Datenschutzerklärung

Präambel

Mit der folgenden Datenschutzerklärung möchten wir Sie darüber aufklären, welche Arten Ihrer personenbezogenen Daten (nachfolgend auch kurz als "Daten" bezeichnet) wir zu welchen Zwecken und in welchem Umfang verarbeiten. Die Datenschutzerklärung gilt für alle von uns durchgeführten Verarbeitungen personenbezogener Daten, sowohl im Rahmen der Erbringung unserer Leistungen als auch insbesondere auf unseren Webseiten, in mobilen Applikationen sowie innerhalb externer Onlinepräsenzen, wie z.B. unserer Social-Media-Profile (nachfolgend zusammenfassend bezeichnet als "Onlineangebot").

Die verwendeten Begriffe sind nicht geschlechtsspezifisch.

Stand: 24. Mai 2023

Verantwortlicher

Plexify GmbH
Lenbachallee 12
85521 Ottobrunn

Vertretungsberechtigte Personen: Philipp Kang, Maik Tran, Jonas Leeb

E-Mail-Adresse: info@plexify.io

Impressum: https://plexify.io/en/impressum/

Übersicht der Verarbeitungen

Die nachfolgende Übersicht fasst die Arten der verarbeiteten Daten und die Zwecke ihrer Verarbeitung zusammen und verweist auf die betroffenen Personen.

Arten der verarbeiteten Daten

• Bestandsdaten.
• Zahlungsdaten.
• Kontaktdaten.
• Inhaltsdaten.
• Vertragsdaten.
• Nutzungsdaten.
• Meta-, Kommunikations- und Verfahrensdaten.

Kategorien betroffener Personen

• Interessenten.
• Kommunikationspartner.
• Nutzer.
• Geschäfts- und Vertragspartner.

Zwecke der Verarbeitung

• Erbringung vertraglicher Leistungen und Kundenservice.
• Kontaktanfragen und Kommunikation.
• Sicherheitsmaßnahmen.
• Direktmarketing.
• Büro- und Organisationsverfahren.
• Verwaltung und Beantwortung von Anfragen.
• Feedback.
• Bereitstellung unseres Onlineangebotes und Nutzerfreundlichkeit.
• Informationstechnische Infrastruktur.

Maßgebliche Rechtsgrundlagen

Im Folgenden erhalten Sie eine Übersicht der Rechtsgrundlagen der DSGVO, auf deren Basis wir personenbezogene Daten verarbeiten. Bitte nehmen Sie zur Kenntnis, dass neben den Regelungen der DSGVO nationale Datenschutzvorgaben in Ihrem bzw. unserem Wohn- oder Sitzland gelten können. Sollten ferner im Einzelfall speziellere Rechtsgrundlagen maßgeblich sein, teilen wir Ihnen diese in der Datenschutzerklärung mit.

• Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO) - Die betroffene Person hat ihre Einwilligung in die Verarbeitung der sie betreffenden personenbezogenen Daten für einen spezifischen Zweck oder mehrere bestimmte Zwecke gegeben.
• Vertragserfüllung und vorvertragliche Anfragen (Art. 6 Abs. 1 S. 1 lit. b) DSGVO) - Die Verarbeitung ist für die Erfüllung eines Vertrags, dessen Vertragspartei die betroffene Person ist, oder zur Durchführung vorvertraglicher Maßnahmen erforderlich, die auf Anfrage der betroffenen Person erfolgen.
• Rechtliche Verpflichtung (Art. 6 Abs. 1 S. 1 lit. c) DSGVO) - Die Verarbeitung ist zur Erfüllung einer rechtlichen Verpflichtung erforderlich, der der Verantwortliche unterliegt.
• Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO) - Die Verarbeitung ist zur Wahrung der berechtigten Interessen des Verantwortlichen oder eines Dritten erforderlich, sofern nicht die Interessen oder Grundrechte und Grundfreiheiten der betroffenen Person, die den Schutz personenbezogener Daten erfordern, überwiegen.

