Data Protection Statement

Data Protection Statement of switch-it GmbH
and switch-it Assembling GmbH

switch-it Gmbh and switch-it Assembling Gmbh (hereinafter referred to as switch-it) undertake to comply with legal data protection requirements, which are regulated specifically in the EU General Data Protection Regulation (GDPR) and in the German Telemedia Act (TMA). We shall treat your personal data confidentially and in accordance with legal data protection regulations, as well as this Data Protection Statement.

The protection of the private sphere in the processing of personal data, as well as the security of all business data, is important concern to us, which we consider in all our business processes and take very seriously.

We process personal data collected when you visit our website confidentially and in accordance with legal requirements. Consequently, we want you to know when we collect data, what data we collect, and how we use the data.

The website can contain cross-references (links) to other providers, to whom this Data Protection Statement does not extend. Therefore, you should always review the data protection statements provided on these pages.

Changes to this Data Protection Statement may also become necessary as part of further developing our internet presence and implementing new technologies. We therefore recommend that you review this Data Protection Statement again periodically.

The use of our website is usually possible without providing personal data. If personal data (for example, name, address, or email addresses) are captured on our web pages, this is always done on a voluntary basis. These data will not be shared with third parties without your express consent.

Please be aware that there are inherent security risks in transmitting data over the internet (such as when communicating via email). It is not possible to safeguard completely against unauthorized access by third parties.

The use of contact information published as part of our duty to publish an imprint by third parties for the transmission of unsolicited advertisements and information materials is herewith expressly prohibited. The operators of the websites expressly reserve the right to pursue legal steps in the event of unsolicited sending of advertising, such as in the form of spam emails.

A.   Name and address of controllers

The controller within the meaning of the General Data Regulation and other national data protection laws of the member states, as well as of other data protection regulations, is:

switch-it GmbH
Loderweg 6
91550 Dinkelsbühl
Germany

Phone: +49 (0)9851 58999-0
Email: info@switchit.de
Website: www.switchit.de

B.   General information on data processing

1.      Scope of processing of personal data

We collect and use personal data from our users basically only to the extent this is needed to provide a functional website, as well as our contents and services. Personal data from our users is regularly collected and used only after consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent and the processing of the data is legally permitted.

1.      Legal basis for processing of personal data

Insofar as we obtain consent from the affected person for processing of personal data, Art. 6 (1) letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data that is required for fulfillment of a contract to which the affected person is party, Art. 6 (1) letter b of the GDPR serves as the legal basis. This applies also for processing that is necessary for the performance of contractual obligations.

If personal data must be processed to fulfill a legal duty to which our company is obligated, Art. 6 (1) letter c of the GDPR serves as the legal basis.

In the event that vital interests of the affected person or another natural person necessitate a processing of personal data, Art. 6 (1) letter d of the GDPR serves as the legal basis.

If the processing is necessary for preservation of a justified interest of our company or a third party and the interests, and fundamental rights and freedoms of the affected person do not outweigh the first-mentioned interest, Art. 6 (1) letter f of the GDPR serves as the legal basis for the processing.

2.          Data deletion and storage period

The personal data of the affected person will be deleted or blocked as soon as the purpose of the storage ceases to apply. Apart from that, data may can also be stored if this was provided for by the European or national legislators in union regulations, laws, or other requirements to which the responsible party is subject. Data will also be blocked or deleted upon expiration of a retention period prescribed by the aforementioned norms unless the data needs to be retained longer for conclusion or fulfillment of a contract.

C.    Provision of the website and creation of log files

1.      Description and scope of data processing

Each time our web page is accessed, our web space provider automatically collects data and information from the computer system of the calling computer.

In this process, the following data are collected:

• Information on the type of browser and the version used
• The user‘s operating system
• The user’s internet service provider
• The user‘s IP address
• Date and time of the access
• Websites from which the user’s system accessed our web page
• Websites that were accessed by the user’s system over our website.

