awisto privacy policy: How we protect your data

This privacy policy and data protection provisions inform you about the type, scope and purpose of the processing of personal data within our website and the websites, functions and content associated with it, as well as external websites such as our profiles on social media networks and platforms. Because we protect your data.

“awisto” and/or “we” refers to awisto business solutions GmbH, Mittlerer Pfad 4, 70499 Stuttgart, Germany as the responsible body offering this website.
“Newsletter” means newsletters, e-mails and other electronic notifications with advertising information.
“Personal data” or “data” within the meaning of this privacy policy means personal data pursuant to Art. 4 (1) GDPR.
“You” means the visitor or user of the website.
“Website” means the awisto homepage, including its subpages, accessible at the URL www.awisto.de.

The definitions in Art. 4 of the General Data Protection Regulation (GDPR) also apply to the terms used in this privacy policy (e.g. “processing”, “controller”, etc.).

awisto collects, processes and uses your personal data in compliance with the applicable data protection law. Insofar as awisto collects, processes and/or uses personal data, this is always done for a specific purpose.

1. Person responsible

awisto business solutions GmbH,
represented by the managing directors Ingolf Blocher and Kaj Mähner, Mittlerer Pfad 4, DE-70499 Stuttgart, Germany

2. Purposes and legal bases of data processing

2.1 We process the following types of data

Inventory data (e.g. first and last names, addresses)
Contact data (e.g. e-mail, telephone numbers)
Content data (e.g. text entries)
Usage data (e.g. websites visited, access times)
Meta/communication data (e.g. device information, IP addresses)

2.2 Purposes of the processing of personal data

Provision of our website, its functions and content,
Processing of inquiries via our contact form,
sending newsletters,
processing of applications,
security measures,
Marketing (also in the form of reach measurement)

The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

In addition, the other legal bases expressly mentioned in this privacy policy apply.

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is required to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called order processing contract, this is done on the basis of Art. 28 GDPR.

3. Data collection on this website

3.1 Cookies

Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. The content of a shopping cart in an online store or a login status can be stored in such a cookie, for example. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be saved if the user visits the website after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller who operates the online service (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and provide information about this in our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this website.

We use so-called pixels, web beacons, clear GIFs or similar mechanisms (hereinafter referred to as “pixels”). A pixel is an image file or a link to an image file that is inserted in the website code but is not located on your end device (e.g. computer, smartphone, etc.). We mainly use pixels for the same reasons as cookies. For example, they enable us to count the number of users who visit our website or, if the user’s email program allows HTML, to determine if and when an email has been opened. Pixels help us to check and optimize the effectiveness of our website and advertising measures. We do not establish a personal reference when using pixels. Personal tracking does not take place either. Pixels usually work in conjunction with cookies. If you have deactivated cookies, the pixel will only determine an anonymous website visit.

Consent with Complianz

Our website uses the consent technology of Complianz to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands (hereinafter “Complianz”).

Complianz is hosted on our servers, so no connection is established to the servers of the provider of Complianz. Complianz stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Complianz cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. Complianz is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

3.2 Server log files

We host our website on our own web server and collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. Servers in this sense are our web, content, application and database servers, which we use to operate the website.

We automatically collect the IP address (from which you access the website), files (which you access), date and time of your access in order to detect and subsequently rectify website errors, i.e. technical and functional deficits.
We store server log files for security reasons (e.g. to investigate misuse or fraud) for a maximum period of xx and then delete them. Data whose further storage is required for evidence purposes will only be deleted after the respective incident has been finally clarified.

3.3 Contact us via the contact form

When contacting us (e.g. by contact form, email, telephone or via social media), the user’s details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b) GDPR. The user’s details are stored in Dynamics 365 Customer Insights Customer Relationship Management System (“CRM System”).

When you submit a form, Dynamics 365 Customer Insights Journeys correlates a behavioral analytics cookie ID with the incoming contact data. The cookie ID is assigned to a Dynamics 365 Customer Insights Journeys contact ID. This allows us to determine who has visited the website. This data is used to analyse behaviour on our website and provide you with a personalized experience.

If you do not allow these cookies, you will not be able to access the contact form.

The provider of Dynamics 365 Customer Insights Journeys is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in Microsoft’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

We process inquiries received exclusively for the purpose of answering them and delete inquiries received as soon as their further processing is no longer necessary, but at the latest after a period of 2 years. This period begins with the receipt of the corresponding request on our servers. This deletion period does not apply if the enquirer is an existing customer or if an enquirer becomes an existing customer within the above-mentioned deletion period of 2 years.

Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3.4 Newsletter

We only send newsletters with the consent of the recipient or within the scope of a legal permission. If the contents of a newsletter are specifically described in the context of a registration to receive a newsletter, these are decisive for the consent of the recipient. Otherwise, our newsletters contain information about our services and/or us.

