I. Preamble
The Association of Manufacturers of Terminal Equipment in Telecommunications (Verbund der Telekommunikations-Endgerätehersteller, subsequently “VTKE” or “we”) is responsible for the web presence at vtke.de.
In the following we would like to inform you about how personalized data are processed in the context of our websites and/or online services.
Personalized data are erased as soon as possible, and never used or passed on for advertising purposes without your consent.
II. Responsible Authority / Data Protection Officer / Responsible Supervisory Authority
Responsible authority
Association of Manufacturers of Terminal Equipment in Telecommunications (Verbund der Telekommunikations-Endgerätehersteller, VTKE)
Alt-Moabit 90a
D-10559 Berlin
Germany
Phone: +49/ 173/ 628 62 44
Email: info@vtke.eu
vtke.eu
Data protection officer
Association of Manufacturers of Terminal Equipment in Telecommunications (Verbund der Telekommunikations-Endgerätehersteller, VTKE)
Data protection officer
Alt-Moabit 90a
D-10559 Berlin
Germany
Phone: +49/ 173/ 628 62 44
Email: info@vtke.eu
Responsible Supervisory Authority
Berlin Commissioner for Data Protection
Friedrichstraße 219
10969 Berlin
Germany
Phone: +49/ 30/ 13889-0
Fax: +49 30 2155050
Email: mailbox@datenschutz-berlin.de
datenschutz-berlin.de
III. General Principles / Information
1. Definitions
The definitions are in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “General Data Protection Regulation” or “GDPR”). In particular, the definitions of Article 4 and Article 9 of the GDPR apply. For your information we have listed the essentially relevant definitions below under (IX).
2. Scope of Personal Data Processing
We collect and use the personalized data of our users in principle only insofar as this is necessary to render and provide our services and to prepare our web presence or online offers.
Personalized data are collected and used for other purposes on a regular basis only
i. (i) with the user’s consent,
ii. (ii) if the processing is necessary for the purpose of contract performance or
iii. (iii) for the protection of legitimate interests, insofar as this is not overridden by the interests or fundamental rights of the persons affected that require the protection of personalized data. This also includes the transmission of data to authorities and/or courts.
Moreover, such cases are excepted in which it was not possible to obtain prior consent for practical reasons, or in which the processing of the data is permitted by statutory regulations.
3. Legal Bases
Insofar as personalized data are processed on the basis of consent by the data subject, Article 6(1a) of the GDPR is the legal basis for such processing.
For the processing of personalized data for the performance of a contract to which the data subject is party, Article 6(1b) of the GDPR is the legal basis; this also applies for processing which is necessary for the implementation of pre-contractual measures.
If personalized data are processed in order to comply with legal obligations (such as, for example, retention periods stipulated by tax or commercial law, or information provided by authorities, etc.), Article 6(1c) of the GDPR is the legal basis.
For the case that vital interests of the data subject or another natural person necessitate the processing of personalized data, Article 6(1d) of the GDPR is the legal basis.
Should processing take place in order to protect a legitimate interest of our Association or of a third party, and this interest is not overridden by the interests, fundamental rights and basic freedoms of the data subject, Article 6(1f) of the GDPR is the legal basis for processing.
4. Obtaining Consent / Right of Revocation
Consent in accordance with Article 6 (1a) of the GDPR is generally obtained electronically. The contents of the consent form are logged electronically.
Right of revocation: Please note that consent already granted can be revoked prospectively at any time – in full or in part; the legality of any processing that took place on the basis of consent up to the time consent was revoked remains unaffected. Please direct any revocation to the contact information for the responsible authority or the data protection officer listed under (II).
Processing of Data
In general, the processing of your personalized data takes place within the EU or the European Economic Area (“EEA”).
6. Data Erasure and Storage Period
Personalized data on the data subject are erased or locked as soon as the purpose of processing has expired. Data are stored after the purpose of processing has expired only when this is provided for by the European or national legislator in EU regulations, laws or other directives to which our company is subject (e.g., to satisfy legal record-keeping requirements and/or when there are justified interests in storage (e.g. during the period of statutes of limitation for the purpose of legal defense against any claims). The data are also erased or locked when a storage period prescribed by the relevant standards expires, unless there is a necessity for the further storage of the data for the conclusion of a contract of for other purposes.
