Our data controller (hereinafter referred to as the “Controller”) within the meaning of Article 4(7) of the GDPR is:
scalean.de, a part of NVCE GmbH
Große Brunnenstraße 34
22763 Hamburg, Germany
Managing Director: Mr. Arvid John
Commercial register number: HRB 124547
Registry court: Hamburg
Email address: firstname.lastname@example.org
Data Protection Officer
Mr. Arvid John
Große Brunnenstraße 34
22763 Hamburg, Germany
Types of data, purposes of processing, and categories of data subjects
Below, we will inform you about the types, scope, and purpose of the collection, processing, and use of personal data.
- Types of data we process
Usage data (access times, visited websites, etc.), inventory data (name, address, etc.), contact details (phone number, email, fax, etc.).
- Purposes of processing according to Article 13(1)(c) of the GDPR
Optimizing the website technically and economically, enabling easy access to the website, optimizing and statistically evaluating our services, improving user experience, designing the website user-friendly, preventing spam and abuse, processing contact inquiries, ensuring uninterrupted and secure operation of our website.
- Categories of data subjects according to Article 13(1)(e) of the GDPR
Visitors/users of the website, interested parties. The data subjects will be collectively referred to as “Users.”
Legal basis for the processing of personal data
Below, we inform you about the legal basis for the processing of personal data:
- If we have obtained your consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
- If the processing is necessary for the performance of a contract or for pre-contractual measures upon your request, Article 6(1)(b) of the GDPR serves as the legal basis.
- If the processing is necessary for compliance with a legal obligation to which we are subject (e.g., statutory retention obligations), Article 6(1)(c) of the GDPR serves as the legal basis.
- If the processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
- If the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, and your interests or fundamental rights and freedoms do not override those interests, Article 6(1)(f) of the GDPR serves as the legal basis.
Disclosure of personal data to third parties and processors
We generally do not disclose data to third parties without your consent. If such disclosure does occur, it is based on the aforementioned legal bases, for example, when data is disclosed to online payment providers for contract fulfillment or due to a court order or legal obligation to disclose data for the purpose of law enforcement, danger prevention, or enforcement of intellectual property rights.
We also use processors (external service providers, such as web hosting providers for our websites and databases) to process your data. If data is disclosed to processors as part of an agreement for order processing, this is done in accordance with Article 28 of the GDPR. We carefully select processors, regularly control them, and have the right to issue instructions regarding the data. Moreover, processors must have implemented suitable technical and organizational measures and comply with the data protection regulations pursuant to the BDSG and GDPR.
Transfer of data to third countries
With the adoption of the European General Data Protection Regulation (GDPR), a uniform basis for data protection in Europe was created. Therefore, your data is primarily processed by companies for which the GDPR applies. If data is processed by services of third parties outside the European Union or the European Economic Area, they must fulfill the specific requirements of Articles 44 et seq. of the GDPR. This means that data processing is carried out based on special guarantees, such as an officially recognized determination of a data protection level corresponding to the EU or compliance with officially recognized specific contractual obligations, the so-called “standard contractual clauses.”
If, due to the invalidity of the so-called “Privacy Shields,” we obtain your explicit consent pursuant to Article 49(1)(a) of the GDPR for the transfer of data to the USA, we inform you about the risk of secret access by US authorities and the use of the data for monitoring purposes, possibly without legal recourse options for EU citizens.
Deletion of data and retention period
Existence of automated decision-making
We do not use automated decision-making or profiling.
Provision of our website and creation of log files
- If you only use our website for informational purposes (i.e., no registration or other transmission of information), we only collect the personal data that your browser transmits to our server. When you want to view our website, we collect the following data:
- IP address;
- Internet service provider of the user;
- Date and time of access;
- Browser type;
- Language and browser version;
- Content accessed;
- Time zone;
- Access status/HTTP status code;
- Data volume;
- Websites from which the request originates;
- Operating system.
- These data serve the purpose of delivering our website to you in a user-friendly, functional, and secure manner, including features and content, as well as optimizing and statistically evaluating it.
- The legal basis for this is our legitimate interest in data processing pursuant to Article 6(1)(f) of the GDPR, which is also reflected in the aforementioned purposes.
