Privacy policy

We, VERSO GmbH

represented by the managing directors Florian Holl, Andreas Maslo, Alexander Penitsch and Nuvia Maslo
Agnes-Pockels-Bogen 1
80992 Munich

are the operator (hereinafter referred to as “we” or “operator”) of the website“www.verso.de”(hereinafter referred to as the “website”) and the webshop www.verso.de/shop (hereinafter referred to as the “webshop”), through which products (hereinafter also referred to as the “platform”) and services (hereinafter also referred to as “services”) are offered. We are therefore responsible for the collection, processing and use of personal data within the meaning of the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the EU General Data Protection Regulation (GDPR).

The principle of data minimization is of great importance to us even during data collection. In addition, we only collect and process personal data if you have given us your consent to do so or if the law expressly permits or requires us to do so. Below we explain what data we collect, how we use it and what rights you have with regard to the use of your data:

 

1. personal data

The term “personal data” is defined in the BDSG and GDPR. This is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This includes, for example, your real name, your address, your telephone number, your e-mail address or your date of birth. Company-related data can also contribute to the identification or identifiability of persons. To this extent, company-related data may also be covered by the scope of the GDPR.

 

2. collection of data when using our products, services and courses

Unless otherwise stated in the following paragraphs, no personal data is processed when using our products, services and courses, i.e. it is not automatically collected, recorded, stored or used in any other way.

We collect the following data:

a) When you visit our website

What personal data do we collect?

When you visit our website, our servers temporarily store every access in a log file. The following data is collected without any action on your part and stored by a data center commissioned by us on a server in a member state of the European Union until it is automatically deleted after 31 days at the latest:

  • the IP address assigned to your computer,
  • Online identifiers (e.g. session ID, device identifier),
  • the name and URL of the requested file,
  • Referrer URL (the previously visited page),
  • the operating system of your device,
  • Date and time of the request,
  • the browser version you are using.

Why do we collect this data?

This data is required to ensure a smooth connection to the website, for statistical purposes (in particular the anonymized recording of user numbers to ensure functionality) and for the purpose of being able to trace cases of abusive behavior. We also need this data to ensure platform access specifically adapted to your device and operating system.

What is the legal basis for processing this data?

According to Article 6(1)(b) of the GDPR, the collection of personal data necessary for the performance (or facilitation) of a contract is permitted. We need this data to prepare the conclusion of the contract with you and to offer you solutions that are tailored to your individual requirements and general conditions.

 

b) When ordering our trial version

We offer you the opportunity to test our product free of charge for 14 days. To do this, you must register using a form provided on our website (“VERSO 14-day trial”). It is necessary to provide your name and a valid e-mail address so that we know who sent the request and can process it.

Why do we collect this data?

Your data is collected solely for the purpose of providing you with the trial version free of charge and to contact you again after the trial period has expired in order to obtain feedback on our product.

What is the legal basis for processing this data?

Data processing for the purpose of ordering our trial version is also carried out on the basis of Article 6 (1) GDPR. Letter b) GDPR. The test phase precedes the possible conclusion of a contract with you.

The personal data collected by us for the use of the registration form will be automatically deleted after completion of your order, unless they are still required for the exercise of legal or (pre-)contractual rights and obligations.

 

c) When ordering a newsletter

What personal data do we collect?

You have the option of subscribing to our newsletter. This contains information on the topic of CSR, CSR best practices, news about VERSO GmbH and CSR-relevant events. For this we need a valid e-mail address from you. We also store your IP address and the date of registration. This also applies if you download a “curriculum” (description of all the content of our CSR course and the timetable) as a PDF at https://verso.de/csr-kurs/. In this case, you also provide a valid e-mail address and declare that you wish to receive our newsletter (for further information on orders in our webshop, see section 2. d) of this privacy policy).

Why do we collect this data?

Your e-mail address is only required for sending the newsletter and will only be used for this purpose. The sole purpose of storing your IP address and the date of your registration is to provide evidence of possible misuse of your e-mail address to register for our newsletter.

With whom do we share this data?

