Empalis Consulting GmbHPrivacy policy

1. Subject of this Privacy Policy

We appreciate your interest in our website and our offers displayed on our websites.
The protection of your personal data (hereinafter referred to as "data") is a great and very important concern for us. In the following, we would like to inform you in detail in the following, which data was collected during your visit to our website and use of our local offers and how these are processed or used by us, as well as which accompanying protective measures we have additionally taken in technical and organizational terms.

2. Responsible body / service provider

Responsible body in the sense of the data protection right and at the same time service provider within the meaning of the Telemedia Act (TMG) is the Empalis Consulting GmbH, cf. our imprint.
If you have any questions or comments about this privacy policy or general data protection, please contact the following e-mail address: dsb@empalis.de

3. Contact details of the data protection officer

Lawyer Bettina Wengert

Industriestr. 4
70565 Stuttgart

dsb@empalis.de

4. Collection and use of your data

The extent and nature of the collection and use of your data differs depending on whether you visit our website only to retrieve information or in order to use the services offered by us:

a) Informational use

For the purely informative use of our website, it is generally not necessary for you to provide personal data. Rather, in this case, we only collect and use data that your internet browser automatically transmits to us, such as:

  • date and time of retrieval of one of our websites
  • your browser type
  • the browser settings
  • the operating system used
  • the page you visited last
  • the transferred amount of data and the access status (file transfer, file not found etc.)
  • the loading times of our website as well
  • Your IP address

We collect and use this data during an informative visit exclusively in non-personal form. This is done in order to enable the use of the websites you have retrieved for statistical purposes and to improve our internet presence.
The IP address is only stored for the duration of your visit, a personal evaluation does not take place.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free and optimal presentation of his website - for this purpose, the server log files must be recorded.

b) Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share
this information without your consent.
The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). You can revoke this consent at any time. An informal message by e-mail to us is sufficient.
The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The information you provide in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or delete the purpose for data storage (for example, after your request has been processed). Mandatory legal provisions - especially retention periods - remain unaffected.

c) Newsletter data

If you would like to receive the newsletter offered on the website, we would need an e-mail address from you which allows us to check that you are the owner of the e-mail address provided and that you agree to receive the newsletter, as well as your first and last name. We use this data exclusively for sending the requested information and, with the exception of our dispatch service provider, do not pass it on to third parties. We use rapidmail for sending the newsletter. This service is provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany.

Rapidmail is used for the organisation and analysis of the dispatch of newsletters, among other things. The details you enter for the purpose of receiving the newsletter will be stored on rapidmail's servers in Germany. If you do not wish to have your data analysed by rapidmail, you will have to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail we can determine whether and which links are clicked on in the newsletter message. All links in the e-mail are so-called tracking links, which enable us to count your clicks.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending and analysing the newsletter at any time, for example via the unsubscribe link contained in every newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The details you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for business communication) remain unaffected by this. You can find more information about rapidmail's data security instructions at: https://www.rapidmail.de/datensicherheit.

d) Online appointment booking

If you make use of the feature to book an appointment with us online (e.g. for an online consultation), your data that you enter there will be processed for this purpose, i.e. stored and used for the preparation and follow-up of the appointment. For booking and managing the appointment, the tool eTermin is used. Therefore, the data entered by you will also be processed by the company eTermin Ltd, Ipeirou 10A, 8010 Paphos, Cyprus as the operator of the tool accordingly on our behalf within the framework of an order processing agreement.
Beyond that, this data will not be processed without your consent.
 
The processing of the data entered in the appointment booking form is based on Art. 6 (1) lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures. 
 
The data entered by you in the appointment booking form and thus transmitted to us will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

e) Participation in surveys via anonymous links (e.g. Remote Work Check)

We conduct surveys ourselves or with the help of selected processors to continually improve and evaluate our offers. You will receive an invitation to these surveys by e-mail. The survey is carried out by clicking on the link provided in the invitation. The survey is conducted with the help of Microsoft Forms, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. The survey collects, among other things, the following personal data:

Information provided voluntarily by survey participants.

