Gallo Com­mu­nic­a­tion GmbH

Impres­sum

Gallo Com­mu­nic­a­tion GmbH
Her­rn­straße 6
85445 Oberd­ing
Ger­many

Phone: 08122 – 1808 604

Mail: info(Replace this par­en­thes­is with the @ sign)gallo-com.de

Exec­ut­ive Dir­ect­or: Joachim Balon

Register­gericht München HRB 86960
Ust-Id-Nr.: DE129328614

Pri­vacy

This data pro­tec­tion declar­a­tion informs you about the type, scope and pur­pose of the pro­cessing of per­son­al data (here­in­after referred to as “data”) with­in our online offer and the web­sites, func­tions and con­tent asso­ci­ated with it, as well as extern­al online pres­ences, such as our social media pro­files. (here­in­after col­lect­ively referred to as “online offer”). With regard to the terms used, such as “pro­cessing” or “con­trol­ler”, we refer to the defin­i­tions in Art­icle 4 of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR).

Per­son respons­ible

Gallo Com­mu­nic­a­tion GmbH
Herrstrasse 6
85445 Oberd­ing
Man­aging Dir­ect­or: Joachim Balon
balon(Replace this par­en­thes­is with the @ sign)gallo-com.de
Imprint: http://​www​.gallo​-com​.de/​d​e​/​i​m​p​r​e​s​s​u​m​.​htm

Types of data pro­cessed:

- Invent­ory data (e.g., names, addresses).
– Con­tact data (e.g., e‑mail, tele­phone num­bers).
– Con­tent data (e.g., text entries, pho­to­graphs, videos).
– Usage data (e.g., web pages vis­ited, interest in con­tent, access times).
– Meta/​communication data (e.g., device inform­a­tion, IP addresses).

Pur­pose of pro­cessing

- Pro­vi­sion of the online offer, its func­tions and con­tents.
– Respond­ing to con­tact requests and com­mu­nic­at­ing with users.
– Secur­ity meas­ures.
– Reach measurement/​marketing

Ter­min­o­logy used

Per­son­al data” means any inform­a­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (here­in­after “data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, dir­ectly or indir­ectly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fic­a­tion num­ber, loc­a­tion data, an online iden­ti­fi­er (e.g. cook­ie) or to one or more factors spe­cif­ic to the phys­ic­al, physiolo­gic­al, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­tity of that nat­ur­al per­son.

Pro­cessing” means any oper­a­tion or set of oper­a­tions which is per­formed upon per­son­al data, wheth­er or not by auto­mat­ic means. The term is broad and cov­ers vir­tu­ally any hand­ling of data.

Con­trol­ler” means the nat­ur­al or leg­al per­son, pub­lic author­ity, agency or oth­er body which alone or jointly with oth­ers determ­ines the pur­poses and means of the pro­cessing of per­son­al data.

Rel­ev­ant leg­al basis

In accord­ance with Art. 13 DSGVO, we inform you of the leg­al basis for our data pro­cessing. If the leg­al basis is not men­tioned in the pri­vacy policy, the fol­low­ing applies: The leg­al basis for obtain­ing con­sent is Art. 6(1)(a) and Art. 7 DSGVO, the leg­al basis for pro­cessing in order to ful­fil our ser­vices and carry out con­trac­tu­al meas­ures and respond to enquir­ies is Art. 6(1)(b) DSGVO, the leg­al basis for pro­cessing in order to ful­fil our leg­al oblig­a­tions is Art. 6(1)© DSGVO, and the leg­al basis for pro­cessing in order to pro­tect our legit­im­ate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data sub­ject or anoth­er nat­ur­al per­son make pro­cessing of per­son­al data neces­sary, Art. 6 (1) lit. d DSGVO serves as the leg­al basis.

