DATA PRIVACY POLICY

PENTOS AG

Here at Pentos AG (Landsberger Str. 110, 80339 Munich), we take data protection very seriously. The processing of our customers’ data therefore takes place in full compliance with applicable data protection regulations (e.g. the General Data Protection Regulation and the updated version of the German Federal Data Protection Act).

We collect and process personal information whenever you provide us with such information (e.g. by registering on our website, by sending us contact requests or by responding to surveys) and to the extent that we are entitled to collect, use and process it on the basis of your consent or on legal grounds.

If we receive personal data about you from other companies, you will be informed as soon as possible and no later than when contact is initiated. This data will also be stored and processed only as the law permits.

§ 1 – Personal Data

Personal data is any information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”).

We collect and process the following types of personal data:

  • Title
  • First Name
  • Surname
  • Company Name
  • Telephone Number
  • E-Mail Adress

The above-mentioned personal data is processed by us for the following purposes:

  • Communicating with you about products, services and projects, e.g. to process your requests
  • Making individualized offers or cost estimates
  • Providing a contact form to answer your questions and supply further information about our products
  • Maintaining and protecting the integrity of our products and services and of our web pages by preventing and detecting security risks, fraudulent activity or other activities that are either criminal or intended to cause harm
  • Compliance with legal requirements (e.g. tax and commercial retention obligations) or existing obligations to carry out compliance screenings (for the prevention of white-collar crime or money laundering)
  • Settlement of litigation, enforcement of existing contracts, and assertion, exercise and defense of legal claims
  • Distribution of a newsletter

The processing of personal data is necessary to achieve the above-mentioned purposes, including the performance of our (contractual) business relationship with you. Unless expressly indicated otherwise, the legal basis for data processing is Article 6 paras 1b and 1f of the General Data Protection Regulation (GDPR) or your expressly granted consent according to Article 6 para 1a of the General Data Protection Regulation.

Insofar as the above data is to be further processed for a purpose other than that for which it was originally collected, you will be informed of this before further processing. In this way, you have the opportunity to object to the processing of your data for a different purpose.

§ 2 – Data of business customers:

We process the following data from our business partners:

  • First and last name, business address, business phone number, business mobile number, business fax number and business e-mail address
  • Other information that we require for processing in the context of a project or for the performance of a contractual relationship with us, or information that is voluntarily provided by our business partners, such as orders placed, requests made or details of projects
  • Information collected from publicly accessible sources, information databases or credit agencies

§ 3 – Disclosure of data

All data you submit to us will be kept confidential. We will not sell or otherwise market your personal data to third parties.

As a matter of principle, your data will not be made available to third parties for their use unless you have given your consent or we are legally entitled and/or obliged to disclose this data.

We will disclose personal information to courts, tax authorities and regulators only to the extent permitted by law and to the extent necessary to comply with applicable law or to assert, exercise or defend any claims. We take all necessary measures to ensure appropriate and proportional safeguards to protect your personal information.

Your personal data will be forwarded to the following company for the above purposes:

  • medivendis oHG, Goldeibenweg 33, D-85551 Kirchheim bei München

The above recipient of the data is located in Germany, i.e. in the EU.

§ 4 – Period of retention

To the extent that no period of retention is stated at the time when the data is collected (e.g. in the context of a declaration of consent), personal data will be deleted when it is no longer required to fulfill the initial purpose of storage, unless statutory retention requirements (e.g. commercial and fiscal retention obligations) dictate otherwise.

§ 5 – Data security

We take technical and organizational security measures to protect the data we have collected from you for storage and processing by our company against manipulation, loss of confidentiality, destruction and access by unauthorized persons. The security measures in place at our company are constantly being improved in line with the latest technological developments.

§ 6 – Right of data subjects: Right to information, correction, deletion or restriction of the processing of our personal data; right to object; right to data transferability

Upon request, we will inform you in writing, in accordance with applicable law, whether and which personal data we store in our company. If you are registered as a user, we offer you the opportunity to view your data yourself and to change and delete it as appropriate. If, in spite of the efforts of our company to uphold data security and accuracy of data, it transpires that wrong information has been stored, we will correct this at your request.

