Privacy

SIGOS Privacy Statement

Thank you for visiting our homepage. The safe handling of your data is particularly important to us. Thus, hereby we would like to provide you with detailed information about the use of your personal data when you visit our website.

1. Definitions

This privacy statement is based on the terminology used in the General Data Protection Regulation (GDPR) as issued by the European directives and regulatory body. Our privacy statement should be easily readable and comprehensible to the public, as well as to our customers and business partners. To ensure this, we would like to explain the used terminology in advance.

Among others, in this privacy statement we use the following terms:

  • Personal data: Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject: Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
  • Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing: Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s user behavior with regard to SIGOS information services, Internet sites, events, webinars, fraud detection, as well as other services provided by SIGOS.
  • Pseudonymisation Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identified or identifiable natural person.
  • Controller or processing controller: Controller or processing controller means a natural or legal person, public authority, agency or another body, who alone or jointly with others, determines the purpose and means of the processing of personal data. Where the purpose and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for the Union or Member State law.
  • Processor: Processor means a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller.
  • Recipient: Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the Union or Member State Law shall not be regarded as recipients.
  • Third party: Third party means a natural or legal person, public authority, agency or another body other than the data subject, controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Consent: Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wish by which the data subject by a statement or by another clear affirmative action signifies agreement to the processing of personal data relating to him or her.

2. Collection of data

When a data subject or an automated system calls up our website, our website will collect a number of general data and information. These general data and information are saved in the log files of the server. The following data can be collected:

  1. the used web browser types and versions,
  2. the operating system used by the accessing system,
  3. the website, from which an accessing system reaches our website (so-called referrer),
  4. the sub-websites which are directed to our website via an accessing system,
  5. date and time of access to the website, as well as to each further site,
  6. information from cookies set during a previous session if available
  7. status of access/HTTP status codes
  8. name and URL of the accessed file,
  9. IP address,
  10. date and time of access,
  11. the Internet service provider of the accessing system and
  12. other related data and information required for security purposes in the case of attacks on our information technology systems.

While using these general data and information we do not attribute them to the data subject. In fact, this information is needed

  1. to correctly deliver the content of our website,
  2. to ensure a smooth website connection establishment,
  3. to improve the content and the advertising of our website,
  4. to ensure the long-term functionality, as well as the evaluation of the system security and stability of our information technology systems and the technology of our website, as well as
  5. to provide the necessary information required for prosecution to law enforcement authorities in case of a cyber attack.

These anonymously collected data and information will be statistically evaluated for the purpose of increasing the level of data security and data safety in our company, to finally provide an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data indicated by the data subject.

The legal basis for the processing of personal data is constituted by Article 6 (1) Sentence (1) letter (f) GDPR. Our legitimate interest derives from the data collection purposes listed above. In no case do we collect the data for the purpose of relating them to your person.

3. Disclosure of data

A transfer of your personal data to third parties for purposes other than those listed in the following will only take place if:

  • you have given your express consent thereto in accordance with Article 6 (1) letter (a) GDPR,
  • the data transfer pursuant Article 6 (1) letter (f) GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in non-disclosure of your data,
  • in the event that a legal obligation exists regarding the disclosure pursuant Article 6 (1) letter (c) GDPR, as well as
  • where this is legally permissible and necessary for the performance of a contract with you pursuant Article 6 (1) letter (b) GDPR.

4. Statutory or contractual provisions for the provisions for the provision of the personal data; necessity for conclusion of the contract; obligations of the data subject for provision of personal; possible consequences of non-provision

We would like to clarify that the provision of personal data is to some extend required by law (for example tax regulations) or can derive from contractual arrangements (for example data of the contract partner). Sometimes it may be necessary for the purpose of conclusion of a contract for a data subject to provide personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him or her. In case of non-provision of personal data, the contract with the data subject could not be closed. Prior to the provision of personal data by the data subject, he or she can contact our data security officer. Our data security officer will advice the data subject in each case on whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether an obligation for the provision of personal data exists and will give advice on the consequences of non-provision of personal data.

