Introduction to INTRADUCT®‘s data privacy statement
Protecting your privacy is very important to us. We thus kindly urge you to carefully read the following summary about how we operate our website www.intraduct.de. The following data privacy statement complies with the provisions of the General Data Protection Regulation (GDPR) and the German Data Protection Act (GDPA). The statement contains information on the type of personal data that we, as the website’s operator, collect and on its purpose and use.
Although our website contains several security features, we cannot guarantee the complete protection of your personal data as internet security breaches cannot be prevented entirely. If you have any questions concerning your personal data, please contact our data protection officer under the contact information provided in the data privacy statement.
Pursuant to Art. 4 (7) GDPR and the applicable national data protection laws of the EU Member States as well as any other data protection provisions the following company is the controller:
INTRADUCT® Fachübersetzungen & Dolmetscherdienst GmbH
Street address: Gerichtsstraße 19, D-44135 Dortmund
Postal address: Postfach 10 17 10, D-44017 Dortmund
Telephone: +49 231 952045-0
Facsimile: +49 231 952045-28
2. Data protection officer
For questions, suggestions and comments about data protection and the assertion of your rights, please contact our data protection officer:
Erol Karakurt | Datapraxis
Arndtstr. 17, D-44787 Bochum
Telephone: +49 234 544651-99
Facsimile: +49 234 544651-200
Mobile: +49 157 52314693
In our data protection statement we use terminology which is contained and defined in the GDPR. For clarity we have listed and explained the most important terms below:
3.1. Personal data
Personal data signifies any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing signifies any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller shall ensure that the data processing is permissible by implementing technical and organisational measures which are subject to regular review.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
3.7. Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject signifies the self determination under data protection law. It is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. The consent can be revoked at any time.
4. General information on data processing
4.1. Scope of the processing of personal data
In general, we only process your personal data within the scope necessary to prepare our online quotes, content and services. We habitually collect and use personal data only after we have received your consent, or if the processing of data is allowed under the statutory provisions.
4.2. Legal bases for the processing of personal data
Regarding data protection the so-called prohibition under reservation of authorisation applies. The processing of personal data is therefore generally unlawful unless the data subject has given his or her consent, or if it is legitimised on legal grounds. We are obliged to inform you on the legal bases of data processing:
Art. 6 (1) (a) GDPR applies in cases where we obtain your consent to process your personal data. Art 6 (1) (b) GDPR applies in cases where processing is necessary for the performance of a contract which you have concluded with us or in order to take steps prior to entering into a contract. Art. 6 (1) (c) GDPR applies if we must process personal data to comply with a legal obligation to which we are subject, such as the statutory obligation to store and save data. Art. 6 (1) (d) GDPR applies if processing is necessary in order to protect the vital interests of the data subject or of another natural person. Art. 6 (1) (f) GDPR applies if processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
4.3. Transfers of personal data to third parties and processors
In general, we do not transfer personal data to third parties without your express consent. If we do disclose, transfer or otherwise grant third parties access to your data within the scope of processing, the measures are also based solely on one of the stated legal provisions. If we are so obliged by law or court order, we must transfer your data to the authority which is authorised to receive it. Art. 28 GDPR applies if data is transferred to service providers within the scope of so-called order processing. Our carefully chosen processors (external interpreters and translators), whom we regularly review, are obliged to comply with our instructions. We only hire processors who sufficiently guarantee the implementation of proper technical and organisational measures to ensure that the processing complies with the requirements of the GDPR and the amended GDPA, and to protect your rights.
4.4. Data transfer to third countries
The GDPR ensures the same high level of data protection throughout the European Union. When choosing our service providers and partners we thus rely on European partners, if possible, during the processing of your personal data.
4.5. Data deletion and storage period
Once the purpose for the storage becomes obsolete we will delete or render your personal data inaccessible. The data may be stored for longer, however, if the European or national legislators have so stipulated in EU regulations, laws or other provisions to which we are subject. That applies, for example, to data which must be stored for business or tax purposes. We will block or delete your data when storage period stipulated by the provisions expires unless the further storage of the data is necessary to conclude or execute a contract.
4.6. Contact and/or application forms
Our services and the information thereon depend on our users’ data. By using our website and/or the application form for freelancers and the quote form posted on our website, we collect various personal data types pursuant to the GDPR. The type of data is defined by the forms’ required fields, which must be completed for use, as well as the information provided in the optional fields.
4.6.1. Application forms for freelancers
To meet our customers’ demands we are required to make high demands on the quality of freelancers during our selection process. In the course our forms only ask for information which is indispensable to fulfil said purpose. We store said personal data for the duration of the application process and, if necessary, for any future contractual engagements. We do not intend to use them for any other purposes.
To provide our potential customers with a qualified quote we are reliant on the information asked for in the form. We assure you that we use said data solely to contact you and draw up a quote and that we will not use it for any other purposes. We will immediately delete said data if we are not commissioned or, in case of a commission, once the contractual and/or legal storage period has expired.
4.6.3. General information on contact forms and email contact
Our online services provide contact forms and email links (mailto) which you can use to contact us electronically. In doing so we meet the legal requirements, amongst others, to offer you an expeditious electronic method of contacting us. If you choose to use said method, your data will be processed and automatically stored pursuant to Art. 6 (1) (c) GDPR, to answer your query. We delete all queries once we no longer require the data and legal storage periods do not apply.
