DATA PRIVACY POLICY
Data privacy policy by eXXcellent solutions according to art. 13 and 14 GDPR.
We, eXXcellent solutions GmbH (hereinafter "eXXcellent solutions" or "we" or "us"), take the protection of your personal data very seriously and respect the rules provided by the data privacy laws.
The protection of your personal identifiable data that we gather, process and use due to your visit of our website www.easy-ssp.com (orchideo | easySSP) is an important matter to us. Your data is protected within the framework of existing legislation. Subsequently, you will find information on which data is gathered during your visit and how it is used.
Responsible Authority
The responsible authority in terms of data privacy law is:
eXXcellent solutions GmbHBeim Alten Fritz 2
89075 Ulm
E-mail: Datenschutz@exxcellent.de
CEO: Dr. Martina Burgetsmeier, Gerhard Gruber, Wilhelm Zorn
Office and register court: Ulm, HRB-Nr. 4309
The operational appointed data privacy officer of eXXcellent solutions GmbH, Mr. Brauch, is available under the above mentioned address and via e-mail at Datenschutz@eXXcellent.de.
Collection, Processing and Usage of Personal Data
Personal data consists of all information related to an identified or identifiable natural person that is an expression of a person's identity, including but not limited to names, addresses, phone numbers, e-mail addresses, contract accounting and payment data.
We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.
Processed Categories of Data
Log-Files:
When visiting our website www.easy-ssp.com your browser will gather and transfer the following information automatically to the server. If you use the website without registration, only the following personal data will be stored.
- Browsertype and -version
- Operating system
- Your internet protocol (IP) address
- Date and time of your visit
- Referring website
- Visited website
This data is required for a proper performance of services. Storage takes place exclusively in a server log file for own security purposes (e.g. identification of DOS attacks) and for a maximum duration of 3 months.
The legal basis for data processing is art. 6 GDPR. Our valid interest ensues from the above listed purposes for data gathering. Data gathered will not be used to identify the person in any way.
Communication Data:
In the case of registration, further data such as the user's name and e-mail address are collected. This data is required for a functional registration.
Contract Accounting and Payment Data:
If a chargeable service is used, further data such as company information (e.g. the company name) and necessary information regarding the payment method are stored.
Processing Purposes and Legal Basis
We, as well as the service providers commissioned by us, process your personal data for the following processing purposes:
- Provision of these Online Offers.
Legal basis: Fulfillment of contractual obligations. The following conditions apply: easySSP Terms of Use. - Resolving service disruptions as well as for security reasons.
Legal basis: Fulfillment of our legal obligations within the scope of data security, and justified interest in resolving service disruptions as well as in the protection of our offers. - Registration for usage of services offered on our website.
Legal basis: Justified interest on our part to execute the services and administration of justified interest of third parties and fulfillment of contractual obligations if relevant for the offered services. - Safeguarding and defending our rights.
Legal basis: Justified interest on our part for safeguarding and defending our rights.
Information Disclosure
Personal identifiable information are passed on only if permitted within the scope of a legal framework, or- you gave the explicit approval according to art. 6 para. 1 a) GDPR,
- the data transfer according to art. 6 para. 1 b) GDPR is required for assertion, exertion or defense of legal claims and there is no reason to believe that you have an overriding worthy of protection interest not to transfer your data,
- a legal obligation for a data transfer according to art. 6 para. 1 c) GDPR exists,
- it is permitted by law and required according to art. 6 GDPR for the transaction of contractual relationships with you, and
- the legitimate interest of the controller in the data processing according to art. 6 para. 1 f) GDPR outweighs the interests and rights of the affected person.
Cookies
Cookie Notice
This website uses cookies. Cookies are small text files containing user-specific data and settings that are stored on your device. On the one hand, they serve the purpose of user friendliness, and on the other hand, they are used for statistical evaluation of site usage. The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with art. 6 GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. Nevertheless, the complete deactivation of cookies may result in restrictions of the use of our website.
You can edit your cookie choices at any time in the cookie settings.
Technically necessary Cookies
These cookies are essential in order to enable you to navigate the website and use its features, such as setting your privacy preferences, logging in or filling in forms. Without these cookies, services requested through usage of our website cannot be properly provided. Strictly necessary cookies do not require consent from the user under applicable law.
Functional Cookies
These cookies allow the website to remember choices you make or information you enter (such as
your username, language or the region you are in) and provide enhanced, more personal features.
They are also used to enable requested functions such as playing videos.
To the extent that information processed with regards to functional cookies should, in a given
case, qualify as personal data, the legal ground for that processing is the user’s consent.
Performance Cookies
These cookies collect information about how visitors use a website, for instance which pages
visitors go to most often, and how visitors move around the site. They help us to improve the
user friendliness of our website and therefore enhance the user’s experience.
Further information collected by performance cookies may include e.g.: internet browser and
operating system used, the domain name of the website which you previously visited, the number
of visits, average duration of visit, and which pages were visited.
The information collected by these cookies is aggregated and normally cannot be linked to a
specific natural person. To the extent that information processed in connection with performance
cookies should, in a given case, qualify as personal data, the legal ground for that processing
is the user’s consent.
Marketing Cookies
Marketing cookies (also referred to as targeting or advertising cookies) are used to deliver
adverts on third party websites more relevant to you and your interests. They are also used to
limit the number of times you see an advertisement as well as help measure the effectiveness of
an advertising campaign.
Legal basis for the processing of personal data in connection with marketing cookies (if any) is
the user’s consent.
We use Google Analytics to collect data and track how the user interacts with our website. We use this data to
improve the design and usability of our web services. We will provide more information about Google Analytics in a
following chapter.
