Skip to main content

Legal notice

Cert4Trust GmbH

Orleansstr. 24 | 81669 München | Germany

Amtsgericht München | HRB 295733 | VAT Number DE450302995

Represented by the managing director: Franziska Ruppert
 

Responsible for the content:
Franziska Ruppert
Orleansstr. 24 | 81669 München | Germany

Phone: +49 89 5116 1504
E-Mail: ruppert@cert4trust.de


Privacy policy

Below you will find our privacy policy, which applies to our website https://cert4trust.de/, in accordance with Sections 5 and 13 of the German Telemedia Act (TMG) and Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR). We hereby inform you about how we process your personal data and about your rights and entitlements under data protection legislation.

1. Data controller

Cert4Trust GmbH
Orleansstr. 24 | 81669 München | Germany
Amtsgericht München | HRB 295733 | VAT Number DE450302995
Represented by the managing directo: Franziska Ruppert | +49 89 5116 1504 | ruppert@cert4trust.de

2. Company Data Protection Officer

Milomir Mikulovic

Phone: +49 8031 230010 910
E-Mail: m.mikulovic@data-security.one

DATA Security GmbH
Carl-Jordan-Straße 14
83059 Kolbermoor
Managing director: Dominik Mikulovic
https://data-security.one

 3. Sources and data relating to the processing of personal data

We collect and process personal data that you have provided to us, for example via our contact form, or that we obtain through your use of our online services.

This may include the following types of data:

  • Names
  • Contact details (email, telephone numbers)
  • Content data (text entries)
  • Usage data (webpages visited, interest in content, access times)
  • Meta/communication data (device information, IP addresses)

Furthermore, we may process other data comparable to the categories mentioned.
Data is also stored in server log files, which are collected and automatically stored by the provider and are, for the most part, transmitted to us by your browser. These are:

  • Referrer URL
  • Hostname of the accessing computer
  • Date and time of the server request
  • Name of the requested file
  • Page from which the relevant file was requested
  • Web browser and operating system used
  • (Full) IP address of the requesting computer
    Amount of data transferred

    We may process further data comparable to the categories mentioned.

    The legal basis for the temporary storage of this data and the log files is Article 6(1)(f) of the GDPR. We collect the data listed in order to ensure that the website connects smoothly and to enable users to use our website conveniently. The log file is used to assess system security and stability, as well as for administrative purposes.

    We currently also offer the following social media channels: LinkedIn

    The legal basis for collecting data when using social media is Article 6(1)(f) of the GDPR. Through the use of social media, we can obtain statistical usage data from the respective social media company. This may include, amongst other things, information on page views and activity, views of individual articles, videos and services, etc.

    4. Hosting

    Our hosting provider is:
    Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen

    We make use of the following hosting services: infrastructure and platform services, computing capacity, storage space, database services, security services and technical maintenance services for the purpose of operating this online service. On the basis of our legitimate interest, we process master data, contact details, content data, contractual data, usage data, metadata and communication data relating to customers, prospective customers and visitors to this online service in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR, in order to be able to provide you with an efficient and secure online service. The hosting provider collects data on every access to the server on which this service is hosted (so-called server log files). The data logged includes the name of the webpage accessed, the file, the date and time of access, the volume of data transferred, confirmation of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider. This log file information is stored for security reasons (e.g. to investigate cases of misuse or fraud) for as long as is necessary to fulfil the purpose for which it was collected, and is subsequently deleted. Data whose continued retention is required for evidential purposes is exempt from deletion.

    5. Purpose of processing and legal basis

    We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
    Where necessary, we process your data beyond the actual fulfilment of the contract in order to safeguard our legitimate interests or those of third parties. We collect the data listed above to ensure that the website connects smoothly and to enable users to use it conveniently. The log file is used to assess system security and stability, as well as for administrative purposes. We also store your data for technical security reasons, in particular to defend against attempts to attack our web server.

    • Provision of the online service, its functions and content,
    • Responding to enquiries and communicating with users,
    • Reviewing and optimising processes for needs analysis and direct customer engagement;
    • Advertising or market and opinion research, e.g. through the use of cookies, provided you have not objected to the use of your data;
    • Asserting legal claims and defending against legal disputes;
    • Ensuring IT security and IT operations;
    • Measures for business management and the further development of services and products.

