State: 10 December 2018
Thank you for the interest you have shown in POLYAS. The protection of your data is important to us and we would like you to feel secure when visiting our websites. It is important that you know what data is collected and how it is used when using our online services. In this privacy statement, we (POLYAS) inform you about the processing of personal data when using our website and our products.
The term "personal data" is information, which relates to an identifiable or unidentifiable person. This includes, above all, information that enable conclusion to be drawn about your identity, such as your name, telephone number, address or e-mail address. Statistical data that we collect, for example, when you visit our website cannot be associated with your person and is not covered by the term "personal data".
You may print out or save this privacy statement by using the relevant function in your browser.
1. Contact Person
The contact person and person responsible for the processing of your personal data in line with the EU General Data Protection Regulation (GDPR) is POLYAS GmbH, Marie-Calm-Straße 1-5, 34131 Kassel, Deutschland, Telephone number: +49 (0)30 88 06 01 00 0, E-Mail: firstname.lastname@example.org.
For any questions regarding data protection in connection with our products or the use of our website, please contact our data protection officer. Our delegated contact person can be reached at the following e-mail address: email@example.com.
2. Data processing on our Website
2.1. Accessing our website / access data
Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data include:
- The IP-Address of the relevant appliance,
- The date and time the site was accessed,
- The address of the relevant web-page and site,
- Information about the browser and operating system being used to access the website,
- Online-Identifiers (e.g. Device ID, Session-ID).
The processing of access data is necessary to enable our website to be accessed and ensures the long-term functionality and security of our systems. Access data is temporarily stored in internal log files in order to provide statistical information on the usage of our website. This helps to further develop our website by analysing the usage habits of our visitors (e.g. the share of mobile devices, which the pages are retrieved) and to maintain the basic administrative aspects of our website. The legal basis is Art. 6, Para. 1, Sent 1 lit. b GDPR.
All information stored in the log files does not allow any direct inference to your person. We store IP addresses in a shortened, anonymised form only.
You have different ways to get in contact with us, including a web-based contact form. In this regard, we only process data with the sole purpose of contacting with you. The legal basis is Art. 6 Para. 1 Sent. 1 lit. b GDPR. The data collected from us during this communication will be automatically deleted after your request has been processed fully, unless we need your request for the fulfilment of contractual or legal obligations.
In individual countries, we work together with distribution partners to whom we, among other things, submit your contact details, so that they can submit a country-specific offer for the use of our products on our behalf. The legal basis for this data processing is Art. 6 Para. 1 Sent. 1 lit. b, f GDPR.
You may register in our login area in order to enjoy the full functionality of our website. We have highlighted the data you will have to provide in compulsory fields. It is not possible to register without providing this data. The legal basis is Art. 6 Para. 1 Sent. 1 lit. b GDPR.
2.4. Taking part in elections
When you take part in an election, specific election data is collected. Only data that is necessary for the election is collected. These are:
- Identifications data (e.g. your PIN and TAN),
- An indication that you have voted (comparable to being ticked off the electoral register after voting at in a traditional election),
- How you have cast your vote (you completed ballot paper - this is encrypted and saved)
Your identification data and the information you have selected will be used exclusively for your one-time vote.
The election itself is anonymous, which means that it is impossible at any time for us, or the election organizer to alter your voting preferences or to change your cast ballot. The anonymous ballots are encrypted and stored. They are only used to determine the election result.
After the election, the election organizer can request a list indicating who took part in the election. The election organizer, therefore, has the opportunity to learn the voting behaviour of individual voters.
The legal basis for this data processing is Art. 6 Abs. 1 S. 1 lit. b GDPR.
You have the possibility to subscribe to our newsletter in which we will regularly inform you about the latest news from POLYAS.
For our newsletter subscriptions, we use the so-called Double Opt-In procedure. In this way we will only send you newsletters once you have confirmed your subscription by clicking on the link that is sent to the email address that you have provided. This confirms that you want to subscribe to the newsletter and that you are the owner of the email address. If you choose to confirm your e-mail address, we will save your e-mail address, the time of registration, and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose storing this data is to send you the newsletter and to confirm your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. You may also send a letter (email or by post) to the address listed in the newsletter to unsubscribe. The legal basis for this data processing is Art. 6 Para. 1 Sent. 1 lit. b GDPR.