Cookie List
You may find detailed information about the different cookies (e.g. purpose of the cookie and recipient of the information collected by the cookie) here:
Technically necessary Cookies
| Name | Description | Lifespan | Cookie Host |
|---|---|---|---|
| AWSALB | Used to direct the user requests to the same target server so that the user authentication mechanism works without errors. | 7 days | AWS |
| AWSALBCORS | Used to direct the user requests to the same target server so that the user authentication mechanism works without errors. | 7 days | AWS |
| AUTH_SESSION_ID | Used within the user authentication mechanism. | Session | KeyCloak |
| AUTH_SESSION_ID_LEGACY | Used within the user authentication mechanism. | Session | KeyCloak |
| COOKIE_CONSENT | Used to store that the user has set his cookie preferences. | 1 year | easySSP |
| GOOGLE_ANALYTICS_CONSENT | Used to store the users cookie prefference regarding Google Analytics. | 1 year | easySSP |
| KC_RESTART | Used within the user authentication mechanism. | Session | KeyCloak |
| KEYCLOAK_IDENTITY | Used within the user authentication mechanism. | Session | KeyCloak |
| KEYCLOAK_IDENTITY_LEGACY | Used within the user authentication mechanism. | Session | KeyCloak |
| KEYCLOAK_SESSION | Used within the user authentication mechanism. | 10h/16h | KeyCloak |
| KEYCLOAK_SESSION_LEGACY | Used within the user authentication mechanism. | 10h/16h | KeyCloak |
| _oauth2_proxy | Used within the user authentication mechanism. | 2h | OAuth2Proxy |
| KEYCLOAK_LOCALE | Used to set the user language on a page. | Session | easySSP/KeyCloak |
Marketing Cookies
| Name | Description | Lifespan | Cookie Host |
|---|---|---|---|
| _ga | Used to distinguish users. | 2 years | easySSPGoogle Analytics 4 |
| _ga_"container-id" | Used to persist session state. | 2 years | easySSPGoogle Analytics 4 |
Revocation
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites.
Integration of Services and Third-Party Consents
The following Sections apply to various third-party services and consents that are integrated into our website and web app. Please note that information about cookies (and similar technologies) integrated into our website and services is contained in a separate cookie notice on this website, which is described in more detail in Section 4.
On our website, we integrate third-party content, such as fonts from www.myfonts.com. This always requires that the user's IP address is transmitted to these providers so that the provider can deliver the content to the user. We have no influence if the providers store this IP address and, for example, evaluate it statistically. Insofar as we are aware of this, we inform the users about it.
Google Analytics
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means
of the cookies about your use of this website is generally transferred to a Google server in the USA and stored
there.
We use the User ID function. User ID allows us to assign a unique, persistent ID to one or more sessions (and the
activities within those sessions) and to analyze user behavior across devices.
Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Seen / clicked ads
- Language settings
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your internet service provider
- The referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website.
Recipients
Recipients of the data are/may be:- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Duration of storage
The data sent by us and linked to cookies are automatically deleted after 2 months. The deletion of data whose retention period has been reached occurs automatically once a month.
Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR and Art.49a GDPR.
Revocation
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
a. not giving your consent to the setting of the cookie orb. downloading and installing the browser add-on to disable Google Analytics HERE.
For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.
External Links
Our Online Offers may contain links to internet pages of third parties, in particular providers who are not related to us. We have no influence on the collection, processing and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is naturally beyond our control.
Security Notes
Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.
We are using appropriate technical and organizational security measures to protect your data against accidental and intentional manipulations, partial or complete loss, destruction and unauthorized third party access. Our security measures are continuously improved according to technical developments.
Full data security cannot be guaranteed for e-mail communication, thus we recommend sending confidential information by mail.
Right of Information, Cancellation and Objection
Users can contact us based on data privacy law to retrieve free information about personal
identifiable information we store, and request closure and deletion as long as there is no
retention obligation.
You have the right to
- request information according to art. 15 GDPR about your personal identifiable information processed by us. In particular, you can request information about the purpose of the processing, the category of personal identifiable information, the category of recipients your data is or will be revealed to, the planned storage period, the existence of the right to correction, deletion, and restriction of processing or cancellation, the existence of the right of complaint, the origin of your data if not gathered by us, and about the existence of an automated decision making including profiling;
- request immediate correction or completion of your stored personal identifiable data according to art. 16 GDPR;
- request deletion of your stored personal identifiable data according to art. 17 GDPR provided that processing is not required for exercising the right of free expression and information, for fulfillment of legal obligations, for reasons of public interest or for assertion, exercise and defense of legal claims;
- request restriction of processing of your personal identifiable information according to art. 18 GDPR provided that you deny the data correctness, processing is unlawful and you deny deletion while we don’t require the data any longer but you require the data for assertion, exercise and defense of legal claims or provided that you filed an objection against processing according to art. 21 GDPR;
- request the personal identifiable information you provided according to art. 20 GDPR in a structured, common and machine-readable format or request the transfer to another responsible person;
- cancel your approval according to art. 7 para. 3 GDPR. This means that we are not allowed to continue data processing based on your former approval and
- according to art. 77 GDPR complain to a regulatory authority. Usually you can contact the regulatory authority of your common residence or workplace or the residence of our register court.
If you would like to exercise your rights, e-mail to Datenschutz@exxcellent.de.
Currency and Change of Data Privacy Policy
This data privacy policy was created based on regulations of different legislations including art. 13/14 EU-GDPR 2016/679. The data privacy policy is currently valid (April 2021) and refers exclusively to the website www.easy-ssp.com and the application contained therein, unless otherwise mentioned.
© 2024 eXXcellent solutions