Zusätzlich zu den Datenschutzregelungen der DSGVO gelten nationale Regelungen zum Datenschutz in Deutschland. Hierzu gehört insbesondere das Gesetz zum Schutz vor Missbrauch personenbezogener Daten bei der Datenverarbeitung (Bundesdatenschutzgesetz – BDSG). Das BDSG enthält insbesondere Spezialregelungen zum Recht auf Auskunft, zum Recht auf Löschung, zum Widerspruchsrecht, zur Verarbeitung besonderer Kategorien personenbezogener Daten, zur Verarbeitung für andere Zwecke und zur Übermittlung sowie automatisierten Entscheidungsfindung im Einzelfall einschließlich Profiling. Des Weiteren regelt es die Datenverarbeitung für Zwecke des Beschäftigungsverhältnisses (§ 26 BDSG), insbesondere im Hinblick auf die Begründung, Durchführung oder Beendigung von Beschäftigungsverhältnissen sowie die Einwilligung von Beschäftigten. Ferner können Landesdatenschutzgesetze der einzelnen Bundesländer zur Anwendung gelangen.

Sicherheitsmaßnahmen

Wir treffen nach Maßgabe der gesetzlichen Vorgaben unter Berücksichtigung des Stands der Technik, der Implementierungskosten und der Art, des Umfangs, der Umstände und der Zwecke der Verarbeitung sowie der unterschiedlichen Eintrittswahrscheinlichkeiten und des Ausmaßes der Bedrohung der Rechte und Freiheiten natürlicher Personen geeignete technische und organisatorische Maßnahmen, um ein dem Risiko angemessenes Schutzniveau zu gewährleisten.

Zu den Maßnahmen gehören insbesondere die Sicherung der Vertraulichkeit, Integrität und Verfügbarkeit von Daten durch Kontrolle des physischen und elektronischen Zugangs zu den Daten als auch des sie betreffenden Zugriffs, der Eingabe, der Weitergabe, der Sicherung der Verfügbarkeit und ihrer Trennung. Des Weiteren haben wir Verfahren eingerichtet, die eine Wahrnehmung von Betroffenenrechten, die Löschung von Daten und Reaktionen auf die Gefährdung der Daten gewährleisten. Ferner berücksichtigen wir den Schutz personenbezogener Daten bereits bei der Entwicklung bzw. Auswahl von Hardware, Software sowie Verfahren entsprechend dem Prinzip des Datenschutzes, durch Technikgestaltung und durch datenschutzfreundliche Voreinstellungen.

TLS-Verschlüsselung (https): Um Ihre via unserem Online-Angebot übermittelten Daten zu schützen, nutzen wir eine TLS-Verschlüsselung. Sie erkennen derart verschlüsselte Verbindungen an dem Präfix https:// in der Adresszeile Ihres Browsers.

Übermittlung von personenbezogenen Daten

Im Rahmen unserer Verarbeitung von personenbezogenen Daten kommt es vor, dass die Daten an andere Stellen, Unternehmen, rechtlich selbstständige Organisationseinheiten oder Personen übermittelt oder sie ihnen gegenüber offengelegt werden. Zu den Empfängern dieser Daten können z.B. mit IT-Aufgaben beauftragte Dienstleister oder Anbieter von Diensten und Inhalten, die in eine Webseite eingebunden werden, gehören. In solchen Fällen beachten wir die gesetzlichen Vorgaben und schließen insbesondere entsprechende Verträge bzw. Vereinbarungen, die dem Schutz Ihrer Daten dienen, mit den Empfängern Ihrer Daten ab.

Datenverarbeitung in Drittländern

Sofern wir Daten in einem Drittland (d.h., außerhalb der Europäischen Union (EU), des Europäischen Wirtschaftsraums (EWR)) verarbeiten oder die Verarbeitung im Rahmen der Inanspruchnahme von Diensten Dritter oder der Offenlegung bzw. Übermittlung von Daten an andere Personen, Stellen oder Unternehmen stattfindet, erfolgt dies nur im Einklang mit den gesetzlichen Vorgaben. Vorbehaltlich ausdrücklicher Einwilligung oder vertraglich oder gesetzlich erforderlicher Übermittlung verarbeiten oder lassen wir die Daten nur in Drittländern mit einem anerkannten Datenschutzniveau, vertraglicher Verpflichtung durch sogenannte Standardschutzklauseln der EU-Kommission, beim Vorliegen von Zertifizierungen oder verbindlicher internen Datenschutzvorschriften verarbeiten (Art. 44 bis 49 DSGVO, Informationsseite der EU-Kommission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Erasure of Data

The data processed by us will be erased in accordance with legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g., if the purpose of processing this data has ceased or they are not necessary for the purpose).

