Privacy Policy

This data protection declaration applies to the following service offers, any (business) platform and social media profiles as well as to any other Internet presences that refer to this data protection declaration:

dotplex.com

Twitter: https://twitter.com/dotplex

In the following, we inform you about the type, scope and purpose of processing personal data when using our online offer, which consists of this Internet presence and, if applicable, other online presences (e.g. external websites and (business) platform and social media profiles).

In the following we use the terms used in Art. 4 of the General Data Protection Regulation (GDPR).

Used terms

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all data processing operations.

"Pseudonymisation" means the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

"Profiling" means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analysing or predicting aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that natural person.

The term "Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

"Processor" means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1. Controller

1.1 Name and contact details of the controller

The person responsible within the meaning of the GDPR and other national data protection laws of the member states and other data protection regulations is:

dotplex GmbH
Reinhardtstraße 27c
10117 Berlin
Federal Republic of Germany

Phone: +49 30 20236996-0
Fax: +49 30 20236996-9
Email: support@dotplex.com
Internet: https://www.dotplex.com/en/

1.2 Name and contact details of the data protection officer / contact person for data protection

1.2.1 The Data Controller is not legally obliged to appoint a data protection officer.

1.2.2 The contact person responsible for data protection is the managing director of the responsible persons who is authorised by law to represent them:

Mr Jan Münnich

He can be reached at:

dotplex GmbH
Reinhardtstraße 27c
10117 Berlin
Federal Republic of Germany

Phone: +49 30 20236996-0
Fax: +49 30 20236996-9
Email: datenschutz@dotplex.de
Internet: https://www.dotplex.com/en/

2. General information on data processing

2.1 Scope of processing of personal data

2.1.1 As a matter of principle, we process personal data of our users only to the extent necessary to provide a functioning internet presence and the contents and services offered by us, to provide contractual services including customer service and customer care, to answer contact enquiries and to communicate with users and for our own advertising and security measures.

2.1.2 The processing of personal data of our users is regularly only carried out if either the user has consented or the processing of the data is permitted by legal regulations.

2.2 Legal basis for the processing of personal data

2.2.1 Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis for the processing of personal data.

2.2.2 Article 6 paragraph 1 letter b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations which are necessary for the performance of pre-contractual measures.

2.2.3 Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

2.2.4 If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 letter d GDPR serves as the legal basis.

2.2.5 If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 letter f GDPR serves as the legal basis for the processing of personal data.

2.3 Data deletion and storage duration

2.3.1 The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. In these cases, data will be blocked or deleted when a storage period prescribed by the above-mentioned standards has expired, unless further storage of the data is necessary for the conclusion or performance of a contract. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted, i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

2.3.2 The legal regulations applicable in Germany provide for a 10-year retention period for documents, in particular in accordance with § 147 para. 3 of the German Fiscal Code (AO) and § 237 para. 4 of the German Commercial Code (HGB) and § 14b para. 1 of the German Turnover Tax Act (UStG) (e.g. for books and records, inventories, annual financial statements, balance sheets and the organisational documents required for their understanding, management reports, accounting vouchers, issued and received invoices) and a 6-year retention period (e.g. for received commercial and business letters, copies of the letters sent, other documents insofar as they are of significance for taxation purposes).

3. Providing the website and creating log files

3.1 Description and scope of data processing

3.1.1 Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The Internet service provider of the user
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system reaches our website (referrer URL)
  • Websites that are accessed by the user's system via our website

3.1.2 This data are also stored in the log files of our system.

3.1.3 This data is not stored together with other personal data of the user.

3.2 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3.3 Purpose of data processing

3.3.1 Temporary storage of the IP address by the machine is necessary to enable delivery of the retrieved data to the user's electronic equipment. For this purpose, the user's IP address must be saved for the duration of the session.

3.3.2 Other data is stored in log files to ensure the functionality of the Website. In addition, the data is used to optimise the content of our website, to help us to prevent malfunctions and abuses of our systems, to ensure the permanent operability and security of our website and our information technology systems, and to provide law enforcement agencies with the information necessary for prosecution in the event of a cyber attack.

3.3.3 These purposes also include our legitimate interest in data processing in accordance with Art. 6 Para. 1 letter f GDPR.

3.4 Duration of storage

3.4.1 The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the purpose of providing the Website, this will be the case when the relevant session has ended.

3.4.2 In the case of data being stored in log files, this will be the case after seven days at the latest, unless a longer storage period is necessary to comply with contractual or legal obligations. Data whose further storage is required for evidential purposes shall be excluded from deletion until final clarification of the respective incident.

