Privacy Policy

We take data protection seriously

Protecting your privacy when processing personal data is of upmost importance to us. When you visit our website, our web servers automatically store the IP address of your Internet service provider, the website from which you visit us, the pages you visit on our site, and the date and duration of your visit. This information is essential for the technical transmission of the web pages and secure server operation. This data is however not evaluated on a personalized basis.

If you send us data via our contact form, this data will be stored on our servers for data security purposes. We will use your data exclusively for the purpose of processing your enquiry. Your data will be treated as strictly confidential. It will not be passed on to any third parties.

Responsible organization:

OPEN RISK DATA Association e. V.
Breite Straße 98
53111 Bonn
Phone: +49 228 9822325
Email: marc.kirchhofer@synpulse.com, stefan.rosenowski@gvnw.de

Personal data

Personal data is data about you. This includes your name, address and email address. You do not need to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to provide you with the service you have requested.

The same applies in case we provide you with information upon your request or if we respond to your enquiries. In these cases, we will always inform you accordingly. Furthermore, we only store data that you have provided to us automatically or voluntarily.

When you use one of our services, we generally only collect data necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.

Contact

When contacting us (e.g. via contact form, email, telephone or social media), the details of the enquiring persons are processed to the extent necessary to respond to the contact enquiries and any requested measures.

Contact requests within the scope of contractual or pre-contractual relationships are answered in order to fulfil our contractual obligations or to respond to (pre-)contractual enquiries and, in all other cases, on the basis of our legitimate interests in responding to enquiries.

Types of data that is being processed: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. entries in online forms).
Data subjects: communication partners.
Purpose of processing: Contact requests and communication.
Legal grounds: Contract fulfilment and pre-contractual enquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR)

Automatically stored data

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Date and time of the enquiry
Name of the requested file
Page from which the file was requested
Access status (file transferred, file not found, etc.)
Web browser and operating system used
full IP address of the requesting computer
amount of data transferred

This data is not compiled with other data sources. Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempts to attack our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a connection to individual users. The data is also processed in anonymized form for statistical purposes; it is not compared with other data sets or passed on to third parties, even in excerpts.

Cookies

Our websites use cookies. Cookies are small data packets that do not cause any damage to your computer. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Cookies may originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain functions of the website do not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, for the provision of certain functions you have requested (e.g. for the shopping basket function) or for the optimization of the website (e.g. cookies for measuring the web audience, necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent has been obtained for the storage of cookies and similar recognition technologies, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDSG); consent can be revoked at any time.

You can adjust your browser settings so that you are informed about the use of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

You can change your settings for the use of cookies at any time here:

Matomo (local)

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of users to analyse user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo regarding the use of this website is stored on our server. The IP address is anonymized before storage.

With the help of Matomo, we are able to collect and analyse data about how visitors use our website.
This allows us to find out, among other things, when page views were made and which region they came from.
We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on the corresponding consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We use IP anonymization for analysis with Matomo. This means that your IP address is abbreviated before analysis so that it can no longer be clearly assigned to you.

We host Matomo exclusively on our own servers, so all analysis data remains with us and is not passed on.

Storage period

We generally store personal data for as long as it is necessary for the purposes of the relevant processing, for as long as there are statutory or regulatory retention periods, or for as long as we have a legitimate interest in storing it or have obtained the relevant consent from the data subject.

We store certain data in accordance with the following rules for the specified duration and delete or destroy it after the specified storage period has expired:

•    If the processing is based on your consent, we will delete the relevant data after you withdraw your consent.
•    If none of the following storage periods apply, we delete the data once the purpose of processing has expired.
•    3 years: Data and content relating to legal transactions (including their preparation) to the extent necessary for the ability to provide information and defend oneself, as well as to assert or defend against claims. This also includes data relating to marketing and customer service, unless it also belongs in a category with a longer storage period.
•    6 years: commercial letters received and sent (Section 257 (1) Nos. 2 and 3, (4) of the German Commercial Code (HGB))
•    10 years: Documents relevant for taxation, accounting documents, trading books (Sections 147(1) AO, 257(1) Nos. 1 and 4, (4) HGB).
•    30 years: Data that is stored in the company's own interest or in the interest of third parties due to special circumstances, as there are corresponding limitation periods or special retention periods (e.g. enforcement orders, special limitation periods).

