
7. You have the following rights against us if the respective legal requirements are met:
- right of access by the data subject according to Article 15 GDPR,
- right to rectification according to Article 16 GDPR
- right to erasure (‘right to be forgotten’) according to Article 17 GDPR
- right to restriction of processing according to Article 18 GDPR
- right to object according to Article 21 GDPR
- right to data portability according to Article 20 GDPR
8. According to Article 21 (1) GDPR you have the following right against us to object if the respective legal requirements are met:
„The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.“
Providently we do inform you about a your further possible right to object according to Article 21 (2) GDPR:
„Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.“
9. You have a right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information
Karlsruhe, January 2021