3.4.3 In addition, storage for statistical purposes or to optimise our website and the content offered is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

3.5 Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.

4. Use of cookies and web analysis tools

4.1 General information

4.1.1 Description and scope of data processing

4.1.1.1 Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up our website, a cookie can be stored in the cache of the user's Internet browser, provided the user has not deactivated this function in his Internet browser. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

4.1.1.2 We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page change.

The following data is stored and transmitted in the cookies:

  • Language settings
  • User details in the contact form
  • Log-in information

4.1.1.3 In addition, we do not use cookies on our website, which enable an analysis of the surfing behaviour of users.

4.1.1.4 The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

4.1.1.5 With the exception of so-called "first-party cookies", which are set by us as the data controller, no so-called "third-party cookies" are used, which are offered by other providers.

4.1.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

4.1.3 Purpose of data processing

4.1.3.1 The purpose of using technically necessary cookies is to make it easier for users to use websites. The cookies used serve, among other things, to recognise the user when changing pages and the entries made by a user in the contact form. If you have a customer account, we use the cookies to identify you for subsequent visits. This avoids you having to log in again each time you visit our website. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognised even after a change of page.

We require cookies for the following applications in particular:

  • Language settings
  • User details in the contact form
  • Log-in information

The user data collected through technically necessary cookies is not used to create user profiles.

4.1.3.2 These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 letter f GDPR.

4.1.4 Duration of storage, possibility of objection and removal

4.1.4.1 Some of the cookies used by us are so-called temporary or transient session cookies (session cookies). These store a so-called session ID, which can be used to assign various requests from your web browser to the shared session. This enables us to recognise your terminal device when you return to our website. Session cookies are deleted again after the end of the browser session, i.e. after closing your browser.

4.1.4.2 Other cookies used by us are so-called permanent or persistent cookies. These remain on your end device and enable us to recognise your browser on your next visit. These cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete these cookies at any time in the settings of your web browser.

4.1.4.3 Cookies are stored on your computer and are transmitted from your computer to our site. As a user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can be informed about the setting of cookies, decide on the acceptance of cookies on a case-by-case basis or restrict or generally exclude the acceptance of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. Please refer to the help function of your Internet browser to find out how to set the cookie function in your Internet browser. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

4.1.4.4 A general objection to the use of cookies used for online marketing purposes may be declared for a variety of services, particularly in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

4.2 Web analysis tools

Our website does not use web analysis tools.

5. Contacting

5.1 Description and scope of data processing

5.1.1 When contacting us via our contact forms: "Contact form" and "Speak to our experts" as well as "Request callback" on our website, the user's message or request for an appointment and the following information (mandatory data) of the user will be processed by us for the purpose of answering/processing his enquiry and possible queries:

5.1.1.1 "Contact form" and "Speak to our experts"

  • First and last name
  • Email address
  • Message

5.1.1.2 "Request callback"

  • First and last name
  • Phone number

5.1.2 In addition to the mandatory data mentioned in 5.1.1.1 and 5.1.1.2, you may provide the following additional information in our contact forms on a voluntary basis:

5.1.2.1 "Contact form" and "Speak to our Experts"

  • Phone number

5.1.2.2 "Arrange a callback

  • Email address
  • Specify the desired callback day by entering the desired callback day in the text field: "Select callback day".
  • Specify the desired callback period by ticking the checkbox with the desired callback period from 10.00 to 19.00 hours below: "periods of time"

5.1.3 All these data are never and at no time visible to other users.

5.1.4 During the sending process, you will be advised of the following:

"Your request is sent to our server in TLS-encrypted (HTTPS) format. By sending your enquiry, you agree to the processing of the data provided for the purpose of processing your enquiry. You will find information on data protection and revocation in our data protection declaration (https://www.dotplex.com/en/service/privacy)."

5.1.5 When contacting us by email or fax, the user's message and the personal data provided by the user will be processed by us for the purpose of answering/processing his enquiry and any queries.

5.1.6 All these data are never and at no time visible to other users.

5.1.7 When contacting us via possible (business) platforms or social media, the user's message and the personal data provided by the user will be processed by us for the purpose of answering/processing his enquiry and any queries.

5.1.8 Depending on the way in which the user sends us a message via any (business) platform or social media, this data may be visible to other users (e.g. in the case of messages on publicly accessible (business) platform or social media sites).

If you do not want this data to be visible to third parties, you should not send us any messages via (business) platforms or social media.