If the data is not erased because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may also contain further information on the retention and erasure of data, which takes precedence for the respective processing operations.

Business Services

We process data of our contractual and business partners, e.g., customers and prospective customers (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractually), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any updating obligations, and remedies in case of warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations as well as business organization.

Furthermore, we process the data based on our legitimate interests in proper and business-like management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities).

Within the scope of applicable law, we only disclose data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We erase the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons. The statutory retention period for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the work instructions required to understand these documents, and other organizational documents and accounting records is ten years, and for received commercial and business letters and reproductions of dispatched commercial and business letters, six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was drawn up, the commercial or business letter was received or dispatched, or the accounting record originated, furthermore the recording was made or the other documents originated.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between users and providers.

Processed Data Types:

Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., subject of contract, term, customer category).

Data Subjects:

Prospective customers; Business and contractual partners.

Purposes of Processing:

Provision of contractual services and customer service; Contact requests and communication; Office and organizational procedures; Managing and responding to inquiries.

Legal Bases:

Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing, Procedures, and Services:

Agency Services: We process our customers' data as part of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Project and Development Services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") to enable them to select, purchase, or commission the chosen services or works as well as related activities, and their payment and provision or execution or performance. The required information is marked as such within the scope of the order, purchase, or comparable contract conclusion and includes the information necessary for service provision and billing as well as contact information for any necessary consultations. Insofar as we receive access to information from end customers, employees, or other persons, we process this in accordance with legal and contractual requirements; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Provision of Software and Platform Services: We process the data of our users, registered and potential trial users (hereinafter uniformly referred to as "users"), to provide them with our contractual services and, based on legitimate interests, to ensure the security of our offering and to further develop it. The required information is marked as such within the scope of the order, purchase, or comparable contract conclusion and includes the information necessary for service provision and billing as well as contact information for any necessary consultations; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Provision of Online Offering and Web Hosting

We process users' data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

Processed Data Types:

Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Content data (e.g., entries in online forms).

Data Subjects:

Users (e.g., website visitors, users of online services).

Purposes of Processing:

Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.

Legal Bases:

Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing, Procedures, and Services:

Provision of Online Offering on Rented Storage Space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also "web hoster"); Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Erasure of data: Log file information is stored for a maximum of 30 days and then erased or anonymized. Data whose further retention is required for evidentiary purposes is excluded from erasure until the final clarification of the respective incident.

Email Dispatch and Hosting: The web hosting services we use also include the dispatch, receipt, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as further information concerning email dispatch (e.g., the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that emails on the internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to answer the contact requests and any requested measures.

Processed Data Types:

Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).

Data Subjects:

Communication partners.

Purposes of Processing:

Contact requests and communication; Managing and responding to inquiries; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness.

Legal Bases:

Legitimate interests (Art. 6(1)(f) GDPR); Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further Information on Processing, Procedures, and Services:

Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the stated request; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Promotional Communication via Email, Post, Fax, or Telephone

We process personal data for purposes of promotional communication, which can take place via various channels, such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke consents given at any time or to object to promotional communication at any time.

After revocation or objection, we store the data required to prove previous authorization for contact or dispatch for up to three years after the end of the year of revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest to permanently observe the revocation or objection of users, we also store the data necessary to avoid renewed contact (e.g., depending on the communication channel, the email address, telephone number, name).

Processed Data Types:

Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers).

Data Subjects:

Communication partners.

Purposes of Processing:

Direct marketing (e.g., by email or post).

Legal Bases:

Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Amendment and Update of the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting them.

Rights of Data Subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw your consent at any time.
• Right of access: You have the right to obtain confirmation as to whether or not data concerning you is being processed, and, where that is the case, access to this data and further information and a copy of the data in accordance with legal requirements.
• Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
• Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to demand that data concerning you be erased without undue delay or, alternatively, to demand restriction of the processing of the data in accordance with legal requirements.
• Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with legal requirements, or to demand its transmission to another controller.
• Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.