Secur­ity meas­ures

We take appro­pri­ate tech­nic­al and organ­isa­tion­al meas­ures to ensure a level of pro­tec­tion appro­pri­ate to the risk in accord­ance with Art­icle 32 of the GDPR, tak­ing into account the state of the art, the costs of imple­ment­a­tion and the nature, scope, cir­cum­stances and pur­poses of the pro­cessing, as well as the vary­ing like­li­hood and sever­ity of the risk to the rights and freedoms of nat­ur­al per­sons; the meas­ures include, in par­tic­u­lar, safe­guard­ing the con­fid­en­ti­al­ity, integ­rity and avail­ab­il­ity of data by con­trolling phys­ic­al access to the data, as well as access to, input of, dis­clos­ure of, assur­ance of avail­ab­il­ity of and sep­ar­a­tion of the data. We also have pro­ced­ures in place to ensure the exer­cise of data sub­ject rights, dele­tion of data and response to data com­prom­ise. Fur­ther­more, we already take into account the pro­tec­tion of per­son­al data dur­ing the devel­op­ment or selec­tion of hard­ware, soft­ware and pro­ced­ures, in accord­ance with the prin­ciple of data pro­tec­tion through tech­no­logy design and through data pro­tec­tion-friendly default set­tings (Art­icle 25 of the GDPR).

Coöper­a­tion with pro­cessors and third parties

Inso­far as we dis­close data to oth­er per­sons and com­pan­ies (order pro­cessors or third parties) in the course of our pro­cessing, trans­mit it to them or oth­er­wise grant them access to the data, this is only done on the basis of a leg­al per­mis­sion (e.g. if a trans­mis­sion of the data to third parties, such as to pay­ment ser­vice pro­viders, is neces­sary for the per­form­ance of the con­tract pur­su­ant to Art. 6 (1) lit. b DSGVO), you have con­sen­ted, a leg­al oblig­a­tion provides for this or on the basis of our legit­im­ate interests (e.g. when using agents, web hosts, etc.).

If we com­mis­sion third parties to pro­cess data on the basis of a so-called “order pro­cessing agree­ment”, this is done on the basis of Art. 28 DSGVO.

Trans­fers to third coun­tries

If we pro­cess data in a third coun­try (i.e. out­side the European Uni­on (EU) or the European Eco­nom­ic Area (EEA)) or if this is done in the con­text of using third-party ser­vices or dis­clos­ing or trans­fer­ring data to third parties, this is only done if it is done in order to ful­fil our (pre-)contractual oblig­a­tions, on the basis of your con­sent, due to a leg­al oblig­a­tion or on the basis of our legit­im­ate interests. Sub­ject to leg­al or con­trac­tu­al per­mis­sions, we only pro­cess or allow the pro­cessing of data in a third coun­try if the spe­cial require­ments of Art. 44 ff. DSGVO are met. This means, for example, that the pro­cessing is car­ried out on the basis of spe­cial guar­an­tees, such as the offi­cially recog­nised determ­in­a­tion of a level of data pro­tec­tion cor­res­pond­ing to that of the EU (e.g. for the USA through the “Pri­vacy Shield”) or com­pli­ance with offi­cially recog­nised spe­cial con­trac­tu­al oblig­a­tions (so-called “stand­ard con­trac­tu­al clauses”).

Rights of data sub­jects

You have the right to request con­firm­a­tion as to wheth­er data in ques­tion is being pro­cessed and to inform­a­tion about this data as well as fur­ther inform­a­tion and a copy of the data in accord­ance with Art. 15 DSGVO.

You have accord­ing to. Art­icle 16 of the GDPR, you have the right to request that the data con­cern­ing you be com­pleted or that the inac­cur­ate data con­cern­ing you be cor­rec­ted.

In accord­ance with Art. 17 of the GDPR, you have the right to demand that the data in ques­tion be deleted without delay, or altern­at­ively, in accord­ance with Art. 18 of the GDPR, to demand that the pro­cessing of the data be restric­ted.

You have the right to request that the data con­cern­ing you that you have provided to us be received in accord­ance with Art. 20 of the GDPR and to request that it be trans­ferred to oth­er data con­trol­lers.

You also have the right to lodge a com­plaint with the com­pet­ent super­vis­ory author­ity in accord­ance with Art. 77 DSGVO.

Right of with­draw­al

You have the right to revoke your con­sent in accord­ance with Art. 7 (3) DSGVO with effect for the future.

Right of objec­tion

You may object to the future pro­cessing of data relat­ing to you in accord­ance with Art. 21 DSGVO at any time. The objec­tion can be made in par­tic­u­lar against pro­cessing for dir­ect mar­ket­ing pur­poses.

