Data protection
This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). Regarding the terminology used, such as "personal data" or "processing," we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Information Obligation - Notice on the Protection of Your Personal Data
Responsible party Germany:
Locations: Berlin, Darmstadt, Essen, Frankfurt, Freiburg, Hamburg, Cologne, Leipzig, Mainz, Paderborn
FDS Non-Profit Foundation
represented by Moses Mendelssohn Non-Profit Foundation GmbH
Am Weichselgarten 11-13, 91058 Erlangen
Managing Directors: Prof. Dr. H.-J. Schoeps, Engelbert Maus
Commercial Register Fürth: HRB 18012
Responsible party Germany:
Location: Nuremberg
Street No.: Am Weichselgarten 11-13
Postal Code, City, Country: 91058, Erlangen, Germany
Managing Directors: Andrea Bastel, Jens Kindschuh, Simon Behr
Commercial Register No.: HRB 20957
Email address: datenschutz@smartments.de
Responsible party Austria
Name/Company: SMARTments Ges. m.b.H.
Street No.: Absberggasse 29
Postal Code, City, Country: 1100, Austria, Germany
Managing Directors: Andrea Bastel, Jens Kindschuh, Simon Behr
Commercial Register No.: FN 469993 t
Email address: datenschutz@smartments.de
Data Protection Officer:
Name: Sophie Hohmann
Email address: datenschutz@smartments.de
Types of processed data:
☒ Inventory data (e.g., names, addresses).
☒ Contact details (e.g., email, phone numbers).
☒ Content data (e.g., text entries, photographs, videos).
☒ Contract data (e.g., contract subject, duration).
☒ Payment data (e.g., bank details, payment history).
☒ Usage data (e.g., access times, approx. age, approx. gender).
☒ Meta-/communication data (e.g., device information).
Processing of special categories of data (Art. 9 para. 1 GDPR):
☒ No special categories of data are processed.
Categories of persons affected by the processing:
☒ Customers / Prospective customers.
☒ Visitors and users of the online offering.
Hereinafter, we refer to the affected persons collectively as "users."
Purpose of processing:
☒ Provision of the online offering, its content, and functions.
☒ Responding to contact inquiries and communication with users.
☒ Marketing, advertising, and market research.
As of: 24.05.2018
1. Relevant legal basis
According to Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
2. Changes and updates to the privacy policy
We ask you to regularly review the content of our privacy policy. We adjust the privacy policy as soon as changes in our data processing make this necessary. We will inform you as soon as changes require an action on your part (e.g., consent) or other individual notification.
3. Security measures
3.1. In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk for the rights and freedoms of natural persons; The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data as well as the access, input, transmission, availability, and separation of data. We have also set up procedures to ensure the exercise of data subject rights, the deletion of data, and response to data threats. Furthermore, we consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and default (Art. 25 GDPR).
3.2. Among the security measures is the encrypted transmission of data between your browser and our server.
4. Collaboration with processors and third parties
4.1. If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as to payment service providers, is necessary for contract performance in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
4.2 If we commission third parties to process data based on a so-called "processing contract," this is done on the basis of Art. 28 GDPR.