DATA PROTECTION

We are delighted that you have taken an interest in our company. Data protection is especially important to the management of FERNAO Networks Holding GmbH. It is possible to browse the internet pages on the website of FERNAO Networks Holding GmbH without providing any personal data. However, if a data subject wishes to take advantages of the specialist services of our company through our website, it may be necessary to process their personal data. If the processing of personal data is required and there is no prior legal basis for this processing, consent will be requested from the data subject.

Any processing of personal data, e.g. the name, address, email address, or telephone number of a data subject, is always performed in accordance with the General Data Protection Regulation and the country-specific data protection regulations which apply to FERNAO Networks Holding GmbH. With this data protection policy, our company wishes to publicly disclose the nature, scope, and purpose of the personal information that we collect, use, and process. This data protection policy also serves to inform data subjects of their rights.

As the controller, FERNAO Networks Holding GmbH has implemented a number of technical and organizational measures to ensure as comprehensive protection as possible for the personal data processed via this website. Nevertheless, data transmission over the internet may be subject to security vulnerabilities, and absolute protection cannot be guaranteed. Accordingly, any individual is free to submit personal data by alternative means, e.g. by telephone.

1. DEFINITIONS

The data protection policy of FERNAO Networks Holding GmbH employs the terminology of the European directives and regulatory authorities adopted in the General Data Protection Regulation (GDPR). Our data protection policy aims to be easy to read and understand, intended for both the general public and our customers and business partners. To this end, we will begin by explaining the terminology.
Among other things, we use the following terms in this data protection policy:

a) personal data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter called the “data subject”). A natural person is considered to be identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online alias, or one or more characteristic features expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.

b) data subject
A data subject is any identified or identifiable natural person whose personal data are being processed by the controller.

c) processing
Processing refers to any automated or non-automated procedure or any series of operations relating to personal data, such as collecting, recording, organizing, ordering, storing, adapting or modifying, reading, querying, exploiting, disclosing via transmission, publishing or any other form of dissemination, comparing or associating, restricting, deleting, or destroying.

d) restriction of processing
Restriction of processing refers to a marking of the stored personal data to indicate that their future processing should be limited.

e) profiling
Profiling is any type of automated processing of personal data that involves the use of these personal data to evaluate or predict certain personal aspects which relate to a natural person, including aspects relating to job performance, economic status, health, personal preferences, interests, reliability, behavior, location, or change of location of this natural person.

f) pseudonymization
Pseudonymization refers to the processing of personal data in such a way that this personal data can no longer be associated with a specific data subject without additional information, subject to the condition that this additional information is held separately and protected by technical and organizational measures to ensure that the personal data cannot be associated with a specific identified or identifiable natural person.

g) controller (responsible for processing)
The controller is the natural or legal person, public authority, institution, or other entity that, alone or in concert with others, decides the purposes and means of processing of personal data. If the purposes and means of this processing are determined by European or national law, the controller or the specific criteria for designating this controller may in some cases be specified by European or national law.

h) processor
A processor is a natural or legal person, public authority, institution, or other entity that processes personal data on behalf of the controller.

i) recipient
A recipient is a natural or legal person, public authority, institution, or other entity to which personal data are disclosed, whether or not this recipient is a third party. Authorities which receive personal data for certain inquiries under European or national law are not considered recipients.

j) third party
A third party is a natural or legal person, public authority, institution, or other entity that is not the controller, the processor, or an entity authorized to perform processing under the direct responsibility of the controller or processor.

k) consent
Consent is any informed, voluntary, and unambiguous expression of will provided by the data subject for the specific case at hand as a declaration or otherwise unambiguous confirmation that the data subject accepts the processing of their personal data.

2. NAME AND ADDRESS OF THE CONTROLLER

The controller in the sense of the General Data Protection Regulation, other national data protection legislation in member states of the European Union, and other data protection regulations is:
FERNAO Networks Holding GmbH
Max-Reichpietsch-Str. 2
51147 Cologne
Deutschland
Tel.: +49 2203.92263-1
Email: info@fernao.com
Website: https://www.fernao.com

