Data controller
CARL KONFERENZ- & EVENTTECHNIK GmbH & Co.
Heselstücken 9
22453 Hamburg
Phone: +49 (0) 40/ 46 88 54 – 0
Fax: +49 (0) 40/ 46 88 54 -27
Email: info@carl-group.de
Data protection officer
Sven Weschler
Iqanta GmbH
Boschstraße 23a
22761 Hamburg
Phone: +49 (0) 40 357 014 60
Email: kontakt@iqanta.com
Basic principles and processing procedures
We would like to inform you below about the collection and processing of your personal data within the meaning of the GDPR in connection with the initiation, conclusion and implementation of a user contract for the web-based software solution sendONSCREEN and all its related components and functions (collectively "sendONSCREEN"). Personal data is all data that identifies or makes you identifiable, such as your email address or your name, but also, for example, a so-called mobile identifier of your mobile phone or other individual identifiers.
We only collect the personal data that is necessary for the purposes listed below and process it only for the purposes stated. Personal data is only processed within the scope of the applicable legal provisions.
3.1 Processing of personal data when accessing the website https://send.on-screen.info
When using the website https://send.on-screen.info for purely informational purposes, personal data that your browser sends to our servers is collected. This data is collected in order to be able to show you the website and to ensure its stability and security (Art. 6 Section 1 f GDPR).
When you visit our website, we process the following categories of data:
(a) IP address
(b) Date and time of the visit
(c) Time zone difference to GMT
(d) Specific page of the visit
(e) Access status/http status code
(f) Quantity of data transmitted
(g) Referrer website
(h) Browser type
(i) Operating system and its interface
(j) Language and version of the browser
3.2 Processing of personal data when you contact us
When you contact us the data you provide us with (e.g. email address or telephone number) is processed by us in order to deal with your request, for example if you wish to use sendONSCREEN or receive further information about sendONSCREEN (Art. 6 Section 1 b GDPR). As soon as we no longer need your data in order to process your request, we will delete the data you have provided us with, unless legal retention obligations prevent deletion.
3.3 Processing of personal data when you register for sendONSCREEN
The registration for sendONSCREEN is carried out via your Twitter or Github account. When you register for sendONSCREEN, we therefore process your email address and the data of your Twitter or Github profile (user name, associated email address) in order to respond to your request, e.g. to provide you with the demo version (Art. 6 Section 1 b and f GDPR). As soon as we no longer need your data to process your request, we will delete the data you have provided us with, unless legal retention obligations prevent deletion.
3.4 Processing of personal data when you open an account
Before you enter into a contract to use sendONSCREEN at https://send.on-screen.info/, you must enter into a contract to open an account with us ("Account contract").
As part of the conclusion of this account contract, we process the following categories of data provided to us after login via Twitter or Github:
(a) Name
(b) Email address
(c) Bio/description
(d) Location
(e) Nickname
(f) Avatar URL
(g) Twitter/Github profile URL
(h) Twitter/Github ID
(i) Company (for corporate customers)
This data is necessary for the implementation of pre-contractual measures and for the subsequent execution of the contract (name, email address) (Art. 6 Section 1 b) GDPR).
Your account data will be completely deleted 30 days after you have cancelled your account contract with us. Excluded from this deletion is such data which we are legally obliged to retain.
3.5 Processing of personal data upon conclusion of a contract of use by you
If you make us an offer to conclude a user contract for sendONSCREEN, we will process the data provided by you in the context of the account contract and in particular the data provided by you in the context of the conclusion of the contract, such as in particular your payment data. We need this data to fulfill the contract with you (Art. 6 Section 1 b) GDPR).
If you book a payment service, we process in particular the following personal data about you:
(a) Name
(b) Company (optional)
(c) Email address and
(d) Address - to properly generate an invoice for the accounting department.
3.6 Processing of personal data when you use sendONSCREEN
You are responsible for the collection and processing of personal data in the context of the use of sendONSCREEN by your customers. CARL KONFERENZ- & EVENTTECHNIK GmbH & Co. will only act as a data processor for you, and is not responsible for the respective processing of personal data.
