Privacy at VAIVA GmbH
The following translation is for information only. The original and legally binding version is the German version.
The protection of your personal data is very important to us. We process your personal data with the utmost care and observe all applicable data privacy regulations, particularly the EU General Data Privacy Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
- What type of personal data is processed by our website (hereafter also referred to as Services)?
- In what manner, scope, for what purpose and pursuant to what legal basis is this data used?
- What measures are used to protect your personal data?
- How can you object to the processing of your personal data by our website?
- How can you receive information about the data that is shared with us, and if applicable, make claims against us with respect to the rights you are entitled?
2.0 Who is the point of contact (responsible person) for any issues related to the protection of your data?
The point of contact for matters pertaining to the privacy of data processed through our Services is:
Tel: +49 841 89 95000
Fax: +49 841 89 8491999
3.0 What is the legal basis for processing data through our website?
We process your personal data pursuant to Article 6, Paragraph 1 a) of the GDPR, provided we receive your consent. The personal data that is required for the purposes of fulfilling a contract in which you are a party to, or in order to take steps prior to entering into a contract, is processed pursuant to Article 6, Paragraph 1 b) of the GDPR. Personal data that is required to meet a legal obligation, to which we are a subject, is processed pursuant to Article 6, Paragraph 1 c) of the GDPR. If the processing of personal data is required because it is in your vital interests, or the vital interests of another natural person, Article 6, Paragraph 1 d) of the GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, which require the protection of personal data, Article 6, Paragraph 1 f) of the GDPR serves as the legal basis.
4.0 What type of technical access data/server log files are collected and stored when using our Services?
We (or our web space provider) collect and store data each time you access our Services (so-called server log files or system and user data). This access data includes: website name, file name, date and time of the access, volume of data transmitted, confirmation of successful request, type and version of the browser, operating system used, referrer URL (previously visited website), IP address and requesting provider.
The data and log files are stored pursuant to Article 6, Paragraph 1 f) of the GDPR.
We use the protocol data solely for the purpose of statistical analysis with the goal of providing, ensuring the security of and optimizing the Services. However, we reserve the right to analyze the protocol data after the fact if there are reasonable grounds for suspecting illegal use of the Services. For these purposes we also have a legitimate interest in processing the data pursuant to Article 6, Paragraph 1 f) of the GDPR. In this case the data is not analyzed for marketing purposes.
The data is deleted as soon as it is no longer required to achieve the purpose of its collection. If the data is collected in order to make the website available, the data is deleted once the session has terminated. In case of data saved in log files, the data is deleted within three months at the latest. The data may be stored for a longer period, in which case the IP address of the user is deleted or modified so that it can no longer be tied to the requesting computer.
In order to operate and make the website available, it is essential that we collect and store this data in log files. You thus have no possibility to object.
5.0 How do we handle your personal data when you use our Services?
Personal data is information that helps to identify a person. In other words, information that can be traced to a person. This includes name, e-mail address or telephone number. Personal data can also include preferences, hobbies, memberships or websites that someone has viewed. We collect, use and forward personal data only if this is legally permitted, or if you consent to having your data collected and used.
Please note that pursuant to Article 6, Paragraph 1 c) of the GDPR, in individual cases and when ordered to by the responsible authority, we may provide information about data if it is required for law enforcement purposes, for defense by law enforcement authorities in the German Bundesländer, to meet the legal obligations of the German Federal Office of the Protection of the Constitution at the German federal and state level, the German Federal Intelligence Service or Military Intelligence, or to enforce intellectual property rights.
6.0 Establishing contact
When you establish contact with us, such as via a contact form or e-mail, your information is stored for the purposes of processing your request, and if follow-up inquiries occur. We process the data received via the contact form or e-mail pursuant to Article 6, Paragraph 1 f) of the GDPR. If contact is established in order to complete a contract, Article 6, Paragraph 1 b) of the GDPR is also the legal basis for processing the data.
The personal data that you provide when you contact us, is processed for the sole purpose of establishing this contact. If you contact us via e-mail, we also have a legitimate interest in processing the data for this purpose. Other personal data processed during the transmission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. This includes the following data:
Date/time of the contact, IP address, first and last name, address, e-mail address.
The data is deleted as soon as it is no longer required to achieve the purpose of its collection. The data is also deleted once your conversation with us is terminated. A conversation is deemed to have terminated when it can be inferred from the situation that the respective matter has been finally clarified. The personal data collected during the transmission process is deleted within three months at the latest.
Right to object
You have the right to object to the processing of your personal data by contacting us at the above-named address. In this case the conversation cannot be continued. All personal data stored while establishing contact will be deleted in this case.