To send our newsletter, we work with HubSpot, a service provided by HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (HubSpot). We have concluded an order processing contract with HubSpot and fully implement the strict requirements of the German and European data protection authorities when using HubSpot (see https://legal.hubspot.com/de/dpa).

The data stored during registration is transmitted to HubSpot and stored by HubSpot. The order processing contract with HubSpot results in the transfer of data to a so-called third country (USA), i.e. a country outside the European Union. We have explained the data protection aspects of the transfer of data to third countries for you in a separate section at the end of this privacy policy (see section 9 “Data transfer to third countries”)

After registration, HubSpot will send you an e-mail to confirm your registration. This is the double opt-in procedure. The newsletter will therefore only be sent to you once you have registered for it (step 1) and clicked on the confirmation link sent to you by HubSpot (step 2). Furthermore, HubSpot offers various analysis options on how the sent newsletters are opened and used, e.g. to how many users an email was sent, whether emails were rejected and whether users unsubscribed from the list after receiving an email. For more information on how HubSpot works, please refer to section 5. b) Web analytics services of this privacy policy.

Further information on HubSpot’s data protection and processors can be found at: https://legal.hubspot.com/de/privacy-policy.

We will only use the personal data collected from you as part of the e-mail newsletter for the purposes stated above. Your personal data will not be sold or passed on to third parties for the purposes of advertising, market research or opinion polling in a manner not mentioned above or not explained under point 5 b) of this data protection declaration.

How can I unsubscribe from the newsletter?

If you no longer wish to receive newsletters from us, you can object at any time and unsubscribe from the newsletter. A message in text form to our contact details at the end of this privacy policy (e.g. e-mail, fax, letter) is sufficient. Of course, you will also find a link to unsubscribe in every newsletter. When you unsubscribe from the newsletter, we also delete the personal data collected from you for sending the newsletter.

What is the legal basis for processing this data?

In accordance with Article 6(1)(a) GDPR, your data is processed on the basis of your consent. You can revoke this consent at any time and unsubscribe from the newsletter as described above.

 

d) When ordering in our web stores

(1) Ordering products and services via “www.verso.de/shop”

You can order the product and/or services via our webshop“www.verso.de/shop”. To do this, you must register as a customer for future orders. As part of the ordering process, we ask for your consent to data processing in accordance with Article 6(1)(a) GDPR.

Your personal data will be entered into an input mask and transmitted to us and stored. When you place an order via our website, we collect the following data:

  • First name
  • Surname,
  • E-mail address,
  • Address,
  • Telephone number (landline and/or mobile)
  • Payment data

Why do we collect this data?

This data is collected,

  • to be able to identify you as our customer;
  • in order to process, fulfill and process your order;
  • for correspondence with you regarding your order;
  • for direct advertising for own similar goods or services;
  • for invoicing;
  • for the processing of any warranty claims and the assertion of legal claims;
  • to ensure the technical administration of our website;
  • to manage our customer data.

With whom do we share this data?

If you choose to pay by “credit card”, payment will be processed by the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).

The data stored during the order process (name, address, credit card number, invoice amount, currency and transaction number) are transmitted to Stripe and stored by Stripe. The data entered during the ordering process will not be transmitted to other third parties. Your data will only be passed on for the purpose of payment processing with Stripe and only to the extent that it is necessary for this purpose. Your personal data will not be sold or passed on to third parties for the purposes of advertising, market or opinion research.

You can find more information about Stripe’s data protection at https://stripe.com/de/privacy#translation.

We work with “Intercom” (Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111 USA and 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2, hereinafter “Intercom”) for the purpose of managing customer data. Insofar as data is transferred to a third country (in particular the USA), we refer to section 9 of this privacy policy (data transfer to third countries).

If you have ordered one of our products and thus have access to the VERSO platform, your e-mail address and your name will be transmitted to Intercom and stored by Intercom. The aforementioned data provided by you when ordering will not be transmitted to other third parties.

You can find detailed information on data protection at “Intercom” at https://www.intercom.com/de/terms-and-policies.

