Beyond Information Security

Privacy Policy

We care about your privacy

We appreciate your interest in our company and what we offer. We are aware that you put your trust in us to responsibly handle the personal information you provide us and not pass it on to third parties. The protection of your personal data is particularly important to us.

The following privacy policy is intended to inform you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online presence and the associated websites and functions (hereinafter collectively referred to as “online presence”). With regard to the terms used in our privacy policy, such as “processing” or “data controller”, we refer to the definitions in the General Data Protection Regulation (GDPR), specifically Art. 4 in this case. We also use this privacy policy to inform you of the rights you have.

The use of our website is generally possible without providing personal information. If you wish to use certain services on our website, it may be necessary to process some of your personal data. 

(1) Name and address of the data controller

The data controller responsible for the processing of your data within the meaning of the General Data Protection Regulation and the German Data Protection Act (BDSG) is:

SpecOps Solutions GmbH
Wiesbadener Str. 163
61462 Königstein, Germany
Phone: +49 6142 2597110

Website: www.specops-solutions.com
Email: office@specops-solutions.com

(2) Data protection officer

We have appointed a data protection officer whom you can reach as follows: 
datenschutzbeauftragte@specops-solutions.com
Data Protection Officer
SpecOps Solutions GmbH
Wiesbadener Str. 167
61462 Königstein, Germany

We have also appointed a data protection coordinator whom you can reach as follows: 
datenschutzkoordinator@specops-solutions.com
Data Protection Coordinator
SpecOps Solutions GmbH
Wiesbadener Str. 167
61462 Königstein, Germany

If you have any questions or suggestions regarding data protection in our company as the person responsible, please contact our data protection coordinator or our data protection officer at any time.

(3) Applicable legal bases for the processing of personal data

The processing of personal data, e.g. the name, address, email address or telephone number of a data subject, is carried out by us exclusively in accordance with the requirements of the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to us in Germany (BDSG). 

In accordance with the requirements of Art. 13 GDPR, we hereby inform you below of the legal basis for our data processing:  

The legal basis for obtaining your consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for the processing of personal data to fulfill our contractual performance obligations and to answer inquiries is Art. 6 para. 1 lit. b GDPR. The legal basis for the processing of personal data to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that your vitally important interests or those of another natural person require processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.

In addition to the above-mentioned regulations of the GDPR, national regulations covering data protection apply in Germany. This includes, in particular, the Law on the Protection against the Abuse of Personal Data in the Processing of Data (new BDSG). In particular, new BDSG contains special rules on the right of access, the right of erasure, the right of appeal, the processing of specific categories of personal data, the processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. In addition, and in particular, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG) with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, national laws on data protection can be applied in the individual federal states.

(4) Your rights as a data subject

Art. 12 ff. GDPR grant data subjects various rights, about which we hereby inform you below.

Right of confirmation
You have the right to request an explanation as to whether personal data about you will be processed. In order to exercise this right, please contact either our data protection coordinator or our data protection officer.

Right to information
You also have the right to receive free information about the personal data stored about you, as well as further information and a copy of the data in accordance with Art. 15 GDPR. You also have the right to receive information about the following information:

  • the purpose of the processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
  • the existence of a right to correct or delete personal data concerning you or to object to or place a restriction on its further processing by the data controller;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • any available information as to the source of personal data not collected from you;
  • the existence of automated decision-making, including profiling, as defined in Art. 22 para.1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for you.

Furthermore, you have a right of access to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transfer. If you want to exercise this right to information, please contact either our data protection coordinator or our data protection officer.

Right to have data corrected
According to Art. 16 GDPR, you have the right to request the completion or correction of the data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary declaration. If you would like to exercise this right to correction, please contact either our data protection coordinator or our data protection officer.

Right to deletion (Right to be forgotten)
In accordance with Art. 17 GDPR, you also have the right to request that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to request a restriction on the processing of the date, provided one of the following reasons applies and if processing is not necessary:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw the consent on which the processing was based in accordance with Art. 6 para. (1) (a) GDPR or Art. 9 2 (a) GDPR and there is no other legal basis for its continued processing.
  • you object to its continued processing in accordance with Art. 21 para. 1 or 2 GDPR and there are no overriding legitimate grounds for its continued processing;
  • the personal data has been unlawfully processed;
  • (the personal data must be deleted in compliance with the obligations under European Union or Member State law to which the data controller is subject);
  • the personal data has been collected in relation to services offered by an information collection company according to Art. 1 GDPR.