You also have the right to demand that our company restricts the processing of personal data. In addition, you may require us to make available to you the data you have supplied to our company in a structured, commonly used and machine-readable format. You may also object to the processing of personal data by our company.

You further have the right to request the deletion of your personal data, provided that this does not conflict with statutory retention periods. We will delete the data if we no longer need it for the purpose for which we originally collected and processed it, or if you withdraw your consent and there is no other legal basis for the further processing of your data. In addition, we will delete this data if, for reasons unknown to us, the processing has been unlawful or if you have objected to the processing and there are no overriding interests in further processing. We will also delete your data if we are legally obliged to do so. Our company has additionally implemented technical measures to notify all recipients of your data about a request by you for deletion or correction. This only applies in the event that we have disclosed this data or made it public. Deletion will apply to all links, copies and replications of your personal data.

If you have consented to the processing of your personal data, you have the right at any time to withdraw your consent with effect for the future. Withdrawal of consent does not render any data processing that has already taken place retrospectively illegitimate.

When you supply data to our company, this is done on a voluntary basis. The data you supply is, however, necessary for us to fulfill our contractual obligations to you or to answer your queries. If you opt not to disclose your data, it may not be possible for us to enter into a contractual agreement with you or to respond to your inquiries. The provision of such data is necessary for the performance of any contract.

The contact details of the privacy officer in our company are:
datenschutz@pentos.com / dataprotection@pentos.com

You also have the right to complain to the relevant regulatory authority about the processing of data by our company.

The data protection authority responsible for our company is:

Landesamt für Datenschutzaufsicht (Bavarian Office for Data Protection), Promenade 27 (Schloss), 91522 Ansbach, Germany; Web: http://www.lda.bayern.de

§ 7 – Contact form

When you use the contact form provided on our website, the following data will be requested for processing:

  • Title
  • First Name
  • Surname
  • Company Name
  • E-mail
  • Telephone
  • Nature of inquiry

The purpose of the contact form is to provide service to you and to answer your questions about our products or the products of our contractual partners. The data is used exclusively for this purpose and remains internal to the company. Personal data submitted in this way will be deleted after its purpose has been fulfilled, i.e. as soon as your inquiry has been answered.

§ 8 – Data of minors

Personal data of children is not knowingly collected without expressly indicating that such data may be transmitted only with parental consent. Use or disclosure of the personal data of children by our company takes place only to the extent permitted by law, for the purpose of obtaining legally required parental consent or for the purpose of child protection. As regards the term “child/children”, please see the definition in applicable national law.

§ 9 – Log data

For technical reasons, when you access the homepage of our company, your internet browser automatically transmits the following data (hereinafter “log data”) to our company’s web server, which our company saves as log files:

  • IP address
  • Date and time of request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Nature of the inquiry (actual page)
  • Access Status / HTTP status code
  • Volume of data transmitted in each case
  • Website from which the request comes
  • Browser
  • Operating system and interface
  • Language and version of browser software

This is exclusively information that does not allow conclusions to be drawn about the natural person. This information is technically necessary to correctly display the website content requested by you and is mandatory when using Internet services. Log data is analyzed purely for statistical purposes in order to optimize the internet presence of our company and the supporting technology. It is subsequently deleted.

Log data is stored separately from other data collected when you use the services provided by our company.

§ 10 – Cookies

When you visit our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using. They provide certain information to the content provider who installs the cookie (in this case us). Cookies cannot run programs or transmit viruses to your computer. They serve to make a website more user-friendly and effective overall.

  1. a) This website uses cookies as follows:
  • Transient cookies (temporary)
  • Persistent cookies (time-limited)
  • [Third-party cookies (from third-party providers)]
  • [Flash cookies (permanent)].

b) Transient cookies are automatically deleted when you close your browser. Most prominent among these are the session cookies. These store a so-called session ID, by means of which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to the site. The session cookies are deleted when you log out or when you close your browser.

c) Persistent cookies are automatically deleted after a specified period, which will differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser setting to suit your own preferences, e.g. declining to accept third-party cookies or indeed all cookies. We wish to point out, however, that you may then not be able to benefit from all the features of this website.

e) The Flash cookies used are not detected by your browser but by your Flash plug-in. These store the necessary data regardless of the browser you are using and do not have an automatic expiration date. If you do not want Flash cookies, you must install a suitable add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/clear-flash-cookies/) or Adobe Flash Killer Cookie for Google Chrome.