In addition, Intercom uses the following sub-processors to manage customer data:

Amazon Web Services, Inc. Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States for hosting and storage purposes

Message Systems, Inc. (dba SparkPost), 9160 Guilford Rd, Columbia, MD 21046, for the purpose of deliverability of messages.

If data is transferred to third countries, please refer to section 9 of this privacy policy (Data transfer to third countries).

What is the legal basis for processing this data?

The data processing takes place in response to your order and/or registration and is required in accordance with Art. 6 (1) (1) (b) GDPR for the appropriate processing of your order and for the mutual fulfillment of obligations arising from the purchase contract.

(2) Booking online courses via“www.elopage.com/s/verso”

We also offer the booking of online courses via our website as part of the VERSO Academy. We use the namotto service for this.

As soon as you click on the “Register now” or “Register now for only X €” button in the “Academy” section of our website (“https://verso.de/csr-kurs/”) for one of the courses described there, you will leave our website and be redirected to a web store that is hosted externally for us by the elopage platform (www.elopage.com/s/verso). If you book an online course via this webshop, our partner or reseller namotto Universal Brands GmbH & Co KG (“namotto”) will be your contractual partner (please click here for the link to the namotto process).

Namotto is a service of the

namotto academies and friends GmbH & Co KG
Inh. Tolga Oenal
Uhlandstrasse 154
10719 Berlin
info@namottoandfriends.com

All functions on the sales side as well as the entire downstream sales and payment processing are carried out via namotto. You can find namotto’s privacy policy here.

If you place an order via our individual namotto sales page, the following of your data will be processed:

  • Personal master data (surname, first name, address)
  • Communication data (e-mail address, telephone number)
  • Contract master data (contractual relationship, product or contractual interest)
  • Customer history (e.g. login, product usage, products purchased)
  • Contract billing and payment data (e.g. payment method, payment status, invoices)
  • Planning and control data (e.g. visitor sources, number of views, pages visited, clicks)
  • Technical data (e.g. IP address, device, browser, location, Mac address)
  • Content data (e.g. videos, images, texts, audios, files)

Why do we collect this data?

Namotto processes the aforementioned data for us. The processing of this data is necessary for the provision of our CSR online courses by namotto and for the performance of the contract you have concluded with us.

With whom do we share this data?

We share the aforementioned data with namotto and namotto’s processors. For this purpose, we have concluded a corresponding data processing agreement with namotto academies and friends GmbH & Co KG as our data processor in accordance with Section 28 GDPR. For more information on namotto’s processors, see https://namottoandfriends.com/wp-content/uploads/2020/03/Datenschutz-namotto-academies-and-friends-GmbHCoKG.pdf

What is the legal basis for processing this data?

The legal basis for the processing of this data is our legitimate interest (Article 6(1)(f) GDPR) in the optimized performance of the contract by namotto and the necessity of this data for the performance of the contract (Article 6(1)(f) GDPR). letter b) GDPR).

 

3. storage of your data

We store and process your personal data on rented servers in a member state of the European Union. Both we and the data centers commissioned by us protect your data using technical and organizational security measures to minimize risks in connection with loss, misuse, unauthorized access and unauthorized disclosure and modification of this data. Firewalls and data encryption are used for this purpose, for example, as well as physical access restrictions and authorization controls for data access.

We store your personal data collected during a visit to our website (see section 2.a above) or entered by you when filling out the contact form (see section 2.b above) for a maximum of 31 days. We will store the data required to receive the newsletter until you have unsubscribed from the newsletter. The personal data collected by us for the processing of your order will be stored until the expiry of the statutory retention period. Contractual claims generally expire after 2-3 years, during which time data is usually required to check and implement claims in connection with the purchase. In addition, other laws (e.g. the German Commercial Code) may result in retention obligations of up to 10 years.

 

4. disclosure of data

Apart from the other cases mentioned in this data protection declaration, your personal data will only be passed on or otherwise transmitted to third parties if this is necessary for the purpose of processing the contract or if you have given your prior consent. Anything else only applies if there is a legal obligation to do so (e.g. information to certain authorities as part of their statutory duties) or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship with you.

