Data Privacy Statement
As of: May 12, 2020
Data protection and the protection of your personal data is our top priority. We will inform you below about the processing of your personal data on our website and in the company. The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR), the new Federal Data Protection Act (BDSG-new) and the Telemedia Act (TMG).
A. Name and Address of the Person Responsible
Greenbone Networks GmbH
Represented by the management:
Dr. Jan-Oliver Wagner
Telephone: + 49 541-760278-0
B. Contact details of the data protection officer
Matthias Wöstemeyer, c / o C&S Consulting, Overbergstraße 45, 49124 Georgsmarienhütte, Germany
C. Processing of Personal Data on our Website 1 Provision of the Website and Creation of Log Files
For the mere visit to our website and the retrieval of the information contained therein, it is not necessary for you to provide personal data. During your visit to our website, we only collect and use data that your internet browser automatically transmits to us:
- Date and time of access to one of our websites
- Your browser type
- Your browser settings
- Your IP address
- The pages you visited
We use this data to technically enable you to visit our site. We also use this data for statistical purposes and to improve our website in design and layout. We store the IP address for the purposes of guaranteeing and maintaining IT security (e.g. detection and defense against so-called DOS attacks) and functionality. The legal basis for the temporary storage of data is Article 6 (1) (f) GDPR.
2 Personal Data
Personal data is only recorded if you voluntarily provide it in the context of a contact request , in the context of the newsletter order or when registering in the Community Portal.
3 Contact Forms, Inquiries
There are several contact forms on our website that can be used to contact us electronically. When using these options , the data entered in the input mask is transmitted to us and stored. This data depends on the respective form:
- E-mail address
- Phone number
- Street, house number
- Zip Code Residential Address
- Content of the message
For the processing of the data, your consent may be obtained in the context of the contact request and reference is made to this data protection declaration. The data sent through the form will be transmitted to us in encrypted form. Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be saved.
4 Newsletter / Community Portal
Registration / Login / Use / Delete Account
As soon as a data subject creates a new account in the Community Portal, the following personal information is stored in our database:
- IP address of the data subject
- User name
- Password (encrypted)
- E-mail address
Registration in the Community Portal takes place via your e-mail address, a user name (pseudonym) and a password. The user name is visible to everyone. Only the portal operator or an administrator has access to the e-mail address.
The following data can be optionally and voluntarily provided:
- Two-factor authentication
- Time zone
If a data subject chooses the option to become a member, the controller sends an automatic confirmation email to double-check whether the owner of the email is really the owner Has chosen this option. By registering as a member, summaries of popular articles are also sent to the user by email each week.
During active use by a data subject (registered user), the following technically necessary (personal) data is collected in the database by the forum software:
- Time of the last login
- Time of the last post
- Number of failed login attempts
- Number of warnings
- IP address
- Access logs / client headers
- Statistical data such as:
- Number of posts
- Number of visited and created
- Number of likes received / gien
- Duration of reading time
The personal data collected will not be passed on to third parties unless such transfer is required by law or to serve as legal defense for the controller.
Note: All posts that are published in the forum are visible to everyone and therefore public.
If your account is to be deleted, simply send us your request for deletion to the following email address: firstname.lastname@example.org. However, your request for deletion must come from the email address to which the account is registered in the forum to ensure that you are actually the owner.
Note: If you delete an account, the contributions you have made will remain publicly viewable.
5 Purposes and Legal Bases for Data Processing on the Website
The processing of personal data from the input masks serves us only to process the establishment of contact on the basis of a legitimate interest (Article 6 (1) (f) GDPR). If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Article 6 ( 1) ( b) GDPR.
By registering in our community portal, we regularly provide information in the forum as well as by email newsletter about interesting offers, news and stories about the company and our products. The legal basis for the processing of the data is the existence of consent in accordance with Art. 6 Para. 1 Letter a GDPR.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 ( 1) ( f) GDPR. If the email contact is aimed at the conclusion of a contract, then additional legal basis for the processing is Art. 6 Para. 1 Letter b GDPR.
6 Duration of Storage for Data Processing on the Website
The data are stored for sending newsletters and registering in the Community Portal until the person concerned objects to the sending of the newsletter with effect for the future or deletes their account in the Community Portal, as long as there are no legal retention requirements.