7.0 What security measures have we carried out to protect your data?
We maintain up-to-date technical measures to ensure data privacy, in particular to safeguard your personal data during transmission and from access by third parties. These measures are adapted to the latest developments in technology.
We use the standardized SSL encryption technology to collect and transmit data through our website. When communicating via e-mail, complete data privacy cannot be guaranteed.
8.0 Cookies: What significance does this have for my personal data?
When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID, which provides unique identification of the cookie. The cookie ID consists of a string of characters by which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers to distinguish the individual browsers of the affected person from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified with the unique cookie ID.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the website audience) are stored on the basis of Article 6, Paragraph 1 lit. f of the GDPR, provided no other legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provisioning of its services. If consent to the storage of cookies and similar recognition technologies has been requested, the processing occurs solely on the basis of this consent (Article 6, Paragraph 1 lit. f of the GDPR and Section 25, Paragraph 1 of the German Telecommunications and Telemedia Act). Consent may revoked at any time. Open
9.0 Analysis tools: what happens to my data?
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows website operators to analyze the behavior of visitors to the website by receiving various usage data such as page views and duration, the operating system used and the origin of the user. This data is associated with the respective end user device, but not with a device ID.
We can also use Google Analytics to track your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modeling approaches to enhance the recorded datasets and employs machine learning technologies to analyze the data.
Google Analytics uses technologies that make it possible to recognize the user for purposes of analyzing the user’s behavior (e.g. cookies, device fingerprinting). The information captured by Google related to the use of this website is generally transmitted to a Google server located in the United States where it is also captured.
The use of this website is based on your consent in accordance with Article 6, Paragraph 1 lit.a of the General Data Protection Regulation and Article 25, Paragraph 1 of the German Telecommunications-Telemedia Data Protection Act. The consent can be revoked at any time. The transmission of data to the United States is based on the standard contractual clauses of the EU Commission. Details are available at:
We use Google Signals. When you visit our website, Google Analytics tracks, among other information, your location, search history, YouTube history and demographic data (visitor data). This data can be used in conjunction with Google Signals for personalized advertising. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalized advertising messages. The data is also used for the creation of anonymized statistics related to the behavior of our website users.
If you do not want Crazy Egg to collect your data, you can object to this by activating the tracking functions in your web browser. Crazy Egg offers more detailed information under the following link: https://www.crazyegg.com/opt-out/.
For more information about data protection at Crazy Egg, please visit https://www.crazyegg.com/privacy/.
10.0 What rights do I have?
If your personal data is processed by us, as the data subject pursuant to the GDPR, you have the following rights:
10.1 Receiving information about and rectifying,
restricting and deleting your personal data
You have the right, at no cost, to receive information regarding your personal data that we store, including the origin and recipients and the purpose for which the data is processed by our website. You also have the right to right to correct, delete or restrict the processing of your personal data, provided that the legal requirements for such action have been met.
10.2 Right to request your personal data
You have the right to request receipt of the personal data you provided to us in a structured, common and machine-readable format. We can fulfill this obligation by creating a csv-export file containing the personal data that we process. You can also request that we send this information to a third-party.
10.3 Right to be informed
If you exercise the right to correct, delete or restrict the processing of your personal data that we store, we are obligated to inform all recipients of your personal data of accordingly, unless this action is impossible to carry out or requires a disproportionate amount of effort. You have the right to obtain information regarding these recipients from us.
10.4 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on point Article 6, Paragraph 1 (e or f), including profiling based on those provisions. We will no longer process the personal data unless we have legitimate grounds for the processing, which override your interests, rights and freedoms of or for the establishment, exercise or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
10.5 Revoking your consent
You have the right, at any time, to revoke your consent for the processing of your personal data at the address listed below.
10.6 Right to lodge a complaint with a supervisory
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU GDPR. The supervisory authority with which the complaint has been lodged will inform you of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
All requests for information and information inquiries, as well as requests related to exercising any of your other rights or objections to the processing of your personal data, can be submitted to our data protection representative at the above-named address.
Here you can find further information about how you can exercise your data protection rights
1. European General Data Protection Regulation
The European General Data Protection Regulation (EU-GDPR) is a European regulation on the protection of natural persons with regard to the processing of personal data. Personal data means any information relating to an identified or identifiable natural person (data subject). This new regulation came into force on 25 May 2018 in all EU Member States.
Therefore, the following relevant rights for data subjects apply to VAIVA GmbH:
the right to (i) access to data, (ii) data portability, (iii) data erasure, (iv) data rectification, (v) withdrawal of consent and (vi) restriction of processing.