5.1.9 Notice of processing of your data by Twitter, Facebook, Instagram, Google, YouTube in the USA:

Please note that when you visit our online presences and accounts as well as profiles on any (business) platforms or social media and when you contact us in this way, your personal data may be transferred to the USA by the platform operators for their own purposes.

The European Court of Justice considers the US to be a third country that does not have an adequate level of data protection comparable to the EU, because of the possibility of governmental surveillance measures in the US, including possible disproportionate access to your data by governmental authorities (e.g. security agencies and intelligence services), against which there are no enforceable rights and effective remedies for the data subjects.

Your consent to the transfer of data to the USA in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR is voluntary and can be revoked at any time with effect for the future.

If you do not wish that this data is transferred to the USA by the platform operators for their own purposes, which could give government agencies access to this data, you should neither visit our online presences and accounts, nor profiles on any (business) platforms or social media, nor send us any messages about this.

5.1.10 In all cases, data will not be passed on by us to third parties in this context. The data will be used by us exclusively for processing the conversation.

5.1.11 Please note that unencrypted emails sent via the Internet are not sufficiently protected against unauthorised access by third parties. For confidential - encrypted - communication by email, you can use our S/MIME certificates and PGP keys. You can download these at: https://www.dotplex.com/en/faq/dotplex-smime-pgp-k...

5.2 Legal basis for data processing

5.2.1 The legal basis for the processing of the data is Art. 6 Para. 1 letter a GDPR if the user has given his consent.

5.2.2 The legal basis for the processing of data transmitted in the course of contacting us by email or fax or via possible (business) platforms or social media is Art. 6 para. 1 letter f GDPR.

5.2.3 If the purpose of the contact is the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

5.3 Purpose of data processing

5.3.1 The processing of the personal data from the input mask of the contact forms serves us solely to answer / process the user's enquiry and any enquiries.

5.3.2 In the event that contact is established by email, fax or via any (business) platforms and social media, this also includes the necessary legitimate interest in the processing of the data.

5.3.3 The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

5.4 Duration of storage

5.4.1 The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

5.4.2 For the personal data from the input mask of the contact forms and those sent by email, fax or via any (business) platforms and social media, this is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified.

5.4.3 The statutory - in particular commercial, tax or professional code of conduct - retention obligations apply. We review the necessity of storage every two years.

5.5 Possibility of objection and removal

5.5.1 The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us via our contact forms or by email, fax or via any (business) platforms and social networks, the user can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

5.5.2 The user can revoke his consent to the processing of personal data and object to the storage of his personal data by sending an email to

datenschutz@dotplex.de

5.5.3 All personal data stored in the course of the contact will be deleted in this case, unless there are no commercial, tax or professional obligations to keep records.

6. processing of personal data for the purpose of contract implementation

6.1 Description and scope of data processing

6.1.1 Information for an order

6.1.1.1 We process the data of our contractual partners and interested parties in order to provide them with our contractual or pre-contractual services. If you wish to make use of the services offered by us against payment, it is necessary for the conclusion of the contract that you provide your personal data during the ordering process, which we require for the execution of the contract and the provision of the services owed under the contract. Failure to provide the personal data would mean that the contract could not be concluded with you.

6.1.1.2 A customer account is created for this purpose. In the customer account, users can not only view their orders and place future orders without having to enter their data again, but also configure the functions of their service package. The Customer Accounts are not public and cannot be indexed by search engines.

6.1.1.3 Within the scope of the ordering and registration process, the mandatory data required for the execution of the contract shall be identified accordingly. All further details are voluntary. The processed data includes

Personal data:

  • First and last name
  • Company
  • Legal representative
  • Street and house number
  • Postcode and town
  • Country
  • Email address
  • Telephone number
  • VAT ID no.

As a matter of principle, we do not process special categories of personal data, unless they are part of a commissioned processing.

Additional if the SEPA direct debit payment method is selected:

  • Account holder
  • IBAN
  • BIC

For domain registration additionally:

  • Domain(s)

6.1.1.4 The "Company Name", the "VAT ID No.", "Street and House Number", "Post Code and City", the "Country", the "Email Address", the "Telephone Number", the "Account Holder" and the "IBAN" as well as the "BIC" are never and at no time visible to other users.

6.1.1.5 The "first name" and / or the "surname" can only be viewed by other users if you enter these data, for example, when commenting on a possible weblog entry. If the data entered under "Name" when commenting on a weblog entry is a clear name (real first name and / or surname), it is therefore always and without restriction visible to other users. If you do not wish this, you should either not write any comments on weblog entries or use a pseudonym / nickname instead of a real name.