3. COOKIES

The website of FERNAO Networks Holding GmbH uses cookies. Cookies are text files that are created and stored on your computer system via an internet browser.
Many websites and servers use cookies. Cookies often contain a so-called cookie ID. A cookie ID is a unique identifier of this cookie. It contains a string that allows internet pages and servers to identify the specific internet browser which saved the cookie. This allows the websites and servers that you visit to distinguish your browser form other internet browsers, which store different cookies. Your specific internet browser can be recognized and identified by the unique cookie ID.
The use of cookies enables FERNAO Networks Holding GmbH to provide website users with more user-friendly services than would be possible without them.
Cookies allow the information and content of the website to be optimized for the user. As noted above, cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier to use our website. For example, cookies mean that website users don’t need to re-enter their login information every time they visit the website, since their session can be automatically retrieved from the cookies stored on the user’s computer system. A shopping cart in an online store is another example of where cookies can be useful. The online store remembers the items that the customer has placed in the virtual shopping cart using cookies.
Data subjects can prevent cookies from being created by our website at any time by configuring their internet browser accordingly to permanently prevent the creation of cookies. Existing cookies can also be deleted at any time using your internet browser or other software programs. This can be done in any standard internet browser. If the data subject chooses to deactivate cookies in their internet browser, some of the functionality of the website may no longer work.

4. COLLECTION OF GENERAL DATA AND INFORMATION

The website of FERNAO Networks Holding GmbH collects general data and information whenever the website is accessed by a data subject or an automated system. These general data and information are stored in the server log files. The collected data may include (1) browser types and versions, (2) the operating system accessing the website, (3) the website from which the user is accessing the website (referrer), (4) the sub-websites reached via our website, (5) the date and time of access, (6) the internet protocol address (IP address), (7) the internet service provider of the system accessing the website, (8) other similar data and information used for security purposes in the event of attacks on our IT systems.

When using this general data and information, FERNAO Networks does not make any conclusions about the data subject. This information is instead used to (1) properly deliver the contents of the website, (2) optimize the content and advertising on the website, (3) ensure the continued functionality of our IT systems and the web page technology, and (4) to provide any information needed for prosecution to the law enforcement authorities in the event of a cyber attack. These anonymously collected data and information are therefore statistically evaluated by FERNAO Networks Holding GmbH with the objective of increasing data protection and security within our company and ultimately ensuring the best possible levels of protection for the personal data that we process. The anonymous data in the server log files are stored separately from any personal data provided by a data subject.

5. CONTACT VIA THE WEBSITE

To comply with the legal requirements, the website of FERNAO Networks Holding GmbH contains information that enables rapid electronic contact with our company, as well as direct communication with us, including a postal address and an email address. If a data subject contacts the data controller by email or via the contact form, the personal data provided by the data subject will automatically be saved. Any such personal information voluntarily provided to the controller by a data subject is stored for the purposes of processing the request and later contacting the data subject. These personal data are not disclosed to third parties.

6. ROUTINE DELECTION AND BLOCKING OF PERSONAL DATA

The controller only processes and stores the personal data of the data subject for the period required to fulfill the purpose of this storage, or to comply with any European directives or regulations or other legislation applicable to the controller.

Once the purpose of storage is fulfilled or the storage period specified by European directives or regulations or other relevant legislation expires, the personal data will be regularly blocked or deleted in accordance with statutory provisions.

7. RIGHTS OF THE DATA SUBJECT

a) right of confirmation

Every data subject is granted the right by the European directives and regulatory authorities to request confirmation from the controller as to whether any personal data relating to the data subject are being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.

b) right of access

Every data subject affected by the processing of personal data is granted the right by the European directives and regulatory authorities to request information regarding any stored personal data pertaining to them, as well as a copy of this information, from the controller free of charge at any time. Additionally, the European directives and regulatory authorities grant data subjects the right to the following information:

  • the purposes of processing
  • the categories of personal data which are being processed
  • the recipients or categories of recipients to whom these personal data have been disclosed or are being disclosed, in particular any recipients in third countries or international organizations
  • if possible, the planned duration of storage of the personal data; if not possible, the criteria which determine the duration of storage
  • the existence of a right of rectification or deletion of any personal data concerning them, as well as the right to restriction of processing by the controller and a right to object to any such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data were not collected from the data subject themselves: all available information about the origin of these data
  • the existence of any automated decision-making processes including profiling under Article 22(1),(4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and the intended impact of this processing on the data subject

Furthermore, the data subject has the right to be informed whether any personal data have been transmitted to a third country or an international organization. If so, the data subject has the right to request information about the relevant guarantees in place for this transfer.

