Date: January 2023
Within the use of the storage portal, your personal data will be processed, collected and stored by us, as the data controller for the time necessary to fulfil the specified purposes and legal obligations. In the following we will inform you about what data is involved, how it is processed and what rights you have in this respect.
According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
1. Responsibility for data processing and contact details
phone +49 561 99858 3333
(hereinafter “astora“or “we“)
You can contact our data protection officer at any time if you have any questions regarding data protection law or your rights as a data subject at the above address, for the attention of the data protection officer, or at email@example.com.
2. Processing of personal data and purposes of processing
For the hosting of this website we use the web hosting service of VisionConnect GmbH, Hohenzollernstrasse 26, 30161 Hannover, Germany, www.visionconnect.de (hereinafter “VisionConnect”).
In order to offer a website, it is necessary to commission a web hosting service. In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR the web hosting service is used because of our legitimate economic interest in making our services available on this website. In connection with the hosting service, VisionConnect processes personal data on our behalf, which are generated while using the website.
We have concluded a data processing agreements with VisionConnect. Through this agreement, the service provider assures that they process the data in accordance with GDPR and guarantee the protection of the rights of the data subject.
VisionConnect uses the public cloud platform service of Hostway Deutschland GmbH, Am Mittelfelde 29, 30519 Hannover, Germany (hereinafter: "Hostway") to host our website. The information about the use of our website is transmitted to the servers of Hostway in Germany and processed there. The data transferred are merely pseudonyms; it is not possible to infer your name. The transfer between VisionConnect and Hostway takes place on the basis of an order processing contract in accordance with Art. 4 No. 8 and Art. 28 DSGVO.
2.2 When visiting the storage portal website
You can access our website without revealing your identity. The browser used on your end device will automatically send information to our web server (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting end device. This data is temporarily stored in a so-called log file, anonymised after 8 days (IPv4: anonymising of the last octet (the last 8 bits of the address), IPv6: anonymising of the host part (the last 64 bits of the address)) and automatically deleted after 31 days at the latest.
The IP address is processed for technical and administrative purposes of establishing and maintaining the connection, in order to ensure the security and functionality of our website and to be able to trace any illegal attacks on it if necessary. Only authorised personnel of our service providers involved in webhosting and application management are authorised to access the data. The tool "AwStats" provides an overview of website accesses. However, a statistical evaluation does not take place here. Only the anonymised log files are used for AwStats. We cannot draw any direct conclusions about your identity from the processing of the log files.
The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the aforementioned security interest and the need to ensure that our storage portal website is available without disruption.
2.3 When contacting us
If you contact us directly via email, we will collect your email address as well as any personal data resulting from the text of the email.
The processing is based on Article 6 Paragraph 1 lit. f DSGVO. The purpose of the data processing and our legitimate interest lie in customer care and in being able to answer the messages sent to us.
3. Recipients and categories of recipients
Your personal data may be disclosed to the following recipients or categories of recipients:
3.1 Data processors
We use service providers who process personal data on our behalf (so-called data processors, cf. Art. 4 (8) and 28 GDPR). These include service providers in the areas of IT, telecommunications and business services.
The web host of this website is VisionConnect. The use of the service by VisionConnect as data processor is carried out in accordance with Art. 6 (1) (f) GDPR due to our legitimate economic interest in providing our offer on this website.
3.2 Disclosure to third parties
Except in the aforementioned cases of processing on our behalf, we disclose your personal data to third parties if:
- you have given your express consent to this pursuant to Art. 6 (1) (a) GDPR;
- this is necessary for the fulfilment of a contract with you pursuant to Art. 6 (1) (b) GDPR,
- there is a legal obligation for the disclosure pursuant to Art. 6 (1) (c) GDPR.
The data disclosed may be used by the third party exclusively for the purposes stated.
4. Transfer of data to a third country or to an international organisation
A transfer of your personal data to a third country or an international organisation will only take place if this is necessary within the framework of commissioned processing and the conditions according to Art. 44 et seq. GDPR are given.
We only transmit your personal data when
- sufficient guarantees are provided by the recipient in accordance with Article 46(1) of the GDPR for the protection of the personal data,
- you have expressly consented to the transfer in accordance with Art. 49 (1) (a) GDPR, after we have informed you of the respective risks,
- the transfer is necessary for the performance of contractual obligations between you and us (Art. 49 (1) (b) GDPR) or
- another exception from Art. 49 GDPR applies.
Guarantees according to Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to guarantee a level of protection comparable to the GDPR.
A "third country" is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered "insecure" if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 (1) GDPR confirming that adequate protection for personal data exists in the country.
5. Cookies, tracking pixels, web analysis
6. Data security
We use technical and organisational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.
All data transmitted by you is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a tried and tested standard that is also used, for example, for online banking. You can recognise a secure TLS connection, among other things, by the appended s at the http (i.e. ...) in the address bar of your browser or by the lock symbol in the lower area of your browser.
7. Data subject rights
You have the right:
- to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future;
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR;
- to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; and
- to complain to a supervisory authority in accordance with Art. 77 GDPR, as a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
In addition, pursuant to Art. 21 GDPR you have a right to object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to any profiling based on this provision within the meaning of Article 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
To exercise your data subject rights or to object to data processing by us please contact us at firstname.lastname@example.org.