- For security reasons, we store this data in server log files for a period of 30 days. After this period, the data is automatically deleted, unless we need to retain it for evidentiary purposes in the event of attacks on the server infrastructure or other violations of the law.
The following types of cookies are distinguished:
- Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website to store certain functions of the website, such as logins, shopping carts, or user input regarding the language of the website.
- Session cookies: Session cookies are required to recognize multiple uses of an offering by the same user (e.g., when you log in to determine your login status). When you revisit our site, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and provide you with easier access to our site. When you close your browser or log out, the session cookies are deleted.
- Persistent cookies: These cookies are stored even after closing the browser. They are used for storing login information, measuring reach, and marketing purposes. They are automatically deleted after a predetermined period, which may vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
- Third-party cookies (especially from advertisers): According to your preferences, you can configure your browser settings to reject the acceptance of third-party cookies or all cookies. However, we would like to point out that you may not be able to use all the functions of this website to their full extent. For more information about these cookies, please refer to the respective privacy policies of the third-party providers.
- Data Categories: User data, cookies, user ID (including visited pages, device information, access times, and IP addresses).
- Purposes of Processing: The information obtained in this way is used to optimize our web offerings technically and economically and to provide you with easier and secure access to our website.
- Legal Bases: If we process your personal data using cookies based on your consent (“opt-in”), Art. 6(1)(a) GDPR is the legal basis. Otherwise, we have a legitimate interest in the effective functionality, improvement, and economic operation of the website, so in this case, the legal basis is Art. 6(1)(f) GDPR. The legal basis is also Art. 6(1)(b) GDPR if cookies are set to initiate a contract, e.g., when placing orders.
Cookie Consent Solutions
- Purposes of Data Processing: Compliance with legal obligations, consent management.
- Legal Basis: The legal basis for processing personal data is our legitimate interest in the purposes mentioned above, in accordance with Art. 6(1)(f) of the General Data Protection Regulation (GDPR), as well as the fulfillment of legal obligations under Art. 6(1)(c) of the GDPR.
- Storage Duration: Data is stored until you delete the Borlabs cookie in your browser yourself or the purpose for data storage no longer exists. The evidence of a previously given consent is kept for a period of three years. This storage is based on our accountability obligations under Art. 5(2) of the GDPR and the statutory limitation period.
- Data Transfer/Recipient Category: Data is not shared with Borlabs.
Use of Blog Functions/Comments:
- You can leave public comments on our blog, which contains posts related to topics on our website. You can use a pseudonym instead of your real name. Your comment will then be published under the pseudonym. Providing your email address is mandatory, while all other information is voluntary.
- When you submit a comment, we store your IP address, date, and time, which we delete after 30 days. This storage serves the legitimate interest of defending against claims from third parties in case of the publication of unlawful or false content by you. We store your email address for the purpose of contacting you in case third parties legally challenge your comments.
- Legal Basis: The legal basis for processing data is Art. 6(1)(b) and (f) of the GDPR.
- We do not review your comments before publication. In the event of complaints from third parties, we reserve the right to delete your comments. We do not disclose the data to third parties unless necessary to pursue our claims or there is a legal obligation (Art. 6(1)(c) of the GDPR).
- The data will be deleted as soon as it is no longer necessary for the purpose of collection or the performance of the contract because the contract has been terminated.
Contact via Contact Form / Email / Fax / Post
- When contacting us via contact form, fax, post, or email, your information will be processed for the purpose of handling the contact request.
- The legal basis for processing the data is your consent, if given (Art. 6(1)(a) of the GDPR). The legal basis for processing the data transmitted in the course of a contact request, email, letter, or fax is our legitimate interest in responding to user inquiries, preserving evidence for liability reasons, and, if necessary, fulfilling our legal obligations for business letters (Art. 6(1)(f) of the GDPR). If the contact aims to conclude a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR.
- We may store your information and contact request in our Customer Relationship Management (CRM) system or a comparable system.
