Privacy policy

By way of this privacy policy, we would like to provide you as a user of our website (hereinafter referred to as the “website”) with information in line with the specifications set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1. Name and contact details of the controller

The controller under the terms of the GDPR, other national data protection legislation of the member states and other provisions under data protection legislation is:

Braintower Technologies GmbH
Schlackenbergstr. 41 a
66386 St. Ingbert
Tel. +49 6894 92966-0
Fax +49 6894 92966-20
Email info@braintower.de

2. Contact details of the company data protection officer

The contact details of the controller’s company data protection officer are:

Name: Jens Hinsberger
Braintower Technologies GmbH
Schlackenbergstr. 41 a
66386 St. Ingbert
Tel. +49 6894 92966-17
Fax +49 6894 92966-20
Email jens.hinsberger@braintower.de

3. Purpose, legal basis and duration of processing

a) When the website is accessed

Each time our website is accessed, the browser used on the user’s terminal device automatically sends information to our website’s server. We temporarily store the following transmitted information in what are known as “log files”:

Information about the browser type and the version used;
The user’s operating system;
The user’s Internet service provider;
The accessing computer’s IP address;
Date and time of access;
Websites from which the user’s system accessed our website; and
Websites which are accessed by the user’s system via our website.

This information is processed (1) to guarantee a smoothly established connection to the website, including the delivery of the website on the user’s computer; (2) to guarantee convenient use of our website; (3) for the purpose of evaluating system security and stability; and (4) for further administrative purposes.

The legal basis for data processing is Art. 6, Para. 1, Subpara. 1, Clause 1, lit. f of the GDPR. Our legitimate interest results from the data processing purposes listed above. Data is not analysed for marketing purposes or for the purpose of drawing conclusions about you as a person in this respect.

The data for providing the website is deleted as soon as it is no longer required to achieve this purpose, i.e. when the respective session is ended. The data stored in log files is deleted after 14 days at the latest.
When you access our website, we also use cookies for analysis and other services. You will find more detailed explanations on this matter in Sections 5 to 9 of this privacy policy.

b) Jira Service Desk

Our website enables you to contact us and report technical faults over the Jira Service Desk platform.

To be able to use this platform, you must register (providing personal data during the registration process) and create a user account. In this regard, data is entered in an input screen, sent to us and stored. A valid email address and your full name are required to register. When you complete the registration process, the accessing computer’s IP address and the send date and time are also stored.

User registration serves to make processing of faults reported by customers easier, because the customer’s information is automatically submitted during the processing operation.

If you report a fault over the platform, it may under certain circumstances receive additional personal data. This additional personal data is also only used for the purpose of processing the reported fault.

Insofar as doing so is necessary for processing your reported fault, we shall disclose the personal data concerning you to third parties (e.g. manufacturers, suppliers and service providers). Under certain circumstances, personal data shall also be transferred to a third country.

The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Para. 1, Subpara. 1, lit. a of the GDPR, in addition to Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR. If registration and fault reporting are associated with fulfilling a contract, the contracting party for which is the user, or with implementing pre-contractual measures, Art. 6, Para.1, Subpara. 1, lit. b of the GDPR forms an additional legal basis for data processing.

The additional personal data processed for the purpose of processing the reported fault is deleted once the statutory retention periods have elapsed at the latest, unless you have consented to further storage according to Art. 6, Para. 1, Subpara. 1, Clause 1, lit. a of the GDPR. Generally speaking, the processed personal data must be deleted 6 years after the end of the calendar year in which the contractual relationship was terminated; in the case of invoicing records, the general retention period is 10 years. In exceptional cases, we can also be obligated to store data for longer based on retention and documentation requirements under fiscal and commercial law (as a result of the German Commercial Code, the German Criminal Code or the German Tax Code). Insofar as no statutory retention periods have to be complied with, we shall delete the processed personal data immediately as long as it is no longer required to process the reported fault or to preserve statutory retention periods.

c) SMS Gateway licence portal

Furthermore, our website offers users the opportunity to request a licence for our SMS Gateway product online via the SMS Gateway licence portal, or to view relevant licence information and support (e.g. for fault reporting) and to procure current firmware for the SMS Gateway used.

The device’s serial number is required to be able to use this portal. Once you have licensed the device, the personal data stored in the licence request is assigned to the serial number.

The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Para. 1, Subpara. 1, lit. a of the GDPR, in addition to Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR. If registration is associated with fulfilling a contract, the contracting party for which is the user, or with implementing pre-contractual measures, Art. 6, Para.1, Subpara. 1, lit. b of the GDPR forms an additional legal basis for data processing.

The additional personal data processed for the purpose of processing the reported fault is deleted once the statutory retention periods have elapsed at the latest, unless you have consented to further storage according to Art. 6, Para. 1, Subpara. 1, Clause 1, lit. a of the GDPR. Generally speaking, the processed personal data must be deleted 6 years after the end of the calendar year in which the contractual relationship was terminated; in the case of invoicing records, the general retention period is 10 years. In exceptional cases, we can also be obligated to store data for longer based on retention and documentation requirements under fiscal and commercial law (as a result of the German Commercial Code, the German Criminal Code or the German Tax Code).

4. Cookies

We use what are known as “cookies” on our website. Cookies are small files which are automatically created by your browser when our website is accessed and which are stored on your terminal device (laptop, tablet, smartphone or a similar device). Resulting information in connection with the specific terminal device used is stored in the cookie.

On the one hand, cookies are used to make use of our website as user-friendly as possible. We use what are known as “session cookies” to identify that you have already visited individual pages of our website. These are automatically deleted once you leave our site. We also use temporary cookies to optimise our website’s user-friendliness. These cookies are stored on your terminal device for a specific period of time defined in advance and contain information which allows your browser to be uniquely identified the next time the website is accessed. This is done to automatically reapply the entries and settings made the last time our website was accessed. However, we do not immediately receive knowledge of your identity through identification of your browser.

