Processing of personal data by Web Shield Services GmbH is governed by the provisions of the Regulation (EU) 2016/679 Of The European Parliament And Of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).
Controller of your personal data is Web Shield Services GmbH, Nordstrasse 1, 04105 Leipzig, Germany.
You can contact our Data Protection Officer by email: email@example.com on all matters relating to the processing of your personal data and the exercise of your rights under GDPR.
We will only use the personal data gathered over this Website as set out in this Policy. Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.
Summary of our processing activities
When you visit our Website for informational reasons, only limited personal data will be processed to provide you with the Website itself. The scope of data is processed may also depend on you browser settings.
In case you send us a request (e.g. to take advantage of our trial), further personal data will be processed in the scope of such services.
We have implemented appropriate safeguards to secure your personal data and retain your personal data only as long as necessary. Under GDPR, you are entitled to exercise certain rights with regard to the processing of your personal data. You will find more detailed information under the indicated sections below.
- “You” refers to unregistered and registered user of Website;
- ”Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. The purposes of the processing and legal basis for processing
A) Data Collection – use of our Website for informational purposes
When you visit our Website for informational reasons, i.e. without registering for any of our provided services and without providing us with personal data in any other form, we may automatically collect information about you which will contain personal data only in limited cases and which is automatically recognised by our server, such as:
- Your IP address;
- Device type, name and IDs;
- Date and time of your requests;
- Content of your requests;
- Information on your browser version;
- Screen resolution;
- Information on your operating system, including language settings;
- the URI addresses (Uniform Resource Identifier);
- the time of the request;
- the method utilized to submit the request to the server;
- the size of the file received in response,
- the numerical code indicating the status of the server's answer (successful outcome, error, etc.);
- the country of origin,
- the features of the browser and the operating system utilized by the User,
- the various time details per visit (e.g., the time spent on each page within the Website)
- the details about the path followed within the Website with special reference to the sequence of pages visited.
We use such information only to assist us in providing an effective service (e.g. to adapt our Website to the needs of your end user device or to allow you to log in to our Website), and to collect broad demographic information for anonymized, aggregate use. The personal data automatically collected is necessary to provide the Website and its stability and security.
The legal basis for such processing is article 6 section 1 point a) of GDPR, which allows the processing of personal data if the processing is consent has been given for such processing. When you start to use our Website, we kindly ask for your consent to process such data.
You can withdraw your consent at any time. Withdrawal your consent does not affect the lawfulness of processing based on consent before your withdrawal.
Personal data that is collected automatically is retained for 60 months and properly erased afterwards.
B) Data Collection – Contact form and free trial request
When you ask for a free trial of Web Shield’s product or place any other request using our contact form, we use the contact information (your name, email, organisation type) and your message to process the request. We retain this information, so we can manage the process of communicating with you.
When you ask for a free trial of Web Shield’s product, then the legal basis for such processing is article 6 section 1 point b) of GDPR, which allows the processing of personal data if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The provision of such information is contractual requirement and is necessary for the proper performance of the contract. Failure to provide this information prevents us from performing the contract.
When you place any other request using our contact form, the legal basis for such processing is article 6 section 1 point a) of GDPR, which allows the processing of personal data if data subject has given consent to the processing of his or her personal data for one or more specific purposes.
You can withdraw your consent at any time. Withdrawal your consent does not affect the lawfulness of processing based on consent before your withdrawal.
Your personal data will be processed for as long as necessary to provide you with the requested information or as required by applicable law.
Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account is used. After deletion of your account, your personal data will be erased after 60 months.
Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data.
By statutory law we are required to retain the provided financial data in relation to transactions (including address, payment and order information) for 10 years. That applies should you have any financial transaction with us.
The legal basis for such processing is article 6 section 1 point c) of GDPR, which allows the processing of personal data if the processing is necessary for compliance with a legal obligation to which the controller is subject.
3. The recipients of personal data
Within the provision of our services, we use the assistance of other entities, which is related to transfer of personal data to them. Therefore, we transfer your personal data to the following recipients:
Typeform: Our Web Shield Academy forms and book purchase forms are hosted off-site (not on our server) and processed digitally by Typeform.com. Using Cookies to store data made available by your web browser, Typeform collects usage data, device and application data, referral data, and other information. Typeform automatically send your form data, email, or survey answers to us. The storage of personal information by Typeform is governed by the terms and conditions set out here.
Zapier: We use the services by Zapier, Inc., 548 Market St., #62411, San Francisco, CA 94104-5401, US (“Zapier”). Zapier will process event-based messages to allow us to integrate other web application in a standardized way. Information transmitted can include name, email and other personal data that is processed by Zapier. Learn more about Zapier’s policies.