5. Use of data when subscribing to an e-mail newsletter. webinar or other information

On our website we may provide users with options to subscribe to a newsletter, a webinar or to other information of our company. Thereby the following applies:

We will use your e-mail address to send information only upon your explicit consent pursuant Article 6 (1) letter (a) GDPR.

The type of personal data transmitted to the controller upon information request, depends on the utilized form.

We inform our customers and business partners regularly by means of a newsletter about the company offers. Our company newsletter can only be received by the data subject if

  1. the data subject has a valid e-mail address and
  2. the data subject has registered for the newsletter.

For legal reasons, a confirmation e-mail in the double-opt process is sent out to the e-mail initially provided by the data subject for the newsletter receipt. This confirmation e-mail is used to check whether the e-mail holder has authorized the newsletter subscription.

When you subscribe to the newsletter we further save the IP address of the computer system used by the data subject at the time of subscription assigned by the Internet Service Provider (ISP), as well as the date and time of the subscription. The collection of this data is necessary to track the (possible) misuse of the e-mail address of a data subject at a later point and therefore serves the purpose of legal safeguard of the controller.

The personal data collected during the subscription to our newsletter will only be used for the purpose of sending our newsletter. Furthermore, the subscribers to the newsletter can be informed by e-mail, it necessary for the operation of the newsletter or registration hereto, such as in the case of changes to the newsletter offers or in case of changes in the technical conditions. There is no transfer of personal data collected within the framework of the newsletter service to third parties.

The subscription to our newsletter can be adapted or canceled at any time by the data subject. The consent to the storage of personal data given by the data subject for the receipt of the newsletter may be revoked at any time. For the purpose of revocation of the consent a corresponding link is available in every newsletter. Additionally, there is the possibility to unsubscribe from the newsletter directly on the controller’s website or to inform the controller of this in another way.

6. Newsletter-Tracking

Our newsletters contain so-called Tracking-Pixels. A Tracking-Pixel is a miniature graphic embedded in such e-mails which are sent in HTML format to allow for the recording or analysis of the log file. This allows for a statistical evaluation of the success or failure of online marketing campaigns. By means of the embedded Tracking-Pixels we can see whether and when an e-mail has been opened by a data subject and which links, contained in the e-mail, have been opened by the data subject.

Such personal data collected via the Tracking-Pixel contained in the newsletters are stored and evaluated by the controller in order to optimize the newsletter dispatch and to adapt the content of the future newsletters to the preferences of the data subjects. This personal data will not be disclosed to third parties. Data subjects have the right to revoke the consent granted hereto via the double opt-in process at any time. Following a revocation these personal data will be deleted by the controller. An unsubscription from the newsletter will automatically be interpreted as a revocation.

7. Contact via the Internet page

Based on statutory provisions, our website contains information, including a general address of the so-called electronic mail (e-mail address) enabling fast electronic contact with our company, and direct communication with us. Should a data subject contact the controller via e-mail or contact form, the personal data supplied by the data subject will be automatically saved. Such personal data transferred to the controller on a voluntary basis are saved for the purposes of processing or contacting the data subject. There will be no transfer of personal data to third parties.

8. Setting of cookies

To make your visit to our website attractive and to allow for the use of certain functions we use so-called cookies on various pages. These are small text files that are stored in your computer or memory device.

The data processed through the use of cookies are necessary for the purpose of protecting our or the third party’s legitimate interests pursuant Article 6 (1) letter (f) GDPR.

Some of the cookies used by us are deleted at the end of the browser session, thus after you close your browser (so-called session cookies). Other cookies remain on your computer or memory device allowing us to recognize your browser at your next visit (persistent cookies). You can set your browser so that you are informed about the use of cookies and individually decide on their acceptance or exclude the acceptance of cookies for certain cases or in general. In case of non-acceptance of cookies, the functionality of our website may be limited.