If one of the above reasons applies and you would like to have personal data stored by us deleted, please contact either our data protection coordinator or our data protection officer.

The right to restrict processing
You also have the right to request that we restrict processing if one of the following conditions is met:

  • you contest the accuracy of the personal information; its further processing may be restricted until such time as we verify its accuracy;
  • the processing is unlawful, yet you do not wish to have the personal data deleted and instead demand a restriction on its use;
  • we no longer need the personal data for its stated purpose, but you do need it to assert, exercise, or defend legal claims.
  • you have objected to the processing pursuant to Art. 21 para. 1 GDPR, but it is not yet clear whether our legitimate reasons outweigh yours.

If one of the above requirements is met and you would like to request the restriction of personal data stored by us, please contact either our data protection coordinator or our data protection officer.

The right to data portability
You have the right to obtain a copy of the personal data you have provided to the controller in a structured, commonly used machine-readable format. You also have the right to request that we transfer this data to another data controller, provided that the processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or in a contract in accordance with Art. 6 para. 1 lit. b GDPR and the processing is carried out using automated processes, and if the processing is not necessary for the performance of a task that is in the public interest or in the exercise of official authority assigned to us and unless the rights and freedoms of other people be affected. If you would like to assert the right to data portability, please contact either our data protection coordinator or our data protection officer.

Right to object
You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

If you object to its continued processing, we will no longer process your personal data unless we have compelling legitimate grounds for its continued processing that outweigh your interests, rights, and freedoms, or the processing is necessary in order to establish, exercise, or defend legal claims. If we process personal data for direct marketing purposes, you have the right to object the same at any time. This also applies to any profiling connected with such direct advertising. In addition, you have the right to object to the processing of your personal data that we use for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task in the public interest. To exercise the right to object, please contact either our data protection coordinator or our data protection officer.

Automated individual decision-making including profiling
You have the right not to be subject to a decision based exclusively on automated processing, including profiling, which has a legal effect against you or which significantly affects you in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between you and us, or (2) is admissible under Union or Member State legislation to which we are subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or (3) takes place with your express consent. In order to assert your rights regarding automated decisions, please contact either our data protection coordinator or our data protection officer.

Right to revoke consent
Moreover, you have the right to revoke your consent to the processing of your personal data at any time. In order to revoke your consent, please contact either our data protection coordinator or our data protection officer.

Right of appeal to the competent supervisory authority
Furthermore, according to Art. 77 GDPR you have the further right to lodge a complaint with the responsible supervisory authority.

(5) Deletion of data

The personal data we process will be deleted or have its processing restricted in accordance with Art. 17 and 18 GDPR.

Unless expressly stated in this Privacy Policy, the data we store will be deleted as soon as it are no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

In particular, pursuant to legal requirements in Germany, data must be retained for 6 years pursuant to § 257 para. 1 of the German Commercial Code [HGB] and ten years pursuant to § 147 para. 1 of the German Tax Code (AO).

(6) Collection of general data and information, types of processed data, categories of data subjects, and processing purposes

Hosting
We use external hosting services. This serves to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this website. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, potential customers and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering according to Art. 6 para. 1 lit. f and Art. 28 GDPR.

The web hosting services we use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders are processed, as are other information concerning email (e.g. the providers involved) and the content of each email. This aforementioned data can also be processed for the purpose of detecting spam. Please note that emails are not encrypted on the internet. Typically, while emails are encrypted during transport, they are not encrypted on the servers from which they are sent and received (unless the end-to-end encryption method is used). We cannot therefore take responsibility for the transmission of emails between the sender and their being received by our server.

The types of user data include: content data (text input, photographs, videos), usage data (visited websites, interest in content, access times), and meta/communication data (device information, IP addresses).

Recording of access data
Each time our site is accessed by a data subject or an automated system, a set of general data and information is collected based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. This general data and information is stored in the log files of the server. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-pages which are accessed via an accessing system on our website, (5) the date and time the website was accessed, (6) an Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our IT systems. For security reasons, log file information is stored for a maximum of 7 days and then deleted. Data which must be further retained for evidence purposes is excluded from deletion until the relevant incidents are clarified.