6.1.1.6 The name of the Internet address (domain) is perceptible to other persons if Internet services (e.g. website, weblog, email and the like) are operated under this Internet address.

6.1.1.7 The type and scope of the data recorded in the Whois databases of the respective domain registries and made available for domain queries will be limited after the GDPR comes into force.

The following can be viewed directly without restriction: the domain status (registered / unregistered); domain-related technical data (name servers and information on DNS keys); information on how to contact us: General Request (you can send general and technical enquiries about the domain to this contact address); Abuse (you can send enquiries and information regarding possible illegal or abusive use of the domain to this contact address).

The previously used contact information for the technical and zone responsible person (Tech-C, Zone-C) as well as the administrative contact (Admin-C) is no longer recorded in the Whois databases of the respective domain registries and is therefore no longer displayed in the respective domain query.

The following data is recorded by the domain holder in the Whois databases of the respective domain registries: First and last name, organisation name, street and house number, postcode and town, country, telephone number and fax number as well as email address.

The domain owner's data is no longer displayed when a domain query is made.

The respective domain registries will only provide information about the domain holders if there is evidence of the existence of a legally recognised legitimate interest (e.g. to authorities within the scope of their sovereign activity, for example in the area of criminal prosecution, averting of danger or attachment orders; to holders of a name or trademark right which may be infringed by the domain; to claimants who have an enforceable title in relation to the rights to the domain.

If you do not wish to do so, you should not register (have registered) and operate domains in your own name.

6.1.1.8 We use the so-called double opt-in procedure for registration. After sending your data, we will send you a confirmation email to the email address you provided. Your registration is only complete when you have confirmed your registration by clicking on the link contained in this email. If you do not confirm your registration, your registration with all the data you provided will be automatically deleted from our database after seven days.

6.1.2 Details when logging in to the customer menu

6.1.2.1 When logging into the customer menu, the following information (mandatory data) of the user is processed:

  • Username
  • Password

6.1.2.2 All these data are never and at no time visible to other users.

6.1.3 Information when logging in to the webmail area

6.1.3.1 When logging into the webmail area, the following information (mandatory data) of the user is processed:

  • Email
  • Password

6.1.3.2 The "Password" is never and at no time visible to other Users. The "email address" is only visible to other users if and insofar as you communicate with other users using this email address.

6.1.4 We store the login status for registrations in the customer and/or webmail menu by means of session cookies and optionally by means of permanent cookies if the checkbox "Remain logged in" has been selected.

6.1.5 When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of an order processing pursuant to Art. 28 GDPR and do not process the data for any other purposes than those specified in the order.

6.2 Legal basis for data processing

6.2.1 The legal basis for the processing of the data is Article 6 paragraph 1 lit. a GDPR if the user has given his consent.

6.2.2 Insofar as the order and registration serve to fulfil the contract or pre-contractual measures, additional legal bases for the processing of data are Art. 6 para. 1 letter b GDPR (fulfilment of a contract) and Art. 6 para. 1 letter c GDPR (fulfilment of obligations under commercial and tax law).

6.2.3 The legal basis for the storage of log-in data is Article 6 paragraph 1 letter f GDPR.

6.2.4 If we act for our customers as contract processors, this is done on the basis of the contract concluded with the customer in conjunction with a contract processing agreement pursuant to Art. 28 GDPR.

6.3 Purpose of data processing

6.3.1 The processing of the data is necessary for the fulfilment of the contract (e.g. for the establishment, content design or modification and processing of an order as well as for billing purposes and the provision of customer services) with the user or for the implementation of pre-contractual measures.

6.3.2 If we act as processors for our customers, the subject of the contract and contract processing agreement concluded with the customer is the provision and operation of virtual and dedicated web servers and the provision of web storage space as well as the provision of related services such as the provision of email services and the registration and maintenance / administration of domains including various services and security services.

6.3.3 Log-in data is stored on the basis of both our legitimate interests and those of the users to protect against misuse and other unauthorised use. This is also our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

6.4 Duration of storage

6.4.1 The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

6.4.2 This is the case for the data provided during the ordering and registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract.

6.4.3 If we act as processors for our customers, we delete the data in accordance with the specifications of the order, in principle after the end of the order, unless contractual or legal obligations prevent deletion.

6.4.4 However, even after termination of the Contract, it may be necessary to continue to store personal data of the other party in order to comply with contractual or legal obligations. Deletion takes place after the expiry of statutory warranty periods and retention periods under commercial and tax law (6 and 10 years respectively). As soon as the processing of the above-mentioned data is no longer necessary for the purpose of fulfilling the contract, we will restrict the processing after three years, whereby your data will only be used to comply with the legal obligations. The necessity of keeping the data is reviewed every three years.