The survey consciously refrains from collecting personal data or only does so when respondents voluntarily provide personal data via free-text questions. We therefore explicitly ask respondents to refrain from providing personal data in free-text questions. However, we cannot rule out the possibility that in individual cases, apart from the data collected in the survey, other personal data may be transferred to MICROSOFT and then processed there, which we have not commissioned to process, such as the IP address and location data of the survey participant. The Microsoft Corporation was previously effectively certified under the EU-US Privacy Shield ( ECJ, 16.7.2020 - C-311/18). The data transfer with MICROSOFT is further based on the Standard Contractual Clauses (SCC). More information on Microsoft Forms is available on https://support.office.com/de-de/forms and further information on the processing of personal data by Microsoft is available here: https://privacy.microsoft.com/de-DE/privacystatement. Participation in the survey is voluntary. The processing of this data is exclusively based on your consent (Art. 6 para. 1 lit. a DSGVO). You can withdraw this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legitimacy of the data processing procedures carried out until revocation remains unaffected by the revocation. The information you provide in the survey will be used only for the purpose stated therein and deleted as soon as we no longer need it for this purpose.

f) Participation in surveys via personalized questionnaires (e.g. Quick Check)

For the purposes of providing you with individualized offers and to continuously improve and evaluate our offers, we conduct surveys ourselves or with selected processors. The invitation to these surveys will be sent to you by e-mail. The data you enter in the form included in the invitation will be processed and evaluated by us for the purposes described in the invitation e-mail.
The survey is conducted using Microsoft Forms, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. The survey linked in the invitation e-mail collects, among other things, the following personal data:

  • Last name, first name, company, position, telephone number, e-mail address.
  • Responses in the course of the survey in Microsoft Forms.
  • Voluntary information provided by survey participants.

We cannot rule out the possibility that in individual cases, in addition to the data collected with the survey, other personal data may be transmitted to MICROSOFT and processed there, the processing of which we have not commissioned, such as the IP address and location data of the survey participant. Microsoft Corporation was previously effectively certified under the EU-US Privacy Shield (ECJ, 16.7.2020 - C-311/18).

The data transfer with MICROSOFT is furthermore based on the Standard Contractual Clauses (SCC).
Further information on Microsoft Forms can be found at https://support.office.com/de-de/forms and further information on the processing of personal data by Microsoft can be found at https://privacy.microsoft.com/de-DE/privacystatement.

g) Participation in online events

If you register for our online events via a booking form, you will be redirected from our website to the ticket booking and registration platform Eventbrite. On behalf of the event organiser Empalis, Eventbrite collects and uses personal data in order to provide the ticketing service. This involves the data entered by you in the input mask, i.e. in particular your contact and, if applicable, billing data. For more information on this, please see the privacy policy of the provider Eventbrite. Provider of the booking platform is Eventbrite. Eventbrite Inc. is a corporation incorporated in accordance with the laws of the State of Delaware, USA, with its principal place of business at 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147, USA ("Eventbrite", "we", "us", etc.). For users located in the European Economic Area ("EEA") or Switzerland, Eventbrite Inc. acts as the Data Controller with respect to personal data collected via the services. Eventbrite's representative for the purposes of European data protection legislation is Eventbrite NL BV, located at Silodam 402, 1013AW, Amsterdam, The Netherlands. When booking through Eventbrite to attend our virtual events, Eventbrite will send attendees an automated response email as part of the registration process. For events without this booking process, please refer to the invitation for registration options. In all cases, you will receive an access link to a video conferencing tool, currently either Zoom or Microsoft Teams.

You will be redirected to the online conference provider ZOOM via this link. The data you provide when registering and during the virtual event will be collected and stored for this purpose and, insofar as you use the chat, query or survey functions during the event, it will also be displayed or shown during the event. For further information on the use of Zoom's services, please refer to the provider's privacy policy: https://zoom.us/de-de/privacy.html. The provider of these services is Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

Access link to Microsoft Teams:

You can access this link via a browser application or, if you have installed Teams yourself, in your app. The data you provide when registering and during the virtual event will be collected and processed for these purposes. Insofar as you use the chat, query or survey functions during the event, this data will also be displayed or shown during the event. For more information on the use of Microsoft Teams services, please refer to the provider's privacy policy: https://privacy.microsoft.com/de-de/privacystatement. The provider of these services is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For detailed data protection information for online meetings in "Teams", please click here.

h) Contract initiation and implementation  customers

Insofar as you wish to make use of the services offered by us on our website, it is necessary for you to provide additional data. It is the data that is required for the respective transaction, e.g. your contact details when sending an offer.
The collection or use of your data is for the purpose of providing the service you want, for example, to fulfil an order or to send you the desired offer. We collect, process and use personal data only insofar as they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or precontractual measures. We only collect, process and use personal data when using our Internet pages (user data) so far as this is necessary in order to enable or charge the user for the use of the service. The collected customer data will be deleted after completion of the order or termination of the business relationship, but not before expiry of the legal retention periods (usually 10 years).
We only transfer personal data to third parties if this is necessary in the context of contract execution; for example, to the bank responsible for payment processing. A further transmission of the data does not take place or only if you have expressly consented to the transmission. A transfer of your data to third parties without explicit consent, such as for advertising purposes, does not occur. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or precontractual measures.

i) Contract initiation and execution Suppliers

We collect, process and use personal data only to the extent that they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data about the use of our websites (usage data) only to the extent necessary to enable the user to use the service or to bill the user. 

