Privacy Policy

Privacy policy

By way of this privacy policy, we would like to provide you as a user of our website (hereinafter referred to as the “website”) with information in line with the specifications set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1. Name and contact details of the controller

The controller under the terms of the GDPR, other national data protection legislation of the member states and other provisions under data protection legislation is:

Braintower Technologies GmbH
Schlackenbergstr. 41 a
66386 St. Ingbert
Tel. +49 6894 92966-0
Fax +49 6894 92966-20
Email info@braintower.de

2. Contact details of the company data protection officer

The contact details of the controller’s company data protection officer are:

Name: Jens Hinsberger
Braintower Technologies GmbH
Schlackenbergstr. 41 a
66386 St. Ingbert
Tel. +49 6894 92966-17
Fax +49 6894 92966-20
Email jens.hinsberger@braintower.de

3. Purpose, legal basis and duration of processing

a) When the website is accessed

Each time our website is accessed, the browser used on the user’s terminal device automatically sends information to our website’s server. We temporarily store the following transmitted information in what are known as “log files”:

Information about the browser type and the version used;
The user’s operating system;
The user’s Internet service provider;
The accessing computer’s IP address;
Date and time of access;
Websites from which the user’s system accessed our website; and
Websites which are accessed by the user’s system via our website.

This information is processed (1) to guarantee a smoothly established connection to the website, including the delivery of the website on the user’s computer; (2) to guarantee convenient use of our website; (3) for the purpose of evaluating system security and stability; and (4) for further administrative purposes.

The legal basis for data processing is Art. 6, Para. 1, Subpara. 1, Clause 1, lit. f of the GDPR. Our legitimate interest results from the data processing purposes listed above. Data is not analysed for marketing purposes or for the purpose of drawing conclusions about you as a person in this respect.

The data for providing the website is deleted as soon as it is no longer required to achieve this purpose, i.e. when the respective session is ended. The data stored in log files is deleted after 14 days at the latest.
When you access our website, we also use cookies for analysis and other services. You will find more detailed explanations on this matter in Sections 5 to 9 of this privacy policy.

b) Blog

Our website offers you as a user the opportunity to make and adjust individual comments on individual posts within a blog. A blog is a portal which is managed on a website and generally publicly available, in which one or more persons (known as “bloggers” or “web bloggers”) can post articles or record thoughts in what are known as “blog posts”. The blog posts can generally be commented on by third parties.

If a user posts a comment, the data entered in the input screen shall be transferred to us and stored. You need to provide a valid email address and your name so that we can determine who the comment was made by. The accessing computer’s IP address and the send date and time are stored at the time the message is sent. The aforementioned data is stored for security reasons and in the event that the data subject infringes third-party rights with a submitted comment or posts unlawful contents. The aforementioned personal data is not disclosed to third parties unless such disclosure is prescribed by law or permissible based on a legal regulation.

The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Para. 1, Subpara. 1, lit. a of the GDPR, in addition to Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR.

The personal data we collect for use of the contact form is generally only deleted upon request, but once the relevant blog topic has been deleted at the latest.

c) Newsletter

On our website, it is possible to subscribe to a free newsletter. To subscribe to the newsletter, all you need to do is provide a valid email address. The accessing computer’s IP address and the send date and time are also stored upon subscription.

The collection of the user’s email address serves the purpose of sending the newsletter. The collection of other personal data during the subscription process serves to prevent misuse of services or the email address used. Data is not disclosed in connection with data processing for sending newsletters.

Our newsletter is sent through the “MailChimp” sending platform provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave, NE #5000, Atlanta, GA 30308, USA (hereinafter referred to as “Rocket Science”). Your aforementioned data is therefore disclosed to Rocket Science and used on its premises by Rocket Science for the purpose of sending and evaluating the newsletter on our behalf, to improve the services offered by Rocket Science, and to determine in which countries the recipients of the newsletter are located. You are not contacted by Rocket Science itself, and the personal data concerning you is not disclosed to third parties. Rocket Science is certified under the “EU/US Privacy Shield Agreement”, a data protection agreement, and has in this regard undertaken to comply with EU data protection stipulations. A contract has been concluded between Rocket Science and ourselves, in which Rocket Science undertakes to protect the data transferred by us in compliance with Rocket Science’s privacy policy. You will find further information about Rocket Science’s data protection activities in the Rocket Science privacy policy at https://mailchimp.com/legal/privacy/.

The personal data concerning you is not disclosed to third parties in connection with data processing for sending newsletters beyond disclosure of the same to Rocket Science.