When using this general data and information, no conclusions can be drawn about data subjects. This information is required for (1) the proper delivery of our website content, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functionality of our IT systems and the technology of our website, ( 4) to make it possible to answer contact requests and communication with users; and (5) to provide law enforcement authorities with the information necessary for law enforcement in the event of an attack. We therefore evaluate this anonymously collected data and information statistically with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

As data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, internet-based data transmission can have security gaps and absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Data processing within the framework of the company organization
We generally process within the scope of internal administrative tasks and the organization of our company, financial accounting and the fulfillment of legal obligations. The same data that we also process as part of the provision of our contractual services in accordance with Art. 6 para. 1 lit. c and f of the GDPR. Customers, interested parties, business partners and website visitors are affected. The purpose of processing is administration, financial accounting, organization, archiving, maintaining business activity, performing our tasks and providing the contractually owed services. In doing so, we disclose data to the financial administration, tax consultants, auditors, fee offices and payment service providers.

We also store information about suppliers, organizers and other business partners based on our business interests. This company-related data is usually saved permanently.

We analyze the data available to us on business transactions, contracts, inquiries, etc. in order to operate our company economically and recognize market trends and customer requests. On the basis of Art. 6 Art. 1 lit. f GDPR, we process inventory data, communication data, contract data, payment data, usage data, metadata. Data subjects include customers, interested parties, business partners, visitors and users of the online presence. The analyses are not disclosed externally, unless they are anonymous analyses with summarized values.

Contact and contact form
When contacting us, the user’s details are processed for the purpose of processing and handling the contact inquiry in accordance with Art. 6 para.1 lit. b GDPR. We delete the requests if they are no longer required and check the necessity of storage every 2 years. Otherwise, the general statutory retention requirements apply.

The processing of the data provided when contacting us is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR and to carry out pre-contractual measures or to fulfill a contract in accordance with Art. 6 para. 1 lit. b GDPR. The information you give us will be stored for the purposes of processing the request, as well as for any follow-up questions.

If you contact us to request an offer, the data entered in the contact form will be processed to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR. The recipient of the data may be a processor.

(7) Cooperation with contract processors and third parties

If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transmit the data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR is required for contract fulfillment), you have given your consent, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on our behalf, this is done on the basis of Art. 28 GDPR.

(8) Transfer of data to third countries

As a rule, we do not transfer data to third countries. If, as an exception, we do process data in a third-party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if needed to fulfill our contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process the data in a third country or have the data processed in a third country if the particular requirements of Art. 44 ff. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU, or in compliance with or after the conclusion of officially recognized special contractual obligations (the so-called “EU standard contractual clauses”).

(9) Cookies

Our website uses cookies. Cookies are text files that are stored and stored on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows websites and servers that have been visited to distinguish the individual’s browser from other Internet browsers that contain other cookies. A particular web browser can be recognized and identified by the unique cookie ID. The use of cookies enables it to provide users of this website with more user-friendly services that would not be possible without cookies. The data processed includes usage data (visited websites, interest in content, access times) and meta / communication data (device information, IP addresses).

There are different types of cookies: temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after the user leaves the online offer and closes the browser. For example, the content of a shopping basket in an online shop or a backup in logging in can be stored in a cookie of this nature. Cookies are referred to as “permanent” or “persistent” if they remain saved even after the browser is closed. For example, the login status can be saved if users visit it after several days have passed. Likewise, the interests of users may be stored in a cookie of this nature and used for range measurements or marketing purposes.

The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in a business operation of our online offer and its improvement) or if the use of cookies is necessary to fulfill our contractual obligations.

You can prevent the setting of cookies by our website at any time by making the appropriate setting in the internet browser you are using and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an internet browser or other software programs. If you deactivate the setting of cookies in the internet browser you are using, it may not be possible to use all functions of our website to their full extent.

(10) Use of web analytics services

We do not use web analytics services on our website.

(11) Integration of content and third party services

Within our online presence, based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR such as the interest in the analysis, optimization, and economic operation of our online offer, content, and service offers, we integrate third-party content and services.