We use commercially available technologies in our newsletters to measure our subscribers' interactions with our newsletters (e.g. opening the email, clicked links). We use this data in pseudonymised form for general statistical analysis and optimisation as well as for the further development of our content and customer communications. This is done with the help of small graphics which are imbedded in the newsletter (so called Pixels). The collected data is pseudonymised and not linked to your personal data. The Legal basis for this is our aforementioned legitimate interest acc. Art. 6 Para. 1 Sent. 1 lit. f GDPR.
Our newsletter is aimed to share relevant information with our customers and to better understand our readers are interested in. If you do not wish us to analyse the usage behaviour, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. You can unsubscribe from our newsletter at any time, for example at the bottom of every newsletter you will find an "unsubscribe" link. Alternatively, you can contact us via the aforementioned contacted details.
2.6. Job applications
You can apply to us at any time. We collect applicant data for the possibilities of future employment. The following data is collected to process your application: first name, last name, E-mail address, application documents (Cover letter, CV, references etc.), the earliest starting date and salary expectations. The legal basis for the processing of your application documents is Art Para. 1 Sent. 1 lit. b and Art. 88 Para. 1 GDPR, in conjunction with § 26 Para. 1 Sent. 1 BDSG.
2.7. Privacy Agreement for the use of Google Web Fonts
This site uses so-called web fonts, provided by Google, for the uniform representation of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. If your browser does not support web fonts, a default font will be used by your computer.
For some of our services it is necessary that we use so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or to load viruses onto your computer. The main purpose of our own cookies is rather to provide you with a tailor-made offer and to help you use our services as quickly and efficiently as possible.
The legal basis for the data processing described in the following section is Art. 6 Para. 1 Sent. 1 lit. f GDPR and is based on our legitimate interest in providing you with personalized advertising.
In the following section, we explain more about these technologies and their providers. The data collected include:
- The IP-Address of the relevant appliance,
- The Date and time the site was accessed,
- The address of the relevant web-page and site,
- Information about the browser and operating system being used to access the website
All collected data is pseudonymised and saved so that no direct conclusions can be drawn on the person.
In the following descriptions of the technologies we use, you will find information on the right to prevent our analysis and advertising measures by use of an opt-out cookie. Please note that if you delete all of the cookies in your browser, or use a separate browser & / profile, the opt-out cookie must be re-enabled.
Below we describe the ways to prevent our analysis and advertising measures. Alternatively, you can set your preferences on the websites Truste or Your Online Choices, which bundle preventions for data tracking on many websites and advertisers. Both sites allow opt-out cookies, which deactivate all advertisements at once for the listed providers or alternatively you can set your preferences for each provider individually.
2.9.1. Bing Ads
Use of these technologies enables Microsoft and its affiliate websites to serve ads based on previous visits to our or other websites on the Internet. The resulting data in this context can be transmitted by Microsoft for evaluation to a server in the US and stored there. In the event that personal information is transferred to the US, Microsoft has submitted to the EU-US Privacy Shield.
You can prevent the storage of cookies by setting your browser accordingly (as described above); however, please note that you may not be able to use all of functions of our website. You may also prevent Microsoft from collecting the data generated by the cookies related to your use of the Website, as well as the processing of this data by Microsoft, by disabling the personalised ads on the Microsoft disclaimer page (DE). Please note that in this case, after the deletion of all cookies in your browser or the later use of another browser and / or profile, the contradiction must be explained again.
2.9.2. Google Analytics
The data collected in this context can be transmitted by Google for evaluation to a server in the USA and stored there. In the event that personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield. However, your IP address will be truncated before the usage statistics are evaluated so that no one can identify your identity. For this purpose, Google Analytics has been enhanced on our website with the code "anonymizeIP" to ensure an anonymised collection of IP addresses. Google will process the information obtained through cookies in order to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and Internet usage.
If you have a Google Account and have activated personalized ads in your Google Account, Google can use your website behavior to create data models and reports that show, for example, on which device you first clicked on an ad and on which device a purchase has likely taken place. These data models and reports are sample based and anonymously pseudonymized which prevents us from obtaining personally identifiable information about you or other individual Google users. If you're using a Google Account, you can edit the ad settings and opt-out of personalized ads by Google at https://adssettings.google.com/authenticated. For more information about Google Signals, please visit Google at https://support.google.com/analytics/answer/7668466?hl=en&ref_topic=7668613.