9. Web analysis with Google (Universal) Analytics

This website uses Google (Universal) Analytics, a website analysis service of Google Inc. (www.google.de) Google (Universal) Analysis uses methods enabling the analysis of your website use, like for example so called “cookies”, text files that are stored on your computer. Information on your use of this website is usually transmitted to a Google server in the United States and stored there. In case of activated IP anonymization on this website, your IP address is previously truncated within member states of the European Union or in other states which are party to the agreement on the European Economic Area. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. The anonymized IP address sent from your browser as part of Google Analytics will not be merged with other data by Google.

You can prevent data generated by the cookies and relating to your use of the website (including your IP address) from being collected and processed by Google, by downloading and installing a browser plug-in from the following link: http://wbs.is/rom89.

As an alternative to the browser plug-in, you can use this link to prevent collection by Google Analytics on this website in the future. Thereby an Opt-Out cookie is stored on your device. When deleting your cookies, you must click the link again.

The user has the possibility, to set an Opt-Out cookie in the data privacy statement by clicking on “this link”. For the Opt-Out cookie, a Script must always be inserted before the actual Google Analytics-Script in the source text. You will find information on how to do this on Google Analytics Website http://wbs.is/rom71.

10. Usage of social plug-ins using the “2-click solution”

This website may use so-called social plug-ins (“plug-ins”) from the social network Facebook. This service is offered by the company Facebook Inc. (“provider”).

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can find an overview of the Facebook plug-ins and their appearance here: http://wbs.is/rom90

For the purpose of increased protection of your data during your visit of our website, the plug-ins are integrated on the site by means of the so-called “2-click solution”. This integration ensures that when you call a page of our website which contains such plug-ins, still no connection with the Facebook servers is established. Only when you enable the plug-ins and thus give you consent to the transfer of data, your browser will establish a direct connection to the Facebook servers. The contents of the respective plug-in will be transmitted directly to your browser and integrated on the page. Through the integration of the plug-ins Facebook receives the information that your browser has accessed the respective page of our website, even if you do not have a profile on Facebook or if you are not logged in. This information (including your IP address) will be sent from your browser directly to a Facebook server in the USA and stored there. If you interact with the plug-ins, for example by clicking the “Like” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also made public to your contacts on Facebook. For details about handling of your personal data by Facebook and your related rights and your options on protecting your privacy, please refer to the data privacy policy of Facebook http://wbs.is/rom91.

11. Embedded videos and images from external Internet pages

Some of our web pages may contain embedded content from YouTube or Instagram or other providers. During the sole access of a page of our website with embedded videos or images from our YouTube or Instagram-channel, no personal data, with the exception of the IP-address, are transmitted. In the case of YouTube, the IP-address will be transmitted to the Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“), and in the case of Instagram to the Instagram Inc., 181 SouthPark Street Suite 2 San Francisco, California 94107, USA (“Instagram“).

12. Notifications and amendments

Changes in the law or changes to our internal processes may require an adjustment of this privacy statement.

We will provide you with a six week notice in the event of such changes. Generally, you have (No.6) the right of revocation regarding your given consent.

Please note that (if you do not make use of your right of revocation) the current version of the data protection declaration applies.

13. Update/deletion of your personal data

At any time, you have the possibility to check, modify or delete the personal data supplied to us by sending us an e-mail to the e-mail provided at the end of this text. If you are a member with us, you can also exclude the receipt of further information there.

You also have the right, to revoke the once given consent with future effect at any time.

The stored personal data will be deleted when you revoke your consent to the storage.

The controller processes and stores personal data of the data subject only for the period of time that is required to achieve the storage purpose, or if required by the European directives and regulations or by other legislators by laws or regulations to which the controller is subject.

Upon expiration of the storage purpose or the storage period set by the European directive and regulatory body or by another competent legislator, the personal data will be blocked or deleted routinely in accordance with the legislation.

