Data protection
This privacy policy explains the nature, scope and purpose of the processing of
personal data (hereinafter referred to as “data”) within our online offering and the
functions and content associated with it (hereinafter referred to jointly as
“Online offer”). With regard to the terms used, such as “processing” or
For the term “controller” we refer to the definitions in Art. 4 of the General Data Protection Regulation
(GDPR).
responsible
Managing Director:
Consulting 42.0 Limited Liability Company
c/o Dirk Dralle
In Heidkampe 36
30659 Hanover
dralle(at)42Punkt0.de
https://www.42 Punkt0.de/impressum
Types of data processed:
Inventory data (e.g. names, addresses).
Contact details (e.g., email, telephone numbers).
Content data (e.g., text entries, photographs, videos).
Usage data (e.g., websites visited, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of our website and the contact form (hereinafter referred to as the
affected persons collectively referred to as “users”).
Purpose of processing
Provision of the online offer, its functions and contents.
Answering contact requestsand communication with users.
Security measures.
Terminology
Personal data is any information relating to an identified or identifiable
natural person (hereinafter referred to as ‘data subject’); an identifiable
natural person who, directly or indirectly, in particular by means of attribution to a
Identifier such as a name, an identification number, location data, an online identifier (e.g.
Cookie) or to one or more special characteristics that can be identified
Expression of physical, physiological, genetic, psychological, economic, cultural
or social identity of that natural person.
Processing is any operation or set of operations which is carried out with or without the aid of automated procedures
such a series of operations in connection with personal data. The term is broad and
covers virtually every handling of data.
Pseudonymisation is the processing of personal data in such a way that the
personal data without the use of additional information can no longer be
can be attributed to a specific data subject, provided that this additional information
are kept separately and are subject to technical and organizational measures that
ensure that the personal data are not assigned to an identified or identifiable
assigned to a natural person.
Profiling means any form of automated processing of personal data consisting of
this personal data may be used to identify certain personal aspects relating to
a natural person, in particular to evaluate aspects concerning work performance,
economic situation, health, personal preferences, interests, reliability, behaviour,
to analyse or predict the location or movements of that natural person.
The controller is the natural or legal person, public authority, agency or other
Body which, alone or jointly with others, decides on the purposes and means of the processing of personal data
decides on the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body
which processes personal data on behalf of the controller.
Relevant legal bases
In accordance with Art. 13 GDPR, we will inform you of the legal basis of our
Data processing with.
If the legal basis is not mentioned in the data protection declaration, the following applies:
The legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 GDPR, which
Legal basis for processing to fulfill our services and implementation
contractual measures and answering inquiries is Art. 6 Para. 1 lit. b GDPR, the
The legal basis for processing to fulfill our legal obligations is Art. 6 Para.
1 lit. c GDPR, and the legal basis for processing is to safeguard our legitimate
Interests is Art. 6 Para. 1 lit. f GDPR.
In the event that vital interests of the data subject or of another natural
Person requires the processing of personal data, Art. 6 paragraph 1 lit. d
GDPR as legal basis.
Safety measures
We take measures in accordance with Art. 32 GDPR, taking into account the state of the art, the
implementation costs and the nature, scope, context and purposes of the processing
and the varying likelihood and severity of the risk to the rights and
freedoms of natural persons, appropriate technical and organizational measures to ensure
to ensure a level of protection appropriate to the risk. The measures include in particular
Ensuring the confidentiality, integrity and availability of data by controlling the
physical access to the data, as well as the access, input, transfer,
ensuring availability and separation. We have also established procedures
the exercise of data subject rights, deletion of data and response to threats
of the data. Furthermore, we take the protection of personal data into account when
the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology designG
and through data protection-friendly default settings (Art.
25 GDPR).
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies
(processors or third parties), transmit them to them or otherwise give them access to
the data, this will only be done
on the basis of a legal permission (e.g. if the data is to be transmitted to third parties, such as
to payment service providers, in accordance with Art. 6 (1) lit. b GDPR is necessary for the performance of the contract),
You have consented
a legal obligation provides for this
or on the basis of our legitimate interests (e.g. when using agents,
web hosts, etc.).
