R I S K P L U S

Content is loading...

Data protection

We hereby inform you about the processing of your personal data by the
disy Informationssysteme GmbH (Disy) and the rights to which you are entitled under data protection law.

1. who is responsible for data processing and how can I contact the data protection officer?

The controller within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR) for data processing is

Disy Informationssysteme GmbH

Data protection officer: Thomas Reimann
Address: c/o beratergruppe:Leistungen PartGmbB, Rüppurrer Str. 4, 76137 Karlsruhe
e-mail: datenschutz@leistungen.de

Our Data Protection Officer under the contact details above.

2. for what purposes and on what legal basis is data processed?

We process your personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-new) and all other relevant laws only insofar as this is necessary to provide the information on this website and our services on this website.

If you use the website for information purposes only, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are

> IP address
> Date and time of the enquiry
> Time zone difference to Greenwich Mean Time (GMT)
> Content of the request (specific page)
> Access status/HTTP status code
> Amount of data transferred in each case
> Website from which the request comes
> Browser
> Operating system and its interface
> Language and version of the browser software.

In order to ensure the functionality of the website, data is stored in log files. This data is also used to ensure the security of our information technology systems and to optimise the website.

Art. 6 para. 1 lit. f GDPR forms the legal basis for the temporary storage of data and log files.

If the processing of personal data is based on the consent of the data subject, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

Art. 6 para. 1 lit. b GDPR forms the legal basis for the processing of personal data in order to fulfil contracts in which one of the contracting parties is the data subject. The same applies to the implementation of pre-contractual measures that require processing operations.

If our company is subject to a legal obligation for the fulfilment of which the processing of personal data is necessary, Art. 6 para. 1 lit. c GDPR is the legal basis.

Art. 6 para. 1 lit. d GDPR is the legal basis in cases in which vital interests of data subjects or another natural person require the processing of personal data.

If personal data is processed in order to protect the legitimate interests of our company or a third party, the interests, fundamental rights and freedoms of the data subject take second place. Art. 6 para. 1 lit. f GDPR is the legal basis for this processing.

Personal data may be passed on to our IT service providers for the provision of this website.

3. data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of it. These are adapted in line with the current state of the art.

4. disy news

With your consent, you can subscribe to news mailings from us, with which we keep you regularly informed about our topics (events, training courses, news about products and services, customer stories, information about Disy) in the form of a regular newsletter or event-related mailings.

We use the so-called double opt-in procedure to subscribe to our news. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. Unconfirmed registrations will be deleted after 2 working days at the latest. If you confirm your wish to receive our newsletter mailings, we will store your e-mail address and all other data you provide. The storage serves the sole purpose of being able to send you the newsletter. Furthermore, we store your IP addresses and the time of registration and confirmation in order to prevent misuse of your personal data.

The e-mail address is mandatory for sending the news. The provision of further, separately marked information is voluntary and is used to personalise or cluster the news mailings.

For this analysis, the emails sent contain so-called web beacons, also known as tracking pixels. These are single-pixel image files that enable us to evaluate your user behaviour. This is done by collecting the aforementioned data and web beacons, which are assigned to your email address and linked to a unique ID. Links in the news mails also contain this ID.

We would like to point out that we use your data exclusively for sending and aggregated for statistical evaluation of user behaviour (click rate, opening rate, type of email client, frequency of clicks on the links in the emails). This serves to optimise the offer for you. No conclusions are drawn about the usage behaviour of individual persons.

You can revoke your consent to receive the news at any time. You can revoke your consent by clicking on the link provided in every news e-mail, by e-mail to disy-news@disy.net or by sending a message to the contact details given in the imprint. The data you provide will only be passed on to the service used to send the newsletter.

The user's consent in accordance with Art. 6 para. 1 lit. a GDPR forms the legal basis for the processing of data after a news subscription by the user. As soon as the data is no longer required to fulfil the purpose for which it was collected, the data is deleted from the subscriber base. Accordingly, the data of newsletter subscribers is only stored in the subscriber base for the duration of the subscription.

