Privacy Policy GEYER Y-Design App Windows Version

With the following data protection declaration for the GEYER Y-Design app, we would like to inform you about the types of your personal data (hereinafter also referred to as “data” for short) that we process, for what purposes and to what extent within the scope of providing our app.

The terms used are not gender-specific.

Controller

Jürgen Reichmann
GEYER Electronic GmbH
Behringstr. 6
82152 Planegg

E-mail address:
info@geyer-electronic.de

Overview of processing operations

The following table summarizes the types of data processed, the purposes of which they are processed and the concerned data subjects.

Categories of Processed Data

• Contact details
• Content data
• Usage data
• Meta, communication and process data

Categories of Data Subjects

• Communication partner
• Users

Purposes of Processing

• Contact requests and communication
• Web Analytics
• Targeting
• Managing and responding to inquiries
• Feedback
• Profiles with user-related information
• Provision of our online services and usability

Legal Bases for the Processing

Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

• Consent (Article 6 (1 ) (a) GDPR) – The data subject has given consent to the processing of his or her personal data one or more specific purposes.
• Performance of a contract and prior requests (Article 6 (1) (b) GDPR) – Performance of a contract to which the data subject is a party or is necessary for the implementation of pre-contractual measures at the request of the data subject.
• Legitimate Interests (Article 6 (1) (f) GDPR) – Processing is necessary for the purposes ot the legimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Germany. This includes, in particular, the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.

Security Precautions

We take appropriate technical and organisational measures in accordance with the legal of requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

Erasure of data

The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data has no longer applies or they are not required for the purpose). If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be restored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural person or legal person.

Our further information on individual processing operations may also contain additional and specific information on data retention and erasure applicable to the respective processing operations.

Contact and Inquiry Management

When contacting us (e.g. via mail, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

• Types of data processed: contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms, photos, videos); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
• Data subjects: Communication partners (Recipients of e-mails, letters etc.).
• Purposes of processing: contact inquiries and communication; managing and responding to inquiries; feedback (e.g. collecting feedback via online form); providing our online offer and user experience.
• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Performance of a contract and pre-contractual requests (Article 6 (1) (b) GDPR).

Further information on processing methods, procedures and services used:

• Contact form: When users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the communicated request; Legal Basis: Performance of a contract and pre-contractual requests (Article 6 (b) GDPR), Legitimate Interests (Article 6 (f) GDPR).

Web Analysis, Monitoring and Optimization

Web analysis is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization.

In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e. data aggregated for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of the users are also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect the user. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (Creating user profiles); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Provision of our online services and usability.
• Security measures: IP Masking (Pseudonymization of the IP address).
• Legal Basis: Consent (Article (1) (a) GDPR).

Further information on processing methods, procedures and services used:

• Google Analytics: Web analytics, reach measurement and measurement of user traffic; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https: //business.safety.google/adsprocessorterms; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https: //business.safety.google/adsprocessorterms; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of Advertisements: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (Types of processing and data processed).

Plugins and embedded functions and content

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as “Content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. . We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of Processing: Provision of our online services and usability.
• Legal Basis:Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

• MyFonts: fonts; data processed in the font request process includes the identification number of the web font project (anonymized), the URL of the licensed website associated with our number to identify the licensee and the licensed web fonts, and the referrer URL; the anonymized web font project identification number is stored in encrypted log files with such data for 30 days to determine the monthly number of page views; after such extraction and storage of the number of page views the log files are deleted; Service provider: Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.myfonts.com; Privacy policy: https://www.myfonts.com/a/font/legal/website-use-privacy-policy.

Changes and Update of the Privacy Policy

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

Rights of the Data Subjects

As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

• • Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on Article 6 (1) on letter (e) or (f) GDPR; including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right of withdrawal for consents:You have the right to revoke consents at any time.
• Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
• Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
• Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
• Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
• Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Privacy Policy of GEYER Electronic GmbH for the GEYER Y-Design App, last update: May 2023