Any data subject who wishes to exercise this right of access can contact an employee of the controller at any time.

c) right of rectification

Any data subject affected by the processing of the personal data is granted the right by the European directives and regulatory authorities to request immediate correction of any personal data concerning them. Furthermore, the data subject has the right to request completion of incomplete personal data, for example by making an additional declaration, in consideration of the purposes of the processing.

Any data subject who wishes to exercise this right of rectification can contact an employee of the controller at any time.

d) right of deletion (right to be forgotten)

Any data subject affected by the processing of personal data is granted the right by the European directives and regulatory authorities to request the controller to immediately delete any personal data concerning them whenever one of the following conditions is satisfied and the processing is not necessary:

  • The personal data were collected or otherwise processed for purposes which are no longer necessary.
  • The data subject revokes the consent which forms the basis of processing under Article 6(1)(a) GDPR or Article 9(2)a GDPR and there is no other legal basis for this processing.
  • The data subject objects to the processing under Article 21(1) GDPR and there are no legitimate reasons for this processing, or the data subject objects to the processing under Article 21(2) GDPR.
  • The personal data were processed unlawfully.
  • The deletion of personal data is necessary to fulfil a legal obligation of the controller under European or national law.
  • The personal data were collected for information society services under Article 8(1) GDPR.

If any one of the above conditions is satisfied and a data subject wishes to request the deletion of personal data stored by FERNAO Networks Holding GmbH, they can contact an employee of the controller at any time. This employee will arrange for the deletion request to be fulfilled immediately.

If the personal data were made public by FERNAO Networks Holding GmbH and if the responsibility for the deletion of these personal data falls to our company as controller under Article 17(1) GDPR, FERNAO Networks Holding GmbH will undertake appropriate measures, including technical measures, in consideration of the available technology and the implementation costs, to inform other controllers responsible for the processing of the public data that the data subject has requested the deletion of all links to, copies, or replicas of these personal data wherever processing is not required. The employee of FERNAO Networks Holding GmbH will make the necessary arrangements in individual cases.

e) right of restriction of processing

Any data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to request the controller to restrict processing whenever one of the following conditions holds:

  • The accuracy of the personal data is contested by the data subject; the restriction applies for a sufficient period to allow the controller to verify the accuracy of the personal data.
  • The processing is unlawful; the data subject declines to delete the personal data and instead requests the restriction of the use of this personal data.
  • The controller no longer needs the personal data for the purposes of processing, but the data subject requires these personal data to assert, exercise, or defend legal claims.
  • The data subject has objected to processing under Article 21(1) GDPR and it is has not yet been determined whether any legitimate interests of the controller outweigh the rights of the data subject.

If any one of the above conditions is satisfied and a data subject wishes to request the restriction of personal data stored by FERNAO Networks Holding GmbH, they may contact an employee of the controller at any time. The employee of FERNAO Networks Holding GmbH will make the necessary arrangements for restriction in individual cases.

f) right of data portability

Any data subject affected by the processing of personal data is granted the right by the European directives and regulatory authorities to request any personal data concerning them which they have provided to a controller in a structured, standard, and machine-readable format. Furthermore, the data subject has the right to transmit these data to another controller without hindrance by the controller to whom the personal data were provided if the basis of processing is consent under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or a contract under Article 6(1)(b) GDPR and the processing occurs by means of automated procedures, provided that this processing is not required for the performance of a task in the public interest or the exercise of official authority that has been delegated to the controller.

Furthermore, by exercising the right to data portability under Article 20(1) GDPR, the data subject has the right to request the direct transmission of their personal data from one controller to another controller to the extent that this is technically feasible and does not encroach upon the rights and freedoms of others.

To exercise the right of data portability, the data subject can contact an employee of FERNAO Networks Holding GmbH at any time.

g) right of objection

Any data subject affected by the processing of personal data has the right granted by the European directives and regulatory authorities to object to the processing of personal data concerning them for reasons arising from their particular circumstances if this processing unfolds on the basis of Article 6(1)(e) or (f) GDPR. This also applies to any profiling performed on the basis of these provisions.

In the event of an objection, FERNAO Networks Holding GmbH will no longer process the relevant personal data, unless we can demonstrate compelling legitimate grounds for this processing which outweigh the interests, freedoms, and rights of the data subject, or unless the processing serves the purpose of asserting, exercising, or defending legal claims.

