It matters to us that the personal data belonging to our customers and visitors are protected and secure. We have therefore designed our website to gather and/or process as little personal data as possible. All data gathering, processing and use is in compliance with the GDPR as well as the nationally applicable data protection laws and only with your consent. In this data protection policy, we state which information is gathered and how it is used.

I. Name and address of the controller

The party responsible for compliance with EU General Data Protection Regulation (GDPR) is

Gamma-Scout GmbH & Co. KG

Eva Brand-Mirow
Von-Werth-Str. 18
50670 Cologne

+ 49 (0) 221-200 540 91
datenschutz@gamma-scout.com

II. Personal data

Personal data such as name, address, phone number or email address are gathered when an individual chooses to use our contact form or our online shop or registers their device. We use your freely submitted data purely for the purpose of contacting you. Data gathered in the course of registration and purchases made in the online shop are used only for device support and sales management.

The legal basis for processing such data is point (a) of Article 6(1) of the GDPR.

III. Server logfiles

The website provider automatically gathers and stores information in so-called server logfiles which are automatically transmitted by your browser. These are:

  • Information on the type of browser and the version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites that directed the user’s system to our website
  • Websites called up by the user’s system while on our website

We do not store this data or any other personal data.

The legal basis for this is the stipulation of point (f) of Art. 6(1) (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our requirements in respect of the GDPR (legitimate interest) are to facilitate fault analysis, optimize the website and ensure the security of the IT systems.

These data are automatically deleted after 30 days.

In an exception to that, data can be stored for purposes of criminal prosecution in the event of misuse beyond this time limit until the process of evidence preservation has been completed.

Such data is not exploited for marketing purposes nor is it combined with other data sources.

The gathering of data for provision to the website and the storage of data in logfiles is essential for the website to operate. The user therefore has no rights of objection to this.

IV. Cookies

This site uses cookies for administrative purposes. They facilitate the use of the registration function and simplify and speed up the administration of our internet site.

Not accepting cookies does not negatively impact the functionality of our website, other than its administration.

Cookies are small text files deposited on your computer. The cookies we use are deleted at the end of the browser session (known as session cookies).

The legal basis for this processing is point (b) of Art. 6(1) of the GDPR (fulfillment of your enquiry).

Shouldn’t you permit the use of cookies by our website on your computer, administrative work on this internet site cannot be carried out.

V. Tools and miscellaneous

Google Fonts

We use Google Fonts on our website for the presentation of external fonts. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereafter referred to as “Google”.

Through certification compliant with the EU-US Privacy Shield, Google guarantees that the EU’s data protection regulations are also observed in the processing of data in the USA.

To enable the presentation of certain fonts on our website, visiting our site establishes a connection to the Google server in the USA.

The legal basis for this is point (f) of Art. 6(1) of the GDPR. Our legitimate interest is in the optimization and commercial operation of our website.

The connection to Google established by calling up our website enables Google to identify the website from which your enquiry was sent and the IP address to which it should transmit the font representation.

Google offers further information on this subject at https://adssettings.google.com/authenticated and https://policies.google.com/privacy, particularly in respect of the options for preventing data usage.

VI. Statistical analysis

Statistical analysis of the logfiles is in an anonymized form that does not allow any inference to the individual or their data. The legal basis for this is the stipulation of General Data Protection Regulation (GDPR) Art. 6(1) point (f) (legitimate interest). Our requirements in respect of the GDPR (legitimate interest) is the facilitation of defect analysis and website optimization.

VII. Tracking with e-tracker or Google Analytics

We do not conduct tracking.

VIII. Security

We use a wide range of technical and operational means to protect the personal data that we gather. Our provisions and security procedures are subject to regular checks and adapted as necessary to developments.

All our employees are bound by data confidentiality.

IX. Rights of the data subject

1. Duty of disclosure

Pursuant to Art. 15 of the GDPR, you have the right to demand confirmation from the controller as to whether they are processing personal data relating to you.