The legal basis for data processing following the user’s subscription to the newsletter, provided that the user has given their consent to this effect, is Art. 6, Para. 1, lit. a of the GDPR.

Your email address is only stored for as long as the subscription to the newsletter is active. You can cancel the subscription at any time by clicking on a link provided at the end of every newsletter or by emailing info@braintower.de. The other personal data collected during the subscription process is generally only deleted upon request, but at the latest following cancellation of the subscription to the newsletter.

d) Jira Service Desk

Our website enables you to contact us and report technical faults over the Jira Service Desk platform.

To be able to use this platform, you must register (providing personal data during the registration process) and create a user account. In this regard, data is entered in an input screen, sent to us and stored. A valid email address and your full name are required to register. When you complete the registration process, the accessing computer’s IP address and the send date and time are also stored.

User registration serves to make processing of faults reported by customers easier, because the customer’s information is automatically submitted during the processing operation.

If you report a fault over the platform, it may under certain circumstances receive additional personal data. This additional personal data is also only used for the purpose of processing the reported fault.

Insofar as doing so is necessary for processing your reported fault, we shall disclose the personal data concerning you to third parties (e.g. manufacturers, suppliers and service providers). Under certain circumstances, personal data shall also be transferred to a third country.

The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Para. 1, Subpara. 1, lit. a of the GDPR, in addition to Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR. If registration and fault reporting are associated with fulfilling a contract, the contracting party for which is the user, or with implementing pre-contractual measures, Art. 6, Para.1, Subpara. 1, lit. b of the GDPR forms an additional legal basis for data processing.

The additional personal data processed for the purpose of processing the reported fault is deleted once the statutory retention periods have elapsed at the latest, unless you have consented to further storage according to Art. 6, Para. 1, Subpara. 1, Clause 1, lit. a of the GDPR. Generally speaking, the processed personal data must be deleted 6 years after the end of the calendar year in which the contractual relationship was terminated; in the case of invoicing records, the general retention period is 10 years. In exceptional cases, we can also be obligated to store data for longer based on retention and documentation requirements under fiscal and commercial law (as a result of the German Commercial Code, the German Criminal Code or the German Tax Code). Insofar as no statutory retention periods have to be complied with, we shall delete the processed personal data immediately as long as it is no longer required to process the reported fault or to preserve statutory retention periods.

e) SMS Gateway licence portal

Furthermore, our website offers users the opportunity to request a licence for our SMS Gateway product online via the SMS Gateway licence portal, or to view relevant licence information and support (e.g. for fault reporting) and to procure current firmware for the SMS Gateway used.

The device’s serial number is required to be able to use this portal. Once you have licensed the device, the personal data stored in the licence request is assigned to the serial number.

The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Para. 1, Subpara. 1, lit. a of the GDPR, in addition to Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR. If registration is associated with fulfilling a contract, the contracting party for which is the user, or with implementing pre-contractual measures, Art. 6, Para.1, Subpara. 1, lit. b of the GDPR forms an additional legal basis for data processing.

The additional personal data processed for the purpose of processing the reported fault is deleted once the statutory retention periods have elapsed at the latest, unless you have consented to further storage according to Art. 6, Para. 1, Subpara. 1, Clause 1, lit. a of the GDPR. Generally speaking, the processed personal data must be deleted 6 years after the end of the calendar year in which the contractual relationship was terminated; in the case of invoicing records, the general retention period is 10 years. In exceptional cases, we can also be obligated to store data for longer based on retention and documentation requirements under fiscal and commercial law (as a result of the German Commercial Code, the German Criminal Code or the German Tax Code).

4. Google reCAPTCHA

The reCAPTCHA service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA (hereinafter referred to as “Google”) is used to protect the data transferred when using the blog comments function. The purpose of this service is to distinguish whether the entry is being made by a natural person or improperly through automated, machine-based processing. The query includes sending of the IP address and, if necessary, further data required by Google for the reCAPTCHA service. Your entry is transferred to and further used by Google for this purpose.

If IP anonymisation is activated on this website, Google will, however, truncate your IP address beforehand within member states of the European Union or other states which are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

Google will use this information on our behalf to evaluate your use of this service. The IP address transmitted by your browser in the context of reCAPTCHA is not associated with any other data held by Google. Google’s deviating privacy policy shall apply to this data. You will find further information about Google’s privacy policy at: https://www.google.com/intl/de/policies/privacy/.

