TASKZONE AG PRIVACY POLICY

taskzone Privacy Statement

1.

General Information

We are very pleased about your interest in our company. Data protection is of particular importance to us. In this privacy policy, we inform you about the data processing in our company, as far as this data processing also concerns your data. If you would like to read an introduction to the topic of data protection and general information on the terms used in the General Data Protection Regulation, you will find further information on the website of the Federal Data Protection Officer, available at https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html (German language only).

2.

Information regarding controller and data protection officer

2.1
taskzone AG, Am Ziegelfeld 28, 51339 Burscheid is the „controller“ and therefore responsible for the processing of your personal data. You can reach us for general questions either by email at info@taskzone.com or our contact form. Further information may be found on our website at www.taskzone.com.
2.2
For questions on data protection or exercising your rights under data protection law (see Section 5), you may contact our data protection officer either by post at our address given above or by email at privacy@taskzone.com.

3.

Activities, in which we process your personal data

3.1
Visiting our website (without registration or log in)
If you visit our website without logging in, registering or otherwise filling in the input fields on the website, we process your personal data as follows:
3.1.1
For the purpose of providing our website, we process the IP address, access time, browser information, operating system, language setting, screen resolution, the page or file accessed, as well as the access status (successful or error code) for each page view of all website visitors. The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). The data is deleted after the end of your visit to our website, unless specific data is processed for one of the following purposes.
3.1.2
For the purpose of detecting and blocking attacks on our website and the technical infrastructure (e.g. hacking, denial-of-service attack), we process the IP addresses, access time, accessed subpage(s), and transmitted data volume of all website visitors. This processing is necessary to fulfil our legal obligation to take protective measures against attacks (Article 6 (1) lit. c GDPR). The data is deleted ten (10) days after the end of your visit to our website, unless an attempted attack is detected. In the event of a detected attempted attack from your point of access, the data will be further processed for technical and, if necessary, legal processing.
3.1.3
Cookies
We use cookies on our website. Cookies are small text files. They allow us to store specific user-related information in the context of the use of our website. Cookies may be differentiated as technically necessary, not technically necessary and Third-Party Cookies.
Technically necessary cookies are those, which are required to use of our website’s functionality. Without them, we may not be able to ensure the use of our website without errors.
Not technically necessary cookies are e.g. those, which allow us to recognise you as a customer on your next visit to our website. We may then restore the settings you chose during your previous visit to our website. Moreover, those cookies help us analyse consumer behaviour in our web-shop.
Third-Party Cookies record your visit to our website, other websites you visited and the links you visited. This information may be used to optimise a website and the advertisements addressed to you and design them according to your interests.

We use the following cookies on our website:
  1. For the purpose of accelerating the delivery of our website through the use of so-called "load balancing", i. e. distributing all access requests to the website between multiple servers, we use the services of Amazon Web Services. For this purpose, several cookies are stored on the device of each visitor of our website to recognize each visitor by means of a random pseudonym identifier for as long as the browser window is open. The cookies do not contain any further personal data. The cookies are transferred to Amazon Web Services, Inc., see sect. 4 below. The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). The cookies are deleted at the end of the session, i. e. as soon as the browser window and the browser are closed.
  2. For the analysis of visitor behaviour by Google Analytics we store cookies on the device of the website visitors. Thus, the IP address (shortened for anonymization), from what other website a data subject is forwarded to another website (so-called referrer), what subpages of the website are accessed or how often and for how long a subpage is viewed, are transferred to Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA as a processor (Art. 28 GDPR) and processed there. The processing there is mainly used for the optimisation of our website and for the cost-benefit analysis of internet advertising. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports on the activities on our website for us, and to provide other services related to the use of our website. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR) to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". The cookies are deleted at the latest after two years, or earlier in accordance with the settings of your web browser.
All cookies are allowed, blocked and deleted according to the settings stored in your web browser (e.g. when closing the browser window). If cookies are disabled entirely for our website, it may not be possible to fully use all functions of the website.
You may object the processing described in the above lit. b) at any time in accordance with sect. 5.2.3, if the conditions of Art. 21 GDPR are met. You can also prevent the storage and processing described in lit. b) above by setting the preferences in your browser accordingly, for example, by activating the settings to protect against tracking of your activities. Alternatively, you can prevent the collection of the data on your use of the website (incl. your IP-address) that is processed in the cookie in accordance with the aforementioned lit. b) as well as the processing by Google, if you download and install the browser Plug-In available at this link: http://tools.google.com/dlpage/gaoptout?hl=de. During this process an Opt-Out-Cookie is set, which prevents the setting of other Google Analytics Cookies. If Cookies are deleted automatically or manually in your browser, the opt-Out-Cookie will be deleted as well.