    The lawfulness of the processing of personal data for specific purposes (e.g. disclosure of data to third parties, analysis of data for marketing purposes) is based on your consent, provided you have given it to us in accordance with Article 6(1)(a) of the GDPR. Consent that has been given may be withdrawn at any time.
    Please note that the withdrawal of consent only takes effect for the future. Any processing carried out prior to the withdrawal is not affected by this.
    We are also subject to legal requirements. Where data is processed in connection with these requirements, this is done exclusively on the basis of statutory provisions.

    6. Relevant legal basis


    Within the company, your data is only disclosed to those departments that require it to fulfil our contractual and legal obligations. Data may also be disclosed to data processors (Art. 28 GDPR) engaged by us for the purposes stated. These are companies in the categories of IT services, telecommunications, advisory and consultancy services, and sales and marketing.
    When disclosing data to recipients outside the company, please note that we will only disclose your data if permitted or required by law, if we have your consent, or if we are authorised to provide such information. In this context, recipients of personal data may include, for example, public authorities and institutions (e.g. the Crown Prosecution Service, the police, supervisory authorities) where there is a legal or regulatory obligation to do so.

    8. Data transferal to third countries

    Data will only be transferred to third countries or abroad if required by law, if you have given us your consent, or insofar as this is necessary for the fulfilment of our services. Should this be required by law, we will inform you of further details separately.
    The EU-US Data Privacy Framework can now be used as the legal basis for data transfers to US companies. The US companies we use are predominantly those certified under the DPF. Should a US company we use not be DPF-certified, we will, where possible, ensure through appropriate contracts (e.g. EU Standard Contractual Clauses) that an adequate level of data protection, in line with European data protection law, is maintained. You will be informed of this separately in the privacy policy.

    9. Cookies

    Our website uses small files (cookies) which are stored by your browser on your device and contain certain settings relating to your use of the website (e.g. regarding your current session). Where individual cookies implemented by us also process personal data, such processing is carried out in accordance with Article 6(1)(b) of the GDPR, either for the performance of a contract, or in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective browsing experience. Most of the cookies we use are so-called session cookies, which are automatically deleted when you close your browser. Other cookies remain stored on your device until you delete them or their storage period expires. These cookies enable us to recognise your browser on your next visit or to simplify website processes by storing settings (e.g. retaining previously selected options).
    You can configure your browser so that you are notified when cookies are set and can choose to allow cookies only on a case-by-case basis, block the acceptance of cookies in specific cases or generally, and enable the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be restricted.

    We use the ‘Real Cookie Banner’ consent tool to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) we use, as well as the relevant consents. Details on how ‘Real Cookie Banner’ works can be found at https://devowl.io/de/rcb/datenverarbeitung/.
    The legal bases for the processing of personal data in this context are Article 6(1)(c) of the GDPR and Article 6(1)(f) of the GDPR. Our legitimate interest is the management of the cookies and similar technologies used, and the associated consents.

    10. Social Media Links to LinkedIn

    We operate the following page on the social media platform LinkedIn, a service provided by LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”), Wilton Place, Dublin, Ireland: linkedin.com/cert4trust
    In accordance with Article 26 of the GDPR, we are jointly responsible for data protection with LinkedIn. This is based on LinkedIn’s ‘Joint Controller Addendum’. You can view this via the following link:
    https://legal.linkedin.com/pages-joint-controller-addendum
    The link to our company’s LinkedIn page enables us to publish feeds and share content of interest to users directly via our presence on that platform. Data processing in connection with the operation of the profile page is therefore carried out on the basis of our legitimate interest in accordance with Article 6(1)(f) of the GDPR. Where LinkedIn obtains visitors’ consent to data processing (e.g. by ticking a checkbox or clicking a button), the legal basis for data processing is Article 6(1)(a) of the GDPR.
    LinkedIn stores data until it is no longer required to provide the services and LinkedIn products, or until the visitor’s account is deleted. This is determined on a case-by-case basis and depends on criteria such as the type of data, the reasons for its collection and processing, and the relevant legal or operational retention requirements.
    Further information on this and the available settings can be found on the following LinkedIn Support pages:
    https://www.linkedin.com/help/linkedin/answer/125463/managecookie-preferences?lang=de