6.5 Possibility of objection and removal

6.5.1 Users have the possibility to terminate their contract and their user account in accordance with contractual and legal regulations.

6.5.2 The premature deletion of data, the processing of which is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, can only take place if there are no contractual or legal obligations that prevent deletion.

7. Disclosure of data and recipients

7.1 Description and scope of data processing

7.1.1 Your personal data will not be transferred to third parties. In particular, your data will not be forwarded to third parties for their advertising purposes.

7.1.2 We only pass on your personal data to third parties if:

  • you have given your express consent,
  • this is legally permissible and necessary for the processing of contractual relationships with you,
  • there is a legal obligation for the transfer (e.g. to tax authorities),
  • the disclosure is necessary on the basis of our legitimate interests and for the assertion, exercise or defence of legal claims (e.g. in the case of unpaid remuneration claims) and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

7.1.3 We use subcontractors (so-called processors and other third parties) for the execution of contractual relationships with you. In this case it is either necessary (processors) or at least possible (other third parties) for such sub-contractors to obtain knowledge of personal data.

These include in particular the following companies:

Web hosters and email providers:
It provides us with infrastructure and platform services as well as technical maintenance services and security services. It also provides us with computing capacity, storage space and database and email services (possibility to send and receive and store emails), which we use for the purpose of operating this online service.
We host our online offer ourselves.

Data centre operators:
I/P/B - Internet Provider in Berlin GmbH, Lützowstraße 105, 10785 Berlin
They provide us with data centre services, supply power and take care of the routing of IP data transfer.

Registrar service provider:
InterNetX GmbH, Johanna-Dachs-Str. 55, 93055 Regensburg
They provide us with registrar services for domain registrations for which we do not have our own registrar contract with the respective domain registry.

Domain registries:
The respective domain registration / and administration regulations of the various domain registries (e.g. DENIC. e.G.), over the content of which we have no influence, stipulate that we must forward certain data (e.g. first name and surname, organisation name, street and house number, postcode and town, country, telephone number and fax number as well as email address of the domain holder to the respective domain registries when registering / administering domains.
Please note that we may not refrain from passing on certain data from you to the respective domain registries, as these are mandatory requirements of the respective domain registries for the registration / administration of domains.
However, we will of course only transfer your data to the respective domain registries to the extent prescribed and absolutely necessary. Your bank details are not part of the data to be transmitted.
Please also note that the data to be transmitted to the respective domain registries are stored in publicly accessible Whois databases which can be queried by Internet users via the Internet and can be viewed to varying degrees. The reason for publishing the data is that the domain holder should be reachable, for example, in case of questions of a legal nature or in case of problems with the technical use of the domain. The domain registries prohibit the use of the query results for business, advertising or other abusive purposes.
You can find out from the respective domain registration / and administration terms and conditions of the respective domain registries, which can be accessed via the Internet, which data for the domain holder and the Admin-C can be accessed online in the publicly accessible Whois database of the respective domain registry. The respective domain registries usually differentiate between commercial and private registration of domains. This can mean that different details are stored depending on the Top Level Domain and the domain registry. However, contractual data will not be published.
If you do not want your data to be retrievable and viewable, you should not register (let) and operate domains in your own name.

Technical IT service provider:
sipgate GmbH, Gladbacher Strasse 74, 40219 Düsseldorf
They take care of the operation and maintenance of our cloud-based telephone system for us.

House bank:
GLS Gemeinschaftsbank eG, 44774 Bochum
This company takes care of the processing of payment transactions for us.

7.1.4 We select our service providers carefully - in particular with regard to data protection and data security - and take all measures required under data protection law for permissible data processing (e.g. conclusion of order processing contracts and/or agreements to comply with the duty of confidentiality). These service providers are bound by our instructions and are regularly monitored by us. The data passed on may only be used by these service providers for the purposes stated. These are companies located exclusively in the territory of the Federal Republic of Germany, in a member state of the European Union or in another state party to the Agreement on the European Economic Area (EEA), which provide their services exclusively in the territory of the Federal Republic of Germany, in a member state of the European Union or in another state party to the Agreement on the European Economic Area (EEA).

If the service provider is either established in a third country and/or provides its services in a third country, the clause "Transfer of personal data to third countries" below applies.

7.2 Legal basis for data processing

7.2.1 The legal basis for the processing and forwarding of data is Art. 6 Para. 1 letter a GDPR, provided the user has given his consent.

