Hinweis: Die deutsche Version der folgenden Datenschutzhinweise nach Art. 13 und 14 der EU Datenschutzgrundverordnung (DSGVO) finden Sie hier.
Data Protection Information in accordance with Articles 13 and 14 of the
European Union General Data Protection Regulation (GDPR)
The following data protection information is intended to explain to you in an understandable, transparent and clear manner how we – Pandanos GmbH (‘Pandanos’) – process your personal data in connection with your use of our websites, those of third parties, and other (online) services.
However, if you have any questions of understanding or other queries about data protection at Pandanos, you are welcome to contact us any time as per contact details provided below.
1. Controller
The controller within the meaning of Art 4 no 7 GDPR for the processing of your personal data is:
Pandanos GmbH
Luise-Ullrich-Strasse 14
D-80636 Munich
Germany
E-Mail: dataprotection@pandanos.com
Telefon: +49 89/ 12713101-0
2. Rights of the data subject/your rights under data protection law
You have the following rights under applicable data protection law with respect to personal data concerning you.
Right of access: You can request information from us at any time about whether and which personal data we store about you. The provision of information is free of charge for you.
The right to information does not exist or is subject to limitations if and to the extent that confidential information, such as information that is subject to professional secrecy, would be disclosed.
Right to rectification: If your personal data stored by us is inaccurate or incomplete, you have the right to obtain rectification of this data from us at any time.
Right to erasure: You have the right to request that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or, if the processing is based on your consent, you have withdrawn your consent. In this case, we must stop processing your personal data and remove it from our IT systems and databases.
A right to erasure does not exist insofar as
Right to restrict processing: You have the right to request that we restrict the processing of your personal data.
Right to data portability: You have the right to receive from us the data you have provided in a structured, common and machine-readable format, as well as the right to have this data transferred to another controller. This right only exists if
Right to object to processing: If the processing of your data is based on Art 6 para 1 lit f) GDPR, you may object to the processing at any time.
You may assert all of the data subject rights described above against Pandanos by addressing your specific request to the following contact details:
Per email to: dataprotection@pandanos.com
Per mail to: Pandanos GmbH, Luise-Ullrich-Strasse 14, D-80636 Munich, Germany
3. Right to lodge a complaint with a supervisory authority
In accordance with Art 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.
4. Provision of Data
Even if partial automatic transmission of data takes place when you call up our website, you are not legally or contractually obliged to provide data in connection with the use of our homepage.
In connection with the contact form and contacting us by email, you are free to send us data via these channels, but without providing us your personal data in the context of contacting us in this way we cannot process and answer any enquiries from you in this respect.
5. Description of the data processing on the website/app and legal basis for the processing
5.1 Recipient of the data
In order to fulfil the processing purposes listed below, data is also transferred to third parties. This may also include the transfer of personal data to European and non-European countries and the storage of data outside the EU or the European Economic Area (EEA).
Recipients bound by instructions
We share your data with service providers bound by instructions, and with other third parties, such as IT service providers, who support us in our activities, e.g. as part of the administration and maintenance of the websites and the related systems and/or for other internal or administrative purposes.
If we pass on data to service providers bound by instructions, we do not require a separate legal basis for this.
Independent recipients
In addition, we share your data in individual cases with other third parties who use your data under their own responsibility. For example, we might transfer personal data to third party companies to support and improve the effectiveness of our business processes (including coordinated marketing activities). In addition, in individual cases, we also pass on your data to other third parties, such as public authorities, courts or other bodies, if we are required by law or by official or court order of an EU member state to disclose personal data to these bodies. These bodies also use the data on their own responsibility.
Insofar as you have explicitly consented, Art 6 para 1 lit a) GDPR is the legal basis for the data transfer. If there is a legal obligation to disclose the data, the legal basis for the data transfer is Art 6 para 1 lit c) GDPR. If, on the other hand, the disclosure is necessary for the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis. Otherwise, the transfer is based on our legitimate interests and the legal basis is Art 6 para 1 lit f GDPR. We have an interest in making our work processes efficient and in sharing business processes for this purpose.
Data transfer to recipients in third countries outside the EU/EEA
Insofar as any of the above-mentioned data transfers are made to a recipient outside the EEA (to so-called “third countries”), an appropriate level of data protection for the foreign transfer is ensured by means of suitable security measures. This includes compliance with the EU standard contractual clauses of the EU Commission within the meaning of Art 46 para 2 lit c) GDPR for the transfer of personal data from EU/EEA countries to third party companies outside the EU/EEA.
If you have any questions about such data protection contracts based on the EU standard contractual clauses or if you would like more information about further security mechanisms and security measures for the transfer of data to third countries, please feel free to contact us at dataprotection@pandanos.com.
