Privacy Policy of sixData GmbH 

Processing purposes

sixData GmbH processes personal data for the following purposes:

• providing the website, its functions and contents.
• responding to contact inquiries and communicating with interested parties.
• providing information, informational materials, brochures, publications or products.
• defending against malware and threats to the communication technology of sixData GmbH.
• for its own security measures.
• in the context of employment relationships and application procedures.
• in the context of procurement procedures and contractual relationships with external service providers or other partners.

Lawfulness of processing

sixData GmbH processes personal data in accordance with the following legal bases:
 
Art. 6 (1) lit. a GDPR
Many processing activities of personal data are carried out on the basis of voluntary declarations of consent by the respective data subjects. The legal basis for processing operations in which we obtain consent for a specific processing purpose is Art. 6 (1) lit. a GDPR.
 
Art. 6 (1) lit. b GDPR
If the processing of personal data is necessary for the performance of a contract, the processing is based on Art. 6 (1) lit. b GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services.
 
Art. 6 (1) lit. c GDPR
If sixData GmbH is subject to a legal obligation which requires the processing of personal data, the processing is based on Art. 6 (1) lit. c GDPR.
 
Art. 6 (1) lit. d GDPR
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. In such cases, the processing is based on Art. 6 (1) lit. d GDPR.
 
Art. 6 (1) lit. e GDPR
If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, then the processing is based on Art. 6 (1) lit. e GDPR.
 
Art. 6 (1) lit. f GDPR
Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of a legitimate interest of sixData GmbH or a third party, unless such interest is overridden by the interests, fundamental rights and freedoms of the data subject. In this case, the processing is based on Art. 6 (1) lit. f GDPR. 

Personal data categories

The following categories of personal data are processed at sixData GmbH:

• inventory data (e.g. names, addresses, functions, organisational affiliation, etc.)
• contact details (e.g. email, telephone/fax numbers, etc.)
• content data (e.g. text inputs, etc.)
• usage data (e.g. access data)
• meta/communication data (e.g. IP addresses)

 
Retention period

The criterion for the storage period of personal data is the respective retention period stipulated by law. After expiry of the deadline, the corresponding data are routinely anonymised or deleted if they are no longer required to achieve the purpose, fulfill the contract or initiate the contract. sixData GmbH adheres to the principles of data reduction and data economy.
 

Contact via email

Contacting sixData GmbH by email is also possible via functional mailboxes in addition to the employees' personal business email addresses.
 
Insofar as you use one of the aforementioned contact channels, the data transmitted by you, or at least the email address, as well as the information contained in the email, including any personal data transmitted by you, will be stored for the purpose of contacting you and processing your request.
 
The following data are also collected by the system:
(1) IP address of the calling computer
(2) Date and time of the email
 
We would like to point out that the processing of the data is based on Art. 6 (1) lit. b or Art. 6 (1) lit. e or f GDPR. Processing of the personal data you provide is necessary for the purpose of processing your request.
 

Letters

If you write a letter to sixData GmbH, the data you provide and the information contained in the letter, including any personal data you may have provided, will be stored for the purpose of contacting you and processing your request.
 
We would like to point out that the processing of the data is based on Art. 6 (1) lit. b or Art. 6 (1) lit. e or f GDPR. Processing of the personal data you provide is necessary for the purpose of processing your request.
 

Telephone

If you contact an employee by telephone, your personal data will be processed to the extent necessary to process your request.
 
We would like to point out that the processing of transmitted data and the content, which may also contain personal data transmitted by you, is based on Art. 6 (1) lit. b or Art. 6 (1) lit. e or f GDPR for the purpose of processing your request.
 

Online meetings, presentations and video conferences

sixData GmbH uses the Microsoft Teams tool to conduct online meetings, video conferences and/or online seminars.
Microsoft Teams is a product of the Microsoft Corporation. For information on the purpose and scope of data collection and processing, please refer to the Terms of Use of the Microsoft Corporation.
There you will also receive further information about your rights in this regard.
sixData GmbH has no influence on the collection of data or their further use by Microsoft Corporation. 
 
