I. Name and address of the responsible company
II. Name and address of the data protection officer
III. General information about data processing
IV. Provision of the website and creation of logfiles
VI. Website analysis with Google Analytics
VII. Web fonts from Google
VIII. Social Plugins
X. Contact form and e-mail contact
XI. Registration and provision of apps and services
XII. Websites, products and services of third parties
XIII. Rights of the person concerned
The company responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:
Tittmoninger street 11
Telephone: +49 89 122219920
The data protection officer of the responsible company is:
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Telephone: +49 (0)221 222183–0
The protection of personal data is a very important concern of grouptime GmbH. The grouptime GmbH is aware of the sensitivity of personal data and therefore committed to the confidential and responsible handling of user data in compliance with data protection regulations. We see ourselves as a service provider to enterprises and the public sector and access data only when we need it to provide our services.
In order to protect your personal data managed by grouptime GmbH against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, our technical and organizational measures are constantly being improved in line with technological developments. In addition, our employees, subcontractors and other auxiliary persons are obliged to maintain confidentiality and data protection and get regularly trained accordingly.
In principle, we process personal data of our users only to the extent necessary for the provision of functional applications, clients, software, servers and APIs (hereinafter referred to as "Apps and Services"), websites and newsletters as well as our content and services. The processing of personal data of our users takes place only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for specific reasons and the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a contracting party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is cancelled. In addition, such storage may take place if provided by regulations, laws or other provisions by the EU or a national legislator in the EU to which grouptime GmbH is subject to. Blocking or deletion of the data also takes place when a storage period prescribed by these standards expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of a contract.
Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is thereby collected:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system accesses our website
(7) Websites accessed by the user's system through our website
The data is also stored in the log files of our system. This does not affect the IP addresses of the user or other data that allows the data to be mapped to a user. A storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
A temporary storage of the IP address by the system is necessary to allow the delivery of the website to the user's computer. To do this, the user's IP address must be retained for the duration of the session.
For this purpose our legitimate interest in the processing of data is in accordance with Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer needed for the provision. In the case of collecting the data for the provision of the website, this is the case when the respective session is completed.
The collection of data for the provision of the website and the storage of data in logfiles is essential for the operation of the website. Therefore there is no possibility to appeal on the part of the user.
In this way the following data is transmitted:
(1) Frequency of page views
(2) The website from which the user came to the called website (referrer)
(3) The length of stay on our website or on subpages
(4) Entered search terms
(5) Use of Website Features
In this way collected data of the users is pseudonymized by technical precautions. Therefore an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the users.
The storage of cookies can be prevented in the browser settings.
The legal basis for the processing of personal data using cookies is Article 6 para. 1 lit. f GDPR.
The use of the cookies is for the purpose of improving the quality of our website and its contents. Through the cookies we learn how the website is used and so we can constantly optimize our offer.
For these purposes we have a legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.
We use Google Analytics on our website to analyze the surfing behavior of our users. The software sets a cookie on the computer of the users (for cookies see above). If individual pages of our website are called, the following data is stored:
(1) Anonymized IP address of the calling system of the user
(2) The called website
(3) The website from which the user came to the called website (referrer)
(4) The subpages that are called from the called web page
(5) The length of stay on the website or on subpages
(6) The frequency of page views
(7) Entered search terms
The information generated by the cookie about your use of this website is transmitted to Google Analytics and stored there. Google Analytics is provided by Google, Inc. and runs on Google servers in the United States.
The legal basis for processing users' personal data is Article 6 para. 1 lit. f GDPR.
The processing of users' personal data enables us to analyze the surfing behavior of our users. By analyzing the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. For these purposes we have a legitimate interest in the processing of the data in accordance with Art. 6 para. 1 lit. f GDPR. The anonymisation of the IP address sufficiently takes into account the interest of users in the protection of personal data.
The data will be deleted as soon as it is no longer needed for our recording purposes. In our case this is the case after 26 months.
Our website uses so-called Web Fonts provided by Google for the uniform representation of fonts. When you access a page, your Internet browser loads the required Web Fonts into the cache of your Internet browser to display texts and fonts correctly.
To do this, the browser which you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address.
The legal basis for processing users' personal data is Article 6 para. 1 lit. f GDPR.
The use of Google Web Fonts is in the interest of a consistent and optimal presentation of our website. This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
We do not store any personal data in this context.
If your internet browser does not support or block web fonts, the alternative is to use standard fonts from your internet browser. Otherwise there is no possibility of objection on the part of the user.
Our website uses social plugins from various social networks such as "Twitter", "Google+" or "LinkedIn". These plugins are recognizable by the respective logos.
