Privacy Policy
Disclosure obligations pursuant to Art. 12, 13 ff. EU GDPR
1. Name and address of Controller
Your contact partner as controller within the meaning of the European General Data Protection Regulation (EU GDPR) and other national data protection laws of the member states and other provisions of data protection law is:
Media Services GmbH
Türkenstraße 89
80799 München
Germany
Phone: +49 89 4132 578 1659
Email: webmaster@pharos.de
Homepage: https://www.pharos.de
(hereafter "we", "us" or "our")
2. Address of Data Protection Officer
Our data protection officer can be contacted at the following address:
Data Protection Officer
IT works
Alpenstraße 33
83556 Griesstätt
Deutschland
Phone: +49 8039 497 0000
Email: mediaprivacy@it-works.biz
3. General information concerning data processing
a. Scope of processing of personal data
We process your personal data only to the extent required for the performance of our services. Your personal data is generally only processed based on your consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons or where a statutory authorization permits the processing of your personal data.
b. Legal bases for processing personal data
To the extent that we obtain your consent for the processing of personal data the legal basis for this is Art. 6 (1) letter a EU GDPR.
Where personal data which is required for the performance of a contract between you and us is processed, Art. 6 (1) letter b EU GDPR shall serve as the legal basis. This also applies to processing operations which are required in order to implement precontractual measures.
Where your personal data must be processed in order to meet a legal obligation to which we are subject, Art. 6 (1) letter c EU GDPR shall serve as the legal basis.
In the event that vital interests of you or another natural person necessitate the processing of personal data, the legal basis for this shall be Art. 6 (1) letter d EU GDPR.
If the processing is necessary to protect a legitimate interest of ours or of a third party and if the interests, basic rights and fundamental freedoms do not override the first named interest, the legal basis used by us for the processing is Art. 6 (1) letter f EU GDPR.
c. Erasure of data and duration of storage
Your personal data shall be erased or blocked as soon as the purpose of the storage no longer applies. It may be stored beyond said date if this has been stipulated by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data shall also be blocked or erased if a storage period specified in the said laws expires, unless there is a need to continue to store the data for the purpose of entering into or performing a contract.
d. Server data
For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website. These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site. The data thus collected will be temporarily stored, but not in association with any other of your data. The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website. The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
e. Contact
If you contact us via email or a contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.
Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.
f. Directlinks
A Directlink allows users to share Webgate content with others. Directlink creators can activate an access log. By activating the access log, the name, time, city and country of directlink visitors are recorded and made available to directlink administrators.
The legal basis for this data processing is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest is to detect the unauthorised disclosure of directlinks and their contents.
4. Provision of website and creation of log files
a. Legal basis for the data processing
The legal basis for the processing of your personal data in the context of providing the website is Art. 6 (1) letter f EU GDPR.
b. Purpose of the data processing
The temporary storage by us of your personal data is necessary to enable the website to be delivered to your computer. For this to happen, your personal data must be stored for the duration of the session.
Your personal data is stored in log files in order to ensure that the website is functional. Your personal data also helps us to optimize the website and to ensure that our IT systems are secure. No analysis of your personal data is performed for marketing purposes in this connection.
These purposes also form the basis of our legitimate interest in the data processing pursuant to Art. 6 (1) letter f EU GDPR.
c. Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. Where your personal data is recorded for the purpose of providing the website, this will happen as soon as the relevant session has ended.
If your personal data is stored in log files, these shall be deleted within no more than seven days. It may be possible to store it for longer. In this case your personal data shall be erased or changed to prevent it from being assigned to the visiting customer.
d. Objection and rectification option
Capturing your personal data for the purpose of making the website available and storing your personal data in log files is an absolute requirement for operating the website. You cannot consequently object to this.
5. Use of cookies
a. Legal basis for the data processing
The legal basis for the processing of your personal data using technically necessary cookies is Art. 6 (1) letter f EU GDPR.
b. Purpose of the data processing
The purpose of using technically necessary cookies is to make it easier for you to use our website. Some functions of our website cannot be offered without the use of cookies. For those functions your web browser has to be recognized again even after a page change. The user data collected using technically necessary cookies shall not be used to create user profiles.
This purpose also forms the basis of our legitimate interest in the processing of your personal data pursuant to Art. 6 (1) letter f EU GDPR.
c. Duration of storage
Your personal data is erased as soon as it is no longer required to achieve the purpose for which it was collected; this happens, in particular, when the cookies are deactivated.
d. Objection and rectification option
Cookies are stored on your computer and transmitted from the computer to our website. You therefore also have complete control over the use of cookies. By adjusting the settings in your internet browser you can deactivate or restrict the transfer of cookies. Cookies which are already stored may be deleted by you at any time. This can also be done automatically. If cookies are deactivated for our website not all the functions of the website might be able to be fully used any longer.