    11. Contact form and E-Mail requests

    Should you send us enquiries via the contact form or by email, we will store the details you provide in the enquiry form or in your email – including the contact details you provide there – for the purpose of processing your enquiry and in case of any follow-up questions. You are required to provide an email address and your name as contact details. This data will not be passed on without your consent. We process your data on the legal basis of our legitimate interest in responding to your enquiries in accordance with Article 6(1)(f) of the GDPR and, where applicable, Article 6(1)(b) of the GDPR, provided that your enquiry is aimed at concluding a contract. Once your enquiry has been processed, your data will be deleted, provided there are no statutory retention obligations. You may object to the processing of your data at any time in cases covered by Article 6(1)(f) of the GDPR.

    12. Administration, financial accounting, office organisation

    We process data in connection with administrative tasks, the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. The data processed in this context is the same as that which we process in the course of providing our contractual services. The legal basis for the processing is Article 6(1)(c) of the GDPR and Article 6(1)(f) of the GDPR. Those affected by the processing include customers, prospective customers, business partners and website visitors. The purpose of the processing is administration, financial accounting, office organisation, data archiving, the performance of our duties and the provision of our services. To ensure this, data is passed on to the tax authorities, advisers (e.g. tax advisers or auditors) and other fee-charging bodies and payment service providers. Furthermore, based on our business interests, details of suppliers, event organisers and other business partners are stored for the purpose of possible future contact.

    13. Contractual services

    14. Retention period for personal data

    To the extent permitted by law, we process and store your personal data, in particular for as long as this is necessary to fulfil the relevant purposes and provided that there are no statutory retention obligations preventing its erasure. If the data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and will not be processed for any other purposes. This applies in particular to data that must be retained for commercial or tax law reasons. In accordance with statutory requirements, books, records, management reports, accounting documents, commercial ledgers and documents relevant for tax purposes are retained for 10 years in accordance with Sections 147(1) of the German Fiscal Code (AO), 257(1) nos. 1 and 4, and (4) of the German Commercial Code (HGB). A six-year retention period applies to commercial correspondence in accordance with Section 257(1)(2) and (3), and (4) of the German Commercial Code (HGB).

    15. Your rights

    We would like to inform you of the data subject rights you have vis-à-vis the data controller with regard to the processing of your personal data in accordance with the General Data Protection Regulation:

    a. Right of access:
    In accordance with Article 15 of the GDPR, you have the right to request information about your personal data processed by us.

    b. Right to rectification:
    In accordance with Article 16 of the GDPR, you have the right to request the rectification of inaccurate personal data or the completion of incomplete personal data held by us without undue delay.

    c. Right to erasure:
    In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

    d. Right to restriction of processing:
    In accordance with Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data where you contest the accuracy of the data, where the processing is unlawful but you oppose its erasure, and where we no longer require the data but you need it to assert, exercise or defend legal claims, or where you have objected to the processing pursuant to Article 21 of the GDPR.

    e. Right to data portability under Article 20 of the GDPR:
    You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request that it be transmitted to another controller, insofar as this is technically feasible.

    f. Right to lodge a complaint:
    You may lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you may contact the supervisory authority of the federal state in which we are based or, where applicable, that of your usual place of residence or place of work.

    16. Obligation to provide data

    When using the internet or social media, you are only required to provide the personal data that is necessary for such use or that we are legally obliged to collect. Without this data, meaningful use may be restricted or impossible.

    17. External links

    Where links to other websites are provided, we have no influence over or control of the linked content or the privacy policies of those websites. We recommend that, when visiting linked websites, you check their privacy policies to determine whether, and to what extent, personal data is collected, processed, used or disclosed to third parties.

    CONTACT FORM

    Please feel free to contact us via our contact form.

    You can find information on how we process your data in our privacy policy.

      Cert4Trust: Check digital documents easily and securely

      Cert4Trust GmbH 
      Orleansstr. 24 | 81669 München | Germany

      Amtsgericht München | HRB 295733 | VAT-ID DE450302995

      E-Mail: info@cert4trust.de


      © Cert4Trust. All rights reserved.