Which data are processed?
When using online meetings, different types of data are processed. The scope of the data depends on what information is provided before or during participation in an online meeting, as well as what personal data you submit.
 
The following personal data are subject to processing:
 
User details: e.g. display name, email address, profile picture (optional), preferred language
Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
Text, audio and video data: It is possible to use the chat function in an online meeting. In this respect, the text entries made by the respective user are processed in order to display them in the online meeting. To enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device are processed accordingly for the duration of the meeting. The user can turn off or mute the camera or microphone at any time via the meeting applications.
There is still the possibility of screen sharing, in which case all contents of the shared screen are processed.
If we want to record online meetings, we will transparently inform you beforehand and ask for your consent. The meeting can only be recorded if you give your consent to this. The recordings are automatically deleted after 21 days.
All participants in an online meeting have access to the shared files, content and comments. 
Legal basis: 
The legal basis for the recording of online meetings after the user's consent is Art. 6 (1) lit. a GDPR, furthermore for the execution of online meetings Art. 6 (1) lit. b GDPR, otherwise Art. 6 (1) lit. f GDPR.
 

Applications and application procedure

sixData GmbH collects and processes the personal data of applicants for the purpose of personnel recruitment (Art. 6 (1) lit. b GDPR, § 26 (1) sentence 1 BDSG).
The processing usually takes place electronically, for example when the application documents are sent by email. The application documents are used exclusively for the purpose of establishing an employment relationship.
If an employment relationship is established following the application process, the personal data required in the employment context are transferred to the personnel file and continue to be stored (Art. 88 (1) GDPR, § 26 BDSG).
 
If no employment relationship is established following the application process, the application documents will be deleted six months after the rejection is sent, in compliance with data protection regulations.
 
If your application is unsuccessful, but is considered again in future application procedures, we will store your application documents on the basis of consent that you must then provide (Art. 6 (1) lit. a GDPR, § 26 (1) Sentence 1 BDSG). You can withdraw your declaration of consent at any time; your application documents will then be deleted immediately in compliance with data protection regulations.
 

Collection of general information

When you access our website or use our products, information of a general nature is automatically collected. This is only information which does not allow you to be identified. This information is technically necessary in order to correctly deliver the website content you have requested and is mandatory when you use the website. Anonymous information of this kind is statistically evaluated by us to allow us to optimise our website and products, as well as the technology behind them.
 

Technically necessary cookies

sixData GmbH uses cookies. Cookies are small text files that are exchanged between the web browser and the hosting server. Cookies are stored on the user's computer and transmitted from it to our site. Users can restrict or fundamentally prevent the use of cookies by means of a corresponding setting in their web browser. Previously saved cookies can be deleted at any time. If cookies are disabled for our website, this may result in the website not being able to be displayed or used to its full extent. On the other hand, cookies are necessary to technically ensure the secure and correct provision of websites. On the website of sixData GmbH, these types of cookies are used to increase the security and functionality of the web applications offered. No information is collected that can be traced back to the actual user.
 
The legal basis for the processing of personal data using such cookies is Art. 6 (1) lit. f GDPR.
 

IP-Address

The processing of the IP address when accessing our websites is aimed at ensuring and maintaining security and functionality, particularly to detect and combat so-called "Denial-of-Service" cyber at tacks, which aim to disrupt the functionality of our websites.
The legal basis is legitimate interest pursuant to Article 6(1)(f) of the GDPR.
Our legitimate interest in storing the IP address lies in ensuring the functionality and security of our website, enforcing legal claims, preventing abuse, and improving our services. To ensure the lawfulness of this data processing, a balancing of interests has been conducted.
We have carefully weighed whether our interests outweigh the fundamental rights and freedoms of the individuals concerned. We have determined that the storage of the IP address is carried out to an appropriate extent and does not unduly infringe upon privacy of the website visitors. We ensure the protection of personal data through suitable technical and organizational measures.
 