Furthermore you can prevent the collection of your data by Google Analytics by clicking on the following link: An opt-out cookie will be created which prevents the collection of your data on future visits to this website: disable Google Analytics
2.9.3. Visual Website Optimizer (VWO)
On our website we use Visual Website Optimizer ("VWO"), a web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India ("Wingify").
You can prevent the storage of cookies by adjusting your browser as described above or deleting already stored cookies. In addition, you may object to the collection of data generated by the cookie related to your use of the website (including your anonymised IP address) to Wingify and the processing of this data at any time for the future. You can opt out of your cookie data being collected in the future by following this link: http://www.polyas.com?vwo_opt_out=1.
3. Social Media
3.1. Social Plugins and the data protection tool Shariff
Our website uses so-called "social plugins". We currently use integrated buttons from namely Facebook, Twitter, Google+, Xing and LinkedIn. We do not collect personal data through the use of these "Social Plugins”. In order to prevent information being transmitted without your knowledge, in particular to the USA, we use “Shariff”. This ensures that when you visit our website, no personal data is forwarded to the providers of these Social Plugins. In line with our obligations to inform you under Article 13 of the GDPR, we would like you to know that data can only be transmitted to the service provider and stored there once you click on any of the social plugins.
We operate a fan page on social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook"), in joint responsibility, to communicate with interested parties and followers, among others, and to inform and talk about our products and services.
At the same time, Facebook may provide us with statistics on the use of our Fanpage by fanpage users, such as information about interactions, likes, comments or aggregated information and statistics (such as age or origin of our followers) that help us learn about interactions with our site. For more information on the nature and scope of these statistics, see the Facebook Site Stats Tips, and for respective responsibilities see the Facebook Page Insights Supplement. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR based on our aforementioned legitimate interest.
4. Transferral of Data
Data collected by us is only transferred if:
- you have given your express consent for us to do so according to Art. 6 Para. 1 Sent. 1 lit. a GDPR,
- according to Art. 6 Para. 1 Sent. 1 lit. f GDPR the data is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in refraining from passing on your data,
- we are legally required to transfer data according to Art. 6 Para. 1 Sent. 1 lit. c GDPR or
- this is legally permissible and according to Art. 6 Para. 1 Sent. 1 lit. b GDPR is required for the execution of contractual relationships with you or for the execution of pre-contractual measures, which are carried out at your request.
Furthermore, your data may be disclosed in connection with government inquiries, court orders and legal proceedings if your data is required for prosecution or law-enforcement.
5. Storage Period
Typically, we only store personal data as long as necessary to fulfil the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. At the earliest, any claims are barred after this legal limitation period has ended.
We sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations, which may arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two to ten years.
6. Your Rights
You have the right to request information about how we process your personal data at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of the data stored about you.
If data stored on us should be incorrect or out of date, you have the right to have this information corrected.
You may also request your data to be deleted. If your data is prevented from being deleted due to legal provisions in exceptional cases, the data will be blocked, so that they are only available for these legal purposes.
You can also limit the processing of your data, such as: for example, if you believe that the information we hold is incorrect. You also have the right to have your data transferred, meaning that we will send you a digital copy of the your submitted personal data.
In addition, you have the right to object to data processing, which is based on Art. 6 Para. 1 Section. e & f GDPR. You have the right to complain to our Data Protection Authority. You can assert this right with a supervisory authority in the Member State in your place of residence, your place of work, or the place of the alleged breach. In Berlin, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße. 219, 10969 Berlin.
7. Withdrawal and withdrawal of consent
In line with Art. 7 Para. 2 GDPR, you have the right to revoke the consent you have given us at any time. As a result, we will not continue to process your data. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the withdrawal.
Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 Para. 1 Sent. 1 Section f GDPR, you have the right, in accordance with Art. 21 GDPR, to appeal against the processing of your data insofar as there are reasons for this arising from your particular situation, or if the objection is directed against the direct mail. In the latter case, you have a general right of objection, which is implemented by us without the need to state reasons.
If you would like to exercise your right to withdraw or object, it is sufficient to send an informal message to the aforementioned contact details.
8. Data Security
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as from unwanted third parties. These are adjusted according to current technologies. We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as prior knowledge of third parties. These are adjusted according to the current state of technology. To maintain the confidentiality and integrity of the information you provide on our website, this information is transmitted via https and Transport Layer Security (TLS).