Privacy Policy | Doublecheck IT

This privacy policy informs you about the type, scope, and purpose of the processing of personal data within our online offering and the associated websites, services, platforms, functions, and content. With regard to the terminology used, such as “personal data” or “processing,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller
Doublecheck IT GmbH
Königstuhlweg 4c
12107 Berlin

Commercial Register: 188189 B
Register Court: Local Court of Charlottenburg

Represented by:
Robin Kolze and Patrick Kolze

Data Protection Officer
Robin Kolze
Königstuhlweg 4c
12107 Berlin
info@doublecheck-it.de

Types of Data Processed

Inventory data (e.g. names, addresses)
Contact data (e.g. email, phone numbers)
Content data (e.g. text entries)
Usage data (e.g. interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)

Processing of Special Categories of Data – Art. 9 (1) GDPR
In principle, no special categories of data are processed unless provided by users, e.g. entered in online forms.

Categories of Data Subjects

Customers / Prospective customers
Visitors and users of the online offering

We refer to the data subjects collectively as “users.”

Purpose of Processing

Provision of the online offering, its contents, and functions
Fulfillment of contractual obligations, service, and customer support
Responding to contact inquiries and communication with users

Effective date: January 1, 2021

1. Relevant Legal Bases

Pursuant to Art. 13 GDPR, we inform you of the legal bases for our data processing. Unless otherwise stated in this privacy policy, the following applies:

The legal basis for obtaining consent is Art. 6 (1)(a) and Art. 7 GDPR.
The legal basis for processing for the performance of our services and execution of contractual measures as well as responding to inquiries is Art. 6 (1)(b) GDPR.
The legal basis for processing to fulfill our legal obligations is Art. 6 (1)(c) GDPR.
The legal basis for processing to safeguard our legitimate interests is Art. 6 (1)(f) GDPR.
In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1)(d) GDPR serves as the legal basis.

2. Changes and Updates to the Privacy Policy

We ask you to regularly review the content of our privacy policy. We will update the privacy policy as soon as changes in our data processing activities make this necessary. We will inform you if such changes require your participation (e.g. consent) or individual notification.

3. Security Measures

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transfer, availability, and separation. We have also established procedures to safeguard data subject rights, deletion of data, and responses to data threats.
Additionally, we take the protection of personal data into account already during development or selection of hardware, software, and processes, in line with the principle of privacy by design and privacy by default (Art. 25 GDPR).
This includes, in particular, encrypted transmission of data between your browser and our server.

4. Cooperation with Processors and Third Parties

If, within our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. where transmission of data to third parties, such as payment service providers, is necessary to fulfill the contract under Art. 6 (1)(b) GDPR), your consent, a legal obligation, or our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with processing data on the basis of a so-called “processing contract,” this is done on the basis of Art. 28 GDPR.

5. Transfers to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)) or do so as part of using third-party services, disclosure, or transfer of data to third parties, this only occurs if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special conditions of Art. 44 ff. GDPR are met. This means processing is based, for example, on special safeguards, such as the officially recognized determination of a data protection level equivalent to that of the EU (e.g. the US under the “Privacy Shield”) or compliance with officially recognized contractual obligations (so-called “standard contractual clauses”).

6. Rights of Data Subjects

You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about such data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
You have the right, in accordance with Art. 16 GDPR, to request completion of your data or correction of inaccurate data concerning you.
You have the right, under Art. 17 GDPR, to request immediate deletion of data concerning you, or alternatively, under Art. 18 GDPR, to request restriction of processing.
You have the right to request receipt of the data you have provided to us in accordance with Art. 20 GDPR and its transmission to other controllers.
Furthermore, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

7. Right of Withdrawal

You have the right to withdraw consent granted pursuant to Art. 7 (3) GDPR with effect for the future.

8. Right to Object

You may object to the future processing of your data at any time in accordance with Art. 21 GDPR. In particular, the objection may be made against processing for direct marketing purposes.

9. Cookies and Right to Object to Direct Marketing

You can read our cookie policy separately here.