5.2 Processing of personal data when accessing the website
When you visit our website, we collect the data that is technically necessary to display this website to you. This involves the following personal data which is automatically transmitted to our server by your browser:
· IP address
· Date and time of your request/call to the website (the app)
· Time zone difference from Greenwich Mean Time (GMT)
· Content of the request (information about which specific webpage you have visited)
· Access status/http status code
· Transferred data volume
· Website requesting the access
· Browser (information about the browser you use)
· Operating system and its interface (operating system of the device you use to access the website)
· Language and version of the browser software
The processing of this personal data is based on Art 6 para 1 lit f) GDPR. The website cannot be accessed and offered to users without using such data; there is a legitimate interest in making the call-up and use of the website technically possible.
The aforementioned data will be stored for 14 days and then deleted.
This website is hosted by the service provider
GoDaddy Operating Company, LLC
2155 E. GoDaddy Way
Tempe, AZ 85284
USA
The data collected on our website is therefore stored on the service provider's servers. The server locations are also located in European as well as in non-European countries. As such, data is transferred abroad, including to countries outside the European Union or the European Economic Area. An adequate level of data protection is ensured by the use of standard contractual clauses of the EU Commission within the meaning of Art 46 para 2 lit c) GDPR.
We also declare that above website service provider GoDaddy has included function, such as, but not limited to, reCAPTCHA, from his following provider:
Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA
As such, we point out that the Data Protection Regulation as well as the Conditions of Use of Google Inc. become valid, too. In particular, we cannot suspend that your dynamic IP address will be forwarded by GoDaddy to Google Inc. in the USA.
5.4 Contact form on our website, contact by email as well as contact channels via third party websites or social media networks
We provide a contact form on our website so that you can contact us with questions about Pandanos, our website and other enquiries. You can also contact us by email. You also have the opportunity to make use of the weblinks to online calendar booking services in order to log in audio or video conferences with us at your own convenience. Last but not least, you are welcome to get in touch with us at social media platforms, such as, but not limited to, LinkedIn, XING, twitter, or others—see also section 7 per below for more details
.
When you contact us via any of these channels mentioned above, the data you provide (in particular your email address, your first and last name and the text of your enquiry as well as any other information you have provided) will be stored by us in order to process your enquiry and answer your questions.
The data processing is justified according to Art 6 para 1 lit f) GDPR. We have an interest in contacting you via the website in response to your enquiry. If your request is aimed at the fulfilment of a contractual or pre-contractual measure with you as a natural person, Art 6 para 1 lit b) GDPR is the legal basis for the data processing.
We will delete the data generated in the course of your enquiry/contact as soon as it is no longer required for processing your enquiry. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period. The use of the contact form is voluntary for you and is not a prerequisite for the use of the website.
5.5 Processing operations in marketing and partly joint controllers
Pandanos determines the means and purposes of some of the marketing data processing operations described in more detail below, either alone or together with third party companies. In case of latter, we process your data as joint controllers within the meaning of Art 4 no 7, 26 GDPR.
5.5.1 Individualised electronic approach
Pandanos processes your personal data and will contact you by email for marketing purposes if you have provided consent to direct marketing activities. For this purpose, we process the data provided by you in connection with the consent (in particular your first name and surname, your email address, the name and address of your company, if applicable, and any other information you provided when providing your consent).
This direct marketing includes information on latest consultancy advice and service information, news, notifications about upcoming events, and other marketing information.
Based on your consent, we may tailor and individualize marketing communications to your interests. Pandanos does this by analyzing your interests, which you have explicitly communicated, and your usage behavior (e.g. content accessed, opening, clicks and reading time) both with regard to newsletters and similar communications and via our websites using cookies, web beacons and similar technologies and storing this information in a personal profile.
Based on your consent, we may also add your personal contact details (e.g. name, title, company and role/position) that you have provided yourself on our websites and/or that are already stored in our customer relationship management systems. Based on your consent, Pandanos may also add public information about the company you work for to this profile.
The processing is carried out on the basis of your consent, which is a legal permission according to Art 6 para 1 lit a) GDPR. You can withdraw your consent at any time with effect for the future at no additional cost, e.g. by email to dataprotection@pandanos.com.
Your data will be stored for this purpose as long as it is required for direct advertising and you have not revoked your consent. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.
5.5.2 Organisational management of your consent
Pandanos also processes your personal data to meet organisational requirements with regard to your marketing consent. This includes, for example, the validation of the email address you provided through a so-called double opt-in process and documenting the status (granting or revoking your consent and validating your email address) in a list maintained by us for this purpose. The data processed for this purpose includes the contact details you provided when granting consent, your IP address, the individual identifier assigned by our IT systems, as well as the status and time of the granting of your consent.
If you withdraw your consent and/or object to the data processing, we will no longer use your data for marketing purposes. Pandanoswill store the data required for the organizational management of your consent beyond the time of your revocation and/or objection in order to fulfil documentation and verification requirements and to ensure that your data is not processed by us for marketing purposes in the future (so-called blocking list), unless you provide new consent. Pandanos will delete your data when these organizational purposes cease to apply, which will generally be after a period of three years at the end of the year following the cessation of marketing activity by Pandanos.
