Imprint & Privacy Policy

IMPRINT

Responsible for the content of the website:

Magdalena Meindl

Edmundstrasse 9
DE-12051 Berlin
m.meindl@systemli.org

Tax Identification Number: 16/439/02307
Tax Office Berlin Neukölln

Copyright

All content, images, designs, as well as scripts are protected by copyright

and may not be used, distributed, or copied in other contexts without permission

Website Conception and Design:

Stephanie Wörter and Stefan Mayer
www.stephanielis.com

Privacy Policy

Effective Date: May 8, 2024

Contents

  1. Data Controller
  2. Overview of Data Processing
  3. Legal Basis for Processing
  4. Security Measures
  5. Transfer of Personal Data
  6. International Data Transfers
  7. General Information on Data Storage and Deletion
  8. Rights of Data Subjects
  9. Business Services
  10. Provision of Online Services and Web Hosting
  11. Use of Cookies
  12. Contact and Inquiry Management
  13. Newsletters and Electronic Notifications
  14. Advertising Communication via Email, Post, Fax, or Phone
  15. Web Analysis, Monitoring, and Optimization
  16. Social Media Presence
  17. Plug-ins and Embedded Features and Content
  18. Definitions

Data Controller

Magdalena Meindl
Edmundstrasse 9

12051 Berlin, Germany
Email: m.meindl@systemli.org

Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects involved.

Types of Data Processed:

  • Master data
  • Employee data
  • Payment data
  • Location data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta/communication and procedural data
  • Social data
  • Image and/or video recordings
  • Log data
  • Performance and behavioral data
  • Working time data
  • Salary data

Special Categories of Data:

  • Health data
  • Religious or philosophical beliefs
  • Union membership

Categories of Data Subjects:

  • Recipients of services and clients
  • Employees
  • Interested parties
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of Processing:

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Reach measurement
  • Office and organizational procedures
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • User profile creation with user-related information
  • Provision of our online services and user-friendliness
  • Establishment and execution of employment relationships
  • Information technology infrastructure
  • Public relations
  • Sales promotion
  • Business processes and economic procedures

Legal Basis for Processing

Relevant Legal Basis under GDPR: Below you will find an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Processing of special categories of personal data for health, occupational and social security purposes (Art. 9(2)(h) GDPR): Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, for medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to a contract with a health professional.

National Data Protection Regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, including the Federal Data Protection Act (BDSG). The BDSG contains specific provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.

Measures include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and separation of data. We also have procedures in place to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Furthermore, we consider the protection of personal data from the outset when developing or selecting hardware, software, and procedures, in accordance with the principles of data protection by design and by default.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that the data is transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Among the recipients of this data may be IT service providers or providers of services and content that are embedded in a website. In such cases, we observe the legal requirements and conclude appropriate contracts or agreements with the recipients of your data to protect your data.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this is done only in accordance with the legal requirements.

If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers are made only if the data protection level is otherwise ensured, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in cases of contractual or legally required transfer (Art. 49(1) GDPR). The basis for third-country transfers is primarily adequacy decisions. Information on third-country transfers and existing adequacy decisions can be found on the European Commission’s website: EU Commission.

EU-US Trans-Atlantic Data Privacy Framework: Under the Data Privacy Framework (DPF), the European Commission has also recognized the data protection level for certain companies from the USA as safe under the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at Data Privacy Framework. We inform you in the privacy notices which of our service providers are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data processed by us in accordance with the legal requirements as soon as the consents on which the processing is based are revoked or other permissions cease to apply (e.g., if the purpose of processing this data ceases to apply or it is no longer necessary for the purpose).

Unless the data is deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons or for the preservation of evidence within the framework of statutory limitation periods.

Our data protection notices may also contain further details on the retention and deletion of data, which apply specifically to the respective processing operations.

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw consent at any time.
  • Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and certain other information.
  • Right to Rectification: You have the right to request the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  • Right to Erasure and Restriction of Processing: You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively to request the restriction of the processing of your data.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance from us.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”), within the scope of contractual and comparable legal relationships and associated measures and in the context of communication with the contractual partners (or pre-contractual), such as to respond to inquiries.

We use these data to fulfill our contractual obligations, including the obligations to perform the agreed services, any update obligations, and remedy in case of warranty and other performance issues. Moreover, we use the data to protect our rights and for purposes related to the administrative tasks associated with these obligations and the company’s organization. We also process the data based on our legitimate interests in proper and economic business management as well as security measures to protect our contractual partners and our operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we disclose the data of the contractual partners only to the extent necessary for the above-mentioned purposes or for the fulfillment of legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the framework of this data protection declaration.

We communicate which data are necessary for the above-mentioned purposes to the contractual partners before or during data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or in person.