The legal basis for personal data processing using technically necessary cookies is Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR.

On the other hand, we use cookies to record statistics about how our website is used and evaluate them for the purposes of optimising it for you. These cookies also mean that your browser can be uniquely identified the next time the website is accessed. You will find more detailed explanations on this matter under Section 7 of this privacy policy.

Browser settings are generally made so that cookies are automatically stored on the user’s terminal device. You can prevent or restrict this by changing your browser’s settings. You can also delete cookies which have already been saved at any time, whereby deletion can also take place automatically. If cookies are deleted or deactivated for our website, it may no longer be possible to use all of the website’s functions without restriction.

5. Rights of the data subject

If your personal data is processed, you as the data subject are entitled to the following rights vis-à-vis the controller:

a) Right of access

According to Art. 15 of the GDPR, you have the right to request information about what personal data we process.

The right of access extends in particular to
(1) the purposes of processing;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you was or shall be disclosed;
(4) the planned duration of storage of the personal data concerning you, or if specific information cannot be provided on this matter, the criteria for determining the duration of storage;
(5) the existence of a right to correct or delete the personal data concerning you, a right to restrict processing by the controller, and a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all of the available information about the data’s origin, if the personal data was not collected from the data subject; and
(8) the existence of automated decision-making, including profiling, and meaningful information on the details of such processing.

You can also request information about whether the personal data concerning you is transferred to a third country or an international organisation. In this context, you can request to be informed of the appropriate safeguards according to Art. 46 of the GDPR in connection with such transfer.

b) Right to correction

According to Art. 16 of the GDPR, you have the right to request that we immediately correct incomplete personal data which we have stored about you or that we complete the same.

c) Right to deletion

According to Art. 17 of the GDPR, you have the right to request that we delete the personal data which we have stored about you.

The prerequisites for deletion are that
(1) the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) you revoke your consent on which processing according to Art. 6, Para. 1, Subpara. 1, lit. a or Art. 9, Para. 2, lit. a of the GDPR was based, and there are no other legal grounds for processing;
(3) you object to processing according to Art. 21, Para. 1 of the GDPR and there are no other overriding legitimate grounds for processing, or you object to processing according to Art. 21, Para. 2 of the GDPR;
(4) the personal data concerning you was processed unlawfully;
(5) deletion of the personal data concerning you is required to fulfil a legal obligation under Union law or the law of the member states to which we are subject; or
(6) the personal data concerning you was collected in relation to the offer of information society services according to Art. 8, Para. 1 of the GDPR.

The right to deletion does not exist insofar as processing is required
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation which requires processing according to Union or member state law to which the controller is subject, to perform a task carried out in the public interest, or to exercise official authority vested in the controller;
(3) for reasons of public interest in the area of public health according to Art. 9, Para. 2, lit. h and i as well as Art. 9, Para. 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to Art. 89, Para. 1 of the GDPR, insofar as the right to deletion is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishment, exercise or defence of legal claims.

d) Right to restriction of processing

According to Art. 18 of the GDPR, you have the right to request that we restrict processing.

Processing can be restricted if
(1) you dispute the accuracy of the personal data concerning you for a duration that enables us to check the accuracy of the personal data;
(2) processing is unlawful and you refuse deletion of the personal data and instead request restriction of your personal data’s use;
(3) we no longer need the personal data for the purposes of processing, but you require the same to establish, exercise or defend legal claims; or
(4) you have objected to processing according to Art. 21, Para. 1 of the GDPR and it has not yet been determined whether our legitimate grounds take precedence over your grounds.

e) Right of objection

According to Art. 21 of the GDPR, you have the right to object to processing of the personal data concerning you according to Art. 6, Para. 1, Subpara. 1, Clause 1, lit. f of the GDPR based on legitimate interests on grounds relating to your particular situation.

If the personal data concerning you is processed for the purposes of direct advertising, according to Art. 21, Para. 2 of the GDPR you have the right at any time to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising.

f) Right to data portability

According to Art. 20 of the GDPR, you have the right to receive your personal data concerning you which you provided us with in a structured, common and machine-readable format or to request direct transfer of the personal data concerning you to another controller if doing so is technically feasible.

g) Right to revocation of your declaration of consent under data protection legislation

According to Art. 7 of the GDPR, you have the right to revoke the consent you granted at any time.

If you revoke your consent, we may no longer continue our data processing activities based on this consent with effect for the future. The lawfulness of processing carried out based on consent up until revocation of the same is not affected by such revocation.

h) Right to lodge complaints with a supervisory authority

According to Art. 77 of the GDPR, regardless of another administrative or judicial legal remedy, you have the right to lodge complaints with a supervisory authority, particularly in the member state where your place of residence, your workplace or the place of the suspected violation is located if you believe that the processing of the personal data concerning you is in violation of the GDPR.

6. Data security

When you visit our website, we use the popular SSL (Secure Socket Layer) method in conjunction with the highest encryption level supported by your browser. This is usually a 256-bit encryption. You can recognise whether an individual page of our website is transferred in encrypted format by the closed key or padlock symbol in your browser’s bottom status bar.

Additionally, we use suitable technical and organisational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are continuously improved in line with technological developments.

7. Currency of and amendments to this privacy policy

This privacy policy is currently valid and was last updated in May 2018.

Due to the further development of our website and offers, or based on legal or official requirements, it may be necessary to amend this privacy policy. You can access and print out the current privacy policy from https://www.braintower.de/privacypolicy at any time.