- What personal information do we collect?
We only collect personal information if and insofar as this is legally permissible or if you have given your consent.
In general, we only collect personally identifiable information from users of our website in connection with requests for our services, eg via the "Contact" page or the "Online Check".
As a "directory management" customer, you will also receive access to your personal everywhere dashboard and user account by logging into our website. Your personal information is stored in the user account and used by us only insofar as to provide you with the contractually agreed services and to organize and manage our contractual relationship. In addition to the above data, this information may include:
Your private / business address;
Your private / business landline or mobile phone number; Your password and the username you choose; Your payment information;
Your date of birth;
Any other information that you provide to us, for example, for publication in search engines, online directory media and social networks; Information about the services you have purchased.
If you send us an e-mail in connection with a job posting request on our Careers page, we may store your Personal Information related to such request, including, but not limited to,
your education information ; Your work experience;
Her professional career;
Your job-related preferences.
- Why do we collect your information and how do we use it?
If you provide us with your personal information, we may store that information and use it for various purposes. We use your information primarily to provide the services you have registered for and to handle all your requests or requests. For example, we may use your Personal Information to answer a question you have asked or to process a request for information about you. We may also use Personal Information to ensure compliance with our policies and applicable laws.
We also use your Personal Information to contact you if you have consented to receive such messages, or if permitted by law. We may also send you specific messages relating to our website or the services we provide to you, including, but not limited to, announcements of services, account-related emails, or similar administrative or transactional messages.
- With whom do we share your information?
We will not transfer your Personal Information to any third party without your consent if and to the extent necessary to fulfill our contractual obligation to you or to enforce our rights and claims. In addition, we may from time to time hire other companies to perform certain services for us, such as maintaining our website and e-mail services, and processing inquiries. We can be personal
Forward information to these companies if that information is necessary for the Company to complete a requested transaction or otherwise to perform its duties. Directory management, reasonable precautions are taken to ensure that these third party service providers ensure the protection of your personal information on behalf of the directory management module. In certain circumstances, these service providers outside the European Economic Area may be in a jurisdiction that does not provide the same level of data protection as the European Economic Area. We use the standard contractual clauses of the European Commission to ensure the necessary level of data protection.
Everywhere, your personal information is sold or left to uninvolved third parties for marketing purposes.
We also reserve the right to disclose visitor information whenever required by law to disclose personally identifiable information to investigative, law enforcement, and regulatory authorities, if and to the extent necessary to prevent threats to public and private security and prosecute crimes.
- User data, cookies and other tracking technologies
Use information to evaluate your use of the website, compile reports on website activity for website operators, and provide other services related to website activity and internet usage. Google will also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will never associate your IP address with other Google data. As already explained, you can prevent the installation of cookies by setting your browser software accordingly. However, please be aware that if you do this you may not be able to use the full functionality of this website.
We collect this information to conduct research and market analysis to improve our products, services and technology, such as identifying which areas of the site are most popular and improving the site for visitors. In addition, we link all information collected to describe the use of the Site for our existing or potential business partners, sponsors, advertisers, or other third parties, or at the request of a government agency.
You may object to the use of your data for the aforementioned purposes at any time at firstname.lastname@example.org.
- Links to other websites; public websites
- Right to information, rectification, cancellation and blocking
You have a right to delete information on the data stored by the directory management module and, if necessary, a right to correct, block or delete this data, which you can exercise at any time and free of charge.
For questions regarding the collection, processing or use of your personal information, as well as for information, rectification, blocking or deletion requests, please contact: email@example.com
The security of your personal information is important to us. We take reasonable technical and organizational security measures to protect your Personal Information from loss, tampering and unauthorized access by third parties. These actions are internal reviews of our data collection, storage and processing practices and our security measures, as well as physical security measures to protect against unauthorized access to systems that we use to store personal information. We limit access to Personal Information to All-Employees, Part-Time Contracted Employees and Representatives who need to know this information in order to perform, develop and improve our services, and grant this access only to the extent necessary. These individuals are bound by confidentiality obligations and may be subject to disciplinary action (including termination and prosecution) if they fail to meet these obligations.
Everywhere you hereby expressly point out that a secure data transmission to third parties over open networks, such as the Internet, unfortunately, cannot be guaranteed because the transmission of information over the Internet is not completely secure on the current state of the art.
When accessing anywhere, you'll be asked to choose a password for your account to help protect your online account information. We recommend that you do not share your password with another person. Once you have registered an account, you can view and change your account information at any time after logging into your account.
- Privacy with children
This website is not designed for use by children under 14 years of age. We do not knowingly obtain any Personal Information from children under the age of 14. If we become aware that we have unknowingly obtained Personal Information from a child under the age of 14, we will use commercially reasonable efforts to remove such information from our database.
- Applicable law
- Confidentiality (Art. 32 para. 1 (b) of the GDPR)
- Access control
- Regulatory content: Unauthorized persons should be prevented from accessing the data processing, data storage, network and telecommunications equipment used to process data in the order.