 

5. cookies and web analysis services

a) Cookies

Interactions with our website are tracked using cookies and the following technologies in order to customize our website for you. Cookies are small files that are stored on your hard disk or end device. When you visit our website again from the same device, the information stored in the cookies is sent back to our website. Because these are cookies that we set ourselves, they are referred to as “first party cookies”. If the cookie was set by another website, it is referred to as a “third party cookie”. In this case, the cookie information is sent back to this website.

We use the information stored and returned on the cookie to ensure easier navigation and a high degree of user-friendliness of our website.

We use different types of cookies, which are divided as follows and are each subject to different legal bases when used. We explain these legal bases and the functions of the respective cookies in the presentation of the respective tools in which they are specifically used.

  • Technically necessary cookies
  • Functional and performance cookies
  • Technically not necessary cookies

You can deactivate the use of cookies individually in your browser. Of course, you will still be able to visit our website, but you cannot rule out a restriction of functionality.

Technically necessary cookies

Technically necessary cookies enable the use of our website; they are essential for login or shopping cart functions, for example. They are used by us as first party cookies so that the stored information is sent back to our website. Due to their importance for the functionality of our website, technically necessary cookies can be used without your consent. Furthermore, these cookies cannot be deactivated individually (however, it is possible to deactivate all cookies via your browser; for technical details, see below).

The legal basis for the use of technically necessary cookies is Article 6 para. 1 letter b) DSVO, since the visit to our website serves to initiate a contract and, in addition, Article 6 para. 1 (f) GDPR, as we have an overriding legitimate interest in the functionality of our website.

Functional and performance cookies

Functional cookies enable our website to save your details and preferences (e.g. user name, language setting) to make it easier for you to use our website. The functional cookies we use do not affect your browsing history or your activity on other websites. In addition, the functional cookies we use are first-party cookies.

Performance cookies collect information about the use of our website. This information is used to improve functionality and user-friendliness. For example, these cookies collect information about the frequency with which content is clicked on or about scrolling behavior from our website. We also record the duration of the website visit, the areas and subpages accessed, the user’s location and the proportion of mobile devices used. Your IP address is transmitted to us for technical reasons, but is anonymized and therefore does not enable identification. The performance cookies we use are first-party cookies.

The legal basis for the use of functional and performance cookies is our legitimate interest in optimizing our website in accordance with Article 6 para. 1 letter f) GDPR.

Technically unnecessary cookies

Technically unnecessary cookies are all cookies that are neither technically necessary cookies nor functional or performance cookies. We use technically unnecessary cookies to evaluate your browsing behavior and display personalized advertising on and outside our website. We want to do justice to your interests. Insofar as we also evaluate your user behavior on other websites and show you personalized advertising there, we use marketing cookies with remarketing function as so-called third-party cookies, which not only enable advertising on other websites, but also the analysis of your entire usage behavior. Google Analytics and Google Ads are examples of the use of such tools (see below for details).

The legal basis for the use of technically unnecessary cookies is your consent in accordance with Article 6 para. 1 letter a) GDPR. You can revoke this consent at any time.

When you use our website or our web stores for the first time, we will immediately inform you of all cookies used by us and their purpose. Only if you agree to the use of technically unnecessary cookies will these cookies be stored on your hard disk.

We use the WordPress plugin “Borlabs Cookie” to collect, manage and store your consent. The Borlabs cookie stores your consent. It is technically necessary and is therefore processed by us due to our overriding interest in documenting consents and revocations in accordance with Article 6 (1) GDPR. letter f) GDPR is set. If you delete your cookies, we will ask you for your consent again the next time you visit our website.

b) Web analysis services

HubSpot

We use the web analysis service HubSpot, a service provided by HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (HubSpot). We use HubSpot both to check and evaluate the success of our advertising campaigns (so-called conversion tracking) and for the purpose of being able to show you targeted advertising on other websites that matches your interests as a result of analyzing your browsing history (so-called retargeting function). The information generated by the cookie about your use of our website may be transferred to a HubSpot server in the USA and stored there (for data transfer to third countries, see section 9 “Data transfer to third countries” in this privacy policy). HubSpot acts as our processor within the meaning of Article 28 GDPR (for the processor agreement that we have concluded with HubSpot, see section 2. c) of this privacy policy)

For this purpose, HubSpot uses technically unnecessary cookies (marketing cookies) and so-called “web beacons”. These are stored on your device and enable us to analyze your visit to our website. For example, HubSpot collects your location, the type of browser used, the duration of the visit, the subpages accessed, your IP address and other data) and analyzes your web activity on this basis.