7. Rights of the Data Subjects
The GDPR grants certain rights to data subjects effected by the processing of personalized data (known as “rights of the data subject”, especially Articles 12 through 22 of the GDPR). The individual rights of the data subjects are clarified in (IX). If you would like to exercise one or more of these rights, you can contact us at any time. Please do so by using the contact information listed under (II).
IV. Data Processing to Prepare the Website / Collection of Log Files
Every time our website is opened, our system automatically collects data and information from the requesting user’s computer system. The following data are collected (hereinafter “log data”):
• information about the type and version of the browser used
• the user’s operating system
• the user’s IP address
• date and time of access
• file size of the object accessed
The log data mentioned above – with the exception of the IP address – do not make it possible to identify the person of the user; personalized identification is possible only by allocating or linking the log data to a certain IP address.
1. Purpose and Legal Basis
The collection and processing of log data, especially the IP address, takes place for the purpose of providing to the user the contents contained on our website, that is, for the purpose of communication between the user and our web or online services. Temporary storage of the IP address is necessary for the duration of the given communication process. This is required for addressing the communication traffic between the user and our web or online presence, or necessary in order to utilize our web and/on online services. The legal basis for this data processing – that is, for the duration of your visit to the website – is Article 6(1b) of the GDPR, or, respectively, section 96 of the German Telecommunications Act (TKG) or Section 15(1) of the German Telemedia Act (TMG).
Any processing and storage of the IP address in log files that goes above and beyond a given communication process is undertaken in order to ensure the functionality of our web and online content, for the purpose of optimizing these contents, and to guarantee the security of our information technology systems. The legal basis for storage of the IP address for these purposes above and beyond a given communication process is Article 6(1f) of the GDPR (protection of legitimate interests) or Section 109 of the TKG.
2. Data Erasure and Storage Period
Data are erased as soon as they are no longer required to achieve the purpose of their collection. In the case of data collection for the preparation of the web pages, this is the case whenever the given session – the visit to the website – has ended. Any storage of log data above and beyond this, including saving the IP address for the purpose of system security, will last for a period of no longer than seven days from the time the user leaves the web page. Any processing and/or storage of log data above and beyond this is possible and permissible, as long as the IP addresses of the users are erased or altered after the above mentioned storage period of seven days such that it is no longer possible to match the log data to an IP address.
3. Opt-out and Elimination Options
The collection of log data for the preparation of a website, including their storage in log files as limited in the above paragraph, is absolutely necessary for operation of the website. There is thus no possibility for the user to opt out. The above does not apply for the processing of log data for purposes of analytics; depending on the web analytic tool used and the kind of data analysis (personalized/anonymous/pseudonymous), this is conform to (VI).
V. Use of Cookies
Our websites use cookies. Cookies are text files which are saved in the web browser, or by the web browser on the user’s computer system. Cookies do not contain any programs and cannot place any malicious code on your computer. Whenever a user opens a website, a cookie can be saved on the user’s operating system. This cookie contains a characteristic string that allows unambiguous identification of the browser when the website is opened again. Our cookies do not contain any personalized data, so that your privacy remains protected. Contingent on the given kind of cookie and the possibility of matching a cookie to an IP address, however, there is the theoretical possibility of personally identifying the user. No such matching is performed by us, as the IP addresses are immediately anonymized in order to exclude the possibility of such matching (see [VII] for details).
Cookies that are required for technical reasons are used by us to improve the user friendliness of our web and/or online presence. In cookies required for technical reasons, the following data are saved and transmitted to our systems:
• Language settings
• Anti-spam protection
1. Purpose and Legal Basis
The purpose of using cookies that are required for technical reasons is to simplify the use of websites for users. Some of the functions on our website cannot be offered without the use of cookies. For this it is also necessary that the browser also be recognized even after switching pages.
The user data collected by cookies required for technical reasons are not used to create user profiles. The legal basis for the use of cookies required for technical reasons is Article 6(1b) of the GDPR, insofar as it is possible to match a person to the user, and the use is necessary for the purpose of providing our web and/or online presence in the sense of contract performance; otherwise Article 6(1f) of the GDPR, since they are also used to protect legitimate interests for the purpose of providing web and/or online offers.
2. Data Erasure and Storage Period
Cookies are saved on the user’s terminal device (smart device/PC) and transmitted from there to our web pages. The system differentiates between permanent cookies and session cookies. Session cookies are saved for the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the browser session is closed, but saved on the user’s terminal device for a longer period.