Cook­ies and the right to object to dir­ect advert­ising

Cook­ies” are small files that are stored on users’ com­puters. Dif­fer­ent inform­a­tion can be stored with­in the cook­ies. A cook­ie is primar­ily used to store inform­a­tion about a user (or the device on which the cook­ie is stored) dur­ing or after his or her vis­it to an online offer. Tem­por­ary cook­ies, or “ses­sion cook­ies” or “tran­si­ent cook­ies”, are cook­ies that are deleted after a user leaves an online offer and closes his or her browser. The con­tent of a shop­ping bas­ket in an online shop or a login jam, for example, can be stored in such a cook­ie. Cook­ies that remain stored even after the browser is closed are referred to as “per­man­ent” or “per­sist­ent”. For example, the login status can be stored if users vis­it them after sev­er­al days. Like­wise, the interests of users can be stored in such a cook­ie, which is used for range meas­ure­ment or mar­ket­ing pur­poses. Third-party cook­ies” are cook­ies that are offered by pro­viders oth­er than the respons­ible party that oper­ates the online offer (oth­er­wise, if they are only its cook­ies, they are referred to as “first-party cook­ies”).

We may use tem­por­ary and per­man­ent cook­ies and will explain this in our pri­vacy policy.

If users do not want cook­ies to be stored on their com­puter, they are asked to deac­tiv­ate the cor­res­pond­ing option in the sys­tem set­tings of their browser. Stored cook­ies can be deleted in the sys­tem set­tings of the browser. The exclu­sion of cook­ies can lead to func­tion­al restric­tions of this online offer.

A gen­er­al objec­tion to the use of cook­ies used for online mar­ket­ing pur­poses can be declared for a large num­ber of ser­vices, espe­cially in the case of track­ing, via the US Amer­ic­an site http://​www​.aboutads​.info/​c​h​o​i​c​es/ or the EU site http://​www​.your​on​linechoices​.com/. Fur­ther­more, the stor­age of cook­ies can be achieved by deac­tiv­at­ing them in the browser set­tings. Please note that in this case not all func­tions of this online offer can be used.

Dele­tion of data

The data pro­cessed by us will be deleted or its pro­cessing restric­ted in accord­ance with Art­icles 17 and 18 DSGVO. Unless expressly stated in this data pro­tec­tion declar­a­tion, the data stored by us will be deleted as soon as it is no longer required for its inten­ded pur­pose and the dele­tion does not con­flict with any stat­utory reten­tion oblig­a­tions. If the data is not deleted because it is required for oth­er and leg­ally per­miss­ible pur­poses, its pro­cessing will be restric­ted. I.e. the data is blocked and not pro­cessed for oth­er pur­poses. This applies, for example, to data that must be retained for reas­ons of com­mer­cial or tax law.

Accord­ing to leg­al require­ments in Ger­many, data is stored for 10 years in accord­ance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, man­age­ment reports, account­ing vouch­ers, com­mer­cial books, doc­u­ments rel­ev­ant for tax­a­tion, etc.) and 6 years in accord­ance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (com­mer­cial let­ters).

Accord­ing to leg­al require­ments in Aus­tria, stor­age is in par­tic­u­lar for 7 years pur­su­ant to § 132 para. 1 BAO (account­ing records, vouchers/​invoices, accounts, receipts, busi­ness papers, state­ment of income and expendit­ure, etc.), for 22 years in con­nec­tion with real prop­erty and for 10 years for doc­u­ments in con­nec­tion with elec­tron­ic­ally provided ser­vices, tele­com­mu­nic­a­tions, radio and tele­vi­sion ser­vices provided to non-entre­pren­eurs in EU mem­ber states and for which the Mini-One-Stop-Shop (MOSS) is used.

Host­ing

The host­ing ser­vices we use are for the pro­vi­sion of the fol­low­ing ser­vices: Infra­struc­ture and plat­form ser­vices, com­put­ing capa­city, stor­age space and data­base ser­vices, secur­ity ser­vices and tech­nic­al main­ten­ance ser­vices, which we use for the pur­pose of oper­at­ing this online offer.

In doing so, we, or our host­ing pro­vider, pro­cess invent­ory data, con­tact data, con­tent data, con­tract data, usage data, meta data and com­mu­nic­a­tion data of cus­tom­ers, inter­ested parties and vis­it­ors of this online offer on the basis of our legit­im­ate interests in an effi­cient and secure pro­vi­sion of this online offer pur­su­ant to Art. 6 para. 1 lit. f DSGVO in con­junc­tion with Art. 28 DSGVO (con­clu­sion of a con­tract). Art. 28 DSGVO (con­clu­sion of order pro­cessing con­tract).