If and insofar as you access sendONSCREEN for administrative purposes, we process your account access data and usage data (including your IP address and the functions accessed and services booked) when you use sendONSCREEN in order to enable you to use sendONSCREEN.
3.7 Processing of personal data during the payment process
If you choose a payment plan, we will ask you for your billing address so that we can enter it on your receipt and send you the invoice if necessary. The collection and processing of this data is necessary for the fulfilment of our contract with you (Art. 6 Section 1 b) GDPR). You will then be forwarded to our payment provider. We will inform you about this below under 4.1.
3.8 OAuth
SendONSCREEN uses OAuth for authentication. OAuth is an open protocol that allows standardised, secure API authorisation for web and mobile applications. You can allow sendONSCREEN to access your data using OAuth without revealing all the details of your access authorisation. sendONSCREEN does not have access to your password. Learn more about OAuth at https://de.wikipedia.org/wiki/OAuth.
Transmission of data to third parties
Apart from the cases mentioned below, the above-mentioned data will not be passed on to third parties: should this be necessary after all, however, we will inform you in good time about the data transfer in accordance with the legal requirements.
4.1 Payment providers
None
4.2 Amazon Web Services
We use Amazon Web Services ("AWS"), which is based in Ireland, as our contract processor for the hosting of sendONSCREEN. In this respect, all data processed by us in connection with your use of sendONSCREEN is processed on the systems of AWS.
For more information about AWS, see https://aws.amazon.com/de/impressum/?nc1=f_pr..
4.3 Heroku
We use Heroku ("Heroku"), which is based in Ireland, as an additional contract processor for the hosting of sendONSCREEN. In this respect, all data processed by us in connection with your use of sendONSCREENs is processed on Heroku's systems.
You can find more information about Heroku at https://www.heroku.com/policy/salesforce-heroku-msa.
4.4 Redis
We use Redis Labs ("Redis"), based in Ireland, as an additional processor for the hosting of the sendONSCREEN database. In this respect, all messages processed by us in connection with your use of sendONSCREEN are processed in the database systems of Redis.
You can find more information about Redis at https://redislSectioncom/privacy/.
4.5 Rollbar
We use Rollbar to store and analyse log files and to log errors. Data storage is 30 days (Rollbar).
You can find further information about Rollbar at: https://rollbar.com/privacy/.
4.6 Cloudmailin
We use Cloudmailin for receiving and sending emails.
Further information about Cloudmailin can be found at https://www.cloudmailin.com/privacy.
4.7 Public authorities
We may be obliged to pass on data in individual cases by order of a competent authority, if and insofar as we are obliged to do so on the basis of a law (Art. 6 Section 1 c GDPR).
Encryption
The communication between our Send ON SCREEN and the database which is accessed is exclusively TLS/SSL encrypted.
The website https://send.on-screen.info, the editor interface, all visualisations and all API accesses are exclusively accessible via TLS/SSL encryption. The necessary certificates are automatically created and renewed via Let's encrypt.
The connection to Amazon Cloudfront is only available via TLS/SSL encryption.
Your rights
You have the following rights against us with regard to the personal data concerning you:
(a) The right to obtain information on your data processed by us, including the purposes of processing,
(b) the right to have incorrect personal data corrected,
(c) the right to have your personal data deleted ("right to be forgotten")
(d) the right to demand the restriction of the processing of your personal data,
(e) the right to object to the processing of your personal data
(f) the right to obtain a copy of your personal data in a structured, standard and machine-readable format, provided that the processing of such data is based on your consent or is processed in the context of or in view of a contractual relationship with you ("right to data transferability"),
(g) the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Duration of the storage of your data
We only store your data for as long as we need it to achieve the respective processing purpose and delete it afterwards. We only store your data for as long as we need it to achieve the respective processing purpose and delete it afterwards. In all other cases, we restrict processing if we are obliged to do so, e.g. due to legal regulations, and cannot delete the data.