6. Newsletter
a. Legal basis for the data processing
The legal basis for the processing of your personal data in the context of mailing the newsletter is Art. 6 (1) letter a EU GDPR where consent has been obtained, or the statutory authorization of section 7 (3) German Unfair Competition Act due to the sale of goods or services.
b. Purpose of the data processing
The collection of your personal data is for the purpose of mailing you the newsletter. Your personal data is processed in the context of mailing the newsletter for the purpose of sales promotion of goods or services.
c. Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. Your personal data shall accordingly be stored as long as the subscription to the newsletter is active.
d. Objection and rectification option
You may cancel the subscription to the newsletter at any time. Each newsletter contains a corresponding link to enable you to do this. Cancelling the subscription also enables the consent to be withdrawn.
7. Registration
a. Legal basis for the data processing
The legal basis for the processing of your personal data as part of registration is Art. 6 (1) letter b EU GDPR.
b. Purpose of the data processing
Your registration facilitates the way contracts are entered into between you and us. The processing of your personal data during registration is therefore necessary in order to perform a contract between you and us or to implement precontractual measures.
c. Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. This happens, during the registration process for the purpose of performing a contract or to implement precontractual measures, when your personal data is no longer necessary for the performance of the contract. Even after the contract is concluded, there may be a need to store personal data of the contracting party to meet contractual or statutory obligations.
d. Objection and rectification option
You have the option to cancel your registration at any time. You can have the personal data that is stored about you changed at any time. If your personal data is necessary for the performance of a contract or to implement precontractual measures the premature erasure of your personal data is only possible where erasure is not contrary to contractual or statutory obligations.
8. Direct marketing
a. Legal basis for the data processing
The legal basis for the processing of your personal data as part of direct marketing by mail is Art. 6 (1) letter f GDPR.
b. Purpose of the data processing
Your personal data is processed in the context of direct marketing by mail for the purpose of sales promotion of goods or services. This purpose also forms the basis of our legitimate interest in the data processing pursuant to Art. 6 (1) letter f GDPR.
c. Duration of storage
Your personal data is erased as soon as it is no longer required to achieve the purpose for which it was collected; this happens, in particular, on receipt of the objection.
d. Objection and rectification option
You can object at any time to the future processing of your personal data in the context of direct marketing by mail.
9. Defending and enforcing legal claims
a. Legal basis for the data processing
The legal basis for the processing of your personal data in the context of defending and enforcing legal claims is Art. 6 (1) letter f EU GDPR.
b. Purpose of the data processing
The purpose of processing your personal data in the context of defending and enforcing legal claims is the defense of unjustified suits and the legal enforcement of claims and rights. This purpose also forms the basis of our legitimate interest in the data processing pursuant to Art. 6 (1) letter f GDPR.
c. Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected.
d. Objection and rectification option
The processing of your personal data in the context of defending and enforcing legal claims is absolutely necessary for the defense and enforcement thereof. You cannot consequently object to this.
10. Categories of recipients
Within our company, those bodies and departments receive personal data that they need to fulfil the aforementioned purposes. We sometimes use various service providers as well and transmit your personal data to other trusted recipients. These can include:
- Media Services subsidiaries
- Banks
- Scan Service
- IT service providers
- Attorneys and courts
11. Rights of the data subject
If your personal data is processed by us, you are the data subject within the meaning of EU GDPR and you have the following rights against us:
a. Right to information
You may request confirmation from us as to whether personal data concerning you is being processed by us.
If it is being processed you can ask us for information about the following:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data which is processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
(4) how long the personal data concerning you is expected to be stored or, if it is not possible to provide specific details, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of the processing by us or a right to object to said processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information concerning the origin of the data if the personal data is not collected from you;
(8) the existence of automated decision-making including profiling pursuant to Art. 22 (1) and 4 EU GDPR and, at least in these cases, meaningful information about both the strategy involved and the impact and the intended effects on you of this kind of processing.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this connection you may request to be notified about the appropriate safeguards in accordance with Art. 46 EU GDPR in connection with the transfer.
b. Right to rectification
You have a right to have us rectify and/or complete data where the processed personal data concerning you is inaccurate or incomplete. We must rectify it immediately.
c. Right to restriction of the processing
You may, subject to the following preconditions, ask for the processing of the personal data concerning you to be restricted:
(1) if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of its use instead;
(3) we no longer need the personal data for the purposes of the processing but it is required for you for the establishment, exercise or defense of legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 (1) EU GDPR pending verification as to whether our legitimate grounds override your grounds.