14. Rights of the data subject

Every data subject has the right as per the European directives and regulations to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Should a data subject like to make use of this right, they can refer to our data protection officer or another employee of the controller at any time.

Every data subject affected by the processing of personal data has the right as per the European directives and regulations to receive information with regard to the stored personal data, as well as copy thereof from the controller free of charge (Article 15 GDPR). Furthermore, the European directive and regulations grant the data subject access to the following information:

  • the purpose of processing
  • the categories of personal data concerned
  • the recipients or categories of recipients to whom the personal data have been or will be, particularly in the case of recipients in third countries or in international organizations
  • where possible the planned period for which the personal data will be stored, or if this is not possible, the criteria used to determine that period
  • the existence of the right to request from the controller the recertification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to submit a complaint to a regulatory authority
  • where the personal data have not been collected from the data subject: any available information about as the origin of the data
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject has the right to be informed as to whether personal data have been transferred to a third country or to an international organization. In such case, apart from that, the data subject has the right to be informed about the appropriate safeguards in relation to the transfer.

Should a data subject wish to make use of this right, they may refer to our data protection officer or another employee of the controller at any time.

Each data subject shall have the right as per the European directive and regulation to obtain from the controller without undue delay the recertification of inaccurate personal data concerning him or her (Article 16 GDPR). Taking into account of the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing supplementary statement.

Should a data subject like to make use of this right to recertification, they may refer to our data protection officer of another employee of the controller at any time.

Each data subject affected by the processing of personal data has the right as per the European directives and regulations to obtain from the controller the erasure of personal data concerning him or her without undue delay (Art. 17, GDPR) where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws the consent on which the processing is based according to Article 6 (1) letter (a)GDPR, or Article 9 (2) letter (a) GDPR, and where there is no other legal ground for the processing:
  • The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
  • The personal data have been processed unlawfully.
  • The personal data have to be erased for the purpose of compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data were collected in relation to the offer of information society services as per Article 8 (1) GDPR.

Should one of the above-mentioned grounds apply and if a data subject wishes to obtain the erasure of the personal data we have stored, he or she may contact our data protection officer or another employee of the controller at any time. Our data protection officer or another employee of the controller will arrange for the deletion without delay.

Where we have collected personal data and our company is obliged pursuant to Article 17 (1) GDPR to erase the personal data, we shall, taking into account the available technology and the cost of implementation the reasonable steps, including technical measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of those personal data, should the processing not be required. Our data protection officer or another employee are determined to take the necessary steps in the particular case.

Each data subject shall have the right as per the European directives and regulations to obtain from the controller restriction of processing where one of the following grounds applies:

  • The accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for processing purposes, but they are required by the data subject for the establishment, exercise of defense of legal claims.
  • The data subject has objected to processing pursuant Article 21 (1) GDPR pending verification whether the legitimate grounds of the controller override those of the data subject.

Should one of the above-mentioned grounds apply and if a data subject wishes to restrict the personal data stored by us, he or she may contact our data protection officer or another employee of the controller at any time with this regard. Our data protection officer or another employee are determined to take the necessary steps towards the restriction.

Each data subject affected by the processing of personal data shall have the right as per the European directives and regulations to receive the personal data concerning him or her which he or she has provided to the controller, in a structured, commonly used and machine-readable format. Moreover, he or she has the right to transmit those data to another controller without interference from the controller to which the personal data have been provided, where the processing is based on a consent pursuant to Article 6 (1) letter (a) GDPR, or Article 9 (2) letter (a) GDPR, or on a contract pursuant Article 6 (1) letter (b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task of public interest or for the exercise of public authority assigned to the controller.

Furthermore, while exercising the data portability right as per Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and where it does not adversely affect the rights and freedoms of others.

To exercise the right of data portability, the data subject may directly contact our data protection officer or another employee at any time.