HubSpot: We use the marketing automation software HubSpot on our Website. When you register for one of our offers using a form on our Website, your contact information – including your name, email address and company name are collected and saved in HubSpot databases. We use the data to optimise our marketing activities and to manage the communication process with you in the future. The personal information we process includes information about you that is freely available on the internet and that HubSpot also stores. We reserve the right to use the information to contact visitors to our Website by mail or phone, assuming they have provided their contact details for this purpose, to enable us to find out which of our company’s services they are interested in. Further information about HubSpot and its privacy protection is available here.
In addition, we may transfer your personal data, on the basis of the applicable legal provision or the decision of a competent authority, to other recipients, whether public or private. However, we assure you that we will examine every request for personal data very carefully to ensure that it is not passed on to an unauthorised person. We may also exchange your data within the companies of Web Shield Group (capital group of our companies) to provide you the highest standard of our services.
4. Cookies - what are cookies?
The main purpose of cookies is to make it quicker for users to access the selected services. In addition, cookies make it possible to tailor the services offered by the website, allowing information of interest or potentially of interest to be provided to users depending on their use of the services. A cookie is any kind of file or device that is downloaded to a user’s system for the purpose of storing data that may be updated or retrieved by the company responsible for its installation.
I. Cookies – types of cookies
Depending on the company managing them:
- Own cookies – are those which are sent to the user’s system from a system or domain managed by the editor and from which the service requested by the user is provided.
- Third party cookies – are those which are sent to the user’s system from a system or domain that is not managed by the editor, but by another company processing the data obtained through the cookies.
Depending on the period of time that they remain active:
- Session cookies – are those cookies designed for gathering and storing data while the user is using a web page. They are usually used to store information that is only intended for providing the service requested by the user on one single occasion (e.g. a list of purchased products).
- Persistent cookies – in this type of cookie the data continues to be stored on the system and may be accessed and processed during a specific period of time by the manager of the cookie, which may range between several minutes and several years.
Depending on their purpose:
- Technical cookies – are those which allow the user to browse a website, platform or application and use the different options or services offered, such as, for example, controlling data traffic and communication, identifying the session, accessing restricted areas, recalling the parts of an order, carrying out the process for purchase of an order, making a request to register for or participate in an event, using security elements during browsing, storing contents for the transmission of videos or sound or sharing contents through social networks.
- Personalization cookies – are those which allow the user to access the service with certain general predefined preferences depending on a number of criteria in the user’s system, such as, for example, the language, the type of browser through which the service is accessed, the regional configuration from which the service is accessed, etc.
- Analytical cookies – are those which enable the manager to monitor and analyse the behaviour of the users of the websites to which they are linked. The information collected by means of this type of cookie is used to measure the activity of the websites, applications or platforms and to draw up browsing profiles of the users of such websites, applications and platforms to introduce upgrades on the basis of the analysis of the data on the use of the service by users.
- Advertising cookies – are those which enable the most efficient management possible of the advertising space that the editor has included in a website, application or platform from which the requested service is provided based on criteria such as the edited content or the frequency with which the advertisements are shown.
- Behavioural advertising cookies – are those which enable the most efficient management possible of the advertising space that the editor has included in a website, application or platform from which the requested service is provided. These cookies store behavioural information about users obtained through the ongoing observance of their browsing habits, which allows a specific profile to be defined to show advertising on the basis of such profile.
II. Cookies – Third-Party Cookies
You may choose which cookies you want on this Website by setting your browser.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on behalf of the operator of this Website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. For more information on Google Analytics cookies, visit this site. To opt-out of being tracked by Google Analytics across all websites visit this site. This allows you to download and install a Google Analytics cookie-free web browser, however please note that if you do this you may not be able to use the full functionality of this Website. By using this Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
5. Transfers of personal data to third countries or international organisations
Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards than your country of our residence. In particular, your data may be transferred to the United States of America. The basis for the transfer of data to the United States of America is an European Commission decision stating the appropriate level of protection ("Privacy Shield"). Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to keep up an adequate level of data protection also when sharing your personal data with such countries.
We have reasonable state of the art security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
We process your data in a proper manner and take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your data.
Processing of your data is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
7. Data retention
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this Policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.
8. Your rights
Under GDPR, you are entitled to exercise of the following rights:
- right to request from controller access to personal data – you may require (i) information whether your personal data is retained and (ii) access to your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
- right to rectification, erasure or restriction of personal data – you may request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
- right to withdrawal your consent – you may refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
- right to object – you may object, out grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
- right to data portability – you may require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller;
- right to lodge a complaint with a supervisory authority – you may take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.
You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us under the contact details set out below.
10. Contacting us
Please submit any questions, concerns or comments you have about this Policy or any requests concerning your personal data by email to our data protection officer. You can contact us via firstname.lastname@example.org.
The information you provide when contacting us (Web Shield Services GmbH) will be processed to handle your request and will be erased when your request was completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.