Skip to main content

Privacy Policy

Privacy Notice

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.

Controller within the meaning of data protection law
figawa Service GmbH
Mevissen Str. 1
50668 Köln
info@figawaservice.de
+49 221 270799 20

Contact details of the Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de
Dominik Fünkner
Leopoldstr. 21
80802 München
datenschutzbeauftragter@datenschutzexperte.de

When contacting our Data Protection Officer, please specify the company to which your request relates. Please refrain from enclosing sensitive information such as a copy of an identification document with your request.

Definitions

Our privacy notice should be simple and understandable for everyone. For this reason, our privacy notice generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.
In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of Sect. 25 para. 1 s. 1, para. 2 no. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of Sect. 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

Webhosting

This website is hosted by an external service provider. This website is hosted in Germany. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.
We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR.
We have concluded a Data Processing Agreement with the hoster in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

1. Data processing by visiting our website (Server-Logfiles)

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

• IP address
• Directory protection userDate and time
• Date and time
• Time of day
• Pages accessed
• logs
• status code
• Data volume
• Referrer
• user agent
• Called host name

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes. The log files serve to evaluate system security and stability as well as administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. The IP addresses are stored in anonymised form. The anonymised IP addresses are stored for 60 days. Details of the directory protection user used are anonymised after one day.
Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these include the accessing IP address and, depending on the error, the website accessed.

Access via FTP is logged with anonymised details of the user name and IP address and stored for 60 days.

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising.
The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.
The processing of personal data using other cookies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you separately about this in this privacy notice and obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can set your browser to

• be informed about the setting of cookies,
• only allow cookies in individual cases,
• exclude the acceptance of cookies for certain cases or generally,
• activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera

You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called „do-not-track function“. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be „tracked“ for behavioural advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera

Additionally, you can prevent the loading of so-called scripts by default. „NoScript“ allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

Change cookie settings

You can withdraw or change your cookie settings at any time. To do this, call up the cookie settings in the footer again.


2. Processing on our website

Processing in the context of membership

As part of your membership or application for such membership, we process the personal data you provide for the purpose of contract processing. We process the following personal data as part of your membership:

• first name, surname and title
• e-mail address
• address
• date and time of registration

The legal basis for the collection and processing of data in the context of membership and events is Art. 6 para. 1 lit. b GDPR. In addition, freely given information can be provided (e.g. telephone number, etc.). The legal basis for the processing of freely given information is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The erasure of this data takes place after expiry of the applicable statutory retention obligations. If we are not subject to any statutory retention obligations, the data will be erased when the purpose no longer applies.

Contact by e-mail
If you send us requests by e-mail, your details from the e-mail, including the contact details you provided there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. We will never pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your enquiry is aimed at concluding a contract. Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.


3. Organisation of online events and webinars (Microsoft Teams)

We use the „Microsoft Teams“ tool to hold online events and webinars (hereinafter: „online meetings“). „Microsoft Teams“ is a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: „Microsoft“).

The Controller for data processing directly related to the organisation of „online meetings“ is the entity named at the beginning of this privacy notice.

If you access the „Microsoft Teams“ website, the provider of „Microsoft Teams“ is the Controller for data processing. However, accessing the website is only necessary for the use of „Microsoft Teams“ in order to download the software for the use of „Microsoft Teams“.

If you do not want to or cannot use the „Microsoft Teams“ app, you can also use „Microsoft Teams“ via your browser. The service is then also provided via the „Microsoft Teams“ website.

When using „Microsoft Teams“, various types of data are processed. The scope of the data also depends on the data you provide before or when participating in an „online meeting“.
The following personal data is subject to processing:

• User details: e.g. display name, email address if applicable, profile picture.
• Meeting metadata: e.g. date, time, telephone numbers, location, topic, description (optional), participant IP addresses, device/hardware information.
• When dialling in by phone: information on the incoming and outgoing phone number, country name, start and end time. Additional connection data, such as the IP address of the device, may also be stored.
• Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an „online meeting“. In this respect, the text entries you make are processed in order to display them in the „online meeting“ and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the „Microsoft Teams“ applications.
• For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

We use „Microsoft Teams“ to conduct „online meetings“. If we want to record „online meetings“, we will inform you transparently in advance and – if necessary – obtain your consent.
The same applies if the transcription function is activated. If we activate this function – given you have given your consent – the language of the participants will be recognised on an ongoing basis. Microsoft Teams then automatically transcribes this and creates a corresponding log file.
In addition, we may create a log of chat messages for the purpose of recording the results of an online meeting. This also only takes place with your consent.

The legal basis for data processing when conducting „online meetings“ is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Here, too, we have an interest in the effective organisation of online meetings.
In addition, your personal data may be processed on the legal basis of your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR (e.g. when recording webinars).

Personal data that is processed in connection with participation in „online meetings“ is in principle not passed on to third parties unless it is intended to be passed on. Please note that content from „online meetings“, as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. The provider of „Microsoft Teams“ necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our data processing agreement with „Microsoft Teams“. We have concluded a data processing agreement with the service provider in which we oblige it to protect our customers‘ data and not to pass it on to third parties. Microsoft utilises international sub-processors and is affiliated with other companies in countries outside the EU.

As personal data is transferred to Microsoft Corporation, which is based in the USA, further protection mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). Further information on Microsoft’s data protection can be found at https://privacy.microsoft.com/de-de/privacystatement.

4. Data transfer and recipients

Your personal data will not be transferred to recipients outside our company unless

• we have explicitly pointed this out in the description of the respective data processing.
• you have given your explicit consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR,
• the transfer pursuant to Art. 6 para. 1 p. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms,
• there is a legal obligation to transfer data pursuant to Art. 6 para. 1 p. 1 lit. c GDPR, and
• required by Art. 6 para. 1 p. 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

5. Storage period of personal data

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

6. Your rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

• Rights of access
The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to complain, the origin of your data if it was not collected by us and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
• Right to rectification
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
• Right to erasure
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• Right to restriction of data processing
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
• Right to portability
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
• Right to withdraw the declaration of consent under data protection law
Right to withdraw consent given in accordance with Art. Para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint with a supervisory authority
The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.


Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to info@figawaservice.de.


Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

7. Current status and changes to our privacy notice

We reserve the right to adapt or update this privacy notice, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy notice: June 2024