Home » Privacy Policy

Privacy Policy

Privacy Policy

Introduction

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Privacy Policy Template. Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

The terms used are not gender specific.

As at: 30.11.2022

Content

Person in Charge

INSTITUT DISCIMUS LAB
Tržec 12B
2284 Videm pri Ptuju
Slovenia

Authorised representative:

Dr. Monica Hühner

E-Mail Address:

monica.huehner@discimus-lab.com

Legal Notice:

https://discimus-lab.com/

Overview of the processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Type of data processed.

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta and communication data.

Categories of data subjects

  • Communications partner.
  • User.

Purposes of the processing

  • Provision of contractual services and customer service.
  • Contact requests and communication.
  • Provision of our online offer and user friendliness.

Relevant legal bases

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data.. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.

  • Contract performance and pre-contractual enquiries (§ 6(1)(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request.
  • Legal obligation (Art. 6 (1)(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1)(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Security Measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose).

Unless the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That means, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may also contain further information on the retention and deletion of data, which will take precedence for the respective processing operations.

Use of Cookies

Cookies are small text files, or other memory notes, which store information on and read information from end devices. For example, to store the login status in a user account, the contents of a shopping basket in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for various purposes, e.g. for the functionality, security and comfort of online offers and the creation of analyses of visitor flows.

Consent notices: We use cookies in accordance with the legal requirements. We therefore obtain prior consent from users, except where this is not required by law. In particular, consent is not necessary if the storage and reading of the information, i.e. also of cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by the user (i.e. our online offer). The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

Notes on legal bases under data protection law: The legal basis in terms of data protection law, under which we process users’ personal data with the help of cookies, depends on whether we ask users for consent. If users consent, the legal basis for the processing of their data is their declared consent. Otherwise, the data processed with the aid of cookies will be processed on the basis of our legitimate interests (e.g. in the business management of our online offer and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We explain the purposes for which we process cookies in the course of this privacy policy or as part of our consent and processing procedures.

 With regard to the storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies):   Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g. browser or mobile app).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users   with explicit information about the nature and storage duration of cookies (e.g. as part of the consent process), users should assume that cookies are permanent and can be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with   the legal requirements in Art. 21 GDPR (further information on the objection is provided within the scope of this privacy policy). Users can also declare their objection by means of the settings of their browser.

Further guidance on processing operations, procedures and services:

  • Processing of cookie data on the basis of consent: We use a cookie consent management procedure under which users consents to the use of cookies, or which can be obtained, managed and revoked within the mentioned processing and providers under the cookie consent management procedure. The declaration of consent is stored so that it does not have to be repeated and the consent can be proven in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information on cookie management service providers, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.

Provision of the online offer and web hosting

In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting service may include all information relating to the users of our online service that arises in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

  • Types of data processed: Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of the processing: Provision of our online offer and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 (1)(1)(f) GDPR).

Further guidance on processing operations, procedures and services:

  • Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used on the one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilisation of the servers and their stability; deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Management of contacts and requests

When contacting us (e.g. by contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact enquiries and any requested measures.

The answering of contact enquiries as well as the administration of contact and enquiry data within the framework of contractual or pre-contractual relationships is carried out in order to fulfil our contractual obligations or to answer (pre)contractual enquiries and, moreover, on the basis of the legitimate interests in answering enquiries and maintaining user or business relationships.

  • Types of data processed: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms).
  • Affected persons: Communication partner.
  • Purposes of processing: contact requests and communication; provision of contractual services and customer service.
  • Legal basis: Contract performance and pre-contractual enquiries (Art.6 (1)(1)(b) GDPR) 6 paragr. 1 p. 1 lit. b. GDPR); Legitimate Interests (Art. 6 (1)(1)(f) GDPR); Legal obligation (Art. 6 (1)(1)(c) GDPR).

Further guidance on processing operations, procedures and services:

  • Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data communicated to us in this context for the purpose of processing the communicated request. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfilment, and otherwise on the basis of our legitimate interests as well as the interests of the communication partners in responding to the requests and our statutory retention obligations.

Amendment and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Where we provide addresses and contact details of companies and organisations in this privacy statement, please note that the addresses may change over time and please check the details before contacting us.

Definition of terms

This section provides you with an overview of the terms used in this privacy statement. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are in alphabetical order.

  • Personal data” means any information relating to an identified or identifiable natural person: “Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, economic, cultural or social identity of that natural person. (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, economic, cultural or social identity of that natural person.
  • Person in charge: the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processing: “processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is wide-ranging and encompasses practically every handling of data, be it collection, evaluation, storage, transmission or deletion.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke

 

Diese Website verwendet Cookies, um Ihnen die bestmögliche Benutzererfahrung zu bieten.