Col­lec­tion of access data and log files

We, or rather our host­ing pro­vider, col­lect on the basis of our legit­im­ate interests with­in the mean­ing of Art. 6 para. 1 lit. f. DSGVO, we col­lect data about every access to the serv­er on which this ser­vice is loc­ated (so-called serv­er log files). The access data includes the name of the web­site accessed, file, date and time of access, amount of data trans­ferred, noti­fic­a­tion of suc­cess­ful access, browser type and ver­sion, the user­’s oper­at­ing sys­tem, refer­rer URL (the pre­vi­ously vis­ited page), IP address and the request­ing pro­vider.

Log file inform­a­tion is stored for secur­ity reas­ons (e.g. for the cla­ri­fic­a­tion of abuse or fraud) for a max­im­um of 7 days and then deleted. Data whose fur­ther stor­age is required for evid­en­tiary pur­poses is exempt from dele­tion until the respect­ive incid­ent has been finally cla­ri­fied.

Agency ser­vices

We pro­cess the data of our cus­tom­ers with­in the scope of our con­trac­tu­al ser­vices, which include con­cep­tu­al and stra­tegic con­sult­ing, cam­paign plan­ning, soft­ware and design development/​consulting or main­ten­ance, imple­ment­a­tion of cam­paigns and processes/​handling, serv­er admin­is­tra­tion, data analysis/​consulting ser­vices and train­ing ser­vices.

In doing so, we pro­cess invent­ory data (e.g., cus­tom­er mas­ter data, such as names or addresses), con­tact data (e.g., e‑mail, tele­phone num­bers), con­tent data (e.g., text entries, pho­to­graphs, videos), con­tract data (e.g., sub­ject mat­ter of con­tract, term), pay­ment data (e.g., bank details, pay­ment his­tory), usage data and metadata (e.g., in the con­text of eval­u­at­ing and meas­ur­ing the suc­cess of mar­ket­ing meas­ures). As a mat­ter of prin­ciple, we do not pro­cess spe­cial cat­egor­ies of per­son­al data, unless these are com­pon­ents of com­mis­sioned pro­cessing. Data sub­jects include our cus­tom­ers, pro­spect­ive cus­tom­ers as well as their cus­tom­ers, users, web­site vis­it­ors or employ­ees as well as third parties. The pur­pose of the pro­cessing is the pro­vi­sion of con­trac­tu­al ser­vices, billing and our cus­tom­er ser­vice. The leg­al basis for the pro­cessing res­ults from Art. 6 para. 1 lit. b DSGVO (con­trac­tu­al ser­vices), Art. 6 para. 1 lit. f DSGVO (ana­lys­is, stat­ist­ics, optim­isa­tion, secur­ity meas­ures). We pro­cess data that is neces­sary for the jus­ti­fic­a­tion and ful­fil­ment of con­trac­tu­al ser­vices and point out the neces­sity of their dis­clos­ure. Dis­clos­ure to extern­al parties only takes place if it is neces­sary in the con­text of an order. When pro­cessing the data provided to us with­in the scope of an order, we act in accord­ance with the instruc­tions of the cli­ent as well as the leg­al require­ments of order pro­cessing pur­su­ant to Art. 28 DSGVO and do not pro­cess the data for any oth­er pur­poses than those spe­cified in the order.

We delete the data after the expiry of stat­utory war­ranty and com­par­able oblig­a­tions. The neces­sity of stor­ing the data is reviewed every three years; in the case of stat­utory archiv­ing oblig­a­tions, the dele­tion takes place after their expiry (6 years, in accord­ance with § 257 para. 1 HGB, 10 years, in accord­ance with § 147 para. 1 AO). In the case of data dis­closed to us by the cli­ent with­in the scope of an order, we delete the data in accord­ance with the spe­cific­a­tions of the order, in prin­ciple after the end of the order.

Cre­ated with Datens​chutz​-Gen​er​at​or​.de by RA Dr. Thomas Schwen­ke

Con­tact

Gallo Comu­nic­a­tion GmbH
Her­rn­strasse 6
85445 Oberd­ing

E‑Mail: info@​gallo-​com.​de 
Tele­fon: +49 (0) 8122 1808 604

WordPress Cookie Notice by Real Cookie Banner