In this data protection policy, we explain the type, scope and purpose of the processing of your personal data (“data” for short) on our website www.thats.business/uk and when using our online magazine. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behavior.
1. Who is responsible for data processing and who can I contact?
Contact details as follows:
No.2 London Square
Surrey GU1 1UN
You can reach our operational data protection officer at:
Data Protection Officer
No.2 London Square
Surrey GU1 1UN
2. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation 2016/679 (GDPR) and the Federal German Data Protection Act (BDSG):
a. For the fulfilment of contractual obligations (Article 6 (1) (b) GDPR)
Data is processed in order to provide financial services as part of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out upon request. The purposes of data processing are primarily geared towards the specific product (e.g. leasing, factoring) and may include, but are not limited to, needs analysis, consulting and to perform transactions.
b. As part of the balance of interests (Article 6 (1) (f) GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract for the protection of our legitimate interests or those of third parties, in particular:
- Review and optimisation of requirements analysis procedures for direct customer contact
- Optimisation and needs-based design of the website
- Advertising or market and opinion research, provided that you have not objected to the use of your data
- Asserting legal claims and defence in legal disputes
- Ensuring the IT security and IT operation of our company
- Prevention and investigation of criminal offences
- Video surveillance for the protection of domiciliary rights, and for the collection of evidence in cases of robbery and fraud (see also section 4 BDSG)
- Measures for building and plant safety (e.g. access control)
- Measures to safeguard domiciliary rights
- Measures for business management and further development of services and products
c. Aufgrund Ihrer Einwilligung (Art. 6 Abs. 1 a DS-GVO)
Soweit Sie uns eine Einwilligung zur Verarbeitung von personenbezogenen Daten für bestimmte Zwecke (z. B. Newsletterversand) erteilt haben, ist die Rechtmäßigkeit dieser Verarbeitung auf Basis Ihrer Einwilligung gegeben. Eine erteilte Einwilligung kann jederzeit widerrufen werden. Dies gilt auch für den Widerruf von Einwilligungserklärungen, die vor der Geltung der DS-GVO, also vor dem 25. Mai 2018, uns gegenüber erteilt worden sind. Der Widerruf der Einwilligung berührt nicht die Rechtmäßigkeit der bis zum Widerruf verarbeiteten Daten.
3. Who receives my data?
Unless expressly stated below or in the preceding sections, your data will not be passed on to third parties or other recipients.
We only pass on your personal data to third parties if:
- According to Article (6) (1) 1 lit. a GDPR you have given express consent to this,
- the transfer according to Article (6) (1) 1 lit. f GDPR required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal requirement for the transfer according to Article (6) (1) 1 lit. c GDPR there is a legal obligation, and
- this is legally permissible and according to Article (6) (1) 1 lit. b GDPR is required for the processing of contractual relationships with you.
We use the external service provider BloomReach B.V., Oosteinde 11, 1017 WT Amsterdam, for the provision and technical operation of our online magazine (so-called hosting). The hosting services we use serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services. The service provider processes the personal data processed for these purposes only on our behalf in accordance with instructions and we have concluded a contract with them for order processing in accordance with Art. 28 GDPR.
4. How is my data processed on the website?
Unless otherwise stated, we process your data on our website either to action your request (Article 6 (1) (b) GDPR) or based on our legitimate interests (Article 6 (1) (f) GDPR) as follows:
a) Usage data
Every time you access a page and retrieve a file, this process automatically saves general data to a log file. The storage is exclusively system-related and is purely used for security purposes respectively to report criminal offences in exceptional circumstances. The data is stored in httpd access logs in the data centers of our service provider Bloomreach and can be accessed in case of a legitimate interest.
A transfer of data to other third parties or any other evaluation does not take place, unless there is a legal obligation to do so. Data will be deleted automatically after 4 weeks retention time.
In detail, the following data record is saved for each access:
- Device used
- Name of the accessed file
- Date and time of access
- Time zone
- Transferred data volume
- Report as to whether the access was successful
- Description of the type of web browser used
- Operating system used
- The previously visited site
- User's IP address
We do not save your browser history.
The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest follows from the aforementioned purposes as well as the technical necessity of processing the collected data in order to display our website to you.
b) Contact forms and other enquiries
When you contact us (e.g. using the contact form or by email), personal data is collected. It may be necessary to provide your contact details and a message in order to be able to answer your request. Further information can be provided voluntarily.
The data collected are stored and processed exclusively for the purpose of answering your request or for establishing contact and the associated technical administration.
The data processing for the purpose of answering inquiries by us takes place on the basis of Art. 6 Paragraph 1 lit. f GDPR. If you contact us to conclude a contract with us, the legal basis for processing is Art. 6 Para. 1 lit. b GDPR.