Recipients of personal data

We regularly process personal data in our capacity as the responsible organisation. However, processing by passing on or disclosing personal data to third parties may be necessary in the course of our activities, in particular if one of the following reasons based on the specified legal basis applies:

•    It is necessary for the fulfilment of a contract with the data subject or for the implementation of pre-contractual measures at their request (Art. 6(1)(b) GDPR).
•    The disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that the data subject has an overriding interest worthy of protection in the non-disclosure of their data (Art. 6(1)(f) GDPR).
•    There is a legal obligation to disclose the data (Art. 6(1)(c) GDPR).
•    We have valid consent (Art. 6(1)(a) GDPR).

Categories of recipients within the scope of our activities and operations may include, in particular:

•    Postal, telecommunications and transport service providers
•    Payment and financial service providers
•    Sales and business partners and other persons and companies involved in the provision of services
•    Authorities, courts, opposing parties, other parties involved

Furthermore, we will indicate in the individual instances of processing if other recipients are involved.

Order processing by service providers

In order to execute our activities, we also employ service providers who are bound by instructions as processors in accordance with Art. 28 GDPR within the scope of processing personal data, who are also considered recipients of the data in terms of data protection. A contract for order processing ensures, in particular, that the processing is carried out in accordance with our instructions, that sufficient guarantees are in place to comply with appropriate technical and organisational measures, and that the rights of data subjects are guaranteed.
In general, we use service providers for the following processing purposes:

•    Hosting of our online offerings/websites with providers (infrastructure and platform services, computing capacity, storage space and database services).
•    Care, maintenance and servicing of online offerings/websites.
•    Implementation, maintenance, servicing and repair of IT systems.
•    Document and information management.
•    Communication, contact and conference systems (e-mail, contacts, appointments, messenger, video conferencing, etc.).
•    Destruction of files and data carriers

Processing of personal data for advertising purposes

You may object to the use of your personal data for advertising purposes at any time, either in whole or for individual actions, without incurring any costs other than the transmission costs according to the basic rates.

Under the legal requirements of Section 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the email address you provided when concluding the contract for direct advertising of our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by email, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form is sufficient for this purpose. Of course, every email always contains an unsubscribe link.

Security

We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working on our behalf are bound by the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

Rights of data subjects

You have the right to obtain information about, correct, delete or restrict the processing of your stored data at any time, as well as the right to object to the processing and the right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information

You may request information from us as to whether and to what extent we process your data.

Right to correction

If we process your data that is incomplete or incorrect, you may request that we correct or complete it at any time.

Right to have your information deleted

You may request that we delete your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of statutory retention obligations.
Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, provided that there are no legal or contractual obligations to retain it.

Right to restriction of processing

-    you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data,
-    the processing of the data is unlawful, but you refuse to have it deleted and instead request that its use be restricted,
-    we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
-    you have objected to the processing of the data.

Right to data transferability

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
- we process this data on the basis of your revocable consent or for the performance of a contract between us, and
- this processing is carried out using automated means.
If technically feasible, you may request that we transfer your data directly to another controller.

Right to object

If we process your data on the basis of legitimate interest, you may object to this data processing at any time; this also applies to profiling based on these provisions.
We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You may object to the processing of your data for direct marketing purposes at any time without giving reasons.

Right to appeal

If you believe that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. You also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision (Landesamt für Datenschutzaufsicht).
If you wish to assert any of the above rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this privacy policy

We reserve the right to amend our privacy policy if this becomes necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce them on our website.

All interested parties and visitors to our website can contact us regarding data protection issues at:

OPEN RISK DATA Association e. V.
Marc Kirchhofer
Stefan Rosenowski
Breite Straße 98
53111 Bonn
Phone: +49 228 9822325
Email: marc.kirchhofer@synpulse.com, stefan.rosenowski@gvnw.de

Name	Purpose	Lifetime	Type	Provider
CookieConsent	Saves your consent to using cookies.	1 year	HTML	Website
fe_typo_user	Assigns your browser to a session on the server.	1 session	HTTP	Website

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo