Privacy Policy

This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") in the course of the provision of our services, as well as related websites, features and content. With regard to the terminology used, e.g. "personal data" or "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible:
Christian Werner, frontmark GmbH
Taunusstraße 63
65183 Wiesbaden
Germany
Tel.: +49 611 167 511 51
Email: info@frontmark.de

Types of processed data:
– Inventory data
– Contact information
– Content data
– Usage data
– Meta / communication data (e.g., device information, IP addresses).

Processing of special categories of data (Art. 9 (1) GDPR):
No special data categories are processed, unless these are commissioned to processing by the user, e.g. by email.

Categories of affected persons:
– Visitors and users of the online presence
– Customers
Hereinafter we refer to the affected persons as "users".

Purpose of processing:
– Providing the online services, its contents and functions
– Marketing / advertising
– Answering contact form / email requests.

Date of publication: 12/8/2022



1. Relevant legal basis

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis of our data processing. Unless said legal basis is mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6 (1) (a) and Art. 7 GDPR; the legal basis for the processing and discharge of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) (b) GDPR; the legal basis for processing in order to fulfil our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 (1) (f) GDPR. In the event that the vital interests of affected persons or other natural persons require the processing of personal data, Art. 6 (1) (d) GDPR provides as legal basis thereto.


2. Changes and updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We will modify the privacy policy as soon as changes to data processing necessitate it. We will notify you as soon as the changes require your participation (e.g. consent) or other individual notification.


3. Security measures

We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the latest technology, implementation costs and the nature, scope, circumstances and purposes of the processing as well as the probability of occurrence and severity of the risk to the rights and freedoms of natural persons and organisational measures to ensure a level of protection appropriate to the risk; measures include, in particular, ensuring the confidentiality, integrity and availability of data by monitoring physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the management of the rights of affected persons, data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the developmental phase, or selection of hardware, software and procedures, according to the principle of data protection by technology design, taken into account privacy aware default settings (Art. 25 GDPR).

One of the security measures is the encrypted transfer of data between your browser and our server.


4. Cooperation with processors and third parties

4.1. If, in the context of our processing, we disclose data to other persons and companies (processors or third parties) or otherwise grant access to the data, this will only be done on the basis of legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR for the performance of the contract) you have consented to, a legal obligation or based on our legitimate interests (e.g. the use of agents, web hosting, etc.).

4.2. If we commission third parties to process data on the basis of a so-called ”processing contract”, this is done on the basis of Art. 28 GDPR.


5. Transmission to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfil our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That is, processing is, for example, on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. through the “Privacy Shield” for the USA) or compliance with officially recognized special contractual obligations (the so-called “standard contractual clauses”).


6. Rights of affected persons

6.1. You have the right to ask for confirmation as to whether the data in question is processed and for information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

6.2. According to Art. 16 GDPR, you have the right to demand the completeness of the data concerning you or the correction of the incorrect data concerning you.

6.3. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand a restriction of the processing of data in accordance with Art. 18 GDPR.

6.4. You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request the transmission thereof to other responsible persons.

6.5. Pursuant to Art. 77 GDPR, you also have the right to file a complaint with the responsible supervisory authority.


7. Right of cancellation

You have the right to revoke consent in accordance with. Art. 7 (3) GDPR with future effect.


8. Right of objection

You can object to the future processing of your data at any time, in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.


9. Cookies

By using our website, a cookie will be stored on your device.
– “cookie_notice_accepted” stores your setting for the cookie notification banner / duration: until the end of the session

By using our Application Platform https://apps.frontmark.de, cookies will be stored on your device.
– “__Host-auth_token” and “__Host-ws_server” store session identifiers / duration: until the end of the session
– “__Host-reset_token” for the "Forgot your password?" feature / duration: until the password has been reset or 12 hours

Third-party services (see below) may store additional cookies on your device.


10. Deletion of data

The data processed by us is deleted or limited in regard to processing, in accordance with Art. 17, pursuant to Art. 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us is deleted as soon as it is no longer required and said deletion does not conflict with any statutory storage requirements. If the data is not deleted, because it is required for other and legitimate purposes, its processing will be restricted. That is, the data is blocked and not processed for other purposes. This applies, for example, for data that must be kept for commercial or tax purposes.


11. Establishing contact

11.1. When contacting us (via contact form or email), the information provided by the user is used to process the contact request, pursuant to Art. 6 (1) (b) GDPR.

11.2. User information can be stored in our Customer Relationship Management System (“CRM System”) or similar organisation.


12. Collection of access data and log files

12.1. Based on our legitimate interests, within the meaning of Art. 6 (1) (f) GDPR, we collect data concerning all access to our websites and servers (so-called server log files). The access data includes the name of the accessed web page, file, date and time of access, transferred data and amount of data, message about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the enquiring provider.

12.2. Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of six months, after which time the information is deleted. Where further data retention is required for evidential purposes, it shall be exempted from the aforementioned cancellation period until the final clarification of the incident.


13. Web analysis / reach measurement

13.1. In the context of a pseudonymous reach measurement no cookies will be stored. All statistical data will be locally stored and evaluated on our web servers in Germany.

13.2. IP addresses will be stored anonymized only and cannot be re-identified. Further personal data will not be gathered for the for web analysis.


14. Integration of third-party services and content

14.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online presence within the meaning of Art. 6 (1) (f) GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, e. g. as map-embeddings, (collectively referred to as “content”). This always presupposes that the third-party providers of this content are aware of the IP address of the users, since they could not send the content to the users’ browser without the IP address. The IP address is therefore required for the presentation of this content. We attempt to only use content from respective providers that use the IP address solely for the purposes of delivering said content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring websites, time of access, and other information regarding the use of our online presence.

14.2. The following provides an overview of third-party providers and their content, as well as links to their privacy policies, which contain further information on the processing of data and, as already mentioned in part, possibilities for objection (so-called opt-out):

– “Google reCAPTCHA”
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. The corresponding code will only be sent to your device if you agree with that explicitly (via form checkbox).

– “Google Analytics”
This site uses Google Analytics for advertising purposes / for commercial advertising. The corresponding code and the cookies will only be sent to your device if you agree with that explicitly (via cookie notification banner). IP addresses will be stored anonymized only and cannot be re-identified. Further information about Google Analytics can be found at https://marketingplatform.google.com/intl/en/about/analytics/ and in the Google Privacy Policy.

“Storage Share”
Our website https://share.frontmark.de (“frontmark Storage Share”) is powered by Nextcloud (“open source private cloud software”) and hosted by Hetzner in german data centers. Further information about Storage Share can be found at Hetzner and Nextcloud.

– “Cloudflare”
Our websites use Cloudflare services to increase security and performance. Cloudflare offers amongst others a globally distributed CDN (Content Delivery Network) and DNS (Domain Name System). To be able to recognize and defend against attacks, requests to our websites are analysed and evaluated by Cloudflare (acting as a reverse proxy). Further information about Cloudflare can be found at https://www.cloudflare.com/gdpr/introduction/ (“Cloudflare's commitment to GDPR compliance”) and in the Cloudflare Privacy Policy.