We delete the data after legal warranty and comparable obligations have expired; the necessity of storing the data is reviewed every three years; in the case of legal archiving obligations, the deletion occurs after their expiration (end of commercial (6 years) and tax (10 years) storage obligation); data disclosed to us by the contractual partners within the scope of an order are deleted according to the specifications of the order, generally after the end of the order.

Provision of Online Services and Web Hosting

We process data of our users to enable them to use our online services. For this purpose, we process the IP address of the users, which is necessary to deliver the contents and functions of our online services to the user’s browser or device.

Use of Cookies

Cookies are small text files or other memory tags that store information on end devices and read information from them. For example, to save the login status in a user account, a shopping cart content in an e-shop, the content accessed or functions used in an online offer. Cookies can also be used for different concerns, such as functionality, security, and comfort of online offers, as well as the creation of analyses of visitor flows.

Note on Consent: We use cookies in compliance with the legal requirements. Therefore, we obtain prior consent from the users, unless it is not required by law. Consent is not required, in particular, if the storage and reading of information, including cookies, is absolutely necessary to provide a telemedia service (i.e., our online offer) expressly requested by the users. The revocable consent is clearly communicated to them and contains the information on the respective cookie use.

Note on Data Protection Legal Bases: The data protection legal basis on which we process personal data of the users using cookies depends on whether we ask them for consent. If the users agree, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies are processed on the basis of our legitimate interests (e.g., in a commercial operation of our online offer and its improvement) or if this is necessary for the fulfillment of our contractual obligations, provided the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which the cookies are used by us within the scope of this privacy policy or in the course of our consent and processing procedures.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes his end device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Also, the user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the nature and storage duration of cookies (e.g., within the scope of obtaining consent), they should assume that the cookies are permanent and that the storage duration can be up to two years.

General Notes on Revocation and Objection (Opt-out): Users can revoke their consent at any time and also declare an objection to the processing in accordance with the legal requirements, also via the privacy settings of their browser.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the framework of existing user and business relationships, the information of the requesting persons is processed to the extent necessary to respond to the contact requests and any requested measures.

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or based on a legal permission. If the contents of a newsletter are described concretely in the course of registration for the newsletter, they are decisive for the consent of the users. The registration for our newsletter normally requires the users to enter their email address. However, to provide a personalized service, we may ask for your name for a personal address in the newsletter or other information if necessary for the purpose of the newsletter.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before we delete them to be able to prove a formerly given consent. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In case of obligations to permanently observe objections, we reserve the right to store the email address for this purpose alone in a blacklist.

Logging of the Registration Process: The registration process is logged based on our legitimate interests to prove its proper course. As far as we use a service provider to send emails, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents: Information about us, our services, actions, and offers.

Objection Possibility (Opt-out): You can cancel the reception of our newsletter at any time, i.e., revoke your consents, or object to further reception. A link to cancel the newsletter is found either at the end of each newsletter or you can use the given contact options, preferably email, for this purpose.

Advertising Communication via Email, Post, Fax, or Telephone

We process personal data for purposes of promotional communication, which may be carried out via various channels, such as email, phone, mail, or fax, according to the legal requirements.

Recipients have the right to revoke consents at any time or to object to the promotional communication at any time.

After revocation or objection, we store the data necessary to prove the previously existing authorization to contact or send until three years after the end of the year of the revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest, we also store further data necessary to prevent a renewed contact (e.g., depending on the communication channel, the email address, phone number, name).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate the visitor flows of our online offer and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online offer or its functions or content are used most or invite to reuse. Similarly, we can understand which areas need optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offer or its components.

Unless otherwise specified below, profiles, i.e., data aggregated during a usage process, can be created and information can be stored in a browser or device and then read out for these purposes. The information collected includes, in particular, visited websites and elements used there as well as technical information, such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data with us or with the providers of the services we use, the processing of location data is also possible.

Furthermore, the IP addresses of the users are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) are stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on Legal Bases: If we ask the users for their consent to the use of third-party providers, the legal basis of the data processing is the consent. Otherwise, the user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

Social Media Presence

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

We point out that user data may be processed outside the European Union. This can pose risks for users because, for example, the enforcement of users’ rights could be made more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the user behavior and resulting interests of the users. The usage profiles can in turn be used to place advertisements within and outside the networks that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the computers of the users, where the user behavior and the interests of the users are stored. Moreover, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective processing forms and the opt-out options, we refer to the privacy statements and information provided by the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we note that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos, or city maps (hereinafter uniformly referred to as “content”).

The integration always presupposes that the third-party providers of this content process the IP address of the users since they could not send the content to their browser without the IP address. The IP address is thus necessary for the presentation of this content or functions. We strive to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the device of the users and contain, among other things, technical information about the browser and operating system, referring web pages, visit time, and other information about the use of our online offer, as well as be linked to such information from other sources.

