We, Pepergy – Arne Kaiser, Kirschgartenstrasse 37, D-69126 Heidelberg (hereinafter referred to as “we” or “Pepergy”) take the protection of your personal data seriously. With this declaration (hereinafter referred to as “privacy policy”) we inform you about the way in which your personal data is processed by us.
This data protection notice has a modular structure, namely
“Personal data” means any information relating to an identified or identifiable natural person (e.g. name, address, e-mail address, telephone number, date of birth).
In this privacy policy, “data processing” always refers to the processing of personal data. Processing is any operation relating to personal data, e.g. the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, making available, alignment or combination, restriction, erasure or destruction of personal data.
The controller for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is responsible for the data processing described in this privacy policy:
The controller for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is responsible for the data processing described in this privacy policy:
The categories and purposes of data processing differ according to the specific type of data processing and are set out in Part B.
We only pass on your personal data to third parties if this is necessary for the fulfillment of contractual or pre-contractual obligations, if we have your consent or if we have a legitimate interest in passing it on.
If data is transferred to third parties, this will be explained either in this privacy policy or, in the event that the transfer is based on your consent, as part of the process of obtaining your consent.
In addition, data may be transferred to third parties if we are obliged to do so by law or by an enforceable official or court order.
We sometimes use external service providers from Germany and abroad to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). In this case, only the personal data required by the service provider for the specific activity with which it has been commissioned will be transmitted to the respective service provider.
In this case, such a service provider is bound by our instructions as a so-called processor within the meaning of Art. 28 EU GDPR with regard to data processing and is also obliged to comply with data protection regulations.
The use of service providers from a third country outside the European Union (EU) or the European Economic Area (EEA) as processors only takes place under the special conditions of Art. 44 et seq. EU GDPR, such as the determination by the European Commission of a level of data protection in the respective third country that corresponds to the EU (Art. 45 GDPR) or the agreement of special guarantees that ensure the enforceability of your rights under the GDPR (Art. 46 EU GDPR – e.g. through contractual agreement of so-called standard data protection clauses). If you would like more information on this, please contact us: privacy@privory.com.
The criterion for the duration of the storage of your personal data is the respective statutory retention period. After this period has expired, your personal data will be deleted if it is no longer required to achieve the purpose of the data processing, to fulfill the contract or to initiate a contract.
Depending on the data concerned, longer periods for storage and documentation may arise, in particular from tax and commercial law (in particular from the German Commercial Code (HGB), Value Added Tax Act (UstG) and Tax Code (AO)), or we may be authorized to store data for a longer period in order to safeguard our legitimate interests.
We use suitable technical and organizational measures to protect your personal data against data loss, manipulation or destruction and against unauthorized access by third parties, taking into account the state of the art, the implementation effort and the nature, scope, context, purpose and risks of the respective data processing. These security measures are continuously improved in line with technological developments.
We use hosting services to provide the necessary infrastructure, computing capacity, storage space, security services and technical maintenance services for the operation of this website.
When you visit the website, a so-called log data record (so-called server log file) is stored temporarily and anonymously on the web server used as part of the hosting services by us or by the contract service providers used for hosting (see Part A Section 5) in order to clarify faults and any security incidents. Specifically, the following data is collected:
This anonymous data is stored separately from any personal data you may have provided and therefore does not allow any conclusions to be drawn about a specific person. It will only be passed on to third parties if this is required by law or if a court order requires it to be passed on. It will not be passed on for commercial or non-commercial purposes.
We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
The legal basis for this data processing is Art. 6 para. 1 lit. f) EU GDPR.
Cookies are small text files that are initially stored on the hard disk of the respective user and through which certain information flows to the location that set the cookie (usually a website).
Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. A distinction is also made between so-called session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual use.
In terms of their functions, cookies are also divided into
Cookies are used on our website. The legal basis for data processing in this case is Art. 6 para. 1 lit. f) EU GDPR in conjunction with. § 25 II TTDSG.
No social media plugins are used on our website. If the website contains symbols from or references to social media providers, these are only used as passive links to the websites of the respective social media providers.
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.
We have no influence on the collection of data and its further use by the social networks. We have no knowledge of the extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. We therefore expressly draw your attention to the fact that your data (e.g. personal information, IP address) will be stored by the operators of the networks in accordance with their data usage guidelines and used for business purposes.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users‘ rights.
Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of users‘ personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
For a detailed description of the respective processing and the opt-out options, we refer to the following linked information from the providers.
In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users‘ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
You can register to receive our newsletter. In this case, we will use your name and email address after you have verified them by confirming them in an email sent to you following your registration (so-called “double opt-in procedure”) for the duration of your registration for direct marketing purposes. The legal basis for this data processing is Art. 6 para. 1 lit. a) EU GDPR.
You can object to the use of your email address for these purposes at any time without incurring any costs. To do so, you can use the unsubscribe link at the bottom of each newsletter or contact us using the contact details provided in this privacy policy.
As a person affected by data processing, you have several rights in connection with this data processing. These (as well as any existing requirements of the respective right) are described in more detail below.
You can exercise the following rights against us in a completely straightforward manner by contacting us using the contact details provided in Part A, Section 2. Please ensure that we can clearly identify you on the basis of your request.
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you also have the right to request information about the personal data concerning you that is being processed.
This includes, in particular, information about the purposes of processing, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
You also have the right to be provided with a copy of the personal data that is the subject of the processing.
You also have the right to receive the processed personal data concerning you in a structured, commonly used and machine-readable format and/or to have this data transmitted to another controller to be designated by you.
If incorrect personal data is or has been processed by you, you have the right to demand that it be corrected immediately. Taking into account the purposes of the data processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
You have the right to request the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
You also have the right to request the restriction of the processing of your data if
If the processing of your personal data has been restricted, the personal data concerned may only be processed – apart from being stored – with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of a natural or legal person or for reasons of important public interest of the European Union or of a Member State of the European Union.
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. In this case, we will stop processing the data unless there are compelling legitimate grounds for processing the data that outweigh your interests, rights and freedoms as a data subject or the processing serves to assert, exercise or defend legal claims. The burden of proof for such compelling legitimate grounds lies with us in this case.
If you have consented to certain data processing, you have the right to withdraw this declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Instead, the revocation has the consequence that we may no longer continue the data processing that was based on this consent in the future.
If you are of the opinion that the processing of your personal data violates applicable data protection law, in particular that of the EU GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged violation, for example with the data protection supervisory authority responsible for us:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Address: Lautenschlagerstraße 20, 70173 Stuttgart
Postal address: Postfach 10 29 32, 70025 Stuttgart
Telefon: 0711/615541-0
Telefax: 0711/615541-15
E-Mail: poststelle@lfdi.bwl.de
Your right to use other judicial or other legal remedies remains unaffected.
Last Updated: 2024, June 4th