If such processing exists, you have the right to receive information pertaining to this personal data as well as the following:

  • The purposes of the processing;
  • The categories of personal data being processed;
  • The recipients or categories of recipients who have been or are being provided with the personal data, especially recipients in third-party countries or at international organizations;
  • Where possible, the planned duration of storage of the personal data or, if this is not possible, the criteria for determining this duration;
  • The existence of a right of correction or deletion of your personal data or of restriction to its processing by the controller or a right to object to such processing;
  • The existence of a right to complain to a supervisory authority;
  • When the personal data was not gathered from the data subject, all available information relating to the source of the data;
  • The existence of an automatic decision-making process including profiling pursuant to Article 22 (1) and (4) and – at least in these cases – meaningful information in respect of the logic involved and the scope and desired outcomes for the data subject of such processing.

2. Right to correction

The data subject has the right to request that the controller immediately correct incorrect personal data relating to the data subject. 2Taking into consideration the purposes of the processing, the data subject has the right to request the completion of incomplete personal data – also with a supplementary explanation.

3. Right to deletion (“right to be forgotten”)

You have the right to request that the controller immediately delete your personal data, and the controller is obliged to delete the personal data immediately, as long as one of the following reasons applies:

  • The personal data is no longer necessary for the purposes for which they were gathered or otherwise processed;
  • The data subject withdraws their consent on which the processing pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) was based and there is no other legal basis for such processing;
  • The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate reasons for the processing, or the data subject raises an objection to processing pursuant to Article 21(2);
  • The personal data has been unlawfully processed;
  • The deletion of personal data is necessary to fulfill a legal obligation pursuant to EU law or the law of the member states applicable to the controller;
  • The personal data was gathered in relation to information society services pursuant to Article 8(1).

If the controller has published the personal data and is obliged to delete it pursuant to paragraph 1, they must also take appropriate measures, allowing for available technology and implementation costs, to inform other controllers processing the personal data that a data subject has requested the deletion of all links to said personal data or of copies or replications of said personal data.

Paragraphs 1 and 2 do not apply insofar as the processing is necessary

  • To exercise the right to free speech and information;
  • To fulfill a legal obligation beholden upon the controller to carry out such processing according to laws of the EU or its member states, or to perform a task assigned to the controller that is in the public interest or exercised under official authority;
  • For reasons of public interest in the field of public health pursuant to points (h) and (i) of Article 9(2), as well as Article 9(3);
  • For purposes of archiving, scientific or historical research or statistics that are in the public interest pursuant to Article 89(1), insofar as the right cited in (1) is likely to severely restrict or render impossible the realization of the aims of this processing, or
  • To enforce, exercise or defend legal claims.

4. Right to restrict processing

You have the right to request restrictions in processing by the controller if one of the following prerequisites applies:

  • The correctness of the personal data of the data subject is contested; for a period sufficient to allow the controller to verify the correctness of the personal data;
  • The processing is unlawful and the data subject declines deletion of the personal data and instead requests a restriction in the use of the personal data;
  • The controller no longer needs the personal data for the processing purposes, but the data subject requires them in order to enforce, exercise or defend legal claims, or
  • The data subject has raised an objection to the processing pursuant to Article 21(1), as long as it is not yet established whether the legitimate reasons of the controller outweigh those of the data subject.

If processing has been restricted pursuant to (1), this personal data – irrespective of its storage – may only be processed with the permission of the data subject or to enforce, exercise or defend legal claims or to protect the rights of another person or legal entity or for reasons relating to an important public interest of the EU or a member state.

A data subject who invokes the restriction of processing pursuant to (1) must be informed by the controller prior to any lifting of said restriction.

5. Right to information

The controller will inform all recipients of published personal data of each amendment or deletion of personal data or a processing restriction pursuant to Article 16, Article 17(1) and Article 18 unless it proves impossible or involves disproportionate effort. 2The controller will inform the data subject of these recipients if the data subject so requests.

6. Right to data portability

You have the right to receive personal data relating to you that you have provided to a controller in a structured, commonly used and machine-readable format. You also have the right to request that a controller transmits this personal data directly to another controller where the following applies:

  1. The basis for processing this information is consent pursuant to point (a) of Art. 6(1) of the GDPR or for the performance of a contract pursuant to point (a) of Art. 6(1) of the GDPR, and
  2. The processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right may not adversely affect the rights or freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly and adversely affects you. This does not apply if the decision

  • Is necessary for entering into, or performance of, a contract between you and the controller;
  • Is authorized by EU or member-state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  • is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

Status of our data protection policy: May 2018