1. Responsible authority for data processing
(1) pacio GmbH (hereinafter: ‘pacio’), Ellen-Widmann-Pfad 59, 12205 Berlin, Germany, Tel.: +49 30 / 7007 34 10, Fax: +49 30 / 7007 34 09, email: firstname.lastname@example.org, as the operator of the website www.pacio.de (hereinafter: ‘website’), is the responsible authority for the processing of the personal data of the user of this website (hereinafter: “you”) under Article 4 Number 7 of the EU General Data Protection Regulation (GDPR), other national data privacy laws of the member states and other legal provisions on data privacy.
(2) In the following, pacio would like to provide you with detailed information about which personal data are processed when you visit the website and if you contact us. You will also be informed about your rights and the technical and organisational security measures implemented.
2. Terminology used
With regard to the terminology used, please refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR), including the following:
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad in scope and includes virtually any handling of the data.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
3. Processing of your personal data
(1) Personal data are only processed by pacio, if and to the extent that:
Processing is necessary for compliance with a legal obligation to which pacio is subject (Article 6 Paragraph 1 Subparagraph 1 c) of the GDPR) or;
Processing is necessary for the fulfilling of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6 Paragraph 1 Subparagraph 1 b) of the GDPR);
You have given us your consent to the processing of personal data for one or more specific purposes (Article 6 Paragraph 1 Subparagraph 1 a) of the GDPR) or;
Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Article 6 Paragraph 1 Subparagraph 1 f) of the GDPR).
4. Use of the website for information purposes only
(1) In connection with visiting the website for purely informational use, pacio only collects data for the purposes of error notifications. The following data are collected:
- IP address of the network access device of the accessing computer
- Date and time of the request
- Content of the request (specific page)
- Access status/HTTP status code
- Operating system and its interface
- Language and version of the browser software
(2) This data collection is technically required in order to enable your use of the website and its functionality, i.e. to ensure the retrieval, security and stability of the website. A link between this data and the personal data of a specific natural person is not established. The legal basis for this use of data is Article 6 Paragraph 1 Subparagraph 1 f) of the GDPR, since pacio has a legitimate interest in providing a functioning website.
(3) The above data are deleted as soon as it is no longer required to achieve the purpose for which it was collected (error correction). The temporary storage of your IP address is necessary to fix errors and remove threats.
5. Contact purposes
(1) If you contact pacio, the personal data you send are processed (such as your first and last name, email address or telephone number) in order to respond to your request or enquiry sent by email or by another means. Your data are only processed for the purposes of handling the enquiry and carrying on the necessary correspondence with you.
(2) The legal basis for the above data processing is Article 6 Paragraph 1 Subparagraph 1 f) of the GDPR.
(3) Unless the deletion of your personal data is prevented by legal or contractual retention periods, pacio shall delete it as soon as it is no longer required to achieve the purpose for which it was collected. This shall be the case when our communication with you has been concluded. This is usually the case if it appears from the overall circumstances that the reason for the enquiry has been definitively resolved and the request has been conclusively addressed.
(1) Cookies are used for this website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive, which send certain types of information to the authority setting the cookie (in this case, pacio). A cookie cannot execute any programs or independently transfer malware to your computer. Cookies serve to improve the overall user friendliness and efficiency of the website.
(2) If personal data are processed by individual cookies, the processing is carried out in accordance with Article 6 Paragraph 1 Subparagraph 1 f) of the GDPR for the purposes of pursuing our legitimate interests in optimising the functionality of the website and configuring a user-friendly website visit.
(3) You can configure your browser settings according to your preferences, for example, to refuse third-party cookies or all cookies. However, you may not be able to use all the features of the pacio website after deactivating cookies.
7. Technical and organisational security measures
(1) Pacio takes appropriate technical and organisational security measures to protect your personal data against manipulation, loss or unauthorised access by third parties. The security measures are regularly upgraded to reflect the state of the art.
(2) The website is encrypted using SSL technology in order to prevent unauthorised access by third parties. You can see this in the protocol identifier ‘https://’ in the address bar.
