Data Protection Statement of the finally safe GmbH
finally safe, a manufacturer of the intelligent Advanced Security Analytics Platform treats data security and data protection as a top priority. This requirement relates to all customers, suppliers and employees, and applies for all of our fields of activity and working processes.
The controller is defined by the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union is:
finally safe GmbH
45138 Essen, Germany
Management Board: Michael Böffel
T: +49 201 54 54-1060
F: +49 201 54 54-1019
Data protection is of particular importance for the management of finally safe GmbH. For this reason, we would like to explain to you in this data protection declaration how we protect your privacy when you share your personal data with us via this website.
You can contact the data protection officer at finally safe using the following contact details:
Dr. Kay Rathke
45138 Essen, Germany
To the extent that personal data (for example your first and last name, title, company, role, activity, postal address, email address, phone number, customer number, order number, invoice data, username, or IP address) are collected on our website, where possible this is always on a voluntary basis. Sensitive data such as information regarding health, political opinion, religion or trade union membership or other information is not collected by our website.
The definitions used such as “personal data” or their “processing” correspond to the definitions stated in Article 4 of the General Data protection Regulation (GDPR).
Accordingly, the term personal data refers to all information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or an identification number, a code number, location data, an online code, or one or multiple special features.
Personal data concerning individuals under the age of 16
Our website is not intended for minors. finally safe does not target its website to minors and does not knowingly collect personal data from minors without parental or guardian consent.
Collecting and processing personal data
The personal data concerning data subjects processed in the context of the finally safe website includes core data (for example names and addresses of interested parties or customers), usage data (for example their interest in our products and services), core data concerning applicants in the context of online applications (for example personal details and information regarding professional experience and education) and content-related data (for example entries in the contact form).
The categories of data subjects affected by data processing include our business partners, customers, interested parties, and other visitors to our website.
We process your personal data in compliance with the relevant data protection provisions. This means that your data are only processed if there is legal authorisation to do so. Data is processed in particular to provide our contractual services, where consent has been provided, and based on our legitimate interests (for example the interest in the analysis, optimisation, and security of our website as defined by point (f) of Article 6(1) GDPR).
The legal basis for consent is point (a) of Article 6(1) GDPR and Article 7 GDPR; the legal basis for processing to provide our services and implement contractual measures is point (b) of Article 6(1) GDPR.
Purposes of data processing
Depending on how you interact with our website, we collect, process and use your personal data for the following purposes: We may respond to your inquiries for customer relationship management purposes, send you our newsletter after appropriate registration, provide you with protected downloads or optimize our website.
For inquiries we collect the following data from you: Salutation, title, first name, surname, company, industry, company size, department, e-mail address, telephone number. We collect the following data from you for sending protected downloads and topic-specific offers: First name, last name, company, e-mail address, industry, department, company size.
When you register for the newsletter, we collect your e-mail address. finally safe GmbH informs its customers, business partners and interested parties at regular intervals by means of a newsletter about offers of the company. The newsletter of our company can only be received by the person concerned if (1) the person concerned has a valid e-mail address and (2) the person concerned registers for the newsletter dispatch. For legal reasons, a confirmation e-mail in the double opt-in procedure is sent to the e-mail address entered by the person concerned for the first time for sending the newsletter. This confirmation e-mail serves to check whether the owner of the e-mail address has authorized the receipt of the newsletter as the person concerned.
Data collection and processing are limited to what is necessary for processing due to the reduced selection of mandatory fields. When you register for an event, we collect information necessary for your participation in and organization of such events.
The data are stored for these purposes or as stipulated by the applicable law and subsequently erased. Personal data is exclusively collected and processed for the specific purpose of achieving the business objectives of finally safe, in accordance with legal requirements.
Passing on of personal data
Your personal data is only passed on within the framework of legal requirements. We only pass the data on to third parties if this is necessary for contractual purposes, for example on the basis of point (b) of Article 6(1) GDPR, or on the basis of legitimate interests pursuant to point (f) Article 6(1) GDPR in the economic and effective operation of our company.
Your personal data will not be disclosed to third parties unless you have approved such disclosure, or such disclosure is permissible according to the applicable law, for example if this is required for the fulfilment of a contract concluded with you. If you submit a query that relates to a subsidiary of finally safe, this query may be passed on to the corresponding Group company together with the information required for responding to the query. The subsidiaries are located within the European Union and the European Economic Area.
In as far as we use subcontractors for the provision of our services, we implement appropriate legal precautions as well as corresponding technical and organisational measures in order to ensure the protection of personal data pursuant to the relevant legal requirements.
If personal data are transferred to third countries, such transfer takes place exclusively based on an appropriate level of data protection, consent from the data subject, or legal authorisation.
Cookies are small text files that are stored locally in the buffer of the website visitor’s internet browser.
Use of Matomo
finally safe GmbH has integrated the Matomo component into this website. Matomo is an open-source software tool for web analysis. Web analysis is the capture, collection and evaluation of data relating to the behaviour of visitors to websites. A web analysis tool captures data including, among other data, the web page from which a data subject has arrived at a web page (called the referrer), which subpages on the website have been accessed, or how often and for what duration a subpage has been viewed. Web analysis is used to optimise our website. The software is operated on the server of the data controller, and log files that are sensitive under data protection law are stored exclusively on this server. The purpose of the Matomo component is to analyse visitor flows on our website. The data processor uses the obtained data and information for purposes including, among others, evaluating the use of this website in order to put together online reports that demonstrate activities on our webpages.
