We greatly appreciate your interest in our company. Data protection is a top priority for D-Trust GmbH. When you visit the D-Trust GmbH website, you do not have to provide any personal data unless you wish to make use of our services.
We process data in compliance with the EU’s General Data Protection Regulation (in short: GDPR).
The controller as contemplated in the GDPR and in applicable data protection law and other provisions related to data protection law in the Member States of the European Union is:
- D-Trust GmbH
Phone: +49 30 25 93 91 0
Contact for data protection matters
If you have any questions regarding the processing of your personal data, as well as your rights regarding data protection, please contact us at: email@example.com or call the above number.
Each time you access our website, we collect some data and information in a log file which we require for the website to work correctly.
We also need this data to take defensive measures if our IT systems are attacked.
This data is, in particular:
(1) your web browser type and version,
(2) the OS of the device you used to access our web pages,
(3) the website from which you accessed our web pages (referrer),
(4) the actual web page that you call up on our website,
(5) the date and time of access to the website,
(6) your Internet Protocol (IP) address and source port.
Art. 6 (1) (b) GDPR provides the legal basis for this data storage. It is not technically possible for us to operate the website without collecting this data.
Although D‑Trust GmbH does not collect the data for any other purposes than those stated, it is theoretically possible that we may pass the data on to the relevant authorities for criminal prosecution. In this case, the authorities would be able to identify the persons using the website or IT systems.
If you use our contact forms to contact us, you can send personal data to us. This data will generally be encrypted before being sent.
When you fill out a contact form for a request, the following categories of personal data are required, depending on the specific procedure
- ID document data: family name, first name, date of expiry, place of birth, birth name, date of birth, registered address, ID document number (for comparison with request, ID document, proof of ID), issuing authority
- Other data: title, academic degree, shipping addresses, contact e‑mail, e‑mail certificate, phone number, mobile phone number, fax, gender, organization, signature, organizational unit, regulated profession, free fields: “Other" and "Restrictions", application ID, pseudonym
- Evidence: if applicable, evidence of title, academic degree, copy of ID card/passport/ID document (product-dependent), organization charts, excerpts from the commercial register
You are in no way obliged to use these forms. You can of course also contact us by phone, post or e‑mail.
Art. 6 (1) (f) GDPR provides the legal basis for collecting personal data using contact forms. We have a legitimate interest in offering you a modern and efficient means of communication. On the other hand, the risk in conjunction with the transmission and processing of data is relatively low.
If you wish to contact us to enter into an agreement or to make use of a service, the legal basis for processing is provided by Art. 6 (1) (b) GDPR If we are required by law to reply to you after you have contacted us using the web form, for instance when you exercise your rights under the GDPR, the legal basis is provided by Art. 6 (1) (c) GDPR.
The data collected will only be stored by us for as long as this is necessary for the stated purpose. As a rule, we delete the data when the conversation with you is finished. If there is a legal obligation for us to keep records, we will adhere to the legal retention periods.
We will only pass on your personal data to service providers and other third parties in accordance with applicable data protection legislation.
We may disclose personal data to service providers we commission to perform services on our behalf. In doing so, we observe the strict applicable national and European data protection regulations. Service providers are subject to our instructions and are subject to strict contractual restrictions with regard to the processing of personal data. This means that processing is only permitted to the extent necessary to carry out the services on our behalf or to comply with legal requirements. We will precisely define in advance the rights and obligations of our service providers in relation to personal data.
We will also pass on your personal data
- if we are required by law or ordered by a court to do so,
- to law enforcement authorities or other governmental agencies, or
- if we assume that disclosure is necessary or appropriate to prevent physical harm or financial loss, or in conjunction with an investigation of suspected or actual fraudulent or illegal activities.
When you visit or use our website, you are a data subject within the meaning of the GDPR and have the following rights:
Right to withdraw consent under Art. 7 (3) GDPR
If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Whenever we request your consent, we also describe how you can revoke it. Alternatively, you can revoke your consent by sending an e‑mail to firstname.lastname@example.org. You can revoke your consent to receive newsletters or press releases by clicking the ‘unsubscribe’ link in one of the messages received.
Right to confirmation under Art. 15 (1) first half-sentence GDPR
You have the right to request confirmation from us as to whether or not your personal data is being processed.