As part of conversion tracking, HubSpot creates and transmits reports on the respective user behavior and thus enables us to evaluate the success of our online advertising and to present you with targeted advertising on our website.

As part of the retargeting function, the analysis of your browsing behavior, which HubSpot carries out on our behalf, enables us to show you interest-based advertising on other websites. For this purpose, we can also use the technically unnecessary cookies (marketing cookies) set by HubSpot to merge the personal data stored when ordering the newsletter (see section 2.c)) with the other data collected by HubSpot in order to be able to present you with advertising offers that are of interest to you.

You can prevent the storage of cookies by setting your browser software accordingly or delete cookies to whose use you have consented. HubSpot also provides detailed information on how to manage the use of cookies, see https://legal.hubspot.com/de/cookie-policy. However, we would like to point out that if you prevent or delete cookies, you may not be able to use all the functions of our website to their full extent. You can also prevent HubSpot from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by HubSpot by revoking your consent.

The legal basis for the use of HubSpot is your consent in accordance with Article 6 para. 1 letter a) GDPR. You can revoke this consent at any time.

You can find more information on the function and data protection by HubSpot under the following link: https://legal.hubspot.com/de/privacy-policy.

Google

For the purposes of statistical analysis, we use Google Analytics on our website, a web analysis service provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses its own cookies. These store text files on your computer that enable your use of the website to be analyzed. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there (for data transfer to non-secure third countries, see section 9 “Data transfer to third countries” in this privacy policy). To prevent the personalization of this data, your IP address is anonymized by shortening it. We are therefore unable to determine to which user an IP address can be assigned. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and only anonymized there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

Google is obliged not to merge the IP address transmitted by your browser as part of Google Analytics with other data. You can also prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by revoking your consent and generally by clicking on the following link. An opt-out cookie is set to prevent the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=de.

Insofar as data processing by Google Analytics involves the transfer of data to third countries and these have not previously been anonymized, please refer to section 9 of this privacy policy (data transfer to third countries).

You can find more information about Google Analytics at

http://www.google.com/analytics/terms/de.html or at

http://www.google.com/intl/de/analytics/privacyoverview.html and

https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=2790009.

The legal basis for data processing by Google Analytics is your consent in accordance with Article 6 (1) GDPR. Letter a) GDPR. You can revoke this consent at any time.

Google Ads

Google Ads Conversion

Google Ads Conversion is also used to display personalized advertising. With the help of Google Ads, we can present our products on other websites. We can deduce the success of our advertising campaigns from the user behavior on our website, e.g. by evaluating the number of clicks and frequency of use or by determining whether you have reached our website via a Google ad. For this purpose, Google sets cookies on your end device, which are not technically necessary. Google can use the ads to recognize your browser and your browsing history. We do not process any personal data through these advertising measures; it is not possible for us to identify website visitors. We determine the success of our advertising campaigns on the basis of statistical evaluations that Google transmits to us in pseudonymized form.

Google Ads establishes an automatic connection between your browser and Google’s servers in the USA (for data transfer to third countries, see section 9 “Data transfer to third countries” in this privacy policy). Since we have no influence on further data processing by Google, we are only informing you on the basis of our current knowledge: Ads cookies inform Google that you have accessed our website and in which area and, if applicable, which of our ads you have clicked on. If you have a Google account, Google can assign this information to your account. If you are not registered with Google or are not logged into your customer account, your IP address may be assigned to you and collected and stored by Google.

The legal basis for the use of Google Ads is your consent in accordance with Article 6 (1) GDPR. Letter a) GDPR. You can revoke this consent at any time.