3.2
Contact form on our website
For the purpose of providing an opportunity to make contact for the initiation of business and answering general questions, we process the following data entered into the contact form: email-address, IP-address and message. These data are only processed to handle the respective enquiry. The email-address is also used to connect the enquiry to an existing contractual relationship. The data will only be processed for other purposes (e.g. to send advertisement), if it is necessary to fulfil the request (e.g. if interest was shown for the products, but not in case of support requests). The processing is necessary for the performance of the contract (Art. 6 (1) lit. b GDPR). Immediately after the handling of the enquiry is concluded, data processing is limited to the fulfilment of legal retention obligations, particularly from commercial or tax law and the data is deleted after the last retention period expires.


3.3
Use of our “taskzone” service
3.3.1
In addition to the data already incurring in the course of a visit to our website (sect. 3.1), we process the following data of every user of the “taskzone” service for the purpose of providing the “taskzone” service and in order to fulfil our obligations from the service agreement:
  • Surname, first name and Email-address as mandatory information of every user,
  • Depending on the chosen payment method, postal address, credit card details, bank account, PayPal-account or similar payment data as mandatory information, if paid services are used,
  • Further voluntary information: title, organisation, gender, date of birth, picture of the user, other postal addresses, telephone and fax numbers, further email-addresses, usernames in social media networks,
  • Information on the behaviour on taskzone (“usage data”) concerning the manner in which the service is used, especially group size, use of workflows, description of tasks, use of text boxes, content of text boxes.
  • Furthermore, users are free to upload any files to be shared with other members of a group that may contain any categories of personal data. File attachments uploaded by users are not analysed and no personal data is extracted from them.
These data are processed to implement the user management and authentication for the service, to allow communication between users who are members to the same group as well as to allow the use of specific functions of the service (e.g. appointment and task management, contact management, making available of files, communication between group members). Personal data are transmitted to the following recipients or groups of recipients:
  1. The following personal data are available for view and download by every user of the service: mandatory information on every user, data voluntarily entered in the “Public Data” tab.
  2. Some users of the service (only with express permission, e.g. own contacts, group members) may also view and download all data voluntarily entered in the “Private Data” tab.
The processing is necessary for the performance of and our obligations under the contract (Art. 6 (1) lit. b GDPR). The data are deleted within 90 days of the deletion of the user account by the user, if mutually all claims are fulfilled. In derogation thereof, information and documents the user provided or uploaded and shared with a group are only deleted once the common task or function, attached to which the information and documents were shared, is deleted completely.
3.3.2
For billing purposes (invoicing), we process the surname, first name, postal address, customer number, email address, payment amount, used services and service periods, if you use paid services. For accounting and book-keeping purposes, we transfer the invoices in full with the aforementioned personal data to the tax consultants and financial auditors at „BWLC – Steuerberatungsgesellschaft, Eschmarer Str. 53, 53859 Niederkassel“, who we retain for the performance of business analyses and account books as well as tax and financial audits. This transfer and processing is necessary for the fulfilment of legal requirements (Art. 6 (1) lit. c GDPR). Immediately after mutual fulfilment of all claims, the processing is limited to the fulfilment of statutory retention obligations, in particular commercial and tax retention requirements. The data is deleted after the end of the last retention period.
3.3.3