Notes on Legal Bases: If we ask the users for their consent to the use of third-party providers, the legal basis of the data processing is the permission. Otherwise, the user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

Definitions

In this section, you will receive an overview of the terms used in this privacy policy. Insofar as the terms are legally defined, their legal definitions apply. The following explanations, on the other hand, are intended primarily for understanding.

  • Employees: Employees are individuals who are in an employment relationship, whether as employees, staff, or in similar positions. An employment relationship is a legal relationship between an employer and an employee, which is defined by an employment contract or agreement. It includes the employer’s obligation to pay compensation, while the employee provides their work performance. The employment relationship comprises various phases, including its establishment, where the employment contract is concluded, its implementation, where the employee performs their work activity, and its termination, whether by termination, severance agreement, or otherwise. Employee data include all information related to these individuals and within the context of their employment. This encompasses aspects such as personal identification data, identification numbers, salary and bank data, working hours, holiday entitlements, health data, and performance evaluations.
  • Master Data: Master data include essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar assignments. These data can include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Master data form the basis for any formal interaction between individuals and services, facilities, or systems by enabling a unique assignment and communication.
  • Content Data: Content data include information generated in the course of creating, editing, and publishing content of all kinds. This category of data can include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data are not limited to the actual content but also include metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
  • Contact Data: Contact data are essential information that enables communication with individuals or organizations. They include, among other things, phone numbers, postal addresses, and email addresses, as well as communication means such as social media handles and instant messaging identifiers.
  • Performance and Behavioral Data: Performance and behavioral data relate to information associated with how individuals perform tasks or behave in a certain context, such as in an educational, work, or social environment. These data can include metrics such as productivity, efficiency, work quality, attendance, and compliance with policies or procedures. Behavioral data might involve interactions with colleagues, communication styles, decision-making processes, and reactions to various situations. These types of data are often used for performance evaluations, training and development measures, and decision-making within organizations.
  • Meta, Communication, and Procedural Data: Meta, communication, and procedural data are categories that contain information about how data are processed, transmitted, and managed. Meta-data, also known as data about data, include information that describes the context, origin, and structure of other data. They can contain details about file size, creation date, the author of a document, and modification histories. Communication data capture the exchange of information between users through various channels, such as email traffic, call logs, messages on social networks, and chat histories, including the involved individuals, timestamps, and transmission paths. Procedural data describe the processes and procedures within systems or organizations, including workflow documentation, transaction logs, and activity logs, as well as audit logs used for tracking and verification of operations.
  • Usage Data: Usage data refer to information that captures how users interact with digital products, services, or platforms. This data includes a wide range of information that shows how users use applications, which features they prefer, how long they spend on certain pages, and through which paths they navigate through an application. Usage data can also include the frequency of use, timestamps of activities, IP addresses, device information, and location data. They are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Additionally, usage data play a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
  • Personal Data: “Personal data” are any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of “profiles with user-related information”, or simply “profiles”, includes any form of automated processing of personal data that consists in using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this can include different information concerning demographics, behavior, and interests, such as interactions with websites and their content, etc.).
  • Log Data: Log data are information about events or activities that have been logged in a system or network. These data typically contain information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data are often used to analyze system issues, monitor security, or generate performance reports.
  • Reach Measurement: Reach measurement (also known as web analytics) is used to evaluate the visitor flows of an online offer and can include the behavior or interests of the visitors regarding certain information, such as contents of websites. With the help of reach analysis, operators of online offers can recognize, for example, at what time users visit their websites and for which content they are interested. Thus, they can adjust the content of the websites better to the needs of their visitors. For purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more accurate analyses of the use of an online offer.
  • Location Data: Location data arise when a mobile device (or another device with the technical prerequisites for location determination) connects with a radio cell, Wi-Fi, or similar technical means and features of location determination. Location data serve to indicate the geographically ascertainable position of the earth where the respective device is located. Location data can be used, for example, to display map functions or other location-dependent information.
  • Controller: The “controller” is the natural or legal person, authority, institution, or other body that alone or jointly with others decides on the purposes and means of processing personal data.
  • Processing: “Processing” is any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and includes practically any handling of data, whether it be collecting, evaluating, storing, transmitting, or deleting.
  • Contract Data: Contract data are specific information related to the formalization of an agreement between two or more parties. They document the conditions under which services or products are provided, exchanged, or sold. This data category is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific conditions and terms of the agreement. Contract data can include start and end dates of the contract, the nature of the agreed services or products, price agreements, payment terms, termination rights, renewal options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and duties, enforcing claims, and resolving disputes.
  • Payment Data: Payment data include all information needed to process payment transactions between buyers and sellers. These data are crucial for electronic commerce, online banking, and any other form of financial transaction. They include details such as credit card numbers, bank details, payment amounts, transaction dates, verification numbers, and billing information. Payment data can also include information about the payment status, chargebacks, authorizations, and fees.