§ 11 – Use of Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of activation of IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other states that have contracted into the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and subsequently abbreviated there. Working on behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.

(2) The IP address transmitted as part of Google Analytics will not be merged with other data provided by Google.

(3) You can prevent the installation of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to benefit from all the features of this website.

(4) In addition, you may prevent the transmission of data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en

(5) This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are processed in shortened form, which means that direct reference to an individual can be excluded.

(6) The use of Google Analytics takes place in accordance with the conditions agreed by the German data protection authorities with Google. Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

  • Terms of use:
    http://www.google.com/analytics/terms/de.html
  • Privacy Policy:
    http://www.google.de/intl/de/policies/privacy

§ 12 – Use of social plug-ins as part of social media

(1) We are currently using the following social media plug-ins: Twitter, LinkedIn and Xing. We employ the so-called 2-click solution. This means that when you visit our site, no personal data will initially be passed on to the providers of these plug-ins. It is only when you click on one of the plug-ins, that any personally identifiable information will be transmitted. By activating the plug-in, data is automatically transmitted to the respective plug-in provider (in the case of US providers in the USA) and stored there. We have no control over the data that has been collected or the data processing operations that take place, nor are we aware of the full scope of data collection, the purposes behind it or the retention periods.

(2) If you activate a plug-in, the plug-in provider receives the information that you have accessed the corresponding sub-page of our online offer. In addition, the data referred to in Section 9 of this statement will be transmitted. This happens regardless of whether you have an account with this plug-in provider and are logged in with them. If you are logged in to the plug-in provider, this data will be assigned directly to your account. If you press the activation button and if you link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. If you do not want the information to be assigned to your profile with the plug-in provider, you must log out before activating the button.

(3) The plug-in provider stores this data as usage profiles and employs them for purposes of advertising, market research and/or making the website more relevant. An evaluation of this kind is carried out in particular (also for non-logged-in users) for the presentation of relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles, in which case you will need to contact the respective plug-in provider to exercise this right.

(4) For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the privacy statements of these providers which we link to below. There, you will also find further information about your rights and settings options for the protection of your privacy.

(5) Addresses of the respective providers and URLs with their privacy notices:

  • a) Twitter, Inc., 1355 Market St, Suite 900. San Francisco, California 94103, USA; https://twitter.com/privacy.
  • b) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; https://www.linkedin.com/legal/privacy-policy.
  • c) XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; https://www.xing.com/app/share?op=data_protection.

§ 13 – Integration of services provided by third parties

(1) We have embedded YouTube videos in our online offering, which are stored at http://www.YouTube.com and are directly playable from our website. These are all included in the “extended privacy mode”, signifying that no data about you as a user is transferred to YouTube if you do not click on the videos. It is only when you play the videos, that the data referred to in Section 2 is transmitted. We have no influence over this data transfer.

(2) When you visit the website, the third-party provider receives the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in Section 9 of this statement will be transmitted. This happens regardless of whether the third-party provider has set up a user account that you are logged in to or whether there is no user account. If you are logged in to the plug-in provider, this data will be assigned directly to your account. If you do not want the information to be assigned to your profile with the plug-in provider, you must log out before activating the button.

(3) The plug-in provider stores this data as usage profiles and employs them for purposes of advertising, market research and/or making the website more relevant. An evaluation of this kind is carried out in particular (also for non-logged-in users) for the presentation of relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, in which case you will need to contact the respective plug-in provider to exercise this right.

(4) For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the privacy statements of these providers which we link to below. There you will also find further information about your rights and settings options for the protection of your privacy.

(5) Address of the provider and URL with their privacy policy: YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is a division of Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. https://policies.google.com/privacy?hl=en