The personal data collected by us to answer your request will be automatically deleted after your request has been dealt with if the circumstances show that the matter in question has been finally clarified and there are no statutory retention requirements.
c) Participation in surveys
You can take part in surveys on our website. Participation in the survey is voluntary, as is answering individual questions.
As part of the survey, we record your answers to the individual questions
On the basis of the survey results, we create anonymous evaluations that have no relation to your person (e.g. "34% of participants chose answer abc for question xyz"). We will not use your answers to evaluate your person and we will not save your answers together with the data that identifies you (e.g. name, email address).
We are happy to inform you on the basis of your consent (Article 6 (1) (a) GDPR) about the latest news with our newsletter.
In order to receive the newsletter, you must enter your name and e-mail address. You can also enter and submit further optional information. After you have submitted your e-mail address, you will receive an e-mail from us to the e-mail address you have specified, in which you must click a confirmation link to verify the e-mail address you provided.
Your data will be stored by us only for the purposes of sending our newsletter. In addition, we store your e-mail address and the date of your registration in order to be able to prove the newsletter subscription in case of doubt. The legal basis for this processing is Article 6 (1) (c) GDPR, as we are legally obliged to provide evidence of registrations. In addition, in order to measure the success of our newsletter, we collect data on whether the newsletter is opened, when it is opened and which links are clicked.
For the delivery of our newsletter we work with the Eloqua service of the provider ORACLE Nederland B.V., Hertogswetering 163, 3543 AS Utrecht, P.O. Box 40387, 3504 AD Utrecht, The Netherlands. Newsletters sent with the help of Eloqua use tracking technologies. We use this data primarily to find out which topics are of interest to you by tracking whether our emails are opened and which links you click on. We then use this information to improve the e-mails we send you and the services we provide, and to link them to existing tracking or profiling information. We will not be able to track your emails if you have disabled the display of images in your email program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all the features. If you display the images manually, the above-mentioned tracking will take place. For further information on using Eloqua, please refer to the additional notes under h.
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter.
e) Use of local storage
So that you can adapt the online magazine to your personal needs and usage, we use what is known as local storage technology (also known as "local data" and "local storage"). In doing so, data is stored locally in your browser's cache, which will continue to exist and can be read even after closing the browser window or exiting the program - unless you delete the cache.
Local storage enables your preferences when using the online magazine to be saved on your computer and used by you. The data from the local storage are used to enable you to use a watch list. The following information is stored by us as local data:
- the addresses of the magazine pages that you have added to your watch list
Third parties cannot access the data stored in the local storage. They will not be passed on to third parties and will not be used for advertising purposes.
We use this technology on the basis of our legitimate interest in accordance with Article (6) (1) lit. f GDPR in order to be able to offer you the bookmark function. You can object to the storage of your data at any time by deleting your watch list. Storage in local storage is necessary for the technical implementation of the watch list and for offering this service.
aa) General information
In order to make your visit to our websites more pleasant and to enable the use of certain functions, we use so-called cookies on various sites. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliates to recognise your browser on your next visit (so-called permanent cookies).
Cookies cannot access other files on your computer or identify your email address.
cc) Legitimacy of the storage of cookies
The essential and functional cookies are stored on the basis of our legitimate interests (Article 6 (1) (f) GDPR) for the optimisation and needs-based design of our website.
Statistical cookies and cookies for marketing purposes are stored on the basis of the user's consent (Article 6 (1) (a) GDPR). These cookies are therefore only set if the user agrees to the storage by issuing their consent to the cookie notification on the website.
dd) Deactivating and deleting cookies
The setting you choose on the first visit in response to the cookie notification will be saved. The selected settings can be adjusted here in the privacy settings at any time.
Manage your privacy settings and your settings for this website here. We collect the usage data provided on the basis of cookies in order to constantly improve your experience on our website. We collect and use this data only for purposes for which you have given your consent.
Most browsers are otherwise set to automatically accept cookies. If the default settings for cookies are stored in your browser, all processes run in the background without any notifications. However, you can change these settings at any time.
You can set your browser so that you are informed about the setting of cookies and can decide on a case-by-case basis whether they are to be accepted or deactivated for specific cases or in general.
ee) Overview of the cookies we use
Essential cookies are required to make our website serviceable by enabling basic functions such as site navigation and access to secure areas of the website. The website may not work properly without these cookies.
Statistical cookies collect information about how a website is used, e.g. the frequency of site visits and whether a user receives error messages from a page. These cookies do not store any information that would allow the user to be identified. The information collected is aggregated and therefore evaluated anonymously. These cookies are used exclusively to improve the performance of a website and thus the user experience.