The collected supplier data will be deleted after completion of the order or termination of the business relationship, but not before the expiry of the statutory retention periods. 

We transmit personal data to third parties only if this is necessary in the context of contract processing; for example, to a company entrusted with the delivery of goods or the credit institution entrusted with payment processing. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

j) Applications

In the following, we inform you about the scope, purpose and use of the personal data transmitted and collected by you as part of an application. We assure you that the collection, processing and use of your data will be in accordance with applicable data protection law and all other legal provisions and will be treated in strict confidence.

Application by e-mail/mail/social media or similar:

As part of your application, we will collect in particular your first and last name, contact information (cell phone number and / or e-mail), address, CV and relevant certificates / training certificates and other information on qualifications or work experience.
The data collection takes place when you send us the data and your application. This personal data is used exclusively for the processing and implementation of your application procedure. Your personal data will only be passed on within our company to persons who are involved in processing your application. Beyond this, your personal data will not be passed on to third parties unless you have given us your express consent to do so.

By submitting this data, you also give your consent regarding the described use of your data (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time for the future.You have the right to request information about your data stored by us at any time.
If the application is successful, the data submitted by you will be stored in our data processing systems for the purpose of implementing the employment relationship.If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the termination of the application process (rejection or withdrawal of the application). After this period, the data will be deleted and the physical application documents destroyed.This storage serves in particular as evidence in the event of a legal dispute.If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until it has become irrelevant.Other statutory retention obligations remain unaffected.

Application via our applicant portal (https://empalis-consulting-gmbh.onlyfy.jobs/):

The onlyfy one service (by XING) is used for applications via our job portal. onlyfy one is part of the comprehensive XING service of New Work SE, the purpose of which is to contribute to improving and simplifying the professional lives of users through a variety of different applications (onlyfy one as well as the social network XING, kununu, etc.).

onlyfy one, as part of the comprehensive XING service, is an online platform where or via which talents and companies come together.
Joint responsibility
The onlyfy one service is offered in the form of joint responsibility pursuant to Art. 26 DSGVO. With regard to the interaction in the company account of Empalis in onlyfy one, there is a so-called joint responsibility of Empalis and New Work SE pursuant to Art. 26 DSGVO, as they jointly determine the purposes and means of the processing within the meaning of Art. 4 No. 7 DSGVO and each use the processed personal data for their own purposes. You can view the current version of the joint responsibility agreement pursuant to Art. 26 DSGVO that New Work SE concludes with the companies that use onlyfy one here as an attachment to the GTC https://www.xing.com/terms/onlyfy-one to find out about the essence of the agreement.

Data processing by New Work SE
With regard to the data processing for which New Work SE is solely responsible or responsible within the scope of joint responsibility with Empalis, you will find more detailed information in the XING privacy policy, https://privacy.xing.com/de/datenschutzerklaerung. There you will also find the contact details of New Work SE as well as the company data protection officer of New Work SE.

Cookies

onlyfy one uses cookies. These are used to make the online application more user-friendly and effective. The cookies are technically necessary to provide you with this service. Without the use of cookies, the operation of the service would not be possible. There is therefore no possibility to object to the use of the cookies. 
The legal basis for the processing of the data is Art. 6 para.1 lit. f DSGVO. 

The following cookies are used by onlyfy one:

Provider: onlyfy one
Cookie: PHPSESSID
Purpose: This cookie is used to identify the user while using onlyfy one. The cookie is mandatory for correct functionality. The cookie loses its validity when the browser is closed.
Duration of storage: Until the browser window is closed (session cookie).

Provider: onlyfy one
Cookie: REMEMBERME
Purpose: This cookie is used to restore an expired session. The cookie is mandatory for correct functionality.
Duration of storage: The cookie loses its validity after 2 weeks.Details on the processing of your personal data when using onlyfy one as well as the information according to Art. 13, 14, 21 DSGVO can be found in the associated more detailed privacy policy at https://empalis-consulting-gmbh.onlyfy.jobs/policy.