Matomo sets a cookie on the data subject’s information technology system. The last two digits of the IP address are anonymised before the save process. In the context of this technical procedure, we become aware of personal data such as the data subject’s IP address; this data enables us to verify the origin of the visitor and clicks, among other information. Personal information such as the time of access, location from which access occurred, and the frequency of visits to our website is stored using cookies. Every time our website is visited, this personal data – including the IP address of the internet connection used by the data subject – is transferred to our server. We store this personal data. We do not pass this personal data on to third parties.
The data subject may prevent cookies being set by our website at any time by amending the corresponding setting in the web browser they use, and can permanently object to the setting of cookies using the following link: https://matomo.org/docs/privacy/
However, please note that doing this may mean that not all the functions of this website can be used to their full extent.
Use of Twitter
finally safe has integrated Twitter components into this website. Twitter is a multilingual, publicly accessible microblogging service on which users are able to publish and circulate tweets – i.e. short messages which are limited to 280 characters. The short messages can be accessed by anyone, including individuals who are not signed in to Twitter. However, the tweets are also shown to the respective user’s followers. Followers are other Twitter users who follow a user’s tweets. In addition, Twitter makes it possible to address a wide audience using hashtags, links and retweets. The company that operates Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
The Twitter link integrated onto our site is not integrated via a Twitter Social Plugin. The integrated Twitter link only contains a http link to our Twitter page. This means that no direct connection with the Twitter servers is created when you access our site.
finally safe uses extensive technical and organisational safety measures (TOMs) to ensure that the personal data you make available to us are not compromised and do not become known to unauthorised third parties through accidental or intentional manipulation, loss or destruction. Our safety measures are improved and adapted on an ongoing basis in line with technological development.
In particular, the security measures include the encrypted transfer of data between your browser and our server.
Please note that there may be security vulnerabilities when transferring data online (such as when communicating by email). It is not possible to protect data completely against access by third parties.
Your rights as a data subject
You are also entitled to certain rights in the context of the processing of your personal data. Further detail on this can be found in the corresponding provisions of the General Data Protection Regulation. You may email the following address at any time to assert your rights:
Right to access and rectification
You have the right to receive access and information (Article 15 GDPR) with respect to which of your personal data we process. In as far as this information is no longer accurate, you may request that we rectify the data and, if they are incomplete, you may request that we supplement them. In as far as we have passed your data onto third parties, we will inform the corresponding third parties provided that the legal circumstances dictate that we do so.
Right to be forgotten (erasure)
You have the right to request the erasure of your personal data (Article 15 GDPR). Pursuant to the applicable data protection provisions, we do not store your personal data for longer than we needed for the purposes of the respective processing. If the data is no longer required for the fulfilment of contractual or legal obligations, we will delete the data on a regular basis unless their further time-limited retention continues to be necessary.
Right to restriction of processing
You may request that we restrict the processing of your personal data for any of the following grounds:
- If you dispute the accuracy of the data – until we have had the opportunity to satisfy ourselves of the accuracy of the data;
- If the data are processed unlawfully, but you request merely the restriction of the usage of the personal data rather than their erasure;
- If we no longer needs the data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims;
- If you have submitted an objection to processing and it has not yet been determined whether your legitimate interests override ours.
Right to data portability
You have the right to receive, on request, in a transferable and machine-readable format, the personal data that you have provided to us for processing.
Right to object
In cases in which your personal data are used for marketing measures, you may at any time submit an objection to this form of processing. We will then no longer use your personal data for these purposes.
If processing is in the public interest or takes place on the basis of a balancing of interests, you have the right to object to processing for grounds that arise from your particular situation. If you submit objection, we will not process your personal data unless we are able to prove binding legitimate grounds for such processing, which override your interests, rights and freedoms, because your personal data serve the establishment, exercise or defence of legal claims. The objection does not contradict the legality of processing that has taken place before the submission of the objection.
Right to withdraw your consent
You have the right to withdraw your consent at any time. Withdrawing consent shall not impact the legality of processing that has taken place on the basis of the consent until withdrawal.
Right to lodge complaints with the supervisory authority
We always endeavour to process your queries and claims as quickly as possible in order to appropriately safeguard your rights. However, if you are not satisfied with our answers and responses, or if you are of the view that we are in breach of the applicable data protection law, you are free to lodge a complaint with our data protection officer and the relevant supervisory authority. The supervisory authority relevant for us is:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2 – 4
40213 Düsseldorf, Germany
Links to other websites
The finally safe website may contain links to other websites. We do not take responsibility for the data protection provisions or the content of external websites.
Amendments to the data protection statement
We reserve the right to make amendments to the data protection statement in order to adapt it to changed legal circumstances, or in the event of changes to services as well as data processing. We ask that users keep up-to-date with respect to the content of the data protection statement on an ongoing basis.
Date of coming into effect: May 22, 2018