5. Data collection (log files)
Log files are created in the course of the operating system’s automatic record keeping process. As a result, information regarding the end component which you are using is stored on a server a log files. We too conduct an analysis of the log files. In the course our provider logs the following: date, time and frequency of your visits to the site; how you accessed the site (previous site, hyperlink etc.); amount of the sent data; which browser and which version of said you use as well as your IP address. We would like to reiterate that the data which we collect are used solely to improve our services. The provider may only store server log files for longer periods, transfer said or access said retroactively if he does so on a legal grounds (e.g. suspected unlawful activities).
Storage in a database: We store the data which you sent on our MYSQL database server.
It sends the data which you have provided to us via email, and are subsequently stored locally and printed by us.
6. Children and minors
Individuals under the age of 18 years should not provide us with personal data without the consent of their parents or legal guardians. We do not request, collect or transfer to third parties the personal data of children or minors.
7. Your rights
As a user of our internet services you have several rights under the GDPR, particularly pursuant to Art. 15 – 18 GDPR
7.1. Right of access
Pursuant to Art. 15 GDPR you have the right to request information on how we process your personal data. Please provide a clear description of the information which you are seeking in your request, so we may compile the data for you quickly.
7.2. Right to rectification
If your data is incorrect, no longer correct or incomplete, you have the right to request the rectification or completion thereof pursuant to Art. 16 GDPR
7.3. Right to erasure
7.3.1. Obligation to erase
You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller is obliged to erase said personal data without undue delay where one of the following grounds applies:
(1) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
7.3.2. Transfer of information to third parties
Where the controller has made your personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) GDPR as well as Art. 9 (3) GDPR;
(4) or archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
You have the right to request the erasure of your personal data if any of the grounds stipulated in Art. 17 GDPR apply. Your right to erasure depends on, amongst other things, whether we require your data to meet our legal and/or contractual obligations.
7.4. Right to restriction of processing
You have the right to obtain from the controller restriction of processing of your personal data where one of the following applies:
(1) you contest the accuracy of your personal data for a period which enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the above provisions, you will be informed by the controller before the restriction of processing is lifted. Pursuant to Art. 18 GDPR you have the right to request the restricted processing of your data.
7.5. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications. Pursuant to Art. 21 GDPR you have the right, based on grounds resulting from your particular situation, to object to the processing of your data at any time. However, we cannot always comply with your request, e.g. in cases where our legal or contractual obligations require us to process them to comply with said obligations.
7.6. Right to notification
If you have asserted your right to rectification or erasure or restriction of processing, the controller shall communicate any rectification or erasure of data or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you so request.
7.7. Right to data portability
You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and
(2) the processing is carried out by automated means.
In exercising your right to data portability you have the right to have your personal data transmitted directly from one controller to another, where technically feasible. Said right may not adversely affect the rights and freedoms of others. The right to data portability shall not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7.8. Right to recall the data protection consent
You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of the processing which was based on consent up until the withdrawal of consent.
7.9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. Said shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
Decisions may not, however, be based on special categories of personal data referred to in Article 9 (1) GDPR unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in (1) and (3) the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
7.10. Right to complain
You have the right to submit a complaint to a regulatory authority, in particular in the (EU) Member State in which you reside, work or the offence supposedly occurred, if you believe that the processing of your personal data is in violation of the GDPR. Said right does not infringe any any other administrative or judicial challenge. If you believe that we have failed to observe the data protection provisions during the processing of your data, you may submit a complaint with a regulatory authority.
If you decide to exercise said right, or one of the rights listed above, please firstly contact our data protection officer at firstname.lastname@example.org, so we may have the opportunity to provide a remedy.
9. Google services
9.1. Google Maps
Our website uses Google Maps API to visually display geographical information. Google also collects, processes and uses data on the use of the map functions when users run Google Maps. For further information on Google’s data processing policy, please read Google’s data protection statement. You can also change your personal data protection settings through Google’s data protection centre.
9.2. Google AJAX Search API
9.3. Google APIs
9.4. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google LCC (“Google”). Google Analytics uses so-called cookies, which are text files that are stored on your computer and enable an analysis of your use of the website. The information which the cookies generate on your use of this website (including your IP address) is transferred to and stored on a server in the United States by Google. Google will use that information to evaluate your use of the website, to draw up reports regarding the website activities for the website operator and to offer further services connected with the use of the website and the internet. Google will also transfer the information to third parties if necessary, provided that it is required by law or that third parties process the data on Google’s orders. You can prevent the installation of the cookies by setting your browser software accordingly; we would like to point out, however, that you might not be able to fully use all of our website’s functions. By using our website you agree to the processing of the data which Google has collected on you in the manner described above and for the above purpose. Google Analytics’ opt-out browser add-on provides the website user with more control over which data Google Analytics collects on the websites he or she visits. If you do not wish the storage of your data, please install Google’s opt-out tool, which is available at https://tools.google.com/dlpage/gaoptout?hl=de. For further information, go to https://tools.google.com/dlpage/gaoptout?hl=de or https://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). We would like to note that Google Analytics was expanded by the code “gat._anonymizeIp();” on our website to ensure the anonymous collection of IP addresses (so-called IP masking).
10. Amendment to the data protection statement
As the controller we reserve the right to amend the data protection statement with regard to the current data protection provisions at any time. If you have questions and comments, please do not hesitate to contact our data protection officer at email@example.com at any time.
Last updated June 2018.