Cookies for marketing purposes
Cookies for marketing purposes are used to display ads that are relevant to the user and tailored to their interests. They are also used to limit the number of times an ad is shown and to measure the effectiveness of advertising campaigns. They register whether or not you have visited a website. This information can be shared with third parties, such as advertisers. Cookies to improve targeting and advertising are often linked to third party website functions.
Most browsers are otherwise set to automatically accept cookies. If the standard settings for cookies are saved in your browser, all processes run in the background without you noticing. However, these settings can be changed by you.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
Furthermore, the prevention of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.
g) Range analysis using Piwik
If you consent (Article 6 (1) (a) GDPR), we use Piwik, a software for statistical evaluation of user access.
You can revoke your consent to this data processing as follows:
Here you can decide whether a unique web analysis cookie may be placed in your browser in order to enable the operator of the website to collect and analyze various statistical data. If you wish to opt out, click on the link below to disable this Piwik cookie. Click on the "Privacy Settings" button and deactivate the "Statistical Cookies" to reject the collection of statistical data via Piwik PRO.
h) Use of Eloqua
We use the Eloqua service to collect statistical data about the use of our website, to send our newsletters and to optimize our services accordingly. The Eloqua servers of the supplier ORACLE Nederland B.V., Hertogswetering 163, 3543 AS Utrecht, P.O. Box 40387, 3504 AD Utrecht, Netherlands are located in the EU.
If you enter personal data (e.g. in the contact form) during your visit to the website, these data will be processed with the usage behavior in order to offer you content on the website and in our newsletter that is geared to your interests, as well as to be able to send you news and information about our company or our range of services based on your data, which are geared to your individual interests. For this purpose, it is technically necessary that we combine your accrued and given data in user profiles and evaluate them for the aforementioned purposes. This is done internally and only for the aforementioned purposes.
The legal basis for the evaluation of the use of our website is your consent (Article 6 (1) (a) GDPR), which you may have given us in the course of using our website.
The information generated by the cookie about your use of this website is transferred to a server and stored there. On our behalf, Eloqua uses this information to evaluate your use of the website and to compile reports on website activity. If you wish to prevent the use of Eloqua cookies or the evaluation of usage behavior on your device in the future, this is possible via the following link: Eloqua Opt-Out .
i) Integration of YouTube
By playing a video on our website, you consent to the processing of personal data such as your IP address or browser information which may be transmitted to YouTube and, if necessary, merged with existing data. YouTube is a service provided via a European subsidiary by a provider from the USA (Google LLC), where the level of data protection is inadequate by EU standards. Access from this side or from US authorities cannot be completely ruled out.
5. How long will my data be stored?
Unless explicitly stated in this privacy statement, the usage and registration data stored with us is deleted as soon as it is no longer required for its intended use and the deletion does not conflict with any statutory retention obligations.
We process and store other personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed to last for years. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes:
- Fulfilment of commercial and tax-related retention obligations
- Preservation of evidence in the context of the statutory limitation periods..
6. Which data protection rights do I have?
Every affected person has with respect to us:
- the right of access under Art. 15 GDPR,
- the right to rectification under Art. 16 GDPR,
- the right to erasure under Art. 17 GDPR,
- the right to restriction of processing under Art. 18 GDPR,
- the right to object from Art. 21 GDPR,
- and the right to data portability under Art. 20 GDPR.
With regard to the right of access and the right to erasure, the restrictions under section 34 and 35 BDSG apply.
In addition, there is a right to appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into effect, i.e. before 25 May 2018. Please note that the revocation is only applicable for the future. Processing that took place before the revocation is not affected.
7. To what extent is there an automated decision-making process?
In principle, we do not use any fully automated decision-making processes pursuant to Art. 22 GDPR in order to justify or maintain the business relationship. If we do use these procedures in individual cases, we will inform you about this separately, if this is required by law.
8. Does profiling take place?
We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling, for example, in the following cases:
- In order to provide you with targeted information and advice on products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
Information about your right of revocation according to Art. 21 GDPR.
1. Case-specific right to object
You have the right at any time, for reasons arising from your particular situation, to revoke your consent for the processing of personal data relating to you, which takes place on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the establishment, exercise or defence of legal claims.
2. Right to revoke your consent to the processing of data for direct advertising purposes
In individual cases, we process your personal data in order to perform direct advertising. You have the right to object at any time to the processing of personal data concerning you for such advertising, which includes profiling to the extent that it is related to such direct advertising.
If you object to the processing for direct advertising purposes, your personal data will no longer be processed for such purposes.
You can revoke your consent to this by sending a correspondingly worded letter to GRENKE, Data Protection Officer, No.2 London Square, Cross Lanes, Guildford, Surrey GU1 1UN or email [email protected] or [email protected].