Google Ads Remarketing

Within our integration of Google Ads, we also use the remarketing function of this service. This enables us to show visitors to our website personalized advertising on other websites in the Google network (e.g. as part of the Google search function or on YouTube) or on other websites. For this purpose, Google analyzes which offers on our website a visitor is particularly interested in and thus enables the placement of targeted advertising on other websites. For this purpose, Google places marketing cookies (technically unnecessary cookies) on users’ end devices. Cookies are used to identify the browser, but not the user’s person.

Information on the processing of personal data by Google can be found under the following links:

http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Prevention of the setting of cookies:

You can prevent participation in this tracking process in various ways:

  1. Deactivation of all cookies in your browser or by
  2. Installation of the corresponding Google plug-in: https://www.google.com/settings/ads/plugin;

In this case, the usability of our website may be restricted.

The legal basis for the use of Google Ads Remarketing is your consent in accordance with Article 6 (1) GDPR. Letter a) GDPR. You can revoke your consent at any time.

LinkedIn Insight Tag

We use the conversion tracking technology and the retargeting function of the LinkedIn Corporation on our website. The legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR (consent).
The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
With the help of this technology, visitors to this website can be shown personalized advertisements on LinkedIn. It is also possible to create anonymous reports on the performance of advertisements and information on website interaction. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.
In LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy you will find further information on data collection and data use as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time by clicking on the following link: https://www.linkedin.com/psettings/enhanced-advertising.
Please note that in accordance with the LinkedIn privacy policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

 

6. our Facebook fan page

You can also contact us via our fan page at Facebook Ireleand Ltd, 4 Grand Canal Swuare, Dublin 2, Ireland, within their social network Facebook. There we also present news about our products and provide you with further product-related information. This may result in Facebook collecting statistical data for us, for example by transmitting statistical data on likes, comments, etc. to us. At the same time, Facebook may also collect your personal data on its own responsibility and for its own purposes. If Facebook collects data on our behalf, the principles set out in this privacy policy apply, in particular your rights set out in this policy. The legal basis for the processing of your personal data by us is Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. According to Article 6(1)(f) GDPR, we may process personal data if this is in our legitimate interest and does not result in undue disadvantages for you. Our interest in presenting our product range and communicating with you is to be classified as a legitimate, overriding interest.

Facebook collects data for its own purposes in accordance with the principles established by Facebook. However, if you wish to contact Facebook in this regard, you can also contact us and we will forward your request to Facebook.

 

7. rights of data subjects

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
  • pursuant to Art. 7 para. 3 GDPR to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future and
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 letter f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

In one of the cases mentioned above and for further questions about the use of your personal data, please contact us:

Florian Holl
VERSO GmbH
Agnes-Pockels-Bogen 1
80992 Munich
kontakt@verso.de

You also have the right to lodge a complaint with the competent data protection authority at any time.

 

8 Mobile devices

The provisions of this privacy policy also apply to mobile access and the use of mobile devices.

 

9. data transfer to third countries

If the data processing described in this privacy policy involves the transfer of data to third countries outside the European Union, your data will only be transferred if there is a so-called adequacy decision by the European Commission (Article 46 GDPR). In this case, the EU Commission confirms that the level of data protection in the third country is comparable to that in the EU. We also use so-called standard contractual clauses of the EU Commission and internal data protection agreements to protect your data when it is transferred to third countries.

If these options are not sufficient to protect your data when it is transferred to a third country, we will only transfer your data to a third country if you have consented to this in accordance with Article 49 GDPR after being informed of the associated risks. In the case of data transfers to the USA, we therefore draw your attention in particular to the existing risk that a level of data protection comparable to that in the EU may be more difficult, especially because authorities in the USA (especially intelligence services and security authorities) may have access to your data. You may not be able to assert your data subject rights with the same efficiency as within the EU.

Article 49 GDPR also allows data to be transferred to a third country if this transfer is necessary for the performance of a contract. If, for this reason, we resort to a transfer to a third country, we would like to point out that the above-mentioned risks (e.g. in the USA) also exist in this case.