Each data subject affected by the processing of personal data shall have the right as per the European directives and regulations to object on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on Article 6 (1) letters (e) or (f) GDPR. This includes profiling based on those provisions.

In case of an objection, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where we process personal data for direct marketing purposes, the data subject has the right at any time to object to the processing of personal data for such marketing purposes. This includes profiling to the extent that it is related to such direct marketing. Should the data subject object to processing for direct marketing purposes, we shall no longer process the personal data for such purposes.

Furthermore, the data subject shall have the right to object on grounds relating to his or her particular situation to the processing of personal data pertaining to him or her which are processed for scientific or historical research, or for statistical purposes as per Article 89 (1) GDPR, unless such processing is necessary for the performance of a task in the public interest.

To exercise of the right of opposition the data subject may directly contact our data protection officer or another employee. In the context of the use of information society services, and notwithstanding Directive 2002/58/EG, the data subject may exercise his or her right to object by automated means using technical specifications.

Each data subject shall have the right as per the European directive and regulation not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similar significantly affects him or her. This does not apply if the decision is necessary

  1. for entering into, or performance of a contract between the data subject and the controller,
  2. is authorized by Union or the Member States to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
  3. is based on the data subject’s explicit consent.

Where the decision

  1. is necessary for entering into or performance of a contract between the data subject and the controller, or where
  2. is based on the data subject’s explicit consent, we shall implement suitable measures to safeguards the data subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Should a data subject wish to make use of this right related to automated decision-making, they may refer to our data protection officer of another employee of the controller at any time.

Each data subject shall have the right as per the European directive and regulation to revoke his or her consent to processing of personal data at any time.

Should a data subject wish to make use of this right to revoke his or her consent to data processing, they may refer to our data protection officer of another employee of the controller at any time.

15. The legal basis for the processing

To our company Article 6 (1) letter (a) GDPR serves as a legal basis for the processing, for which we obtain a consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, as it is the case with processing required for the delivery of goods or provision of another service or performance, the processing shall be based on Article 6 (1) letter (b) GDPR. The same applies for such processing that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries regarding our products or services. Should our company be subject to a legal obligation by which a processing of personal data is required, such as for example for the fulfillment of tax obligations, the processing shall be based on Article 6 (1) letter (c) GDPR. In rare cases, the processing of personal data may be necessary in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be hurt in our company and thereupon his name, his age, his health insurance information or other vital information were to be disclosed to a doctor, a hospital or other third parties. In such case the processing would be based on Article 6 (1) letter (d) GDPR. Eventually, processing can be based on Article 6 (1) letter (f) GDPR. Processing operations which are not regulated by any of the above-mentioned legal requirements are based on this legal basis, where the processing is necessary to pursue a legitimate interest of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted particularly because they have been specially mentioned by the European legislators. Such legitimate interest could exist where the data subject is a client of the controller (recital 47 sentence 2 GDPR).

16. Legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6 (1) letter (f) GDPR, our legitimate interest is the implementation of our business activities in favor of the well-being of all our employees and our share owners.

17. Last updated

This privacy statement is currently valid and was last updated in August 2018.

18. The responsible person, or your contact person

If you have any questions regarding the collection, processing or use of your personal data, for information, recertification, blocking or erasure of data, as well as for the revocation of given consent or opposition to a specific use of data please directly contact:

appexperience.sigos.com, appexperience.com and sigos.com are provided by:

SIGOS LLC
1700 S. Amphlett Blvd.
Suite 205
San Mateo, CA-94402
USA

E-mail: Data-Security@sigos.com

SIGOS GmbHHeadquater:

Klingenhofstrasse 50d
90411 Nuremberg
GERMANY

Commercial Registry: Nuremberg, Register number: HRB 9323
VAT-ID: DE 133554737

Managing Directors:
Adil Kaya

Liable for contents acc. To German § 6 Interstate Agreement on Media Services:
Bjorn Koetz