10. Deletion of Data

The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. That means the data will be locked and not processed for other purposes.
In Germany, statutory retention is particularly 6 years under § 257 (1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, business letters, booking receipts, etc.) and 10 years under § 147 (1) AO (books, records, reports, booking receipts, commercial and business letters, tax-relevant documents, etc.).

11. Contacting Us

When contacting us (via contact form or email), the user’s details are processed to handle the contact request and its processing in accordance with Art. 6 (1)(b) GDPR.
User data may be stored in our Customer Relationship Management System (“CRM system”) or comparable request management systems.
We delete inquiries if they are no longer required. We review necessity every two years; inquiries from customers with a customer account are stored permanently and refer to the details in the customer account for deletion. In the case of legal archiving obligations, deletion takes place after their expiry (end of 6-year commercial and 10-year tax retention obligations).

12. Collection of Access Data and Logfiles

On the basis of our legitimate interests within the meaning of Art. 6 (1)(f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page), IP address, and requesting provider.
Logfile information is stored for a maximum of 14 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the incident is finally resolved.

13. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of our legitimate interests (i.e. interest in analysis, optimization, and efficient operation of our online offering within the meaning of Art. 6 (1)(f) GDPR). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law.
Google will use this information on our behalf to evaluate users’ use of our online offering, to compile reports on activities within the online offering, and to provide other services related to use of the online offering and internet usage. Pseudonymous usage profiles of users may be created from the processed data.
We use Google Analytics only with IP anonymization enabled. This means the IP address of users will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users can also prevent the collection of data generated by the cookie and related to their use of the online offering as well as the processing of such data by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en.
Further information on data usage by Google, settings, and opt-out options can be found on the following Google websites:

https://www.google.com/intl/en/policies/privacy/partners (“Data use by Google when you use our partners’ sites or apps”)
https://policies.google.com/technologies/ads (“Data use for advertising purposes”)
https://adssettings.google.com/authenticated (“Manage information Google uses to show you ads”)

14. Google Remarketing / Marketing Services

We use the marketing and remarketing services of Google LLC (“Google”) based on our legitimate interests (i.e. interest in analysis, optimization, and efficient operation of our online offering within the meaning of Art. 6 (1)(f) GDPR).
Google is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law.
The Google Marketing Services allow us to display targeted advertisements for and on our website so that users are only presented with ads that potentially match their interests. For example, if users are shown ads for products in which they have shown interest on other websites, this is referred to as “remarketing.”

For this purpose, a code is executed directly by Google when our and other websites where Google Marketing Services are active are accessed, and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie is stored on the user’s device. The cookies may be set from various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com.

The information stored in the cookie includes which websites users visit, what content they are interested in, what offers they clicked, as well as technical information on browser and operating system, referring websites, visit time, and further details on usage. The IP address of users is also collected, but within Google Analytics it is truncated in the EU/EEA, and only in exceptional cases fully transferred to the US. The IP address will not be merged with other Google data.

Users’ data are processed pseudonymously within Google Marketing Services. That means Google does not store or process the name or email address of users but instead processes the relevant cookie-related data within pseudonymous user profiles. From Google’s perspective, the ads are not managed and displayed for a specifically identified person but for the cookie holder, regardless of who that holder is. This does not apply if users have explicitly permitted Google to process the data without pseudonymization.

Among the Google Marketing Services used by us is the online advertising program “Google AdWords.” Each AdWords customer receives a different “conversion cookie.” Cookies cannot therefore be tracked across AdWords customers’ websites. The information obtained using the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking.

We may also use Google’s DoubleClick service to display third-party ads, as well as Google AdSense to display third-party ads. Both use cookies to enable ad placement based on users’ visits to this and other websites.
We may also use Google Optimizer (A/B testing), as well as Google Tag Manager to manage these services.

Further information on Google’s use of data for marketing purposes can be found here: https://policies.google.com/technologies/ads, and Google’s privacy policy at: https://policies.google.com/privacy.
If you wish to opt out of interest-based advertising from Google Marketing Services, you can use Google’s opt-out options: https://adssettings.google.com/authenticated.