If you call up a webpage of our internet presence with corresponding social plugins, your browser establishes a direct connection with the servers of the respective service provider. The content of the plugin is transmitted by the service provider directly to your browser and integrated by the provider in the website. Please note that data processing by Twitter, Google and LinkedIn takes place outside the European Union.
On our website you can subscribe to a free newsletter. When registering for the newsletter the e-mail address from the input mask will be sent to us.
In addition, when subscribing the date and time of registration are gathered.
The data will be used exclusively for sending the newsletter. For this we use a newsletter tool with server location Germany.
The legal basis for the processing of the data after the user has registered for the newsletter and given consent is Art. 6 para. 1 lit. a GDPR.
The collection of the user's e-mail address serves to deliver the newsletter.
The data will be deleted as soon as it is no longer necessary for the purpose of the newsletter subscription. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.
Subscription to the newsletter may be terminated at any time by the subscribed user. For this purpose there is a corresponding link in each newsletter.
On our website there is a contact form available, which can be used for contacting us electronically. If a user uses this contact form, the data entered in the input mask will be transmitted to us and saved. The data is:
(1) Name of the user
(2) E-mail address of the user
(3) Message of the user
(4) Date and time of the message
Alternatively, a contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
The data is used exclusively for processing the conversation.
If you fill out the contact form on our website or send us an e-mail directly, we will transmit that information to an e-mail system hosted by Google Inc., based in the United States. Although Google Inc. also operates servers within the EU, it can not be ruled out that your data will be transferred to and processed in a third country (e.g. the USA) or accessed from third countries. Google Inc. processes personal data under the so-called EU-US Privacy Shield. In addition, we have concluded an order processing agreement with Google Inc. under Article 28 of the GDPR with EU standard contractual clauses to ensure an adequate level of data protection.
The legal basis for the processing of the data transmitted in the course of sending a message through the contact form or by e-mail is Article 6 para. 1 lit. f GDPR. If the e-mail contact aims to conclude a contract, then the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask serves only to process the contacting. In the case of a contacting via e-mail, this also constitutes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The personal data from the input mask of the contact form and those sent by e-mail will be stored for as long as it is required for the respective fact, the respective conversation or the respective contractual relationship.
The user has the possibility at any time to revoke her/his consent to the processing of the personal data. If the user contacts us by e-mail, the user may object to the storage of her/his personal data at any time. In such a case, the conversation can not continue.
All personal data stored in the course of contacting will be deleted in such a case.
To use our Apps and Services users must register by providing personal data. The personal data is entered into an input mask of the respective app or service and transmitted to us, processed and stored. The following data may be collected, processed and stored during the registration process:
(1) First name and last name of the user
(2) E-mail address of the user
(3) Phone number and mobile phone number of the user
(4) Company of the user
(5) Position / role of the user
(6) Company address of the user
(7) Username and password
(8) Consent to the Terms
(9) E-mail addresses and phone numbers from the address book
(10) Profile information of the user
At the time of registration and for every subsequent access to or use of our Apps and Services, the following data may also be collected, processed and stored:
(1) Date and time of registration
(2) IP address of the user
(3) MAC address and UDID of the used device
(4) Text messages
(5) Digital content (such as photos, videos, links, files, documents, voice messages, polls, calendar events)
(6) Location of the user
(7) Groups and distribution lists
(8) Device identification and version of the operating system used
(9) Used version of the Apps and Services
(10) Logs of usage duration, volume and intensity
(11) Log files about successful execution of commands or delivery / retrieval / storage of information
All data is pseudonymised and encrypted as much as possible on the servers of grouptime GmbH (e.g. telephone numbers are hashed using a hash function).
The apps of grouptime GmbH transmit all data encrypted (transport encryption), in addition, the recipient and connection data is encrypted (metadata encryption), and all data is stored encrypted on servers of grouptime GmbH (encryption of "data-at-rest") , In addition, messages and digital content are automatically encrypted by the sender prior to sending and only decrypted by the recipient.
Typically an automatic user directory is created based on the domain of the user's work email address. Optionally a user's address book can be used to connect to contacts. grouptime GmbH regards a user's address book as personal user data. Before the grouptime GmbH finds contacts for the users, all telephone numbers and emails are pseudonymised and one-way encrypted. After contacts are found, even this data is immediately deleted from our servers. grouptime GmbH does NOT store data from the address books on the servers.
The grouptime GmbH uses only servers in Germany for the processing and storage of the data. As a general rule, we try to process and store the data for the provision of the Apps and Services as far as possible only in Germany.
To provide the Apps and Services, grouptime GmbH uses so-called push notifications. Push notifications are sent using the respective services of Apple, Google or Microsoft. Thereby the respective device is assigned an anonymous and encrypted identifier, so that an identification of your person is not possible. The content of the push notifications is transmitted in encrypted form. Nevertheless, grouptime GmbH has no influence on the way in which the transmitted data is used by the providers of the push notification services. Therefore it can not be ruled out that personal data will be transmitted abroad. If you do not want to receive push notifications or do not want to send content via push notifications, you can configure this for our Apps and Services.