Where processing of the personal data concerning you has been restricted, such data, with the exception of storage, may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interest of the Union or a member state.
If the processing has been restricted under the above preconditions, you shall be informed by us before the restriction is lifted.
d. Right to erasure
i. Erasure obligation
You may request us to erase the personal data concerning you immediately, and we shall be obligated to erase said personal data without undue delay where one of the following applies:
(1) The data concerning you is no longer necessary for the purposes for which it has been collected or otherwise processed.
(2) You withdraw your consent upon which the processing pursuant to Art. 6 (1) letter a or Art. 9 (2) letter a EU GDPR was based, and there is no other legal basis for the processing.
(3) You submit an objection to the processing pursuant to Art. 21 (1) EU GDPR and there are no overriding legitimate grounds for the processing, or you submit an objection to the processing pursuant to Art. 21 (2) EU GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The erasure of the personal data concerning you is necessary for the purpose of fulfilling a legal obligation under the EU law or the law of the member states to which we are subject.
(6) The personal data concerning you was collected with regard to information society services offered pursuant to Art. 8 (1) EU GDPR.
ii. Information to third parties
If we have made the personal data concerning you public and if we are obligated pursuant to Art. 17 (1) EU GDPR to erase it, we shall take reasonable steps, including technical measures, taking due account of the available technology and cost of implementation, to inform the controllers responsible for processing the personal data that you, as the data subject, have requested the erasure by such controllers of all links to, or copy or replication of, said personal data.
iii. Exceptions
There is no right to erasure where the processing is necessary
(1) for exercising the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by EU or member state law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) letter h and i and Art. 9 (3) EU GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) EU GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defense of legal claims.
e. Right to information
If you have asserted the right to rectification or erasure of data or restriction of the processing against us, we are obligated to inform all recipients to whom the personal data concerning you has been disclosed of said rectification or erasure of the data or of the restriction of the processing, unless this proves to be impossible or is unreasonably expensive.
You have the right to be notified by us of these recipients.
f. Data portability right
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit said personal data which has been provided to us to another controller without hindrance from us where
(1) the processing is based on consent pursuant to Art. 6 (1) letter a EU GDPR or Art. 9 (2) letter a EU GDPR or on a contract pursuant to Art. 6 (1) letter b EU GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from us to another controller, where technically feasible. This right shall not adversely affect freedoms and rights of other persons.
The right to data portability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
g. Right to object
You have the right, on grounds relating to your particular situation, to object at any time to the processing of the personal data concerning you which is based on Art. 6 (1) letter e or f EU GDPR; this also applies to profiling based on these provisions.
We shall no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
Where the personal data concerning you is processed for direct marketing purposes you have the right to object at any time to the processing of the personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of objecting by automated means using technical specifications.
h. Right to withdraw consent according to GDPR
You have the right to withdraw your consent according to GDPR at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
i. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and us,
(2) is authorized by Union or member state law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
These decisions, however, shall not be based on special categories of personal data referred to in Art. 9 (1) EU GDPR, unless Art. 9 (2) letter a or g EU GDPR applies and suitable measures have been taken to safeguard your rights and freedoms and legitimate interests.
With regard to the cases referred to in (1) and (3), we take suitable measures to protect your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
j. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of the personal data concerning you infringes the EU GDPR.
The competent supervisory authority for us is:
Bavarian Federal Office for Data Protection Oversight
PO Box 606
91511 Ansbach
The supervisory authority with which you have lodged a complaint will inform you of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 EU GDPR.
Our Data Protection Officer will be happy to assist if you have any further questions.
12. Third Party Providers
Use of Matomo
1. The scope of processing of personal data
We use the open source tracking tool Matomo (https://matomo.org/) to analyse the surfing behaviour of our users. Personal data can be stored and evaluated, especially the activity of the user (especially which pages have been visited and which elements have been clicked on) and device and browser information (especially the IP address and the operating system).
Matomo is set up in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked for anonymization (e.g.: 192.168.xxx.xxx). In this way it is no longer possible to assign the shortened IP address to the calling computer. The data is stored in our database, protocols or report data is not sent to Matomo servers.