Newsletter

If you would like to receive the newsletter offered on the website, we need you to provide an email address as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. We use the double opt-in procedure to ensure that the newsletter is sent out on a consensual basis. In the course of this, the potential recipient can be added to a distribution list. The user then receives a confirmation email to confirm the registration in a legally secure manner. The address will only be actively added to the distribution list if the confirmation is received.
We use these data exclusively for sending the requested information and offers. The newsletter software used is Sendinblue (formerly Newsletter2Go). Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and using them for purposes other than sending newsletters. Sendinblue GmbH is a German certified provider, which was selected according to the requirements of the EU General Data Protection Regulation and the German Federal Data Protection Act.
For more information, please click here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go
You can withdraw your consent to the storage of the data and the email address, as well as to their use for the sending of the newsletter, at any time, for example via the "unsubscribe" link in the newsletter.
The data are processed on the basis of your consent according to Art. 6 (1) lit. a GDPR and in the context of legitimate interest according to Art. 6 (1) lit. f GDPR.
An order processing contract exists between sixData GmbH and Sendinblue GmbH in accordance with Art. 28 GDPR. 
 

Online presence on social media

sixData GmbH maintains online presences on social media in order to inform active users of these platforms about the services and information offered by sixData GmbH and to communicate directly via the platforms in the event of interest. Social media offers users who prefer this type of information an alternative way to communicate.
 
sixData GmbH is currently represented on the following platforms with its own online profiles:

• Facebook
• Xing
• YouTube
• Linkedin

All offers on the website are accessible via an external link. The copyright of the image material used for linking our online presences adheres to the specifications of the respective provider. For further information, please refer to sections "9.7Links to websites of other providers" and "9.8 Copyright" of this privacy policy.
 
As soon as visitors access the social media profiles on the respective platform, the terms and conditions and data processing policies of the respective operators apply there.
 
sixData GmbH has no influence on the collection and further use of data by the social media platforms. For example, there is no information on the extent, location or duration of the data retention, or on the extent to which the social media platforms comply with existing deletion obligations, what evaluations and links are made with the data and whom the data are passed on to. sixData GmbH therefore expressly draws attention to the fact that user data (e.g. personal information, IP address) are stored by the operators of the platforms in accordance with their data usage guidelines and used for business purposes.
 
sixData GmbH processes the data of users on social media insofar as they contact and communicate with sixData GmbH.
We do not activelycollect any further user data there, nor do we have external services process user data.
The legal basis for the processing of personal data in line with
legitimate interest is Art. 6 (1) lit. f GDPR.

 
Google AdWords

Our website uses Google conversion tracking. If you have accessed our website via an ad placed by Google, Google AdWords will set a cookie on your computer. These cookies lose their validity after 30 days and are not used for personal
identification. 
If the user visits our website and the cookie has not yet expired, Google and sixData GmbH can recognise that the user has clicked on the ad
and has been redirected to this page. Each Google AdWords customer (including
sixData GmbH) receives a different cookie. These cookies can therefore not be tracked by other AdWords customers via the
websites. sixData GmbH compiles statistics for marketing purposes with the information obtained through
the conversion cookies. However, Google,
just like sixData GmbH, does not receive any information with which users can be personally identified. For more information, please refer to Google's Terms of Use.
 

sixData support website

When you visit our support website to use the upload and download service of sixData GmbH, information of a general nature which proves to be technically necessary is automatically collected.
 
If an account has been created for you, you can use this service. Personal data as listed under point 5 in this privacy policy will only be stored for as long as is necessary to achieve the purposes listed under point 7 in this privacy policy. Your data subject rights as listed under point "17 Data subject rights" in this privacy policy remain unaffected.
 
The processing of the data is based on your consent according to Art. 6 (1) lit. a GDPR and in the context of contract performance or pre-contractual measures according to Art. 6 (1) lit. b GDPR and legitimate interest according to Art. 6 (1) lit. f GDPR.
 