7.2.2 If the processing and transfer of data within the scope of a contract or a customer enquiry serves to fulfil the contract or pre-contractual measures, the legal basis for the processing and transfer of data is Art. 6 Para. 1 letter b GDPR (fulfilment of a contract).

7.2.3 Insofar as the processing and forwarding of data serves the fulfilment of a legal obligation, the legal basis for the processing of the data is Art. 6 Para. 1 lit. c GDPR (fulfilment of obligations under commercial and tax law).

7.2.4 If the processing and disclosure of data is necessary to protect the vital interests of the contracting parties, interested parties or any other natural person, the legal basis is Art. 6 para. 1 lit. d. GDPR.

7.2.5 The legal basis for the processing and forwarding of data on the basis of our legitimate interests and for the assertion, exercise or defence of legal claims is Art. 6 para. 1 sentence 1 lit. f GDPR.

7.2.6 If we commission third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 GDPR.

7.3 Purpose of data processing

The transfer of data to service providers commissioned by us (see Section 7.1.3) is required both in accordance with Art. 6 Para. 1 letter b GDPR for the fulfilment of the contract with the user (e.g. for the establishment, content design or modification and processing of an order as well as for billing purposes and the provision of customer services) or for the implementation of pre-contractual measures and in accordance with Art. 6 para. 1 lit. c GDPR in order to fulfil obligations under commercial and tax law as well as to safeguard our legitimate interests (e.g. enabling the performance of our business activities and the cooperation with contract processors and third parties as well as the assertion, exercise or defence of legal claims, if applicable) in accordance with Art. 6 para. 1 lit. f GDPR.

7.4 Duration of storage

7.4.1 The data will be deleted as soon as they are no longer necessary for the purpose for which they were transmitted.

7.4.2 Order processors and third parties delete received data in accordance with the specifications of the order / contract, in principle after the end of the order / contract.

7.4.3 Deletion shall not take place if contractual or legal obligations (e.g. commercial and tax law retention periods) prevent deletion.

7.5 Possibility of objection and removal

7.5.1 Insofar as the forwarding of data is either absolutely necessary for the fulfilment of the contract and/or is required by law, the user has no possibility to object.

7.5.2 Insofar as the subject of our services is also the procurement and / or maintenance of domains, we shall only act on behalf of and in the name of the user in the relationship between the user and the respective domain registry. The contractual relationship concerning the registration of the domain is concluded directly between the user and the respective domain registry. If you want to assert rights of revocation, information and other rights of affected persons because of the data processing by the respective domain registry, you must contact the respective domain registry, because it does not act on our behalf for us, but on the basis of an independent agreement made with you.

7.5.3 You may at any time object to the processing of your data by our payment service providers by sending a message to the data controller or to the payment service providers. However, the withdrawal of consent does not affect the lawfulness of the personal data processed up to the point of withdrawal. It may also mean that in the future it will no longer be possible to place orders at all or only to place orders using certain payment methods.

8. Transfer of personal data to third countries

8.1 With the exception of the use of any business platform and social media services and tools described in detail below, we will not process your personal data in a so-called third country outside the European Union and the European Economic Area (EEA).

8.2 If we process (have processed) your personal data in a third country, this will only be done if the third country in question offers a recognised level of data protection. Unless the European Commission has adopted an adequacy decision for the third country concerned, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers, including the use of standard data protection clauses approved by the European Commission or binding internal data protection rules approved by the competent supervisory authority (Art. 44 to 49 GDPR). Where this is not possible, we base the transfer of data on exceptions in Art. 49 GDPR, in particular on your express consent or the necessity of the transfer for the performance of the contract.

8.3 In order to register Top Level Domains of third countries, we must forward certain personal data to domain registries located in third countries. In this case the legal basis for the transfer of the data is Art. 49 para. 1 lit. b GDPR.

8.4 Notice of processing of your data by Twitter, LinkedIn, Facebook, Instagram, Google, YouTube in the USA:

Please note that when you visit our online presences and accounts as well as profiles on any (business) platforms or social media and when you contact us in this way, your personal data may be transferred to the USA by the platform operators for their own purposes.

The European Court of Justice considers the US to be a third country that does not have an adequate level of data protection comparable to the EU, because of the possibility of governmental surveillance measures in the US, including possible disproportionate access to your data by governmental authorities (e.g. security agencies and intelligence services), against which there are no enforceable rights and effective remedies for the data subjects.

Your consent to the transfer of data to the USA in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR is voluntary and can be revoked at any time with effect for the future.