In case of a default of payment, we transfer all use and invoice data to a collection service provider for the further legal enforcement of claims. The processing is necessary for the performance of and our fulfilment of our obligations under the contract (Art. 6 (1) lit. b GDPR). Immediately after mutual fulfilment of all claims, the processing is limited to the fulfilment of statutory retention obligations, in particular commercial and tax retention requirements. The data is deleted after the end of the last retention period.
3.3.4
For purposes of processing of payments, we process your payment data, if you use paid services. If payment via credit card or ELV/SEPA is selected, we use the payment service SIX. This is a service provided by the „SIX Payment Services (Europe) S.A., 10, rue Gabriel Lippmann, 5365 Munsbach, Luxembourg“, which is certified under the Payment Card Industry Data Security Standard (PCI DSS). Your account details will be collected and processed directly by SIX and are not stored by us. For further processing in connection with ELV/SEPA, SIX uses the services of the subcontractor „creditPass GmbH, Mehlbeerenstraße 2, 82024 Taufkirchen b. München, Deutschland“. Your payment data will only be transmitted if necessary for processing your payment. If any of these payment methods is selected, data processing is necessary for the performance of and our fulfilment of our obligations under the contract (Art. 6 (1) lit. b GDPR). The privacy policy of SIX is available at www.six-payment-services.com/privacy-statement. The privacy policy of creditPass is available at https://creditpass.de/service/datenschutz/.
3.3.5
If payment via direct debit is selected, our payment service creditPass processes your name, postal address and your birth date to conduct a credit assessment, the retrieval of information to assess the risk of payment defaults on the basis of mathematic-statistical methods using the postal address as well as to verify your address (check of deliverability). The aforementioned data are transferred via creditPass to CRIF Bürgel GmbH Niederlassung Hamburg, Friesenweg 4, Haus 12, 22763 Hamburg; Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss; Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf; infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden; SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. Legal basis of this transfer is Art. 6 (1) lit. f GDPR, to pursue our legitimate interests of preventing payment defaults that may lead to economic damages to our company. Detailed information concerning the aforementioned recipients, meaning information on their business purpose, purposes of data retention, further data recipients, the right of access, the right to erasure or rectification are available at
www.crifbuergel.de/de/datenschutz
www.boniversum.de/EU-DSGVO
https://www.deutschepost.de/content/dam/dpag/images/D_d/DDP/Downloads/dp-direkt-zusatzinfo-datenschutzkonforme-adressloesungen-dsgvo.pdf
https://finance.arvato.com/content/dam/arvato/documents/financial-solutions/Arvato_Financial_Soultions_Art._14_EUDSGVO.pdf
https://www.schufa.de/de/datenschutz-dsgvo
You have the right to object to this data processing in accordance with sect. 5.2.3, e.g. by mail or email to the contact details given in sect. 2. We reserve the right not to offer any payment methods using a credit assessment in case of your objection.
3.3.6
In case of a default of payment with regard to a claim that is due and uncontested, and provided that the legal requirements are met, we transmit (via creditPass) your name, postal address, date of birth and the fact of a payment default to Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss; SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. We do not transmit any data concerning contested claims. You will be given express advanced notice of an impending transmission of your data. The transfer is necessary to pursue the legitimate interests (Art. 6 (1) lit f GDPR) of our company and all market participants, to prevent payment defaults by taking into account the risk of a potential default on payment for the decision on entering into, and the performance or termination of a contract. Detailed information concerning the aforementioned recipients, meaning information on their business purpose, purposes of data retention, further data recipients, the right of access, the right to erasure or rectification are available at
www.boniversum.de/EU-DSGVO
https://www.schufa.de/de/datenschutz-dsgvo
You have the right to object to this data processing in accordance with sect. 5.2.3, e.g. by mail or email to the contact details given in sect. 2.