3. Opt-out and Elimination Options
This data protection statement presents comprehensive information about the use of cookies. As a user you have complete control over the use and storage of cookies. By changing the settings in your web browser you can disable the transmission of cookies in general, or restrict their use. Cookies that have already been stored can be deleted at any time. This can also happen automatically. If cookies are disabled for our websites, it may no longer be possible to use all functions on the web pages to their full extent. For more information on the use of cookies, go to www.meine-cookies.org or www.youronlinechoices.com/de
You can reject the use of cookies prospectively at any time; you can exercise your right to refuse by clicking the “Disable Tracking” button or setting the relevant options in your browser (Do Not Track).
VI. Web Analytics
In order to optimize our web pages and adapt to the changing habits and technical conditions of our users, we use tools for what is known as “web analytics”. Such tools measure things like which elements are visited by users, and whether the information they seek is easy to find. Such information cannot be interpreted in any meaningful way until information on a larger group of users can be considered. The data collected for such analysis are aggregated into larger units.
This way we can adapt the design of pages or contents, for instance, if we discover that a relevant share of site visitors are using new technologies, or are having trouble finding available information.
We carry out the following analyses on our website and online platforms and/or implement the following tools for web analytics:
1. Analysis of Log Data
Log data are used exclusively for analytics purposes on an anonymous basis; in particular, there is no linkage with data that can be used to identify the user personally and/or matched with an IP address or a cookie. Such an analysis of log data thus is not subject to the data protection provisions of the GDPR.
VII. Email Contact
You can contact the VTKE via the email address on our website. In this case the personalized data of the user transmitted with the email will be stored. Under no circumstances are these data passed on to third parties, unless we have to resort to third parties to process the request.
1. Purpose and Legal Basis
These data are processed exclusively for the purpose of responding to the given request or suggestion.
Insofar as data are processed for the purpose of fulfilling a customer order or responding to a customer request, the legal basis for data processing is Article 6(1b) of the GDPR. The legal basis for processing the data with the user’s consent is Article 6(1a) of the GDPR. The legal basis for collecting additional data during sending is Article 6(1f) of the GDPR; the legitimate interest here is in the prevention of misuse and ensuring system security (cf. [V.1]).
2. Data Erasure and Storage Period
In general, data are erased as soon as they are no longer required to achieve the purpose of their collection. For the personalized data sent by email, this is the case when the given communication with the user has ended and/or the user’s request was responded to conclusively. The communication is ended, or there is a conclusive response, when the circumstances indicate that the matter in question has been settled. Instead of being deleted, data will be stored and locked if further storage of the data is required for the reasons listed in (III.5).
The additional personalized data collected during the process of transmission are erased after a period no longer than seven days.
3. Opt-out and Elimination Options
The user has the possibility to terminate communication with us and/or rescind his request at any time, and to object to the corresponding use of his data. In such a case the communication cannot be continued. In this case, all personalized data stored in the course of making contact are erased, unless the further storage of data is required for the reasons listed in (III.6).
VIII. Definitions
The definitions are in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “General Data Protection Regulation” or “GDPR”). In particular, the definitions of Article 4 and Article 9 of the GDPR apply. In the framework of this data protection statement, the following terms defined in Article 4 of the GDPR may be of particular relevance:
1. “Personalized data: all information which refers to a natural person who is identified or identifiable (hereinafter “data subject”). A natural person is considered identifiable when he or she can be identified, directly or indirectly, especially by means of matching with an identifier like a name, with an ID number, with location data, with an online ID, or with one or more special properties that express the physical, physiological, genetic, mental, economic, cultural or social identity of this person;
2. “Processing”: every process associated with personalized data, executed with or without the aid of an automated method, or every such series of processes, including the collection, recording, organization, arrangement, storage, adaptation or alteration, reading, retrieval, use, disclosure through transmission, propagation or other form of provision, comparison or linkage, restriction, erasure or elimination;
3. “Restriction of processing”: the marking of stored personalized data with the goal of restricting or blocking their future processing;
4. “Profiling”: any kind of automated processing of personalized data that consists in using these personalized data in order to assess certain personal aspects related to a natural person, especially with the purpose of analyzing or predicting job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person;
5. “Pseudonymization”: the processing of personalized data in such a way that the personalized data can no longer be matched to a specific data subject without enlisting additional information, insofar as this additional information is stored separately and subject to technical and organizational measures which guarantee that the personalized data cannot be allocated to an identified or identifiable natural person;