If FERNAO Networks Holding GmbH processes personal data for the purpose of direct advertising, the data subject has the right to object to the processing of their personal data for this purpose at any time. This also applies to any profiling associated with direct advertising. If the data subject objects to FERNAO Networks Holding GmbH regarding processing for the purpose of direct marketing, FERNAO Networks Holding GmbH will no longer process their personal data for this purpose.

In addition, the data subject has the right for reasons arising from their particular circumstances to object to any processing of their personal data by FERNAO Networks Holding GmbH for scientific or historical research purposes or statistical purposes under Article 89(1) GDPR, unless this processing is necessary to fulfill a task in the public interest.

To exercise the right of objection, the data subject can contact an employee of FERNAO Networks Holding GmbH or any other employee at any time. Regarding the use of information society services, the data subject is also free to exercise their right of objection by means of automated procedures which employ technical specifications, irrespective of Directive 2002/58/EC.

h) automated decision-making in individual cases including profiling

Any data subject affected by the processing of personal data has the right granted by the European directives and regulatory authorities not to be subjected to decision-making based exclusively on automated processing – including profiling – that may have legal or other similar consequences on this data subject, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is admissible under the European or national legislation which applies to the controller, provided that this legislation includes appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, or (3) has been granted express consent by the data subject.

If the decision (1) is required for the conclusion or performance of a contract between the data subject and the controller, or (2) takes place with the express consent of the data subject, then FERNAO Networks Holding GmbH will take appropriate measures to protect the rights, freedoms, and legitimate interests of the data subject, including at least the right to intervention by a physical person on behalf of the controller, the data subject’s right to defend their own position, and the right to contest the decision.

If the data subject wishes to exercise their rights regarding automated decision-making, they can contact an employee of the controller at any time.

i) right to revoke consent concerning personal data

Any data subject affected by the processing of personal data has the right granted by the European directives and regulatory authorities to revoke their consent to the processing of these personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the controller at any time.

8. DATA PROTECTION FOR APPICATIONS AND DURING THE APPLICATION PROCEDURE

The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. This processing may occur electronically. In particular, this occurs if an applicant submits their application documents to the controller by electronic means, for example by email or via a web form available on the website. If the controller and the applicant conclude an employment contract, the transmitted data will be stored for the purpose of the employment relationship in accordance with the relevant legislation. If the controller and the applicant do not conclude an employment contract, the application documents will be automatically deleted two months after the rejection decision is announced, unless the controller has a legitimate interest to abstain from this deletion. For example, a legitimate interest in this context might be to document the compliance of a procedure with the General Equal Treatment Act (AGG).

9. DATA PROTECTION WHEN USING GOOGLE MAPS

This website uses Google Maps to display a site map. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing, and usage of any data automatically collected by Google, its agents, or third party services, as well as any data provided by you.

The terms of use for Google Maps can be found in Google Maps terms of service.

10. DATA PROTECTION IN CONNECTION WITH THE USE OF GOOGLE ANALYTICS (WITH ANONYMIZATION FUNCTION)

The controller has integrated the Google Analytics web component onto this website (with its anonymization function). Google Analytics is a web analytics service. Web analytics refers to the acquisition, collection, analysis of data concerning the behavior of visitors to a website. Among other things, a web analytics service collects data about the websites from which visitors arrive (referrers), which subpages of the website are accessed, and how often and for how long each subpage is viewed. Web analytics is primarily used to optimize websites and to perform a cost-benefit analysis for internet advertising.

The Google Analytics web component is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the setting “_gat._anonymizeIp” for web analytics via Google Analytics. With this setting, the IP address of the user’s internet connection is shortened and anonymized by Google whenever the website is accessed from a Member State of the European Union or any other signatory country of the Agreement on the European Economic Area.

The purpose of the Google Analytics web component is to analyze traffic flows on our website. Among other things, Google uses the data and information that they collect to analyze website usage, to generate online reports for us showing user activities on our web pages, and to provide other services relevant to the use of our website.

Google Analytics sets a cookie on the system of the data subject. Cookies are explained above. Setting this cookie allows Google to analyze the usage of our website. Whenever a data subject accesses one of the pages of the website operated by the controller on which a Google Analytics web component is integrated, the Google Analytics web component will ask the internet browser of the data subject’s device to submit data to Google for the purposes of online analysis. As part of this process, Google receives information about personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks in order to regulate subsequent payments.