Legal basis for the processing of the data in the presence of the consent of the user is Art. 6 para. 1 lit. a GDPR.
The collection, processing and storage of data is required for the provision, administration, security and ongoing improvement of the Apps and Services.
The contact details of a user may be required by the grouptime GmbH to send the user administrative messages and important information about the Apps and Services.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection and storage. The personal data is stored for the duration of the contractual relationship. After that the data will be deleted. Customers with an enterprise license also have the option of deleting data during the term (see also "XIII. Rights of the Person Concerned" and our order data processing agreement in accordance with the GDPR).
A user or a customer with an enterprise license has the option at any time to revoke his consent to the processing of personal data. In such a case the Apps and Services of grouptime GmbH can no longer be provided and used. Any personal data stored in the course of the registration and on-going provision will be deleted in this case.
If your personal data is processed, you are a person concerned wihtin the meaning of the GDPR and you have different rights towards grouptime GmbH. For questions and suggestions regarding the exercise of your rights, please contact us at firstname.lastname@example.org.
You can request confirmation from grouptime GmbH as to whether personal data relating to you is being processed.
If such processing takes place, you can request information from grouptime GmbH about the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right of rectification or erasure of your personal data, a right of restriction of processing by grouptime GmbH or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data, if the personal data is not collected from the data subject.
You have the right to request information about whether your personal data is transferred to a third country or an international organization. In this context you can request information on the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
You have the right to rectification and / or completion by grouptime GmbH, provided the processed personal data concerning you are incorrect or incomplete. grouptime GmbH has to carry out the correction without delay.
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of your personal data for a period of time that enables the grouptime GmbH to verify the accuracy of your personal data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the grouptime GmbH no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you have objected to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet certain, whether the legitimate reasons of grouptime GmbH outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a member state.
If the restriction of processing was made based on the conditions above, you will be informed by grouptime GmbH before the restriction is lifted.
a) Obligation to Delete
You may request from grouptime GmbH that the personal data relating to you gets deleted immediately, and grouptime GmbH is obliged to delete this data immediately if one of the following reasons applies:
(1) Personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing was based on in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR, and there is no other legal basis for the processing.
(3) You object in accordance with Art. 21 para. 1 GDPR to the processing and there are no prior justifiable reasons for the processing, or you object on accordance with Art. 21 para. 2 GDPR to the processing.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under European Union law or the law of the member states to which grouptime GmbH is subject to.
(6) The personal data concerning you was collected in relation to offered services by the information society in accordance with Art. 8 para. 1 GDPR.
b) Information to Third Parties
If the grouptime GmbH has made public the personal data concerning you and is obligated to its deletion in accordance with Article 17 para. 1 GDPR, grouptime GmbH shall take appropriate measures, including technical means, under the consideration of available technoligies and implementation costs, to inform data controllers who process the personal data that you requested the deletion of all links to such personal data or of copies or replications of such personal data.
The right of erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the European Union or of the Member States to which grouptime GmbH is subject to, or to perform a task of public interest or public authority, that grouptime GmbH has to fulfil;
(3) for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) for archive purposes of public interest, or scientific or historical research purposes or for statistical purposes in accordance with Article 89 para. 1 GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
If you have asserted the right to rectification, of erasure or to restriction of processing to grouptime GmbH, the latter is obliged to notify all recipients, to whom the personal data concerning you was disclosed, to rectify or delete the or restrict the processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed by grouptime GmbH about these recipients.
You have the right to receive the personal data relating to you, which you have provided to grouptime GmbH, in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible without being hindered by grouptime GmbH, provided that
(1) the processing is based on a consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract in accordance with Art. 6 para. 1 lit. b GDPR and
(2) the processing is done by automated means.
You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data, which takes place in accordance with Art. 6 para. 1 lit. e or f GDPR.
grouptime GmbH no longer processes the personal data relating to you, unless it can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
If the personal data relating to you is processed in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purposes of such advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of services of the information society, of exercising your right to object through automated procedures that use technical specifications.
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
You have the right not to be subject to a decision that is based on automated processing - including profiling - that will have legal effect or affects you considerably in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the grouptime GmbH,
(2) is permitted by Euroepan Union or member state legislation to which grouptime GmbH is subject to, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) takes place with your express consent.
However, these decisions must not be based on special categories of personal data in accordance with Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the grouptime GmbH shall take appropriate measures to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain an intervention by a person of grouptime GmbH, the right to express her/his own position and the right to challenge the decision.
Without prejudice to any other administrative or judicial procedure, you shall have the right to issue a complaint to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.