- Technical and organizational measures All data processed in the order are always stored in secure areas. Access is only possible for authorized personnel. Visitors have to register at the reception and are always accompanied by an employee. Entry into the work areas is only possible with a security key. The offices are also monitored by security personnel at night, weekends and on public holidays.
- Access control
- Regulatory content: The risk of physical, material or immaterial damage or the risk of impaired rights and freedoms for affected persons due to unauthorized disclosure or unauthorized access to the data processed in the order must be reduced. Usage of data processing, data storage, network and telecommunications equipment by unauthorized third parties must be prevented.
- Technical and organizational measures: All computers must have an access control system. There must be mandatory rules for password assignment. This concerns the necessary complexity, the lifetime of the password as well as the reuse of old passwords. Media carriers must be encrypted, and the keys must be stored within the server host Amazon Web Services and can only be viewed by authorized staff. Mobile devices of employees must be encrypted. Employees must be regularly briefed and informed in this connection by providing information. Regarding remote access to the infrastructure there must be no direct connection to servers, and access must run via a central server. Access via password is not possible; access is only via an individual private-key authentication. To ensure higher protection standards, using of the application requires for the customer to enter a password with minimum length. In addition, the user session is secured by a secure cookie.
- Access control
- Regulatory content: The persons entitled to use IT systems may only access data that is subject to their access authorization. Data processed in the order must not be read, copied, altered or removed without authorization during processing.
- Technical and organizational measures: The deployed IT systems have a dedicated user rights system, which makes it possible to assign data access and changes based on roles and individual authorizations. There must be mandatory rules for password assignment. This concerns the necessary complexity, the lifetime of the password as well as the reuse of old passwords. Each employee can only access the necessary data for his activity and the authorization assigned to him within the scope of his duties. Anonymous access to internal data is not possible due to the ‘Principle of least privilege’. Accesses are always logged centrally and locally. Each employee's personal responsibility for the security, confidentiality, integrity and availability of data and information is enhanced by centrally-provided information.
- Separation control
- Regulatory content must be possible for data collected for different purposes to be processed separately.
- Technical and organizational measures The principle of functional separation between service and development exists, the integrated departments are functionally and organizationally separated. Data that is worthy of protection is provided to employees only to the extent necessary for the assigned task. The transition from the development system to the production system is secured by appropriate tools and comprehensibly documented. Data used for development purposes will be anonymized.
- Pseudonymization as a processor, the directory management tool does not take any additional measures for pseudonymization other than the measures resulting from the respective service descriptions of the services or carried out by the person responsible in the context of the commissioning.
- Integrity (Art. 32 para. 1 (b) of the GDPR)
- Distribution control
- Regulatory content 3 Data processed in the order may not be read, copied, altered or removed without authorization during electronic transmission or during transport or storage on data carriers.
- Technical and organizational measures For this purpose, state-of-the-art and highly secure encryption methods are used by staff for electronic transmission to meet the standards of the requirements. The electronic transmission of data is encrypted via https and ssl and secured via a VPN connection. Explanations by email are always made with an electronic signature.
- Data entry control
- Regulatory content Changes, entries and removal of personal data must be monitored and logged in order to detect any unauthorized access and to react to it as quickly as possible.
- Technical and organizational measures All data input (entry, update and deletion) is saved by the directory management module team
4 § Fire sections with fire-retardant walls § Oxygen-reducing fire extinguishing system § Sprinkler system § Air-conditioning:
- The data center is air-conditioned via redundant air conditioning systems and spatially separated, redundant refrigeration units, which work in conjunction with each other. The directory management module also ensures optimal availability by making backups several times a day and storing them in different locations (SQL or direct snapshot). In addition, each component is redundant and secured by a firewall.
- Regulatory content - the risk of physical, material or immaterial damage or the risk of infringement of rights and freedoms, including unlawful or negligent acts for affected persons through destruction, loss, modification or unauthorized disclosure of data processed in the order or the unauthorized access to it by a physical or technical incident must be reduced.
- Technical and organizational measures Database snapshots can be restored at any time. The infrastructure can be restored within a few hours through highly automated procedures.
- Procedures for periodic review, assessment and evaluation (Article 32 para. 1 (d) of the GDPR; Article 25 para. 1 of the GDPR)
- Data protection management
- Regulatory content Procedures must be followed for the periodic review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the safety of the processing.
- Technical and organizational measures The effectiveness of the measures is constantly checked by the data protection officer.
The data protection officer’s information is below: Matthew White, 2574 15th Avenue, San Francisco, CA 94127, USA email: firstname.lastname@example.org
- Incident Response Management
- Regulatory content 5 If unauthorized access to data is detected, functional management and associated error analysis or correction must be ensured.
- Technical and organizational measures Individual measures are defined via SLA with the respective customer and combined with response times for different scenarios. In addition, an internal emergency service is implemented, which is responsible for both the infrastructure and the application.