This privacy statements explains how personal data (hereinafter referred to as "data") is collected, used, retained and disclosed within our online offering and associated websites, functions and content as well as external online presences. The terms used here, such as "personal data" and its "processing", are used as defined in Art. 4 of the European General Data Protection Regulation (GDPR)
Responsible in accordance with the GDPR:
|Postcode, city, country:
|64293 Darmstadt, Germany
|Commercial register no.:
Data protection officer
|Postcode, city, country:
|64293 Darmstadt, Germany
Changes and updates to the privacy statement
We ask that you read our privacy statement at regular intervals. We will modify the privacy statement as soon as changes to the processing of data carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Some PROSTEP AG websites may have their own, possibly different, privacy statement. Please read the privacy statement of each PROSTEP website that you visit.
We take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, pursuant to Art. 32 GDPR. These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, security of availability and separation of the data. Furthermore, we have established procedures that guarantee that you can exercise your rights, the deletion of data and an appropriate response to data risks. We also take the protection of personal data into consideration during the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR)
The security measures include, in particular, the encrypted transmission of data between your browser and our server.
Collecting, processing, using and deleting your personal data
PROSTEP collects, exports and uses personal information to provide you with better service and to better consider your needs and interests. This is done on the basis of this privacy statement and your consent.
We also collect and process the information and data that you provide to us voluntarily, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums.
We use so-called server log files to collect data every time the server on which this service is located is accessed. We do this based on our legitimate interests pursuant to Art. 6 para. 1(f) GDPR. Access data includes the name of the accessed website, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data that needs to be stored for a longer period of time for evidentiary purposes will not be deleted until final clarification of the respective incident.
The data we process will be deleted or its processing restricted pursuant to Articles 17 and 18 GDPR. Unless expressly stated in this privacy statement, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and its deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is needed for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and will not be processed for any other purposes. This applies, for example, to data that must be retained for business or tax reasons.
In accordance with statutory requirements, the data will be kept, in particular, for 6 years pursuant to § 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).
The following information is intended to provide you with information about the content of our newsletters, the subscription process, newsletter delivery, statistical analysis and your right to object. By subscribing to our newsletters, you agree to receiving the newsletters and to the described procedures.
Content of the newsletters: We only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletter") with the consent of the recipients or with legal authorization. If, when subscribing to newsletters, the content of the newsletters is described specifically, the content is relevant to your consent. Our newsletters contain information about our products, offers, promotions and our company.
Double opt-in and logging: a "double opt-in" procedure is used when you subscribe to a newsletter. This means that after subscribing, you will receive an e-mail asking for confirmation. This confirmation is needed to ensure that no one can subscribe to newsletter using someone else's e-mail address. Subscription to a newsletter is logged in order to be able to prove that the subscription process complies with legal requirements. This includes storing the time at which you subscribed to the newsletter and the time at which you confirmed subscription as well as the IP address. Changes to your data that is stored with the delivery service provider are also logged.
Subscription data: To subscribe to a newsletter, all you have to do is enter your e-mail address. We also give you the option of entering a name in the newsletter so that the newsletter can be personalized.
Performance measurement: In exceptional cases the newsletters contain a so-called "web-beacon", i.e. a pixel-size file that is retrieved from the delivery service provider's server when a newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of retrieval are collected. This information is used to improve the services on the basis of the technical data or the target groups and their reading behavior using their retrieval locations (which can be determined with the help of the IP address) or the time of access. Statistical surveys also include determining whether the newsletters are opened, when they were opened and which links were clicked. Although, for technical reasons, this information can be associated with the individual newsletter recipients, it is not our intention nor that of the delivery service provider to monitor individual users. The surveys enable us to identify the reading habits of our users and to adapt our contents accordingly or to send different content to different users according to what they are interested in.
Delivery of the newsletters and performance measurement are based on the recipients' consent pursuant to Art. 6 para. 1(a) and Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 of the Unfair Competition Act (UWG), or on the basis of legal authorization pursuant to § 7 para. 3 of the Unfair Competition Act.
Logging of the subscription process is performed on the basis of our legitimate interests pursuant to Art. 6 para. 1(f) GDPR and serves as proof of consent to receive the newsletter.
Unsubscribe/Revocation: You can unsubscribe to newsletters at any time, i.e. revoke your consent. You will find a link that you can use to unsubscribe to a newsletter at the end of the respective newsletter. If you have subscribed only to the newsletter and subsequently unsubscribe, your personal data will be deleted.
Participation in an event
By registering for an event, you agree to the processing of your personal data for the purpose of organizing the event in question. The following data is collected during the registration process: first name, last name, title and name of the company/institution.
Your data is processed in accordance with Art. 6 para. 1(f) GDPR based on your consent, which you give by registering for the event.
By registering, you agree that the data provided (first name, last name, title, name of the company/institution) may be included in the list of participants for the event and printed on a name tag. The list of participants is available in printed form to other participants in the event as well as to the speakers and event partners.