Links to websites of other providers

Our website contains links to websites of other providers – known as external links. The contents of the targets of these external links are beyond our control, so we do not assume any liability for such contents. The responsibility always lies with the respective operator of the external pages. At the time of the external links being embedded, no legal violations were apparent. Permanent monitoring of external content for legal violations without concrete evidence is not reasonable for us. Should we become aware of any legal violations, we will remove the corresponding external links immediately.
Linking to YouTube videos: When you click on the YouTube link, you will be redirected to YouTube servers and a new browser window will open. In this process, YouTube receives information on which pages you are visiting. For more information on the purpose and scope of data collection and processing by YouTube, please see the Google Terms of Service. There you will also find further information about your rights in this regard as well as setting options to protect your privacy. Please note that YouTube LLC is a subsidiary of Google LLC.
 

Copyright

sixData GmbH adheres to the requirements of copyright law when using image material. When using non-proprietary image material such as logos, the guidelines of the respective providers are taken into account or consent to use the same is obtained.
If you would like to use image material of sixData GmbH, such as the stoerung24 logo, please contact info@sixdata.de.
 

If you have chosen luxData.mobile, luxData.mobileApp and/or luxData.easyApp as an extension for your luxData environment, pre-configured user information is synchronised to the device depending on the authentication method used. This exclusively concerns application-internal groups or users. Passwords are encrypted according to the current state of the art. When using the apps without authentication, these data do not reach the terminal device.
The personal data required for use are not evaluated. 

The apps for iOS use the TeamViewer ScreenSharing SDK for remote maintenance purposes (https://www.teamviewer.com). Please check the manufacturer's website for its privacy policy. sixData GmbH has no influence on this.

The apps use the maps of the service "OpenStreetMap" (https://www.openstreetmap.org), which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF) to visually display geographical information. During use, user data are used exclusively for the purposes of displaying the map functions and temporarily storing the selected settings. These data may include, in particular, IP addresses and location data of users, which, however, will not be collected without consent (usually issued in the settings of their mobile devices). Details can be found in the OSMF Privacy Policy.

Crash reports
To analyse app crashes, we use the crash reporting solution Firebase Crashlytics, a service of Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland.
Google Firebase Crashlytics is a simple, real-time crash reporter that helps us analyse the causes of crashes and is used for app stability and improvement. 
In the event of a crash, anonymous information is collected about the devices used and the use of our app (e.g. the timestamp, when the app was launched and when the crash occurred), which allows us to diagnose and resolve issues. The data are transferred to Google's servers in the USA and stored in anonymised form. The processing of Firebase Crashlytics / Firebase Crash Reporting data takes place at Google, resulting in a transfer of your data to states outside the EU, in particular the USA. Google may use the collected data for its own purposes or share them with other Google services. Both Google and government agencies have access to these data and may link them to other data.
The storage period for the data collected in this way is set at 90 days in accordance with the provider's privacy policy.
For more information, please refer to the provider's privacy policy at https://firebase.google.com/support/privacy
Google Firebase Crashlytics is used to optimise this app and improve our online services. 
Crash reports are only sent with your explicit consent, which you can amend or revoke at any time in the app settings.
The following data are collected: Crashlytics installation UUIDs, crash traces, breakpad minidump formatted data, state of the app at the time of the crash, phone manufacturer and operating system, latest log messages
The legal basis for the processing of the data after the user's consent is Art. 6 (1) lit. a GDPR, otherwise Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. f GDPR.

If you have chosen luxData.web or luxData.mobileWeb as an extension for your luxData environment, information of a general nature which proves to be technically necessary is automatically collected when you use the web application.
 
The legal basis for the processing of personal data in line with legitimate interest is Art. 6 (1) lit. f GDPR.
 
Furthermore, after the purchase of our product, Art. 6 (1) lit. b GDPR applies as the legal basis for consent. This also applies to the implementation of pre-contractual measures based on the interest of the data subject.

luxData.map

luxData.map is a development of sixData GmbH which provides a new map component for the geographical representation of geodata. 
For this purpose, sixData GmbH uses its own OpenStreetMap server hosted in Germany. Therefore, no data will be collected, processed or used by any parties other than sixData GmbH in connection with the use of the map functions.
In the server logs, only the IP addresses and timestamps are recorded for map call-ups.
 