3.4
Processing of requests by telephone
To process general telephone enquiries and in order to answer customer support requests on the phone, we process names, first names, telephone numbers and customer number of the caller, other personal data communicated by the caller via telephone as well as details of the content of the telephone request. The processing is necessary to handle the request of the caller (Art. 6 (1) lit. b GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's enquiry (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the respective purpose as well as all statutory retention obligations, in particular commercial and tax retention requirements, the data is deleted automatically.
3.5
Processing inquiries via social media
In order to process inquiries directed at us via our presence in the social networks Facebook, Twitter, or Google+, e.g. if a visitor to the website followed the link to the respective social network, we process the personal data that you have shared on the respective social network. The processing of your data is required to process your request (Art. 6 (1) lit. b GDPR). Depending on the request, processing will be restricted to the specific further purpose of the request immediately after completing the processing of initial request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all statutory retention obligations, in particular commercial and tax retention requirements, the data is deleted.
3.6
Processing email requests
To process all inquiries that reach us by email, we process the surname, first name, email address, customer number or username of the sender and other personal data communicated in the email as well as information on the content of the request. These data are transferred to our technical service provider (email hosting) „1&1 Internet SE, Elgendorfer Straße 57, 56410 Montabaur, Deutschland as a processor (Art. 28 GDPR). The processing is necessary to handle the request or enquiry (Article 6 (1) lit. b GDPR). Depending on the request, processing will be restricted to the specific further purpose of the request immediately after completing the processing of initial request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all statutory retention obligations, in particular commercial and tax retention requirements, the data is deleted.
3.7
Advertisement to prospective clients
To advertise our company's products by telephone, mail, email, and electronic messages on the platforms Twitter, Facebook or Google+, we process the names, first names, mailing addresses, email addresses, phone numbers, and electronic identifiers of the respective platform, the position in the company and the information available on the specific interest of the company in our products and services of the contact persons of potential customers. Insofar as we have not received this data from the (representative of a) potential customer (e.g. as a contact at a trade fair or event, via the contact form on the website or as part of a call), we collect the data from the respective platform used (Twitter, Facebook or Google+), as far as they are visible for everybody or have been shared with us there, as well as from public directories. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR) to advertise our services to prospective customers directly, thereby increasing sales of our services. The data is no longer processed for direct advertising if the prospective customer objects (sect. 5.2.3) and in any case only to the extent that the potential client would expect in the context of a contractual relationship without being considered a nuisance. The data is deleted, respectively the connection on the platforms Twitter, Facebook or Google+ terminated, if the contact person objects to the data processing for advertising purposes. The data is deleted manually upon decision of our sales department if, during the course of the conversation, it is made clear that the potential client has no present or future interest in our services, or if enough time has passed without response of the potential customer that a reaction can no longer be expected.

4.

Data processing on our behalf

For all of the data processing activities mentioned in sect. 3.1 to 3.3 above, we use the services provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States of America as a processor (Art. 28 GDPR). Personal data processed for those processing activities is transferred to the processor. The location of the servers is in Germany, but we cannot rule out that personal data may be transferred to the United States. Such potential transfer to the United States happen is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".

5.

Your rights as data subject

5.1
You may at any time exercise your rights as a data subject by contacting us by mail to our address mentioned in section 2.1 or by email to the email address mentioned in section 2.2. Please keep in mind that we do not process any enquiries on personal data by telephone, because generally the identity of the caller cannot be determined with sufficient certainty.
5.2
You have the following rights with respect to your personal data:
5.2.1
You may exercise your right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of processing, i. e. blocking for certain purposes, (Art. 18 GDPR) at any time, if the respective statutory prerequisites are met.
5.2.2
Your right to data portability (Art. 20 GDPR) also stipulates that, if the statutory prerequisites are met, you may demand that your personal data stored by us will be transferred to you – or insofar as technically feasible, to another controller designated by you – in a structured, commonly used and machine-readable format.
5.2.3
You have the right to object to processing (Art. 21 GDPR) for some processing purposes, in particular advertising purposes. Insofar as we process your data based on a balancing of interests (pursuant to Art. 6 (1) lit. f GDPR), you have the right to object to this processing at any time based on grounds related to your particular situation. Such grounds may be compelling in particular, if they give special weight to your interests, which thereby outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account in the balancing of interests.

5.3
You also have the right to contact the competent data protection supervisory authority for questions or complaints regarding the processing of your personal data.