The cookie stores personal information, e.g. access time, location of access, and frequency of visits to the website by the data subject. For every visit to our website, these personal data, including the IP address of the data subject’s internet connection, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States. Google may transfer the personal data that have been collected to third parties.

Data subjects can prevent cookies from being created by our website at any time, as noted above, by configuring their internet browser accordingly to permanently prevent cookies. This setting in the relevant internet browser would also prevent Google from creating a cookie on the data subject’s device. Additionally, any cookie previously created by Google Analytics can be deleted at any time using the web browser or other software programs.

Furthermore, the data subject has the possibility to object to and prevent the collection of data generated by Google Analytics during the usage of this website and subsequent processing of this data by Google. To do this, the data subject can download and install a browser add-on from https://tools.google.com/dlpage/gaoptout . This browser add-on informs Google Analytics via Java-Script that no data or information about website visitation may be transmitted to Google Analytics. The installation of this browser add-on is viewed as an objection by Google. If the data subject’s device is later erased, formatted, or reinstalled, the data subject must reinstall the browser add-on in order to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or any other person with the power to do so, this browser add-on can always be reinstalled or reactivated. The installation of this browser add-on is viewed as an objection by Google. If the data subject’s device is later erased, formatted, or reinstalled, the data subject must reinstall the browser add-on in order to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or any other person with the power to do so, this browser add-on can always be reinstalled or reactivated.

More information and Google’s own data protection policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html . Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

Disable Google Analytics data collection for this website

11. LEGAL BASIS OF PROCESSING

Article 6(1)(a) GDPR serves as the legal basis of processing for our company, whereby consent is obtained for specific processing purposes. If the processing of personal data is necessary to fulfill a contract with the data subject, as is for example the case for any processing operations necessary for the supply of goods or the provision of any other service or consideration, the legal basis of the processing is Article 6(1)(b) GDPR. The same applies to any processing operations that are necessary to conduct pre-contractual measures, for example in connection with inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the legal basis of this processing is Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would for example arise if a visitor to our premises suffered an injury requiring their name, age, health insurance information, or other vital information to be disclosed to a doctor, hospital, or other third party. In such cases, the legal basis of processing is Article 6(1)(d) GDPR. Finally, other processing may be based on Article 6(1)(f) GDPR. This provides the legal basis for any processing operations that are not covered by the other legal bases named above when processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights, and fundamental freedoms of the data subject would prevail. We are in particular permitted to conduct processing operations that are specifically mentioned by the European legislation. In this regard, the latter has considered that a legitimate interest may be assumed when the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).

12. LEGITIMATE INTERESTS FOR PROCESSING PURSUED BY THE CONTROLLER OR A THIRD PARTY

If the legal basis of the processing of personal data is Article 6(1)(f) GDPR, then our legitimate interest is namely the conduct of our business for the benefit of our employees and our shareholders.

13. DURATION OF STORAGE OF PERSONAL DATA

The criterion which determines the duration of storage of personal data is the relevant statutory retention period. After this period has elapsed, the data are regularly deleted, provided that they are no longer required to fulfill or initiate a contract.

14. LEGAL OR CONTRACTUAL REGULATIONS FOR THE PROVISION OF PERSONAL DATA; NECESSITY FOR THE CONCLUSION OF CONTRACTS; OBLIGATIONS OF THE DATA SUBJECT TO PROVIDE PERSONAL DATA; POSSIBLE CONSEQUENCES OF NON-PROVISION OF PERSONAL DATA

We wish to clarify that in some cases the provision of personal data is required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual party). Occasionally, it may be necessary for the conclusion of a contract for the data subject to provide us with personal data for subsequent processing. For example, the data subject is required to provide us with personal information if our company concludes a contract with them. Failure to provide these personal data would mean that the contract with the data subject cannot be concluded. Before the data subject provides personal data, they should contact one of our employees. This employee will be able to inform the data subject on a case-by-case basis whether the provision of personal data is required by law, required by contract, or required for the conclusion of the contract, whether there exists an obligation to provide these personal data, and what consequences the non-provision of personal data may entail.

15. AUTOMATED DECISION-MAKING

As a responsible company, we refrain from any automatic decision-making or profiling.

This data protection policy was created from the data protection policy generator by datenschutz in May 2018 in collaboration with RC GmbH with recycled notebooks and the filesharing lawyers of WBS-LAW.

DATA PROTECTION