If we commission third parties to process data on the basis of a so-called
If we commission a “contract processing agreement”, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we or our provider store data in a third country (i.e. outside the European Union (EU)
or the European Economic Area (EEA)) or process this as part of the
Use of third-party services or disclosure or transmission of data to third parties
happens, this only happens if
it is necessary to fulfil our (pre)contractual obligations,
based on your consent,
due to a legal obligation
or based on our legitimate interests.
Subject to legal or contractual permissions, we process or have the data processed in
a third country only if the special conditions of Art. 44 et seq. GDPR are met
This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially
recognized determination of a data protection level equivalent to that of the EU (e.g. for the USA by
the “Privacy Shield”) or compliance with officially recognized special contractual obligations (such as
so-called “standard contractual clauses”).
Rights of the data subjects
You have the right to request confirmation as to whether the data in question is being processed
and to access this data as well as further information and copies of the data
in accordance with Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to request the completion of the personal data concerning you.
data or the correction of inaccurate data concerning you.
You have the right, in accordance with Art. 17 GDPR, to request that the data in question
be deleted immediately, or alternatively in accordance with Art. 18 GDPR,
To request restriction of data processing.
You have the right to request that the data concerning you that you have provided to us
have to receive in accordance with Art. 20 GDPR and their transmission to other
To demand responsibility.
You also have the right pursuant to Art. 77 GDPR to lodge a complaint with the competent
supervisory authority.
Right of withdrawal
You have the right to withdraw your consent in accordance with Art. 7 Para. 3 GDPR with effect for the future.
withdraw.
Right to object
You can object to the future processing of data concerning you in accordance with Art. 21 GDPR
You can object at any time. In particular, you can object to processing for the purposes of
Direct advertising may take place.
Cookies and right to object to direct advertising
“Cookies” are small files that are stored on users’ computers.
Different information can be stored within cookies. A cookie is primarily used
to store information about a user (or the device on which the cookie is stored) during
or even after his visit within an online offer. As temporary
Cookies, or “session cookies” or “transient cookies”, are cookies that are deleted
after a user leaves an online service and closes his browser. In a
Such a cookie can, for example, store the contents of a shopping cart in an online shop or a login status
Cookies are referred to as “permanent” or “persistent” cookies that are stored even after
remain saved when the browser is closed. For example, the login status can be saved,
when users visit them after several days. Such a cookie can also contain the
interests of users, which are used for reach measurement or marketing purposes
Cookies that are used by other providers
than the person responsible for operating the online service (otherwise, if it
only whose cookies are called “first-party cookies”). We can use temporary and
use permanent cookies and explain this in our privacy policy.
If users do not want cookies to be stored on their computer, they will
asked to deactivate the corresponding option in the system settings of your browser.
Stored cookies can be deleted in the browser's system settings. The
Exclusion of cookies may lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes
Cookies can be used for a variety of services, especially in the case of tracking, via the US
American site http://www.aboutads.info/choices/ or the EU site
http://www.youronlinechoices.com/. Furthermore, the storage of cookies
by deactivating them in the browser settings.
Please note that in this case not all functions of this website may be available.
can be.
Deletion of data
The data we process will be deleted or transferred to another storage location in accordance with Art. 17 and 18 GDPR.
their processing is restricted. Unless expressly stated in this privacy policy,
If you specify otherwise, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose.
are no longer required and the deletion does not require any legal retention periods
If the data is not deleted because it is required for other legally permissible purposes,
purposes, their processing will be restricted. This means that the data will be blocked and
not processed for other purposes. This applies, for example, to data that is processed for commercial or tax purposes.
reasons. According to legal requirements in Germany, the data is
Storage in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB
(Books, records, management reports, accounting documents, commercial books, tax-relevant
documents, etc.) and 6 years according to Section 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).
Business-related processing
In addition, we process
Contract data (e.g., subject matter of the contract, term, customer category).