2. Purpose of the data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our online presence. This helps us to constantly improve our online presence and its user-friendliness.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is our legitimate interest in a range measurement in accordance with Article 6(1)(f) GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
5. Possibility of revocation and removal
You can prevent the collection and processing of your personal information by Matomo by disabling the storage of third party cookies on your computer, using the «Do Not Track» feature of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
Use of Freshdesk
1. The scope of processing of personal data
We use functionalities of the cloud-based customer service software Freshdesk from Freshworks Inc. 2950 S. Delaware Street, 94403, San Mateo, California, USA and its representatives in Union Freshworks GmbH, Alte Jakobstrasse 85/86, 10179, Berlin, Germany (hereinafter referred to as Freshworks).
Freshdesk serves as software for communication with customers, as a ticket management system and SLA management.
In case of a support request the following personal data will be processed by Freshworks:
• Email address
• Contents of the support request
Data can be transferred to servers of Freshworks in the USA. Freshworks has subjected itself to the Privacy-Shield-Agreement between the European Union and the USA and has been certified. Thereby Freshworks commits itself to comply with the standards and regulations of the European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000GnbQAAS&status=Active
Other recipients of the data are:
• Amazon Web Services Inc.
• Google Cloud Platform
• SendGrid Inc.
• Twilio, Pusher Ltd.
• PubNub Inc.
• Sumo Logic
• logentires.com Inc.
• Segment
• FullContact Inc.
• Heap Inc.
• Kissmetrics
• New Relics Inc.
• E-HAWK
For more information on how Freshworks processes the data, click here: https://www.freshworks.com/privacy/
2. Purpose of the data processing
Using Freshdesk serves us as a software solution for customer service, such as ticket service and for communicating with customers and their requests.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is in principle the consent of the user in accordance with Article 6(1)(a) GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
Use of Mailgun
1. The scope of processing of personal data
We use functionalities of the Mailgun email dispatch platform of Mailgun Technologies Inc., 548 Market Street Suite 43099, 94101, San Francisco, California, USA (hereinafter referred to as Mailgun Technologies).
The Mailgun Interface (API) is an external email solution that enables applications to send, receive and track email.
Cookies from Mailgun Technologies are stored on your end device.
The following personal data are processed by Mailgun Technologies as a result:
• Sender
• Recipient
• Subject line
• Name
• E-mail address
• Postal address
• Contents of the mails
Data may be transferred to servers of Mailgun Technologies in the USA. Mailgun Technologies has subjected itself to the Privacy Shield Agreement concluded between the European Union and the USA and has been certified. Mailgun Technologies has thus committed itself to complying with the standards and regulations of European data protection law. Further information can be found in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active
Other recipients of the data are:
• Amazon Web Services
• Softlayer
• Rackspace
2. Purpose of the data processing
We use Mailgun as an email service to send, receive and track email through our web applications.
3. Legal basis for the processing of personal data
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest here lies in the data processing purposes mentioned under 2.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
Mailgun stores message content for up to seven days for both incoming and outgoing messages.
A message's metadata, including sender, recipient, subject line, originating IP address and other routing data, is indexed and retained for 30 days.
Use of Onlinecity.io / Gatewayapi.com
1. Scope of the processing of personal data
We use the service Gatewayapi.com from Onlinecity.io / ONLINECITY.IO ApS Buchwaldsgade 50 5000 Odense C, Denmark (hereinafter referred to as Onlinecity) as a service provider for sending Short Message Service (SMS). Hereby a telephone number is transferred to Onlinecity, Webgate.io does not transfer any further personal data to Onlinecity.
The following personal data is processed by Onlinecity:
• Phone number
2. Purpose of the data processing
The service Onlinecity is used for sending one-time passwords in the form of SMS messages. One-time passwords via SMS can also be sent as a fallback for Authenticator apps for 2 factor authentication (2FA). Storing a phone number in Webgate.io can be used in case of a loss of the second factor in order to still enable a registration at Webgate.io..
3. Legal basis for the processing of personal data
The legal basis for the processing is GDPR Article 6 paragraph 1 (a) and (b). The provision of your telephone number is voluntary – by entering it, you agreed to the purpose-linked processing.
4 Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law
Your data will be stored for as long as the purpose requires. With the removal of the phone number from your profile, after a revocation or at the latest with the deletion of you account, they will no longer be processed..
5. Possibility of revocation and removal
You can object to the collection and processing of your personal data by avoiding 2FA as an authentication method or by using Authenticator Apps without SMS as a fallback method when using 2FA.
To revoke, simply delete your telephone number from your profile. You can also send your recovation informally by e-mail to the following address: help@webgate.io