5.5.3 Postal address and existing customer marketing
Pandanos will also use the information you provide (in particular your name and address) to send you marketing information by post about other offers or events.
Pandanos will use your contact details received in connection with the sale of a service (in particular your first and last name, your email address, if applicable the name and address of your company as well as any other details you may have provided) for the purpose of direct marketing of similar goods and services by electronic mail, unless you have objected to such use. You can object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.
This processing is based on our legitimate interests within the meaning of Art 6 para 1 lit f) GDPR. There is a legitimate economic interest in informing interested parties, customers and clients about further offers and events of our own in order to establish and maintain a long-term customer relationship.
Your data will be stored for this purpose as long as this is necessary for the postal marketing approach and existing customer marketing and you have not effectively objected to the data processing. Insofar as there is a legal obligation to retain data, the data will be stored for the duration of the legally required retention period.
6. Use of cookies
In order to make visiting our website attractive and to enable the use of certain functions, we and certain third parties use cookies on our website. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognise your browser the next time you visit us (so-called persistent cookies).
The following cookie categories are used:
6.1 Cookies strictly necessary for the operation of our website (hereinafter “required Cookie”):
These cookies are required for the operation and functionality of the website. They make the website technically accessible, secure and usable and provide essential and basic functionalities, such as navigation on the website, correct display of the website in the internet browser or consent management.
6.2 Analytics/ Analytics cookies:
The analytics cookies enable us to store data in an aggregated form about our website visitors and their experiences on our website. We use this data to fix bugs and improve the experience for all visitors.
The legal basis for the use of required cookies is Sec 25 para 2 Nr 2 of the German Telecommunication-Telemedia-Act (“TTDSG”) or on the basis of Art 6 para 1 lit f) GDPR to protect our legitimate interests. In particular, our legitimate interests lie in being able to provide you with a technically optimised website that is user-friendly and tailored to your needs, and to ensure the security of our systems. The legal basis for consent with regard to the storage and reading of information is Section 25 (1) TTDSG and, with regard to the processing of personal data, Article 6 (1) lit. a GDPR.
The consent includes all cookies selected by you and the storage of information associated with them on your terminal device, as well as their subsequent reading and subsequent processing of personal data.
Insofar as we use cookies on the basis of your consent, you can revoke your consent at any time with effect for the future, e.g. by adjusting your cookie settings.
Your revocation does not affect the lawfulness of the processing carried out until revocation.
6.3 Disabling the cookie settings
Most browsers are pre-set to accept cookies automatically. You can object to the creation of cookies by disabling cookies in your browser’s system settings. Please note, however, that some of the cookies are technically necessary for the functionality of our website, otherwise the page cannot be requested and displayed. By disabling cookies, you will not be able to use parts of the website (without restrictions).
We will only use cookies that are not technically necessary for the functionality of our website if you have provided us with your prior express consent.
In addition, you can also control the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies.
7. Links to social media
Our website might contain links to social media providers such as LinkedIn, XING, YouTube, Pinterest and Instagram by means of corresponding social media buttons. In order to prevent any unwanted transfer of your usage data (e.g. address of the currently visited page) to these services, you only then access the services by clicking on the link. On the service page, these social networks may collect usage data and possibly user data. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
Therefore, we inform you according to our current knowledge:
Only when you click on the links does your browser establish a direct connection with the servers of the aforementioned services. In this way, the information that you have visited our website indirectly (referrer) is forwarded to these services. If you are already logged in to the service with your personal user account while visiting our website, you can usually ‘share’ the document (so-called ‘sharing’) or leave a comment etc. after clicking on the social media buttons. If you do not wish such data transmission, we advise you not to click on the social media buttons.
The purpose and scope of the data collection by the social services, as well as the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection notices of these services.
8. Integration of SmartMaps
On this website, we might use the "SmartMaps" service of YellowMap AG, CAS-Weg 1-5, D-76131 Karlsruhe, Germany.
This allows us to show you maps directly on the website and enables you to use the map function conveniently.
In order to be able to show you the maps, SmartMaps uses your IP address when the SmartMaps components are called up by the browser. This is held in the memory of the web server for approx. 5 minutes to prevent DoS attacks, after which it expires and is neither processed nor stored in any other way.
YellowMap AG is therefore a recipient of data. However, YellowMap AG does not process the data for its own purposes, but exclusively on behalf of and on the instructions of us and in accordance with a data processing agreement as per Art 28 GDPR.
9. Links
Our website contains hyperlinks to websites/services of other providers. When activating these hyperlinks, you will be redirected from our website directly to the website of the other provider. You will recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.
Copyright © 2023 Pandanos GmbH – Alle Rechte vorbehalten.