5. Use of cookies

Our websites use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.
You can set your browser so that you are informed about the setting of cookies and decide on a case-by-case basis whether to accept them or decide to exclude the acceptance of cookies in certain cases or generally and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Cookies that are required to carry out the electronic communication process are based on Art. 6 para. 1 lit. f GDPR saved. The website operator has a legitimate interest in the storage of cookies for the technically correct and optimal provision of its services. If other cookies (such as cookies for analyzing your browsing behavior) are stored, they will be treated separately in this privacy policy.

On our websites we use the following cookies:

  • borlabs-cookie saves the settings of the visitors selected in the cookie box of Borlabs Cookie. The storage period lasts for one year.
  • _icl_*, wpml_*, wp-wpml_*, stores the current language. The storage period is one day.

These cookies serve users who have user access to our website in order to facilitate their browsing:

  • wordpress_[hash] saves login details.
  • wordpress_logged_in_[hash] saves the user's username and displays that the user is logged in.
  • wp-settings-{time}-[UID] saves the individual user settings (e.g. page views) saves the individual user settings (e.g. page settings).
  • wordpress_test_cookie verifies whether the browser settings enable cookies to be set. 

The duration of storage lasts one month.

6. Website analysis

6.1 Matomo

We are always interested in optimising our website for users and placing advertising in the best possible way. Matomo Analytics, an open source tool that analyses user behaviour and thus provides us with the necessary database for adjustments, helps us to do this. Matomo uses cookies, device fingerprinting and other technologies that enable cross-page recognition of the user to analyse user behaviour. Matomo records the page views, the region they come from, the IP address, referrer, browser used and operating systems. The tool can also measure whether our website visitors perform certain actions (e.g. click on links or make purchases). After anonymisation of your IP address, the data collected is stored exclusively on our server.

As the website operator, we have a legitimate interest in the anonymised analysis of user behaviour for the purpose of optimising our website and the advertising placed on it. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that you have consented to the storage of cookies, for example, or have consented to data processing in any other way, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

 

6.2 WebLeads

Our website uses the pixel-code technology of unn | UNITED NEWS NETWORK GmbH, Lorenzstraße 29, D-76135 Karlsruhe (https://www.unn-online.de), to identify visitors to our website who are relevant to our company. 
Only the IP address of a website visitor is processed. The processing takes place exclusively for the purpose of recognising company-relevant information such as the company name. IP addresses of private individuals are excluded from further use 
The IP address is not stored in WebLeads under any circumstances. 

The processing of data of business customers is based on our legitimate interest as a company to operate our website effectively and to effectively generate leads from business customers. Data processing is accordingly legal in accordance with Art. 6(1)(f) GDPR
 The data collected by us does not allow any conclusions to be drawn about an individual who can be identified at any time. 
At no time is data read from the end user's end device or set on the end device (no use of cookies).

Further information on data protection with WebLeads by unn | UNITED NEWS NETWORK GmbH, Lorenzstraße 29, D-76135 Karlsruhe, https://www.unn-online.de/ can be found at https://info.pressebox.de/datenschutz/

7. Social Media Pages

We currently do not use social media plugins. The social media buttons used on our website lead via a link to our respective social media pages. For these, in addition to our privacy policy, the privacy policy of the respective provider applies.

7.1 LinkedIn

When you visit our LinkedIn page, we connect to LinkedIn servers. LinkedIn is informed that you have visited our pages with your IP address. If you're logged in to LinkedIn, LinkedIn will be able to associate your visit with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn.
For more information, see the LinkedIn privacy statement at: https://www.linkedin.com/legal/privacy-policy
Providers of this service are LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States.

7.2 Twitter

By using Twitter and the "Re-Tweet" feature, the web pages you visit will be linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We point out that we as the provider of our pages do not receive knowledge of the content of the transmitted data and their use by Twitter. For more information, see the privacy policy of Twitter at: http://twitter.com/privacy.
You can change your privacy settings on Twitter in the Account Settings at http://twitter.com/account/settings.
Provider of these services is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States.

7.3 Instagram

When you visit our Instagram page, you will be connected to Instagram servers. Instagram is informed that you have visited our pages with your IP address. If you are logged in to Instagram, Instagram will be able to associate your visit with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by Instagram.
For more information, see the Instagram Privacy Policy: http://instagram.com/about/legal/privacy/
Provider of the service is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

7.4 XING / kununu

When you visit our pages of the network XING or the employer rating platform kununu, a connection is established to servers of XING SE. XING SE will be informed that you have visited our pages with your IP address. If you are logged into your account with a service of XING SE, it is possible for XING SE to assign your visit to you and your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and their use by XING SE.
Provider of these services is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Further information on data protection can be found in the data protection declaration of XING under: https://privacy.xing.com/de/datenschutzerklaerung

7.5 YouTube

On our website we offer links to videos on YouTube.