Payment data (e.g. bank details, payment history) from our customers, prospective customers and
Business partners for the purpose of providing contractual services, service and customer care,
Marketing, advertising and market research.
Agency services
We process our customers’ data as part of our contractual services, which include
conceptual and strategic consulting, campaign planning, software and design development/-
consulting or maintenance, implementation of campaigns and processes/handling, server administration,
Data analysis/consulting services and training services. We process
Inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail,
telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g.,
Subject matter of the contract, term), payment data (e.g., bank details, payment history), usage
and metadata (e.g. in the context of the evaluation and measurement of success of marketing measures).
We do not process special categories of personal data unless
these are components of a commissioned processing. Those affected include our customers,
Interested parties as well as their customers, users, website visitors or employees as well as third parties.
The purpose of the processing is the provision of contractual services, billing and our
Customer service. The legal basis for processing is Art. 6 (1) lit. b GDPR
(contractual services), Art. 6 Para. 1 lit. f GDPR (analysis, statistics, optimization,
We process data that is necessary to establish and fulfill the contractual
services and indicate the necessity of their disclosure. Disclosure
to external parties only occurs if it is required within the scope of an order.
When processing the data provided to us as part of an order, we act
in accordance with the instructions of the client and the legal requirements of a
Order processing pursuant to Art. 28 GDPR and do not process the data for any purpose other than the
contractual purposes.
We delete the data after expiry of statutory warranty and comparable obligations.
The necessity of storing the data is reviewed every three years; in the case of statutory
Archiving obligations are deleted after their expiry (6 years, according to Section 257 Para. 1 HGB, 10 years, according to
§ 147 para. 1 AO). In the case of data that is provided to us as part of an order by the
Client, we delete the data in accordance with the specifications of the order,
generally after the end of the order.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks and the organisation of our business,
Financial accounting and compliance with legal obligations, such as archiving.
we process the same data that we receive in the context of providing our contractual services
The processing bases are Art. 6 Para. 1 lit. c. GDPR, Art. 6 Para. 1 lit. f. GDPR.
Customers, prospective customers, business partners, website visitors and users are affected by the processing
of the contact form.
The purpose and our interest in the processing lies in administration, financial accounting,
Office organization, archiving of data, i.e. tasks that are necessary to maintain our
business activities, performance of our tasks and provision of our services.
The deletion of data with regard to contractual services and contractual communication
corresponds to the information specified in those processing activities. We do not disclose or
transmit data to the tax authorities, consultants (such as tax advisors or
auditors) as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information on
Suppliers, event organizers and other business partners, e.g. for later contact purposes.
We generally store this data, which is mostly company-related, permanently.
contact
When you contact us (e.g. via our contact form, email or telephone), the
Information provided by the user for processing the contact request and its handling in accordance with Art. 6 Para. 1
lit. b) GDPR. Users’ information may be stored in a customer relationship
Management System ("CRM System") or comparable inquiry organization.
We delete the requests if they are no longer required. We review the
Necessity every two years; Furthermore, the statutory archiving obligations apply.
Hosting and email sending
The hosting services we use serve to provide the
following services: infrastructure and platform services, computing capacity, storage space
and database services, e-mail delivery, security services and technical maintenance services,
which we use for the purpose of operating this website. In doing so, we process, or
our hosting provider inventory data, contact data, content data, contract data, usage data,
Meta and communication data of customers, interested parties and visitors to this online offer
based on our legitimate interests in efficient and secure
Provision of this online offer in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR
(Conclusion of a data processing agreement).
Collection of access data and log files
We or our hosting provider collect data based on our legitimate interests in the sense of
Art. 6 para. 1 lit. f. GDPR Data about every access to the server on which this service is located
(so-called server log files). The access data includes the name of the accessed website, file,
Date and time of retrieval, amount of data transferred, message about successful retrieval,
Browser type and version, the user’s operating system, referrer URL (the previously visited page),
IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to investigate abuse or
fraudulent activities) for a maximum period of 7 days and then deleted. Data,
whose further retention is necessary for evidentiary purposes, shall be retained until the final clarification of the
respective incident are excluded from deletion.