8. Your rights
a) Right of access
In accordance with Article 15 of the GDPR, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed by pacio. Where that is the case, you have the right to access information from pacio about the purposes of the processing, the categories of personal data being processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, (where possible) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, and about the existence of the right to request rectification or erasure of your personal data or restriction of processing by the controller or to object to such processing, the existence of the right to lodge a complaint with a supervisory authority, and where the personal data are not collected from the data subject, any available information as to its source. In addition, you have a right to access information about the existence of automated decision-making, including profiling, referred to in Article 22 Paragraphs 1 and 4 of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
b) Right to rectification
Pursuant to Article 16 of the GDPR, you shall have the right to have your incomplete personal data completed and your inaccurate personal data rectified by pacio.
c) Right to erasure
Pursuant to Article 17 of the GDPR, you shall have the right to obtain the erasure of your personal data without undue delay where one of the following grounds stated in Article 17 Paragraphs 1 a) - f) of the GDPR applies. However, the right to obtain the erasure of your personal data does not exist to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims (Article 17 Paragraph 3 of the GDPR).
d) Right to restriction of processing
Pursuant to Article 18 of the GDPR, you shall have the right to obtain the restriction of processing of your personal data. To do so, you can contact pacio at any time using the contact information provided above under ‘Responsible Authority’. The right to obtain restriction of processing exists where one of the following applies:
If you contest the accuracy of your personal data, pacio will generally require time to verify the accuracy of the personal data. While your data are being verified, you shall have the right to obtain the restriction of processing of your personal data
If the processing of your personal data is unlawful and you oppose the erasure of the data, you can request the restriction of their processing instead
If pacio no longer needs your personal data but you require them for the exercise, defence or establishment of legal claims, and you oppose the erasure of the data, you shall have the right to request the restriction of their processing instead
If you have objected to processing pursuant to Article 21 Paragraph 1 of the GDPR, your interests must be weighed against those of pacio. Pending the verification as to whose interests prevail, you shall have the right to request the restriction of its processing instead.
If you have obtained the restriction of processing of your personal data, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
e) Right to notification
Pursuant to Article 19 of the GDPR, pacio shall communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Article 16, Article 17 Paragraph 1 and Article 18 of the GDPR to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Pursuant to Article 19 Clause 2 of the GDPR, you shall have the right to be informed by pacio about those recipients if you request it.
f) Right to data portability
You shall have the right to receive data, which is being processed by automated means based on your consent or on a contract, in a commonly used and machine-readable format, and to transmit that data to a third party. Should you request it, your personal data shall only be transmitted directly to another controller if technically feasible.
g) Right to object
Pursuant to Article 21 Paragraph 2 of the GDPR, you can of course object at any time to the processing of your personal data for marketing purposes and profiling to the extent that it is related to direct marketing. You can inform pacio by using the contact information provided in Section 1.
h) Right to withdraw consent
Pursuant to Article 7 Paragraph 3 of the GDPR, you shall have the right to withdraw your consent to the processing of your personal data in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
i) Right to lodge a complaint
Pursuant to Article 77 of the GDPR, if a violation of data privacy has occurred, you shall have the right to lodge a complaint with a supervisory authority. To do so, please contact a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
9. Transfer to third parties
To the extent that pacio discloses personal data to other persons and companies (third parties) for the purpose of processing, transfers personal data to them, or otherwise grants them access to this data, it shall only be done with your consent, based on legal authorisation, if it is prescribed by a legal obligation or based on the legitimate interests of pacio (e.g. legitimate interest in the use of web hosting services).
Unless specifically indicated otherwise, a transfer of personal data to third countries is not intended.
10. Contract data processing
If a third party is engaged for the processing of the data based on a ‘data processing contract’, the provisions of Article 28 of the GDPR shall apply exclusively.
11. No profiling or automated decision-making
Your data shall not be used for profiling or any other kind of automated decision-making.
12. Integration of third-party services and content: Google Fonts
This integration requires the use of the users’ IP address by the third-party provider of these Google Fonts (Google LLC.), since it cannot send this content (fonts) to their browser without the IP address. The processing of the IP address is therefore required for the display of the content of the web pages. This takes place within the online services, based on pacio’s legitimate interests (i.e. interest in the operation of the website) pursuant to Article 6 Paragraph 1 f) of the GDPR.
13. Changes to these data privacy provisions
Last updated: December 2018
Tel +49 (0) 30 70 07 34 10
Fax +49 (0) 30 70 07 34 09
Certified and tested for compliance with ethical guidelines