5. Cookies

We use what are known as “cookies” on our website. Cookies are small files which are automatically created by your browser when our website is accessed and which are stored on your terminal device (laptop, tablet, smartphone or a similar device). Resulting information in connection with the specific terminal device used is stored in the cookie.

On the one hand, cookies are used to make use of our website as user-friendly as possible. We use what are known as “session cookies” to identify that you have already visited individual pages of our website. These are automatically deleted once you leave our site. We also use temporary cookies to optimise our website’s user-friendliness. These cookies are stored on your terminal device for a specific period of time defined in advance and contain information which allows your browser to be uniquely identified the next time the website is accessed. This is done to automatically reapply the entries and settings made the last time our website was accessed. However, we do not immediately receive knowledge of your identity through identification of your browser.

The legal basis for personal data processing using technically necessary cookies is Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR.

On the other hand, we use cookies to record statistics about how our website is used and evaluate them for the purposes of optimising it for you. These cookies also mean that your browser can be uniquely identified the next time the website is accessed. You will find more detailed explanations on this matter under Section 7 of this privacy policy.

Browser settings are generally made so that cookies are automatically stored on the user’s terminal device. You can prevent or restrict this by changing your browser’s settings. You can also delete cookies which have already been saved at any time, whereby deletion can also take place automatically. If cookies are deleted or deactivated for our website, it may no longer be possible to use all of the website’s functions without restriction.

6. Google Analytics

We use the Google Analytics component (with anonymisation function) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA, on our website. Google Analytics is a web analysis service in the form of a cookie for recording, collecting and evaluating data on visitor behaviour on websites. The following data may be transferred in this way:

Information about the browser type and the version used;
The user’s operating system;
The user’s Internet service provider;
The accessing computer’s IP address (truncated);
Date and time of access;
Websites from which the user’s system accessed our website;
Websites which are accessed by the user’s system via our website;
Entered search terms;
Frequency of page views; and
Use of website functions.
We use the “_gat._anonymizeIp” add-on for web analysis using Google Analytics. Using this add-on, the accessing computer’s IP address is truncated and anonymised by Google if our website is accessed from a member state of the European Union or from a state which is a contracting party to the Agreement on the European Economic Area.

Cookies are used for analysis purposes to improve the quality of our website and its contents. The analysis cookies allow us to find out how the website is used and therefore allow us to continuously optimise it.

The legal basis for personal data processing is Art. 6, Para. 1, Subpara. 1, Clause 1, lit. f of the GDPR. In the aforementioned purposes, we also have a legitimate interest in personal data processing according to Art. 6, Para. 1, Subpara. 1, lit. f of the GDPR.

Google Analytics cookies are stored on and transferred to Google by the user’s computer. You as a user, therefore, have full control over the use of cookies. By changing the settings in your browser, you can deactivate or restrict the transfer of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deleted or deactivated for our website, it may no longer be possible to use all of the website’s functions in full.

a) Browser plugin

You further have the opportunity to object to and prevent Google’s collection and processing of the data generated by Google Analytics and related to use of our website. To do this, you must download and install a browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout. This browser add-on lets Google Analytics know via JavaScript that no data and information about website visits may be transferred to Google Analytics. Installation of the browser add-on is perceived by Google as an objection. If the browser add-on is deleted or deactivated, it has to be reinstalled or reactivated to disable Google Analytics. If the aforementioned browser add-on is not installed or is disabled, the data collected shall be transferred to the Google Analytics operating company in the USA, stored there by the Google Analytics operating company and, under certain circumstances, disclosed to third parties.

b) Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie that prevents your data from being collected on future visits to this website is set.

Disable Google Analytics

You will find more information about how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

You will find further information and Google’s applicable privacy policy at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. A more detailed explanation of Google Analytics is provided at this link: https://www.google.com/intl/de_de/analytics/.

7. Google Maps

Our website uses the Google Maps service to display a location map. We use Google Maps, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). When Google Maps is used, Google automatically collects and processes data about the use of the Google Maps functions.

You will find the Google Maps Terms of Use here at http://www.google.com/intl/de_de/help/terms_maps.html. Google’s applicable privacy policy can be accessed at https://www.google.de/intl/de/policies/privacy/.

8. Rights of the data subject

If your personal data is processed, you as the data subject are entitled to the following rights vis-à-vis the controller:

a) Right of access

According to Art. 15 of the GDPR, you have the right to request information about what personal data we process.