These data are stored in the provider’s log files. These data are not stored together with other personal data of the user.

2.      Legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) letter f of the GDPR.

3.     Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the provision of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Data are stored in log files to ensure functionality of the website. In addition, the data help us optimize our website and ensure the security of our information technology systems.   The data are not analyzed in this connection for marketing purposes.

With respect to these purposes, our justified interest in processing the data is also in accordance with Art. 6 (1) letter f of the GDPR.

4.     Retention period

The data are deleted as soon as they are no longer needed to achieve the purpose for which they were collected. If data are collected for provision of the website, this is the case when the respective session is ended.

If data are stored in log files, this is the case at the latest after seven days. Retention beyond that is not possible. In this case, the user’s IP addresses are deleted or altered so that they can no longer be mapped to the calling client.

5.     Possibility of objection and removal

Collection of data for the provision of the website and storage of data in log files are necessary conditions in order to operate the website. Consequently, there is no possibility for objection by the user.

D.   Use of cookies

1.     Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser and/or by the internet browser on the user’s computer system. For example, when a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a character string that is used to uniquely identify the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified also after each page change.

The following data are stored and transmitted in the cookies:

• Language settings

2.     Legal basis for the data processing

The legal basis for the processing of personal data by using cookies is Art. 6 (1) letter f of the GDPR.

3.     Purpose of the data processing

The purpose for the use of technologically required cookies is to simplify the use of websites for the user. Some functions of our website cannot be offered without the use of cookies. For these functions, the browser must also be recognized again after a page change.

We require cookies for the following applications:

• Acceptance of language settings
• Noting of keywords.

The user data collected through technologically required cookies are not used for the creation of user profiles.

4.     Retention period, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted by it to our website. Therefore, you, as the user, also have complete control over the use of cookies. By changing the settings in your internet browser you can deactivate or limit the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, all functions may no longer be available in their full scope.

E.    Contact form and Email contact

5.     Description and scope of the data processing

A contact form is available on our website that can be used to contact us electronically. If a user takes advantage of this opportunity, the data entered in the input screen are transmitted to us and stored. These data are:

Name, email address, phone (optional), and the message or comments.

For processing the data your consent is obtained and reference is made to this Data Protection Statement as part of the sending process.

Alternatively, we can also be contacted using the provided email address. In this case, the user’s personal data transmitted with the email are stored.

In this connection, the data are not shared with any third parties but used solely for processing of the conversation.

Our employees are obligated by us to confidentiality and compliance with data secrecy provisions.

6.     Legal basis for the data processing

The legal basis for processing of the data where user consent is given is Art. 6 (1) letter a of the GDPR.

The legal basis for processing of the data that are transmitted in the course of sending an email is Art. 6 (1) letter f of the GDPR. If the email contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 (1) letter b of the GDPR.

7.     Purpose of the data processing

We process the personal data from the input screen only to process the contact. In case of contact by email, the required justified interest in processing the data is the same.

1.     Retention period

The data are deleted as soon as they are no longer needed to achieve the purpose for which they were collected. For personal data from the input screen of the contact form and data that are transmitted by email, this is the case when the respective conversation with the user is ended. The conversation is ended when it can be derived from the circumstances that the issue concerned has been resolved.

2.     Possibility of objection and removal

The user can revoke the consent for processing of personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time. In such a case, the conversation can no longer be continued.

In this case, please contact, either in writing or by email, the controller named in the introduction of this Data Protection Statement.

All personal data stored as part of the contact will be deleted in this case.

F.    Disclosure of the data to third parties / service providers

Your data are not disclosed to third parties.

G.   Rights of the affected person

If your personal data are processed, you are the affected person according to the GDPR and are entitled to the following rights with respect to the controller:

1.      Right of information

You can demand from the controller a confirmation as to whether personal data relating to you are processed by us.