However, it is always a prerequisite that these third-party providers perceive the IP address of the respective user, since they cannot send the content to the respective browser without the respective IP address. At a minimum, the IP address is therefore necessary in order to display this content. We strive to only use content whose respective provider uses the IP address solely for the delivery of content. Third-party providers can also use so-called pixel tags for statistical or marketing purposes. The “pixel tags” enable the analysis of information such as the traffic of visitors on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offering. It may also be linked to such information from other sources.

Script libraries and Google Webfonts
In order to present our content correctly and graphically appealing across browsers, this website uses Google Webfonts from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter Google), whose parent company Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
The processed data can include, in particular, IP addresses and location data of the users, but these are not collected without their consent. The integration takes place on the basis of our legitimate interests in a technically safe, maintenance-free and efficient use of fonts and their uniform representation as well as consideration of possible licensing restrictions for their integration. Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=en.

Monotype (Fonts.com)
This site uses web fonts licensed from: Monotype, 600 Unicorn Park Drive, Woburn, MA 01801
The fonts are loaded via an external CSS file. To check the licensing of the font(s), transactions to our website can be transferred to Monotype’s web server (Fonts.com). The font usage is in our interest of a uniform and appealing presentation of our site. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information, visit the FAQ page at: https://www.fonts.com/support/faq.

(12) Cloud services

We use the cloud offered by Microsoft and the cloud software services (Software as a Service) for the following purposes: document storage and management, calendar management, emailing. Spreadsheets and presentations, exchange of documents, content and information with certain recipients or publications of websites, forms, or other content and information as well as chats and participation in audio and video conferences.

Here, the personal data of the users are processed insofar as these become components of the documents and content processed within the services described or are part of communication processes. This can include, for example, master data and contact data for users, data on processes, contracts, other processes and their content. Microsoft also processes usage data and metadata provided by Microsoft for security purposes and service optimization.

As part of the use of publicly accessible documents, websites or other content, Microsoft can save cookies on the user’s computer for the purposes of web analysis or to remember user settings.

We use the Microsoft cloud services based on our legitimate interests in efficient and secure administrative and cooperation processes in accordance with Art. 6 para. 1 lit. f GDPR. If we ask for your consent to the use of cloud services, the legal basis for processing data for online marketing purposes is your consent. Furthermore, the processing is based on an order processing contract with Microsoft. In addition, the use can be part of our (pre) contractual services, provided the use of the cloud services has been agreed in this context.

Further information can be found in Microsoft’s privacy policy at https://privacy.microsoft.com/de-de/privacystatement and in the security information for Microsoft cloud services at https://www.microsoft.com/de-de/trust-center. You can object to the processing of your data in the Microsoft cloud according to the legal requirements. Incidentally, the deletion of the data within Microsoft’s cloud services is determined by the other processing processes in which the data are processed (e.g. deletion of data no longer required for contractual purposes or storage of the data required for taxation purposes).

Microsoft cloud services are provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. Insofar as data is processed in the USA, we refer to Microsoft’s certification under the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active

If necessary, use like other cloud services accessible via the Internet for the purposes already mentioned. In this context, personal data can also be processed and stored on the servers of the providers, insofar as they are part of communication processes with us or otherwise processed by us, as set out in this privacy policy. This data can include, in particular, master data and contact data for user data on processes, contracts, other processes and their content. The providers of the cloud services also process usage data and metadata that they use for security purposes and for service optimization.

If we provide forms or documents and content for other users or publicly accessible websites with the help of the cloud services, the providers can set cookies on the users’ devices for the purposes of web analysis or to adjust user settings (e.g. in the case of media control) remember, save.

If we ask for your consent to the use of the cloud services, the legal basis for the processing is also your consent. Furthermore, use of the cloud services can be part of our (pre) contractual services, provided that the use of the cloud services has been agreed in this context. Otherwise, the data of the users are processed on the basis of our legitimate interests (i.e., interest in efficient and secure administration and collaboration processes).

Your consent
By using our website, you consent to our collecting and using this information.

If we decide to change our privacy policy, we will post those changes on this page. You will always find information here about the data we collect, the way in which we use this data and the circumstances in which we can collect it. Read this page from time to time to learn about any changes and our current privacy policy.

Please let us know what you think!
Our goal is to respect your privacy. You can help us improve our privacy policy by giving us your opinion. We’re open-minded about suggestions on your part.