If you do not wish that this data is transferred to the USA by the platform operators for their own purposes, which could give government agencies access to this data, you should neither visit our online presences and accounts, nor profiles on any (business) platforms or social media, nor send us any messages about this.

9. Integration of third party services and content

We do not use third-party content or service providers to incorporate their content and services on our website.

10. Online presence in social media and (business) platforms and portals

10.1 In connection with our professional public image and advertising, we maintain various online presences and accounts and profiles within various social networks and (business) platforms and portals in order to be able to communicate with the patients and interested parties and users active there and to inform them about our products and services.

10.2.1 If you visit our various online presences and accounts as well as profiles within various social networks and (business) platforms as well as portals for information purposes, without maintaining your own online presences and accounts as well as profiles there and being logged in, we do not process any personal data of you for our own purposes, unless you send us personal messages and/or interact with us/our contributions there (e.g. by commenting on our contributions and commenting on comments or "Like" statements of third parties etc.).

10.2.2 If you visit our various online presences and accounts as well as profiles within various social networks and (business) platforms as well as portals for information purposes, maintain your own online presences and accounts as well as profiles there and are logged in, we only process those personal data of you for our own purposes which

  • either you yourself have voluntarily approved the data protection settings of the respective social networks, (business) platforms and portals
  • or which are transferred to us according to the terms of use of the operators of the respective social network platforms and portals, which you have voluntarily accepted,

unless you send us personal messages and/or interact there with us/our contributions (e.g. by commenting on our contributions and commenting on comments or "Like" statements of third parties etc.).

If you do not want this data processing, we recommend that you remove the link between your user profile and our online presences, accounts and profiles.

10.3.1 We process the personal data of users on the basis of our legitimate interests

  • both in the implementation of measures for professional publicity and advertising purposes
  • as well as effective information and communication with users
  • as well as the analysis of the use of our online presences and accounts and profiles

according to Art. 6 para. 1 lit. f. GDPR.

10.3.2 If the processing of the users' personal data serves the purpose of concluding a contract or preparing the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 letter b GDPR.

10.3.3 If the users are asked by the operators of the respective social networks and (business) platforms and portals to consent to the collection and processing of data (i.e. to give their consent, for example by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6, paragraph 1, letter a. GDPR.

10.3.4 If necessary and possible, we will try to conclude an agreement with the operators of the respective social networks and (business) platforms and portals that complies with the requirements of Art. 26 GDPR.

10.4.1 We would like to point out that the operators of the respective social networks and (business) platforms and portals may process your personal data for their own purposes when you visit our online presences, accounts and profiles, without us having any influence on this.

10.4.2 Please note that user data may also be processed outside the European Union. This may entail certain risks for the users, e.g. because it could make it more difficult to enforce the users' rights. For the risks associated with the transfer of personal data to third countries, please refer to section 8.4 "Notice of processing of your data by Twitter, LinkedIn, Facebook, Instagram, Google, YouTube in the USA:".

10.4.3 Furthermore, the data of the users are generally processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. These user profiles can in turn be used, for example, to place advertisements within and outside the respective social networks and (business) platforms and portals that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data can also be stored in the user profiles across devices, especially if the users are members of the respective platforms and are logged in to them).

10.4.4 Detailed information

  • whether at all and, if so, to what extent the operators of the respective social networks and (business) platforms and portals process which of your personal data for their own purposes when you visit our online presences and accounts and profiles,
  • as well as whether and which possibilities of opposition (opt-out) exist,

can be found below as well as in the data protection relevant descriptions and data protection declarations of the respective platform operators.

10.5 We would like to point out that the most effective way of making requests for information and asserting the rights of users / affected persons is not to contact us, but directly the operators of the respective social networks and (business) platforms and portals, because it is not us, but only the operators of the respective social networks and (business) platforms and portals who have access to the users' data and are therefore better placed than we are to take appropriate measures and provide information directly. Should you nevertheless require assistance, please do not hesitate to contact us.

10.6 Used services and service providers:

Twitter
Type: Social network
Website: https://twitter.com
Service providers: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy: https://twitter.com/en/privacy
Settings: https://twitter.com/personalization

11. Rights of the data subject

If your personal data is processed, you are a data subject in the sense of the GDPR and you are entitled to the following rights vis-à-vis the person responsible:

11.1 Right to information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

In the event of such processing, you may request the following information from the data controller:

11.1.1 the purposes for which the personal data are processed

11.1.2 the categories of personal data processed

11.1.3 the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed

11.1.4 the planned duration of the storage of personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage

11.1.5 the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing

11.1.6 the existence of a right of appeal to a supervisory authority;

11.1.7 all available information about the origin of the data, if the personal data is not collected from the data subject

11.1.8 the existence of automated decision-making, including profiling, in accordance with art. 22 paras. 1 and 4 DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards provided for in Art. 46 of the DPA in connection with the transfer.

