We'll set your system on fire!!!!

Privacy Policy

Deutsch
English

Controller

Dragon IT-Solutions
Sven Misera
Fürstenstr. 4
48565 Steinfurt

Authorized Representative: Sven Misera

Email Address: service@dragon-it-solutions.de/

Telephone: +49 2552 927025-0

Overview of Proxessing Activitis

The following overview summarizes the types of data processed, the purposes of processing, and the data subjects.

Types of Date Processed

  • Inventory data
  • Contact data
  • Usage data
  • Meta, communication, and procedural data
  • Log data

Categories of data subjects

  • Communication partners
  • Users

Purposes of processing

  • Communication
  • Security measures
  • Organizational and administrative procedures
  • Feedback
  • Provision of our online services and user-friendliness
  • Information technology infrastructure
  • Public relations

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purpose
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

Note on the applicability of the GDPR and the Swiss Federal Data Protection Act (DSG): This privacy notice serves to provide information in accordance with both the Swiss Federal Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). For this reason, please note that due to its broader geographical scope and clarity, the terms used here are those of the GDPR. Specifically, instead of the terms "processing" of "personal data," "overriding interest," and "special categories of personal data" used in the Swiss Federal Act on Data Protection (FADP), we use the terms "processing" of "personal data," "legitimate interest," and "special categories of data" as used in the GDPR. However, the legal meaning of these terms will continue to be determined according to the FADP within the scope of its application.

Security Measures

In accordance with legal requirements, and taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the erasure of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) and the European Economic Area (EEA)) or if processing takes place in connection with the use of third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the level of data protection is ensured by other means, in particular through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of a contractual or legally required transfer (Art. 49 para. 1 GDPR). We will inform you of the legal basis for the transfer to a third country with respect to the individual providers in the third country, whereby the adequacy decisions take precedence. Information on third-country transfers and existing adequacy decisions can be found on the European Commission's website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: Under the so-called "Data Privacy Framework" (DPF), the European Commission has also recognized the level of data protection for certain US companies as adequate in its adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). We inform you in our privacy policy which of our service providers are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal regulations as soon as the underlying consent is withdrawn or no further legal basis for processing exists. This applies to cases in which the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal proceedings or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notice contains additional information on data storage and deletion that applies specifically to certain processing activities.

If multiple retention periods or deletion deadlines are specified for a given date, the longest period always applies.

If a period does not explicitly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships where data is stored, the event triggering the retention period is the effective date of the termination or other end of the legal relationship.

Data that is no longer retained for its originally intended purpose, but is retained due to legal requirements or other reasons, is processed by us exclusively for the reasons that justify its retention.

Further information on processing procedures and methods can be found here.

  • Data Retention and Deletion: The following general retention periods apply to data retention and archiving under German law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the work instructions and other organizational documents necessary for their understanding, accounting documents, and invoices (§ 147 para. 3 in conjunction with para. 1 nos. 1, 4, and 4a AO, § 14b para. 1 UStG, § 257 para. 1 nos. 1 and 4, para. 4 HGB).
    • 6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g. B. Timesheets, cost accounting sheets, calculation documents, price tags, and also payroll documents, insofar as they are not already accounting documents and cash register receipts (Section 147 Paragraph 3 in conjunction with Paragraph 1 Nos. 2, 3, 5 of the German Fiscal Code (AO), Section 257 Paragraph 1 Nos. 2 and 3, Paragraph 4 of the German Commercial Code (HGB)).
    • 3 years – Data required to consider potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and standard industry practices, will be stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 of the German Civil Code (BGB)). 

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information, as well as a copy of the personal data, in accordance with the legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request the completion of incomplete personal data concerning you or the correction of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that personal data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request the restriction of processing of your personal data.
  • Right to data portability: In accordance with legal requirements, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Provision of Online Services and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved); log data (e.g., log files concerning logins or data retrieval, or access times).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); security measures.
  • Storage and Deletion: Deletion is carried out in accordance with the information in the section "General Information on Data Storage and Deletion."
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

  • Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

Use of Cookies

Cookies are small text files or other storage markers that store information on and read it from end devices. For example, they are used to save login status in a user account, shopping cart contents in an online store, accessed content, or used functions of an online service. Cookies can also be used for various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as for analyzing visitor traffic.

Information on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. In particular, permission is not necessary if the storage and reading of information, including cookies, is absolutely necessary to provide users with a telemedia service they have expressly requested (i.e., our online service). The revocable consent is clearly communicated to users and includes information on the respective cookie usage.

The revocable consent is clearly communicated to them. Information on the legal basis for data protection: The legal basis for processing users' personal data using cookies depends on whether we request their consent. If users accept, the legal basis for processing their data is their explicit consent. Otherwise, data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation of our online services and improving their usability) or, if this occurs within the scope of fulfilling our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We explain the purposes for which we use cookies in this privacy policy or within the framework of our consent and processing procedures.

Storage period: The following types of cookies are distinguished with regard to their storage period:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  • Persistent cookies: Persistent cookies remain stored even after the user closes their device. This allows, for example, login status to be saved and preferred content to be displayed directly when the user revisits a website. User data collected using cookies can also be used for audience measurement. Unless we explicitly inform users about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that these cookies are persistent and can be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to processing in accordance with legal requirements, including via their browser's privacy settings.

  • Types of data processed: Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing procedures, processes, and services:

  • Processing of cookie data based on consent: We use a consent management solution to obtain user consent for the use of cookies or for the processes and providers mentioned within the consent management solution. This process serves to obtain, log, manage, and revoke consent, particularly regarding the use of cookies and similar technologies that are used to store, read, and process information on users' devices. Within this process, user consent for the use of cookies and the associated processing of information, including the specific processing activities and providers mentioned in the consent management process, is obtained. Users also have the option to manage and revoke their consent. The declarations of consent are stored to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or using comparable technologies to assign the consent to a specific user or their device. Unless specific information is available regarding the providers of consent management services, the following general guidelines apply: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details of the scope of consent (e.g., categories of cookies and/or service providers concerned), and information about the browser, system, and device used; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Social Media Presence

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about ourselves.

Please note that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These profiles may then be used to display advertisements within and outside the networks that are likely to correspond to the users' interests. Therefore, cookies are generally stored on users' computers to record their usage patterns and interests. In addition, user profiles may also store data independently of the devices used by the users (especially if they are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and the options to object (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively addressed directly with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.

  • Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or image messages and posts, as well as information relating to them, such as authorship or time of creation); Usage data (e.g., page views and time spent on the site, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Communication; Feedback (e.g., collecting feedback via online form). Public relations.
  • Retention and deletion: Deletion as described in the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).