When you click on the button to load and play the YouTube video, a connection to YouTube servers is established. The legal basis is your consent in accordance with Art. 6 Para. 1 a) DSGVO. YouTube is notified that you have visited our pages with your IP address. If you are logged in to your YouTube account, it is possible for YouTube to associate your visit with you and your user account. We would like to point out that we, as the provider of our website, have no control over the content of the transferred data or its use by YouTube.

For more information, please see YouTube's privacy policy: https://www.google.de/intl/de/policies/privacy. The provider of the service is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

8. Use of third-party tools

8.1 Video offer of Empalis via the video portal Vimeo

We use the video portal Vimeo to provide videos for a restricted group of users. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you call up a video via the hyperlink we provide, a connection is established to the Vimeo servers. In the process, the Vimeo server receives information about which of our pages you have visited. In addition, Vimeo collects your IP address, technical information about your browser type, your operating system or very basic device information. You decide yourself whether further information is stored by selecting the option in Vimeo's cookie policy, which you can access via the cookie notice. If you give your consent to the use of non-essential cookies here, Vimeo will store information about what actions (web activities) you perform on the website. These web activities include, for example, session duration, bounce rate or which button you clicked on the website with a built-in Vimeo function. These actions are analysed and stored by Vimeo using cookies and similar technologies. If you are logged in to Vimeo as a registered member, your actions on our website will be directly linked to your Vimeo account. To prevent this, you must log out of Vimeo before accessing our website. We use Vimeo in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://vimeo.com/privacy. Further information on the handling of user data is provided in Vimeo's privacy policy at: https://vimeo.com/privacy.

9. Involvement of service providers and transfer to third parties

Your data will be forwarded to the provision of this website and for the purposes mentioned above, if necessary, to our supporting technical service providers (e.g. website hosting, support, quality assurance or mailing service), which we have of course carefully selected and commissioned in writing.
These service providers are bound by our instructions and are regularly monitored by us.
Otherwise, the transfer of your data to other third parties is only as far as explicitly stated in this privacy policy or in case we are legally obliged to do so.

10. Data security

We also use technical and organizational security measures to protect personal data arising or collected, in particular against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons. Our security measures are continuously improved in line with technological developments.
Your personal data is also encrypted using SSL / TLS technology to prevent access by unauthorized third parties.

11. Your rights as a victim

11.1 Right to information

You have the right, at any time upon request, to obtain information from us about your personal data concerning you in the scope of Art. 15 GDPR. You can submit an application by post or e-mail to the above address.

11.2 Right to correct incorrect data

You have the right to request immediate correction of personal data concerning you if it is incorrect. Please contact the above mentioned contact addresses.

11.3 Right to cancellation

You have the right to demand the deletion of your personal data under the conditions described in Art. 17 GDPR. Those conditions provide, inter alia, for a right of deletion where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an opposition or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. To claim your right to cancel, please contact the above mentioned contact addresses.

11.4 Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right applies in particular if the accuracy of the personal data between the user and us is controversial for the period of time required to verify correctness, and if the user requires limited processing for an existing right to delete instead of deletion; and in the event that the data is no longer required for our intended purposes, but the user requires it to assert, exercise or defend legal claims, and if the successful exercise of an objection between us and the user is still controversial. To exercise your right to restriction of processing, please contact the above contact addresses.

11.5 The right to data portability

You have the right to receive from us the personal data relating to you which you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. In order to assert your right to data portability, please contact the above mentioned contact addresses.

11.6 Right to object

You have the right at any time, for reasons arising out of your particular situation, against the processing of personal data relating to you, including but not limited to: based on Art. 6 para. 1 lit. e) or f) GDPR, to submit an objection pursuant to Art. 21 GDPR. We will cease the processing of your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purposes of asserting, exercising or defending legal claims.

11.7 Withdrawal

We would like to point out that you can revoke any data protection consent that we have been granted at any time with effect for the future. For this you should contact us informally by e-mail: dsb@empalis.de

11.8 Right to complain

You also have the right to contact the competent supervisory authority for complaints. The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstraße 20
70173 Stuttgart

12. Changes to this Privacy Policy

We constantly keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to make changes in the collection, processing or use of your data. The current version of the privacy policy is available at any time on our website at www.empalis.de/privacy-policy.