5. moss end

Moosend is used as the software for sending newsletters. Your data will be transmitted to Moosend Ltd. Moosend is prohibited from selling your data and using it for purposes other than sending our news. Moosend is a European, certified provider that has been selected in accordance with the requirements of the General Data Protection Regulation. Further information can be found here: www.moosend.com/trust In addition, there is a more detailed explanation of the tracking functionality included.

The Moosend software used by Disy includes its own tracking system. This is used to measure how many of the recipients who have received the news have opened it and how many have clicked on the individual links.

Moosend integrates an image (approx. 1 x 1 pixel) into every e-mail. As soon as this image is displayed to the opener and thus retrieved by one of the servers, it can be traced that and when the image was retrieved. This information is stored and aggregated in such a way that it indicates a unique open rate.

By registering and saving every single click on a link, it is possible to measure the click rate. This is realised by converting each individual link in the news into a unique link. These URLs (also known as “tracking domains”) belong to Moosend and are structured according to the scheme n2g01.com, n2g02.com, n2g03.com, etc.

This information is anonymised and aggregated so that, although figures are available, they cannot be attributed to individual persons. The information is used to analyse the use of the news, to compile reports on recipient activities, to design the news in line with requirements and to provide interesting content.

6. matomo

This website uses the web analysis service Matomo (formerly: Piwik) to analyse user access to this website. No cookies are used for tracking.

If you call up individual pages of our website, the following data will be processed:

> Two bytes of the IP address of the user's calling system
> The website called up
> The website from which the user accessed the website (referrer)
> The subpages that are accessed from the accessed website
> The time spent on the website
> The frequency of visits to the website
> User interactions with content blocks (e.g. forms), but not their content
> Date and time
> Main language of the browser
> User agent of the browser
> Screen resolution
> Files downloaded from the website

The aforementioned analysis software runs exclusively on the servers of our website. Users„ personal data is processed exclusively there. No data is transmitted to third parties. If you have activated the “do-not-track default setting„ in your web browser, this will be respected and taken into account by Matomo. The software is configured so that your IP address is only processed in abbreviated form, i.e. 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). It is therefore no longer possible to assign the shortened IP address to the calling computer and thus to your location. Tracking takes place via a so-called Java Script. If you do not wish this to happen, you must stop the execution via a so-called “no-script plug-in". Further information on this can be found on the provider page of your web browser.

The legal basis for the processing of users' personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing of users' personal data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.

The data is deleted as soon as it is no longer required for our recording purposes. This is the case after 180 days.

Further information on the privacy settings of the Matomo software can be found at the following link: https://matomo.org/docs/privacy/.

7. stripe

We use the Stripe service (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to process payments.

When you make a payment, the payment details you provide (e.g. name, payment amount, account details, credit card number) are processed by Stripe and stored on their servers. This is necessary in order to carry out the transaction, authorise and manage payments.

The transfer of your data to Stripe is based on Art. 6 para. 1 lit. b GDPR (fulfilment of contract) and our legitimate interest in effective and secure payment processing (Art. 6 para. 1 lit. f GDPR).

Stripe has submitted to the EU-US Privacy Shield and is therefore obliged to comply with EU data protection regulations. Further information on data protection at Stripe can be found at: https://stripe.com/de/privacy

8. payjoe

RiskPlus uses Payjoe to transfer accounting information from Stripe to our accounting software. Payjoe receives the transaction data relevant for accounting from Stripe and processes it in order to synchronise it with our DATEV system. The following data is processed:

> Transaction amount

> Transaction date

> Transaction reference

> Name and payment details of the debtor (if available)

The processing of this data is necessary in order to fulfil our accounting obligations and to ensure proper invoicing.

The processing of your data in the context of payment processing and accounting is based on Art. 6 para. 1 lit. b GDPR (fulfilment of contract) and Art. 6 para. 1 lit. c GDPR (legal obligation).