If such processing is given, you can demand from the controller the following information:

(1)       The purposes for which the personal data are processed;

(2)       The categories of personal data that are processed;

(3)       The recipient and/or categories of recipients to whom personal data relating to you were or will be disclosed;

(4)       The planned retention period of personal data relating to you or, if specific information in this regard is not available, the criteria for determining the retention period;

(5)       The existence of a right to correction or deletion of the personal data relating to you, a right to restriction of processing by the controller or a right of objection to this processing;

(6)       The existence of a right to lodge a complaint with a supervisory authority.

You have the right to demand information as to whether the personal data relating to you are transmitted to a third country or an international organization. In this connection, you can demand to be informed of the appropriate guarantees in accordance with Art. 46 of the GDPR in connection with the transmission.

2.      Right to correction

You have a right to correction and/or completion with respect to the controller, if the processed personal data relating to you are incorrect or incomplete. The controller must make the correction immediately.

3.      Right to restriction of processing

You can demand that the processing of personal data relating to you be restricted under the following conditions:

(1)       If you dispute the accuracy of the personal data relating to you for a period that allows the responsible party to review the accuracy of the personal data;

(2)       The processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of use of the personal data;

(3)       The controller no longer requires the personal data for the purposes of processing but you need the data for assertion, exercise, or defense of legal claims, or

(4)       If you have entered an objection against the processing pursuant to Art. 21 (1) of the GDPR and it has not yet been determined whether the justified reasons of the controller outweigh your reasons.

If the processing of the personal data relating to you were restricted, these data may be processed – apart from their retention – only with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons relating to an important public interest of the European Union or a member state.

If the restriction of processing was limited in accordance with the aforementioned conditions, you will be notified by the controller before the restriction is lifted.

4.      Right to deletion

a)     Obligation to delete

You can demand from the controller that the personal data relating to you be deleted immediately, and the controller is obligated to delete these data immediately, if one of the following conditions applies:

(1)       The personal data relating to you are no longer required for the purposes for which they were collected or otherwise were processed.

(2)       You revoke your consent on which the processing was based in accordance with Art. 6 (1) letter a or Art. 9 (2) letter a of the GDPR, and there is no other legal basis for the processing.

(3)       You object to the processing in accordance with Art. 21 (1) of the GDPR and there are no overriding justified reasons for the processing, or you object to the processing in accordance with Art. 21 (2) of the GDPR.

(4)       The personal data relating to you were processed unlawfully.

(5)       The deletion of the personal data relating to you is required for the fulfillment of a legal obligation based on European Union law or the law of member states to which the controller is subject.

b)     Exceptions

The right to deletion does not apply if the processing is required

(1)      For the fulfillment of a legal obligation that requires the processing based on European Union law or the law of member states or for performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or

(2)       For the assertion, exercise, or defense of legal claims.

5.      Right of notification

If you have asserted the right to correction, deletion, or restriction of processing with respect to the controller, the controller is obligated to notify all recipients to whom the subject personal data were disclosed of this correction or deletion of data or restriction of processing, unless this proves to be impossible or would involve unreasonable expense or effort.

You have the right to be informed of these recipients by the responsible party.

6.      Right to data portability

You have the right to receive the personal data relating to you that you have provided to the controller in a structured, commonly used, and machine-readable format and to transmit these data to another controller without hindrance from the controller to which the data were provided, if

(1)       The processing is based on consent in accordance with Art. 6 (1) letter a of the GDPR or Art. 9 (2) letter a of the GDPR or on a contract in accordance with Art. 6 (1) letter b of the GDPR and

(2)       The processing is carried out by automated means.

In exercising this right, you also have the right to have the subject personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.      Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data relating to you that is based on Art. 6 (1) letter e or f of the GDPR.

The controller will no longer process the personal data relating to you unless he or she can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8.      Right to revocation of the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9.      Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you violates the GDPR.

The supervisory authority with which the complaint was lodged will inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 of the GDPR.