Double opt-in and logging: a "double opt-in" procedure is used when you register for our events. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is needed to ensure that no one can register using someone else's e-mail address. Registrations are logged in order to be able to prove that the registration process complies with legal requirements. This includes storing the time at which you registered for the event and confirmed your registration as well as the IP address. Any changes made to your data, which is stored with the delivery service provider, are also logged.
It may be that photographs are taken and audio or film recordings made during the events and that these are published in various online and offline media. These photographs/recordings are linked to the pictorial representation of persons present. The persons are selected at random. The images are published on the homepage, print and online media. This also applies to events offered in cooperation with third parties.
By entering the event venue, participants agree to the unremunerated publication, in the afore-mentioned manner, and the right to distribute and make available the recorded image, audio and film material in the context of public relations work performed by PROSTEP AG. Individual rights remain protected.
If an individual does not agree to the publication of photographs, audio recordings and film recordings that include their person, we ask that they contact the persons responsible for the events directly.
The relevant personal data will be deleted three years after the event in question was held. In individual cases, we reserve the right to retain photographs, audio recordings and film recordings based on a legitimate interest (in accordance with Art. 6 para. 1(f) GDPR) and for the purpose of documenting the company and/or its history.
Collaboration with processors and third parties
If we disclose data to other persons or companies (processors or third parties) during our processing operation, transmit the data to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorization (e.g. if transmission of the data to third parties, such as payment service providers, is required for the fulfillment of a contract pursuant to Art. 6 Para. 1(b) GDPR ), if you have provided your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data within the framework of a so-called "order processing contract", this will be done on the basis of Art. 28 GDPR.
Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs with the framework of utilizing third-party services or disclosing or transferring data to third parties, this is only done in order to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal authorization or contractual permission, we only process the data or have the data processed in a third country if the special requirements pursuant to Art. 44 ff. GDPR apply. This means that processing is carried out, for example, on the basis of special guarantees, such as official recognition a similar level of protection of your personal data to what is required in the EU (e.g. the Privacy Shield scheme in the USA) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Provision of contractual services
We process inventory data (e.g. names and addresses and users' contact data), contract data (e.g., services used, names of contact persons, payment information) in order to fulfill our contractual obligations and provide services pursuant to Art. 6 para. 1(b) GDPR. The entries marked as mandatory on online forms are required for conclusion of the contract.
When registering or re-registering and when using our online services, we will store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests and to protect users against misuse or other unauthorized use. This data is not normally passed on to third parties unless it is required to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1(c) GDPR.
The data will be deleted once statutory warranty or comparable obligations expire. The need to store the data is reviewed every three years. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)). Details in the customer account will remain until the account is deleted.
Cookies and reach measurement
Cookies are pieces of information that are transferred from our web server or third-party web servers to your web browser and stored for later retrieval. Cookies can be small files or other types of stored information.
We use so-called session cookies, which are only stored on our website for the duration of your visit (e.g. to allow your login status to be stored or to enable the shopping basket function and thus the use of our website). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted once you have finished using our website and log out or close your browser, for example.
In accordance with this privacy statement, you will be notified of the use of other cookies in the context of pseudonymous reach measurement.
If you do not want cookies to be saved on your computers, disable the relevant option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. If cookies are disabled, you may not be able to use the full functionality of this website.
When contacting us (using the contact form or via e-mail), you details will be processed in the context of your contact request and its execution pursuant to Art. 6 para. 1(b) GDPR.
Your information may be stored in our customer relationship management (CRM) system or comparable request set-up.
We delete requests once they are no longer needed. We review the need to store the data every two years. Requests from customers who have a customer account are stored permanently and will not be deleted until the customer account is deleted. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)).
Rights of data subjects
You have the right to request confirmation as to whether the relevant data is being processed and to request information about this data as well as further information and a copy of the data pursuant to Art. 15 GDPR.
You have the right to request that incomplete personal data be completed and rectification of inaccurate data concerning you pursuant to Art. 16 GDPR,.
You have the right to demand that relevant data be deleted immediately pursuant to Art. 17 GDPR or, alternatively, to demand a restriction of the processing of the data pursuant to Art. 18 GDPR.
You have the right to receive the personal data that you have provided to us pursuant to Art. 20 GDPR and to request its transmission to another controller.
You also have the right to file a complaint with the relevant supervisory authority pursuant to Art. 77 GDPR.
Data protection officer in Hesse
Prof. Dr. Alexander Roßnagel
65189 Wiesbaden, Germany
Right to revoke consent: You have the right to revoke consent at any time with future effect pursuant to Art. 7 para. 3 GDPR.
Right to object: You have the right to object to the future processing of your personal data at any time pursuant to Art. 21 GDPR. You may object in particular to the processing of your personal data for direct marketing purposes.