11.2 Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.

11.3 Right to restrict processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

11.3.1 if you dispute the accuracy of the personal data concerning you for a period of time which enables the Controller to verify the accuracy of the personal data

11.3.2 the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data

11.3.3 the Controller no longer needs the personal data for the purposes of the processing, but you need the personal data to assert, exercise or defend legal claims; or

11.3.4 if you have lodged an objection to the processing in accordance with Art. 21 Par. 1 GDPR and it has not yet been established whether the justified reasons of the Controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

11.4 Right of cancellation

11.4.1 Duty to delete

You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

11.4.1.1 The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

11.4.1.2 You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

11.4.1.3 You submit an objection to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you submit an objection to the processing pursuant to Art. 21 Para. 2 GDPR.

11.4.1.4 The personal data concerning you have been processed unlawfully

11.4.1.5 The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

11.4.1.6 The personal data relating to you has been collected in relation to information society services offered, in accordance with Art. 8 para. 1 of the GDPR.

11.4.2 Information to third parties

If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

11.4.3 Exceptions

The right of cancellation does not apply if the processing is necessary

11.4.3.1 to exercise the right to freedom of expression and information;

11.4.3.2 in order to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

11.4.3.3 for reasons of public interest in the field of public health pursuant to Article 9 paragraph 2 letters h and i as well as Article 9 paragraph 3 GDPR;

11.4.3.4 for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the law referred to in Section a) is likely to render the attainment of the objectives of such processing impossible or seriously impair it, or

11.4.3.5 to assert, exercise or defend legal claims.

11.5 Right to information

If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

They have the right to be informed of these recipients by the person responsible.

11.6 Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that

11.6.1 the processing is based on a consent pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract pursuant to Article 6 paragraph 1 letter b GDPR and

11.6.2 the processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

11.7 Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6, paragraph 1, letter e or f of the DPA; this also applies to profiling based on these provisions.

The person responsible will no longer process the personal data concerning you unless he/she can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility of exercising your right of objection in connection with the use of Information Society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

11.8 Right to withdraw the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the lawfulness of the processing that has taken place on the basis of your consent until revocation.

11.9 Automated case-by-case decision including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects in relation to you or significantly affects you in a similar way. This does not apply if the decision

11.9.1 is necessary for the conclusion or performance of any contract between you and the party responsible

11.9.2 is permitted by Union or national legislation to which the responsible person is subject and such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

11.9.3 with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in 11.9.1 and 11.9.3, the responsible person shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from the responsible person, to present his or her point of view and to challenge the decision.

11.10 Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the suspected infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.

The supervisory authority to which the complaint has been submitted shall inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

12. Data security

12.1 We use the common SSL (Secure Socket Layer) procedure within our internet presence in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

12.2 Your personal data will be encrypted using 256 bit SSL encryption when contacting us via our contact forms on our website and when placing orders as well as when logging in to the customer menu and the webmail menu.

12.3 Your bank data collected by us via an HTTPS-encrypted Internet connection are stored by us on our systems in encrypted form.

12.4 Credit card data is not stored by us, but collected and processed directly by our payment service provider.

12.5 Access to the customer menu and the webmail menu is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.

12.6 Furthermore, in accordance with Art. 32 GDPR, we shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons. The measures taken include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure, security of availability and segregation of data relating to them. Furthermore, we secure our website and other systems with suitable technical and organisational security measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Furthermore, we have set up procedures to ensure that the rights of those concerned are exercised, data is deleted and that we react to any threat to the data. Finally, we already take the protection of personal data into account during the development and design or the selection and use of applications, products and services as well as service providers commissioned by us, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR). Our security measures are continuously improved in line with technological developments.

13. Topicality and amendment of this data protection declaration

13.1 The version of our privacy policy available at the time of visiting the website always applies.

13.2 Due to the further development of our website and / or the implementation of new technologies and / or changed official or legal requirements / regulations, it may become necessary to adapt the content of this data protection declaration. We therefore reserve the right to amend this data protection declaration at any time with effect for the future. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

13.3 The current version of our data protection declaration can be viewed, saved and printed out at any time here: https://www.dotplex.com/en/service/privacy.


Effective: 13.10.2020

Speichern | Print