The legal basis for the processing of this personal data is Art. 6 (1) lit. f GDPR in line with legitimate interest, as well as Art. 6 (1) lit. b for the performance of a contract.
 

SSL Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
 

Deletion or anonymisation of the data

We comply with the principles of data reduction and data economy. We therefore only store your personal information as long as it is necessary for the purposes stated herein or according to the file retention periods required by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data are routinely anonymised or deleted in accordance with the statutory provisions.
 

When reporting a fault, some personal data, as listed in point 6 Categories of personal data in this privacy policy, will be collected. These data are voluntary and subject to the public interest. The data will be forwarded by sixData GmbH to the operator responsible for processing the fault or to other bodies that could eliminate the fault.
 
Personal data will only be stored for as long as is necessary to achieve the purposes of processing stated in point 4 of this privacy policy.
 
The stoerung24 web portal and the stoerung24 app use the map service luxData.map/Open Streetmap to visually display geographical information. 

The legal basis for the processing of the data after the user's consent is Art. 6 (1) lit. a GDPR, Art. 6 (1) lit. b GDPR, otherwise Art. 6 (1) lit. e GDPR and Art. 6 (1) lit. f GDPR.
For further information please refer to the privacy policy of stoerung24. 

 

luxData.map

luxData.map is a development of sixData GmbH which provides a new map component for the geographical representation of geodata. 
For this purpose, sixData GmbH uses its own OpenStreetMap server hosted in Germany. Therefore, no data will be collected, processed or used by any parties other than sixData GmbH in connection with the use of the map functions.
In the server logs, only the IP addresses and timestamps are recorded for map call-ups.
 
The legal basis for the processing of this personal data is Art. 6 (1) lit. f GDPR in line with legitimate interest, as well as Art. 6 (1) lit. b for the performance of a contract.

 
Contract for order processing

Of course, sixData GmbH is always available for a contract for commissioned processing according to Art. 28 GDPR. Our data protection officer will be happy to assist you.
 

To exercise your data subject rights under the GDPR, send an email with your request to datenschutz@sixdata.de

Right of access Art. 15 GDPR

You have the right to obtain confirmation from sixData GmbH as to whether personal data concerning you are being processed by sixData GmbH. If such processing exists, you may request information about the following:

 

• the purposes for which the personal data are processed
• the categories of personal data which are processed
• recipients to whom the personal data concerning you has been or will be disclosed
• the planned duration of the storage of the personal data concerning you or, if concrete information on this is not available, criteria for the determination of the storage duration
• whether the personal data concerning you will be transferred to a third country. In this context, you may request to be informed about the appropriate safeguards according to Art.46 GDPR in connection with the transfer

 
Other rights 

• You have a right to rectification (Art.16 GDPR) and a
• Right to erasure (Art. 17 GDPR) of the personal data concerning you.
• You have the right to restriction of processing (Art. 18 GDPR) by the controller
• As well as the right to object to the collection, processing and use of the data (Art. 21 GDPR)
• You have a right to withdraw your consent (Art. 13 and 14 GDPR)

 
Before we can comply with your data subject rights, we may need you to provide evidence that you are the person you claim to be.
 

Right of appeal

You have the right to complain to a supervisory authority about the processing of personal data at sixData GmbH.
The competent supervisory authority is the 
Bavarian State Office for Data Protection Supervision (BayLDA)
Postfach 1349
91504 Ansbach
Germany
 

Software as a Service

When you use our products in our hosting environment, we collect data that is necessary for order processing. This includes login data, timestamps, and IP addresses. This data is required for contract-compliant delivery and data security.
Personal data collected and processed within the applications by customers are the responsibility of the respective customer, who must ensure compliance with the GDPR (e.g., legal bases, purposes of processing, deletion deadlines, data minimization, etc.).
Within the scope of the data processing agreement, we only provide the software used and process the data at the customer's instruction.
When using our SaaS offerings, a data processing agreement is mandatory. 
The servers hosting the software are located in certified data centers in Germany. 
sixData GmbH meets the requirements of IT security and data protection with suitable technical and organizational measures according to the state of the art and verifies this with an annually renewed DIN ISO 27001 certification.