6. “Controller”: the natural person or entity, authority, institution or other agency that decides, alone or jointly with others, about the purpose and means of processing personalized data. If the purposes and means of this processing are prescribed by EU law or the law of its member states, the controller can prescribe the specific criteria of his or her appointment in accordance with EU law or the law of the member states;
7. “Processor”: a natural person or entity, authority, institution or other agency that processes personalized data on the controller’s behalf;
8. “Recipient”: a natural person or entity, authority, institution or other agency to which personalized data are disclosed, independent of whether or not these data concern a third party. Public authorities that may receive personalized data in the context of a specific investigation mandate in accordance with EU law or the law of its member states are not considered recipients, however; the processing of these data by the authorities mentioned takes place consistent with the valid data protection regulations in accordance with the purposes of processing;
9. “Third party”: a natural person or entity, authority, institution or other agency, besides the data subject, the controller, the processor, and the persons who are authorized to process the personalized data under the direct responsibility of the controller or processor;
10. “Consent”: every declaration of intent made voluntarily by the data subject for a certain case, in an informed manner and clearly expressed in the form of a declaration or another clearly affirming action, with which the data subject indicates that he or she consents to the processing of the personalized data about his or her person;
IX. Rights of the Data Subjects
According to the GDPR, the user is entitled in particular to the following data subject rights:
1. Right to Information (Article 15 of the GDPR)
You have the right to request information about whether or not we process personalized data pertaining to you. If personalized data pertaining to you are processed by our company, you are entitled to information about
• the purposes of processing;
• the categories of personalized data (kinds of data) that are processed;
• the recipients or categories of recipients to whom your data were disclosed or are to be disclosed; this is the case especially when data were disclosed or are to be disclosed to recipients in third countries outside the purview of the GDPR;
• the planned duration of storage, to the extent this is possible; if the duration of storage cannot be given, in any case the criteria for determining the duration of storage (e.g. legal retention periods or the like) must be communicated;
• Your right to rectification and erasure of the data pertaining to you, including the right to restrict processing and/or the right to revoke consent (on this, see also the subsequent clauses);
• the existence of the right to lodge an appeal with a supervisory authority; . the source of the data, if the personalized data were not collected from you directly.
Further, you are entitled to information about whether your personalized data are the object of automated decisions in the sense of Article 22 of the GDPR, and, if this is the case, which decision criteria are the basis for such an automated decision (logic) or what the effects and consequences the automated decision can have for you.
If personalized data are transmitted to a third country outside the purview of the GDPR, you are entitled to information about whether, and if so, on the basis of which guarantees, an adequate level of protection is ensured by the data recipient in the third country in accordance with Articles 45 and 46 of the GDPR.
You have the right to request a copy of your personalized data. We always provide copies of data in electronic form unless you request otherwise. The first copy is free of charge; for additional copies, reasonable compensation can be requested. The copy is provided as long as the rights and freedoms of other persons are not compromised through the transmission of the copied data.
2. Right to Rectification (Article 16 of the GDPR)
You have the right to request that we rectify your data, should these be incorrect, inaccurate and/or incomplete; the right to rectification includes the right to complete your data by adding supplementary clarifications or information. A rectification and/or supplement must take place immediately – that is, without undue delay.
3. Right to Erasure (Article 17 of the GDPR)
You have the right to request that we erase your personalized data, insofar as
• the personalized data are no longer required for the purposes for which they were collected and processed;
• data processing takes place on the basis of consent you granted and you have rescinded your consent, insofar as there is no other legal basis for data processing;
• You entered an objection to data processing in accordance with Article 21 of the GDPR and there are no overriding reasons for further processing;
• You entered an objection to data processing for the purpose of direct advertising in accordance with Article 21(2) of the GDPR;
• Your personalized data were processed illegally;
• the data in question concern a child, and were collected in relation to information society services in accordance with Article 8(1) of the GDPR.
There is no right to the erasure of personalized data insofar as
• the rights to freedom of expression and to knowledge are in conflict with the request for erasure;
• the processing of personalized data (i) in order to fulfill a legal obligation (e.g. legal retention periods), (ii) in order to fulfill public duties and interests in accordance with EU law and/or the law of the member states (this also includes interests in the area of public health) or (iii) for the purposes of archiving or research;
• the personalized data are required for the assertion, exercise or defense of legal claims.
The erasure must take place immediately – that is, without undue delay. If personalized data have been made public by us (e.g. in the internet), we are responsible, in the framework of what is technically possible and reasonable, for informing third-party processors about the erasure request, including the deletion of links, copies and or replicates.