The registration to receive our newsletter takes place in a so-called double opt-in procedure, i.e. after registration you will receive an e-mail in which we ask you to confirm your registration. This confirmation is necessary to ensure that no one can register with other people’s e-mail addresses. The registrations to receive our newsletter are logged in order to be able to prove the registration process in a legally compliant manner. This includes storing the time of registration and confirmation and the IP address. Changes to your data stored by the mailing service provider are also logged. To register to receive our newsletter, it is sufficient to enter your e-mail address. Optionally, you can enter a name during the registration process, e.g. to address you personally in the newsletter.

We use Microsoft Dynamics 365 Customer Insights Journeys to send newsletters. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in Microsoft’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active The provider of the software is Microsoft Corp. An AV contract was concluded for this purpose.

Our newsletters and the associated performance measurement are sent on the basis of the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG or on the basis of legal permission in accordance with Section 7 para. 3 UWG. The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests, meets the expectations of users and enables us to prove that consent has been given.

You are entitled to revoke your consent to receive our newsletter at any time for the future. For this purpose, you will find a clickable “unsubscribe” or revocation button at the end of each newsletter you receive. We are entitled to store email addresses for up to three years after you have unsubscribed from receiving our newsletter on the basis of our legitimate interests before we finally delete them. This storage enables us to prove that consent was previously given. Further processing of this data takes place exclusively for the purpose of defending against possible claims based on consent that was allegedly not given or not given to a sufficient extent or in a sufficient manner. Immediate deletion is possible if the previously given consent is confirmed at the same time as the corresponding request.

Newsletter – Measuring success

The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the mailing service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

3.5 Data transfer to third parties, data transfer to third countries

Unless otherwise stated in this privacy policy, data will not be passed on to third parties.

Subject to legal or contractual permissions, the transfer of personal data to a country or an international organization outside the EU or the EEA takes place exclusively in accordance with the requirements of Art. 44 et seq. GDPR, i.e. that an adequacy decision of the EU Commission pursuant to Art. 45 GDPR exists for the transfer for the country in question, suitable guarantees for data protection pursuant to Art. 46 GDPR exist, binding internal data protection regulations pursuant to Art. 47 GDPR exist.

4. Analysis tools

4.1 Statify

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the WordPress plugin Statify from pluginkollektiv (). GDPR), we use the WordPress plugin Statify from pluginkollektiv (https://pluginkollektiv.org/de/).

Statify does not use any personal data such as IP addresses. It counts page views, not visitors, and does not use cookies or other techniques to identify visitors. Statify records page clicks with date, origin and stores them for 14 days. This data is then deleted.

5. Online presences in social media networks and platforms, integration of third-party content and services

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer. GDPR), we use content or service offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.

5.1 YouTube with enhanced data protection

This website integrates videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google Marketing Network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

After the start of a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

6. Video and audio conferencing

Data processing

We use online conferencing tools, among others, to communicate with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that is required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or provided in any other way within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing procedures of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

Storage duration

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used:

6.1 TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. Details on data processing can be found in TeamViewer’s privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.

6.2 Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy:
https://privacy.microsoft.com/de-de/privacystatement.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

7. Own services

Handling applicant data

We offer you the opportunity to apply to us (e.g. by e-mail, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application).
application procedure (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Data may also be stored for longer if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

8. Deletion of personal data

We delete the data processed by us in accordance with Art. 17 and 18 GDPR or restrict its processing. Unless otherwise stipulated in this privacy policy, we delete the data stored by us as soon as it is no longer required for the purpose of processing and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted, i.e. the data is blocked and not processed for other purposes. This applies in particular to data that must be retained under commercial or tax law.

German law currently provides for the following retention periods: 6 years in accordance with Section 257 (1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

9. Your rights

In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with effect for the future.

In accordance with Art. 15 GDPR, you have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

In accordance with Art. 20 GDPR, you have the right to request to receive the data concerning you that you have provided to us and to request that it be transferred to other data controllers.

In accordance with Art. 21 GDPR, you can object to the future processing of data concerning you at any time. In particular, you may object to processing for direct marketing purposes.

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, postal address: Postfach 10 29 32, DE-70025 Stuttgart, address: Königstraße 10a, 70173 Stuttgart, phone: +49 (711) 615541-0, fax: +49 (711) 615541-15, email: poststelle@lfdi.bwl.de. You can also find it on the Internet at https://www.baden-wuerttemberg.datenschutz.de

10. Contact us

You can contact us as follows for all matters relating to data protection:

Email: info@awisto.de
Phone.: +49 (711) 490 534-0

Address:
awisto business solutions GmbH
Beauftragter für Datenschutz
Mittlerer Pfad 4
DE-70499 Stuttgart

awisto business solutions GmbH, Status 12/14/2023