Your data will only be processed within the EU or the EEA. Your data will not be transferred to third countries.

We only store your data for as long as is necessary to fulfil the stated purposes or as required by statutory retention periods.

9TH IONOS

RiskPlus is operated on the infrastructure of IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

We would like to point out that when using RiskPlus, data about the connection to our infrastructure is processed by IONOS. This may include, for example, IP address, time of access and other technical information required to provide and maintain the functionality of our service.

This data is processed on the basis of our legitimate interest in the efficient and secure provision of our online offer in accordance with Art. 6 para. 1 lit. f GDPR.

Further information on data processing by IONOS can be found in the privacy policy of IONOS SE at https://www.ionos.de/terms-gtc/terms-privacy

10 Jira

We use Jira Service Desk, a product of Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia, as our ticketing system for customer service. Jira Service Desk is a cloud-based platform that helps us to efficiently manage and process customer enquiries.

When using our customer service via Jira Service Desk, the following data is processed:

> Contact information (e.g. name, e-mail address)

> Content of your enquiry

> Technical data (e.g. IP address, browser type)

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR (contract fulfilment and pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in the efficient processing of customer enquiries).

Atlassian processes your data as a processor exclusively on our behalf and in accordance with our instructions. We have concluded an order processing contract with Atlassian that ensures the protection of your data.

Please note that Atlassian Pty Ltd is based in Australia and data may also be transferred to countries outside the EU. However, Atlassian is committed to complying with EU data protection standards and uses standard contractual clauses approved by the EU Commission.

Further information on data protection at Atlassian can be found at: https://www.atlassian.com/de/legal/privacy-policy

11. contact by e-mail

You can contact us via e-mail address. In this context, the sender's personal data sent with the e-mail will be stored by our company.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. If the purpose of contacting us by email is to conclude a contract, the legal basis here is Art. 6 para. 1 lit. b GDPR.

The personal data collected by us will be deleted upon request. However, further communication can then no longer take place, as all personal data stored in the course of making contact will be deleted in this case.

12. what data protection rights can I assert as a data subject?

Insofar as professional regulations do not conflict with this, you have the right:

> in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future.

> in accordance with Art. 15 GDPR, to request information about your personal data processed by us at any time. In particular, you can request information about the processing purposes, the category of personal data and its origin, the categories of recipients to whom your data has been or will be disclosed, as well as the purpose and planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;

> in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

> to demand the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

> in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

> in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, and

> to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at the registered office of our law firm.

Please send all requests for information, requests for information or objections to data processing by e-mail to datenschutz@disy.net or to the in our Imprint mentioned address.

13. children

We do not collect personal information from minors. In the event of unknowing collection, we will delete it immediately.

14. can I object to the processing of my personal data?

You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons. If we process your data to protect legitimate interests, you can object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

In order to make the website available to users and to ensure the operation of the website, the collection of data and its storage in log files is absolutely necessary. As a result, there is no possibility for the user to object.

If log files are stored, they will be deleted after fourteen days at the latest. No further processing takes place.

15. do I have the opportunity to complain?

If you are of the opinion that the processing of your personal data by us is unlawful or may violate data protection law for other reasons, you can lodge a complaint with the supervisory authority responsible for us:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Königstraße 10a, 70173 Stuttgart

Further information

Imprint

Data protection

Conditions of use and care

About us

RiskPlus is a software solution that enables you to carry out sound and meaningful risk management in accordance with the requirements of the TrinkwEGV and TrinkwV.

The web-based application ensures optimum co-operation between water suppliers and engineering offices as well as documentation adapted to future requirements for all responsible authorities.

Contact us

disy Informationssysteme GmbH
Zimmerstrasse 3
76137 Karlsruhe

www.disy.net

e-mail: contact@riskplus.info

LinkedIn

Copyright © poket all right reserved.