The right of access extends in particular to
(1) the purposes of processing;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you was or shall be disclosed;
(4) the planned duration of storage of the personal data concerning you, or if specific information cannot be provided on this matter, the criteria for determining the duration of storage;
(5) the existence of a right to correct or delete the personal data concerning you, a right to restrict processing by the controller, and a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all of the available information about the data’s origin, if the personal data was not collected from the data subject; and
(8) the existence of automated decision-making, including profiling, and meaningful information on the details of such processing.

You can also request information about whether the personal data concerning you is transferred to a third country or an international organisation. In this context, you can request to be informed of the appropriate safeguards according to Art. 46 of the GDPR in connection with such transfer.

b) Right to correction

According to Art. 16 of the GDPR, you have the right to request that we immediately correct incomplete personal data which we have stored about you or that we complete the same.

c) Right to deletion

According to Art. 17 of the GDPR, you have the right to request that we delete the personal data which we have stored about you.

The prerequisites for deletion are that
(1) the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) you revoke your consent on which processing according to Art. 6, Para. 1, Subpara. 1, lit. a or Art. 9, Para. 2, lit. a of the GDPR was based, and there are no other legal grounds for processing;
(3) you object to processing according to Art. 21, Para. 1 of the GDPR and there are no other overriding legitimate grounds for processing, or you object to processing according to Art. 21, Para. 2 of the GDPR;
(4) the personal data concerning you was processed unlawfully;
(5) deletion of the personal data concerning you is required to fulfil a legal obligation under Union law or the law of the member states to which we are subject; or
(6) the personal data concerning you was collected in relation to the offer of information society services according to Art. 8, Para. 1 of the GDPR.

The right to deletion does not exist insofar as processing is required
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation which requires processing according to Union or member state law to which the controller is subject, to perform a task carried out in the public interest, or to exercise official authority vested in the controller;
(3) for reasons of public interest in the area of public health according to Art. 9, Para. 2, lit. h and i as well as Art. 9, Para. 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to Art. 89, Para. 1 of the GDPR, insofar as the right to deletion is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishment, exercise or defence of legal claims.

d) Right to restriction of processing

According to Art. 18 of the GDPR, you have the right to request that we restrict processing.

Processing can be restricted if
(1) you dispute the accuracy of the personal data concerning you for a duration that enables us to check the accuracy of the personal data;
(2) processing is unlawful and you refuse deletion of the personal data and instead request restriction of your personal data’s use;
(3) we no longer need the personal data for the purposes of processing, but you require the same to establish, exercise or defend legal claims; or
(4) you have objected to processing according to Art. 21, Para. 1 of the GDPR and it has not yet been determined whether our legitimate grounds take precedence over your grounds.

e) Right of objection

According to Art. 21 of the GDPR, you have the right to object to processing of the personal data concerning you according to Art. 6, Para. 1, Subpara. 1, Clause 1, lit. f of the GDPR based on legitimate interests on grounds relating to your particular situation.

If the personal data concerning you is processed for the purposes of direct advertising, according to Art. 21, Para. 2 of the GDPR you have the right at any time to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising.

f) Right to data portability

According to Art. 20 of the GDPR, you have the right to receive your personal data concerning you which you provided us with in a structured, common and machine-readable format or to request direct transfer of the personal data concerning you to another controller if doing so is technically feasible.

g) Right to revocation of your declaration of consent under data protection legislation

According to Art. 7 of the GDPR, you have the right to revoke the consent you granted at any time.

If you revoke your consent, we may no longer continue our data processing activities based on this consent with effect for the future. The lawfulness of processing carried out based on consent up until revocation of the same is not affected by such revocation.

h) Right to lodge complaints with a supervisory authority

According to Art. 77 of the GDPR, regardless of another administrative or judicial legal remedy, you have the right to lodge complaints with a supervisory authority, particularly in the member state where your place of residence, your workplace or the place of the suspected violation is located if you believe that the processing of the personal data concerning you is in violation of the GDPR.

9. Data security

When you visit our website, we use the popular SSL (Secure Socket Layer) method in conjunction with the highest encryption level supported by your browser. This is usually a 256-bit encryption. You can recognise whether an individual page of our website is transferred in encrypted format by the closed key or padlock symbol in your browser’s bottom status bar.

Additionally, we use suitable technical and organisational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are continuously improved in line with technological developments.

10. Currency of and amendments to this privacy policy

This privacy policy is currently valid and was last updated in May 2018.

Due to the further development of our website and offers, or based on legal or official requirements, it may be necessary to amend this privacy policy. You can access and print out the current privacy policy from https://www.braintower.de/privacypolicy at any time.