2. Rights of the data subject: data subject
To ensure that the requested data is presented in a transparent manner and your request is processed in a purposeful fashion, we will distinguish between the following data subject groups: (former) employees of VAIVA GmbH, relatives of employees, applicants, suppliers and service providers or business partners as well as their employees or visitors and people in general road transport.
We ask that you always send your inquiries to us by post, so that we can correctly authorize and identify the person making the request.
The rights of data subjects according to Articles 15 to 21 of the EU GDPR regulation are as follows:
You have the right of (i) access to data. This encompasses access to data stored by VAIVA GmbH relating to you and to the scope of the data processing and data portability performed by VAIVA GmbH, as well as a copy of the stored personal data relating to you. Should you exercise your right of access to your data, we will provide you with information about the data which VAIVA GmbH has stored about you, the data subject. This information will be sent to you by post only.
You have the right to (ii) data portability. Insofar as we automatically process your personal data which you have made available to us based either on your declaration of consent or a contract with you (including your employment contract), you have the right to obtain this data in a structured, commonly used electronic form. You have the right to transmit your personal data directly to another controller, without interference by VAIVA GmbH. In addition, you have the right to have your personal data transmitted directly from VAIVA GmbH to another controller, where technically feasible and as long as this does not adversely affect the rights and freedoms of others.
Should you exercise your right to data portability, you will receive the data which VAIVA GmbH has stored about you, as the data subject, in a machine-readable format. This information, including a description of how to download your data, will be sent to you by post only.
You have the right to (iii) erasure of data. This refers to the erasure without undue delay of data concerning you that has been stored by VAIVA GmbH, insofar as legal obligations are complied with. In the case of your data being passed on to a third party, we will inform it of the erasure, as long as this is prescribed by law.
Please be aware that your right to erasure is subject to restrictions. For example, we must not and are not permitted to erase any data that we need to retain further for compliance with legal retention periods. Data which we need for the establishment, exercise or defense of legal claims is also exempt from your right to erasure. Should you wish to exercise your right to data erasure, all your personal data will be irrevocably deleted from the systems of VAIVA GmbH without undue delay, insofar as we are not entitled to or obliged to carry out further processing.
You have the right to (iv) data rectification. This means that you have the right to obtain without undue delay the rectification and/or completion of your personal data that has been stored by VAIVA GmbH. Should you wish to exercise your right to data rectification, we will make the requested changes in all our systems. Confirmation will be sent to you by post only.
You have the right to (v) withdrawal of consent. Insofar as you have consented to the processing of your personal data, you can withdraw this at any time. Please be aware that the withdrawal only applies to the future. Processing operations carried out before the withdrawal shall not be affected.
Should you exercise your right to withdrawal of consent, you shall revoke all declarations of consent which you made to VAIVA GmbH. All personal data which is being processed on the basis of your declarations of consent will then be irrevocably deleted from the systems of VAIVA GmbH without undue delay, insofar as we are not entitled to or obliged to carry out further processing. An example of such an obligation would be the fulfillment of a contract to which the data subject was a party.
You have the right to (vi) restriction of processing. This means that under certain conditions, restriction of processing can be requested (i.e. the marking of stored personal data with the aim of limiting their processing in the future). The personal data will be marked accordingly and, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of an EU Member State. Should you wish to exercise your right to restriction of processing, we shall make your personal data unavailable in accordance with legal requirements. Confirmation will be sent to you by post only.
3. Processing of data subject requests
After receipt of your postal request, the GDPR request form will be sent to you. Should you wish to make several requests at once, these will be processed as follows:
- Data erasure,
- ERestriction of processing,
- Withdrawal of consent,
- Data portability and access to data,
- Data rectification.
We would like to point out that the request relates solely to VAIVA GmbH. Further personal data may also be held by third parties, for example by a partner of VAIVA GmbH. Withdrawal of consent vis-à-vis third parties must be arranged with the third parties themselves. Once VAIVA GmbH has received your signed GDPR request form, it will be processed promptly. A response, including the data where appropriate, will be sent by post only. We ask for your understanding in relation to this. Should you wish to exercise your rights as the data subject of another group, we ask that you contact us by post.
4. Data protection officer
The contact information for our current Data Protection Officer is as follows:
Note: Please only send these forms to us if we have requested you to do so.
Power of attorney: You will need a power of attorney if you are not submitting a request on your own behalf. The person for whom you are requesting data may use the enclosed power of attorney to authorize you to exercise the requested data subject rights on their behalf.
6. Further information
Below you can find the official information on the European General Data Protection Regulation (EU-GDPR).