4. Right to Restriction of Processing (Article 18 of the GDPR)
You have the right to have the processing of your personalized data restricted in the following cases:
• If you have contested the accuracy of your personalized data, you can request that your data not be used for other purposes for the duration of the accuracy check and insofar restricted.
• In the case of illegal data processing you can request the restriction of data use in accordance with Article 18 of the GDPR rather than data erasure according to Article 17(1d) of the GDPR.
• If you need your personalized data for the assertion, exercise or defense of legal claims, but your personalized data are otherwise no longer required, you can request that we restrict processing to the above mentioned purpose of legal proceedings.
• If you entered an objection to data processing in accordance with Article 21(1) of the GDPR and it has not yet been decided whether our interests in processing override your interests, you can request that your data not be used for other purposes for the duration of the review and insofar be restricted.
5. Right to Data Portability (Article 20 of the GDPR)
Subject to the following provisions, you have the right to receive the data pertaining to you in a commonly used, machine-readable format. The right to data portability includes the right to transmission of the data to another controller; upon request we will thus – insofar as it is technically possible – transmit data directly to a controller you specify or will specify in the future. The right to data portability applies only for the data provided by you and assumes that the data are processed on the basis of consent or for performance of a contract, and is executed using automated methods. The right to data portability in accordance with Article 20 of the GDPR does not affect the right to data erasure in accordance with Article 17 of the GDPR. The data are transmitted only if the rights and freedoms of other persons can not be compromised through the data transmission.
6. Right to Object (Article 21 of the GDPR)
In the case of processing of personalized data in order to fulfill a task carried out in the public interest (Article 6[1e] of the GDPR) or for the purpose of pursuing legitimate interests (Article 6[1f] of the GDPR), you can object prospectively to the processing of personalized data pertaining to you at any time. In the case of an objection we have to refrain from any further processing of your data for the above mentioned reasons, unless
• there are compelling and legitimate reasons for processing which override your interests, rights and freedoms, or
• the processing is required for the assertion, exercise or defense of legal claims.
• You can object prospectively to the use of your data for the purpose of direct advertising at any time; this is also true for any profiling associated with the direct advertising. In the case of an objection we have to refrain from any further processing of your data for the purpose of direct advertising.
7. Legal Protections / Right to Petition a Supervisory Authority
In the case of complaints you can address the responsible supervisory authority of the EU or the member states at any time. The supervisory authority named in (II) is responsible for our company.
Legal Notice
Liability
The Association of Manufacturers of Terminal Equipment in Telecommunications continually checks and updates the information provided on these web pages. Despite our most diligent efforts it can occur that data presented here have changed in the meantime. Therefore the VTKE cannot guarantee that the information made available here is accurate, complete or up to date. No liability is assumed for damages that arise directly or indirectly from the use of these web pages, unless they are attributable to intent or gross negligence, or if liability is stipulated by compulsory statutory regulations.
Copyrights
Texts, images, graphics, sounds, animations or videos, and their arrangement on these web pages, are subject to worldwide copyright laws and other protective legislation. Unauthorized use, reproduction or transmission of individual contents or complete pages can be prosecuted by under both civil and criminal law. The Association of Manufacturers of Terminal Equipment in Telecommunications emphasizes that some of the images included on these web pages are copyrighted by third parties. All addresses on the VTKE’s web pages are published for the exclusive purpose of providing information. No commercial use by third parties is permitted.
External Links
According to general law, as the content provider for its own contents, the Association of Manufacturers of Terminal Equipment in Telecommunications is responsible for the contents provided for use. These own contents are to be distinguished from the links to contents made available by other providers. The link is a way for the VTKE to make third-party content available for use. The VTKE is responsible for these contents only if the VTKE has positive knowledge of them (i.e. and of any unlawful or criminal content) and if it is technically possible and reasonable to expect the VTKE to prevent their use.
The links, however, always constitute “living” (dynamic) references. The VTKE checked the foreign content the first time it was linked, in order to clear the company of any possible civil or criminal liability. However, according to the law the VTKE is not obligated to constantly check the contents to which it provides links on its web pages for changes that could provide a new basis for liability. If the VTKE discovers, or is informed by others, that a concrete web page to which the VTKE has provided a link entails civil or criminal liability, then it will remove the link, insofar as it is technically possible and reasonable for the VTKE to do so.
The VTKE reserves the right at any time to change the information provided, in part or in full, or to add to it or remove it.