Right to information under Art. 15 (1) second half-sentence GDPR
You can request confirmation from D‑Trust GmbH free of charge as to whether personal data concerning you is being processed by us. If this is the case, you can then request the following information from us:
- the purposes for which the personal data is being processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the envisaged storage period for which personal data concerning you will be stored or, if it is not possible to give specific details, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data concerning you or the right to restrict the processing carried out by the controller or of a right to object to such processing;
- the existence of a right to lodge a complainant with a supervisory authority;
- where the personal data is not collected from the data subject, any available information on the origin of the data;
- the existence of automated decision-making, including profiling pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved as well as the significance and envisaged consequences of such processing for the data subject.
You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards under Art. 46 GDPR relating to the transfer.
However, this right to information may be restricted if it is likely to seriously impair or render impossible the research or statistical purposes and if such restriction is necessary for the achievement of our research or statistical purposes.
Right to rectification under Art. 16 GDPR
You have the right to demand that we rectify and/or complete any personal data processed concerning you if it is incorrect or incomplete. We are obliged to perform such rectification without delay.
Right to erasure (‘right to be forgotten’) under Art. 17 GDPR
a) Duty to erase
You may demand that we erase personal data relating to you immediately and we are obliged to erase such data without undue delay if one of the following grounds applies:
- the personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- the data subject withdraws consent on which the processing is based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal ground for the processing.
- the data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to art. 21 (2) GDPR.
- your personal data was unlawfully processed;
- the erasure of personal data concerning you is necessary in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
- the personal data concerning you was collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
b) Information to third parties
If we have made the personal data concerning you public and if we are obliged to erase this data pursuant to Art. 17 (1) GDPR, we will take reasonable steps, including technical measures, while taking into account the available technology and cost of implementation, to inform controllers processing the personal data that you, as a data subject, have requested the erasure by such controllers of any links to, copy or replication of this personal data.
The right to erasure does not apply to the extent that the processing is necessary:
- for exercising of the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
- for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR in as far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise or defence of legal claims.
Right to restrict processing under Art. 18 GDPR
You have the right to demand that we restrict processing if one of the following conditions is met:
- the accuracy of the personal data is contested by you for a period of time enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful, you refuse erasure of the personal data and instead request the restriction of the use of the personal data:
- the controller no longer needs the personal data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the controller’s legitimate reasons outweigh those of the data subject.
When the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of establishing, exercising or defending legal claims or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.
If the processing has been restricted in accordance with the above conditions, we will notify you before such restriction is lifted.
Your right to restrict processing may be restricted in as far as it is likely to seriously impair or render impossible the research or statistical purposes and if such restriction is necessary for the achievement of our research or statistical purposes.
Right to notification under Art. 19 GDPR
If you have exerted your right in relation to us to have processing restricted or data rectified or erased, we are then obliged to notify each recipient to whom the personal data concerning you has been disclosed unless such disclosure proves impossible or involves disproportionate effort.
You are entitled to request information regarding these recipients.
Right to data portability under Art. 20 GDPR
You have the right to receive the personal data concerning you that you provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer such data to another controller without hindrance from the controller to which the personal data was provided, on condition that the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and that the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to us.
Right to object under Art. 21 GDPR
You have the right to object at any time, on grounds relating to a particular situation, to the processing of personal data concerning you which is carried out pursuant to Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
D-Trust GmbH will then no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject or if the processing serves the establishment, exercise or defence of legal claims.
Furthermore, you have the right to object to the processing of personal data concerning you which takes place at D‑Trust GmbH for scientific, historical research or statistical purposes pursuant to Art. 89 (1) GDPR for reasons relating to your particular situation, unless such processing is necessary for the performance of a task in the public interest.
You can exercise your right to object by directly contacting the person responsible at D-Trust GmbH as indicated in the Imprint. You are also free to exercise your right to object in conjunction with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Your right to object may be restricted in as far as it is likely to seriously impair or render impossible the research or statistical purposes and if such restriction is necessary for the achievement of our research or statistical purposes.
Automated decisions in individual cases including profiling
You have the right not to be subjected to a decision that is solely based on automated processing – including profiling – and which has a legal or a similarly significant effect on you in as far as such decision:
- is not necessary for the conclusion or performance of a contract between you and us, or
- is permitted by Union or Member State legislation to which we are subject and which contains adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or
- was made with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
If the decision
- is necessary for the conclusion or performance of a contract between you and us, or
- is made with your express consent,
D‑Trust GmbH will take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests which includes at least the right to have a person intervene on behalf of D‑Trust GmbH, to state its views and contest the decision.
Right to lodge a complaint with a supervisory authority for data protection
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10958 Berlin, Germany, Tel.: +49 30 13889-0, e-mail: email@example.com is the supervisory authority for D-Trust GmbH.