Contact forms / e-mail contact: If the purpose for storing the data no longer applies, the personal data will be blocked or deleted as long as there are no legal retention requirements.
7 Recipients or Categories of Recipients of the Data (if data is transmitted)
Within the company, those departments / employees receive your data that they need to process your request, and order processors employed by us can also receive your data for these purposes.
8 Information on the Rights of those Affected
Every data subject has the following data protection rights under the GDPR:
- Right to information according to Art. 15 GDPR
- Right to correct incorrect data according to Art. 16 GDPR
- Right to deletion according to Art. 17 GDPR
- Right to restriction of processing according to Art. 18 GDPR
- Right to data portability according to Art. 20 GDPR
- Right to object according to Art. 21 GDPR
To exercise your above-mentioned rights and to withdraw your consent, please contact the above mentioned body.
You have the right to lodge a complaint with a supervisory authority. You can exercise this right with a supervisory authority in the Member State of your residence, your place of work, or the place of the alleged violation. Before you contact the responsible supervisory authority with a complaint, we would like to ask you to clarify this matter with our data protection officer.
9 Transfer to a third country
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place within the scope of the use of third-party services or disclosure or transmission of data to third parties, this will only take place if it happens to fulfill our (pre) contractual obligations, based on your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
D. Cookies / Integration of Services and Content from Third Parties
We use so-called “cookies” on our website. These are small text files that are sent from our web server to your computer in order to identify them for the duration of the visit. We do not collect any personal data via these cookies. Our website can also be displayed without storing cookies. You can deactivate the storage of cookies in the settings of your browser or set it so that it informs you about the intended storage by a website. In this case, you decide whether to accept the cookie. For the full functionality of our website, however, it is necessary for technical reasons to fully allow the temporary cookies.
1 etracker Analysis Tool
Our website uses the etracker analysis service. The provider is etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany. Usage profiles can be created from the data under a pseudonym. Cookies can be used for this. Cookies are small text files that are saved locally in the cache of your internet browser. Cookies make it possible to recognize your browser again. The data collected with the etracker technologies will not be used to personally identify visitors to our website without the separate consent of the person concerned and will not be combined with personal data about the bearer of the pseudonym. etracker cookies remain on your end device until you delete them. The storage of etracker cookies and the use of this analysis tool are based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. You can object to the collection and storage of data at any time with future effect. To object to the collection and storage of your visitor data in the future, click the following button. This sets an opt-out cookie with the name “_et_oi_v2” from etracker. This means that in future no visitor data from your browser for this domain will be collected and saved by etracker. Please do not delete this cookie as long as you want to maintain your objection. Further information can be found in etracker’s data protection regulations: https://www.etracker.com/datenschutz/.
3 Google ReCaptcha
On our website we use the Google service reCaptcha from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) to determine whether a person or a computer has made a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website that you visit with us and on which the Captcha is integrated, the date and duration of the visit, the identification data of the used device Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks for which you have to identify images.
E. Social networks
Functions and content of the Twitter service offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA can be integrated into our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or subscribe to our contributions. If the users are members of the Twitter platform, Twitter can assign the access to the above-mentioned content and functions to the user profiles there. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data protection declaration: https://twitter.com/de/privacy , opt-out: https://twitter.com/personalization.
Functions and content of the LinkedIn service, offered by the inkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated into our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or subscribe to our contributions. If the users are members of the LinkedIn platform, LinkedIn can assign the access to the above-mentioned content and functions to the user profiles there. Data protection declaration of LinkedIn: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection declaration: https://www.linkedin.com/legal/privacy-policy , opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
F. Safety Measures
We use technical and organizational security measures to protect personal data, in particular against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments. We would like to point out that the transmission of data on the Internet, despite all security measures, can result in third parties taking note of or falsifying this data.
If you have any questions or suggestions regarding this data protection declaration, please contact the contact address given in the imprint.
H. Information Requirements According to EU GDPR
I. Update of our Data Protection Guidelines
The ongoing technical development in the field of IT technology and the Internet also requires an adaptation of the existing data protection declaration. We therefore reserve the right to make additions or changes to this data protection declaration.