We, Awantel GmbH, take data protection and information security very seriously. The effective management of all personal data, including security and confidentiality, is the heart of our business and naturally underpins our practices and processes.
This policy applies to you, the User of our Services and us the provider of the Services and governs the processing of your personal data in context of our Services and business.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. The responsible party within the meaning the EU`s General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) is:
67059 Ludwigshafen, Germany
Phone: +49 621 591420
(hereinafter “Awantel”, “we”, “us” or “our”)
Awantel respects your right to privacy and is committed to the following key principles:
- We protect your privacy and aim to provide you with a service that is tailored to your needs.
- Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.
- You have the right to information and access to your personal data at any time and may request its correction or deletion.
- We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data within our company, partners and other service providers. In this case, their own privacy policies may also apply.
- We take all reasonable measures to ensure the security and protection of your data from misuse.
Data subject rights
The following rights arise from the GDPR for you as a data subject of a processing of personal data:
- Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, about a transfer to third countries or to international organisations, and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
- Pursuant to Art. 16 GDPR, you can immediately request the correction of inaccurate or the completion of your personal data stored by us.
- Pursuant to Art. 17 GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, we no longer need the data and you object to their erasure because you need them for the assertion, exercise or defence of legal claims. You also have the right under Article 18 of the GDPR if you have objected to the processing in accordance with Article 21 of the GDPR.
- Pursuant to Art. 20 GDPR, you may request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you may request that it be transferred to another controller.
- Pursuant to Art. 7 (3) GDPR, you may revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
- In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters for this purpose.
Right of objection
When your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right of objection, which is implemented by us without specifying a particular situation.
Data security and security measures
We undertake to protect your privacy and to treat your personal data confidentially. In order to prevent manipulation or loss or misuse of your data stored with us, we take extensive technical and organisational security precautions which are regularly reviewed and adapted to technological progress. However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, data disclosed unencrypted – e.g., if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.
The legal bases for processing
The legal bases for processing are listed below and at least one of these must apply whenever we process personal data:
- Consent: the individual has given clear consent to process personal data for a specific purpose.
- Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
Principles of data processing
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information for which we cannot (or can only with a disproportionate effort) establish a link to your person, e.g., by anonymising the information, is not personal data. The processing of personal data (e.g., collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.
If we process your personal data for the provision of certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.
The Supervisory Authority
The Baden-Württemberg DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg) located at Lautenschlagerstraße 20, 70173 Stuttgart, Germany (www.baden-wuerttemberg.datenschutz.de) is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so, please contact us in the first instance.
Sources of personal data
This policy applies to personal information we collect from or about you using methods described below from the following sources:
- Awantel websites, including websites we operate under our own domains / URLs and mini-sites we operate on third-party social networks (“Sites”).
- Email and other electronic messaging interactions with electronic communications between you and Awantel.
- Data we create as part of our interactions with you, we may create personal data about you (for example, records of your purchases on our websites).
- Data from other sources Third party social networks, market research (where feedback is not provided anonymously), third party data aggregators, advertisers from Awantel, public sources and data we receive when we acquire other businesses.
Processing of special categories of data
In principle, no special categories of data are processed unless they are supplied for processing by users.
Categories of data subjects
- Customers, test users, business partners.
- Visitors and users of the online offer.
In the following, we also refer to the data subjects collectively as users.
Purpose of the processing
- Provision of the online offer, its contents and functions.
- Offering and operating the services and associated services (computing capacities, databases, software, maintenance and development).
- Security measures.
- Answering contact requests and communication with users.
- Marketing, advertising and market research.
- Automated decision-making in individual cases
- No automated decisions are made.
Personal data of children
We do not intentionally request or collect personal information from children. If we discover that we have inadvertently collected personal information from a child, we will promptly remove that child’s personal information from our records.
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or enquiries to the controller). You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser line.
We do not directly and for the purpose of processing transfer your personal data outside the European Economic Area (EEA) and Germany.
Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Data collection when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
When contacting us (e.g., via contact form, phone or e-mail), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
You can object to the processing. You have the right to object on grounds relating to your particular situation. To object, please contact us.
Administration, financial accounting, office organisation, contact management
We process data within the scope of administrative tasks as well as organisation of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. Customers, prospective customers, business partners and website visitors are affected by the processing. The purpose and our legitimate interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.
We disclose or transfer data to the tax authorities, advisors, such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information on suppliers, organisers, and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.
Business analyses and market research
In order to operate our business economically and to be able to recognise market trends and the wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of our legitimate interests, whereby the persons concerned include contractual partners, interested parties, customers, visitors and users of our online offer as well as our trade fairs and events.
We may take into account the profiles of registered users with information, e.g., on the services they have used. The analyses serve us to increase the user-friendliness, the optimisation of our offer, our events and the business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised values.
Insofar as these analyses or profiles are personal, they will be deleted or anonymised upon termination by the user, otherwise after three years from the conclusion of the contract. Otherwise, the overall business analyses and general trend analyses will be prepared anonymously, if possible.
Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the processing purpose and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) lit. a GDPR, this data is stored until the data subject revokes his/her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) of the GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfilment or initiation of a contract and/or we do not have a legitimate interest in continuing to store it.
When processing personal data on the basis of Art. 6 (1) f GDPR, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Article 6(1)(f) of the GDPR, such data shall be stored until the data subject exercises his or her right to object pursuant to Article 21(2) of the GDPR.
Unless otherwise stated in the other information in this policy on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
We Skype to conduct our online meetings and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during participation in an online meeting. If you contact us in electronic, we store and process the data you have provided us with (e.g. name, contact information, content of the enquiry). The legal basis for this is our legitimate interest in effective customer communication in accordance with Art. 6 Para. 1 lit. a) GDPR and, insofar as it concerns an enquiry to enter into or fulfil a contract, also Art. 6 Para. 1 lit. b) GDPR. You can request information about the purpose of processing, origin and, if applicable, recipients of your personal data from us free of charge at any time.
Changes to this policy
If we change how we handle your personal information, we will update this policy. We reserve the right to make changes to our business practices and this policy at any time. Please check back regularly for updates or changes to our policy.
If you have any questions or comments about this policy and our privacy practices, or if you would like to make a complaint regarding our compliance with applicable privacy laws, please contact us.
We will receive and investigate any complaints about the way we handle personal data (including a complaint that we have violated your rights under applicable data protection laws).