- The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data provided via the contact form and those sent by email, this is the case when the respective conversation with you has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. We store inquiries from users who have an account or contract with us for a period of two years after the termination of the contract. In the case of legal archiving obligations, deletion takes place after the expiry of these obligations: end of commercial (6 years) and tax (10 years) retention periods. You have the option to withdraw your consent for the processing of personal data at any time in accordance with Art. 6(1)(a) of the GDPR. If you contact us by email, you can also object to the storage of your personal data at any time.
Contact via Telephone
- When contacting us by telephone, your telephone number will be processed for the purpose of handling the contact request and its processing. It will be temporarily stored in the RAM/cache of the telephone device/display. Storage is done for liability and security reasons, to provide evidence of the call, and for economic purposes to enable a callback. In the case of unauthorized marketing calls, we block the numbers.
- The legal basis for processing the telephone number is our legitimate interest (Art. 6(1)(f) of the GDPR). If the contact aims to conclude a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR.
- The device cache stores calls for 30 days and gradually overwrites or deletes old data. When disposing of the device, all data is deleted, and the memory may be destroyed if necessary. Blocked telephone numbers are checked annually for the need for blocking.
- You can prevent the display of your telephone number by calling with a suppressed number.
- We have integrated the website analytics tool “Google Analytics” (service provider: Google Ireland Limited, Registration No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
- Purpose of processing: The use of Google Analytics is for the purpose of analyzing, optimizing, and improving our website.
- Legal bases: If you have given your consent for the processing of your personal data using “Google Analytics” by the third-party provider (“opt-in”), then Art. 6(1)(a) of the GDPR is the legal basis. Furthermore, the legal basis for data processing lies in our legitimate interest (analysis, optimization, and improvement of our website) pursuant to Art. 6(1)(f) of the GDPR. For services provided in connection with a contract, tracking and analysis of user behavior are based on Art. 6(1)(b) of the GDPR to offer optimized services for the fulfillment of the contract purpose.
- Storage period: The data sent by us and linked to cookies, user IDs (e.g., User-ID), or advertising IDs are automatically deleted after months. Data that has reached its retention period is automatically deleted once a month.
- Data transfer/recipient category: Google, Ireland, and the USA. We have also entered into an agreement with Google for order processing pursuant to Art. 28 of the GDPR.
- Options for objection and removal (“opt-out”):
You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in a limitation of the functions we offer. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser plugin mentioned above, you can click [__insert here the Analytics Opt-Out link of your website] to prevent the collection of data by Google Analytics on this website in the future. By clicking on the link, an “opt-out” cookie is set, which prevents the collection of your data during future visits to this website. This cookie is valid only for our website and your current browser and will only last until you delete your cookies. In this case, you would have to set the cookie again. You can deactivate cross-device user analysis in your Google account under “My Data > Personal Data”.
- We have integrated the anti-spam function “reCAPTCHA” by “Google” (provider: Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
- Data category and description of data processing: Usage data (e.g., accessed web page, IP address). By using “reCAPTCHA” in our forms, we can determine whether the input was made by a machine (robot) or a human. When using the service, your IP address and, if necessary, other data required for this purpose may be transferred to Google servers in the United States.
- Purpose of processing: Prevention of spam and abuse, as well as our legitimate interest in optimizing our website.
- Legal basis: If you have given your consent (opt-in) for the processing of your personal data by means of “reCAPTCHA” from the third-party provider, the legal basis is Art. 6(1)(a) of the General Data Protection Regulation (GDPR). Furthermore, the legal basis is our legitimate interest in the data processing for the purposes stated above, pursuant to Art. 6(1)(f) of the GDPR.
- Data transfer/Recipient category: Third-party provider in the United States.
- Storage duration: Until the cookies are deleted by you as the user.
Presence on Social Media
- Data categories and description of data processing: Usage data, contact data, content data, master data. Furthermore, user data is typically processed within social networks for market research and advertising purposes. Based on user behavior and resulting interests, user profiles can be created. These user profiles can then be used, for example, to display advertisements within and outside the networks that are likely to correspond to the users’ interests. For these purposes, cookies are usually stored on users’ computers, in which their usage behavior and interests are stored. In addition, data can be stored in the user profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and logged in to them). For a detailed description of the respective processing methods and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks. We also want to point out that requests for information and the exercise of data subject rights are most effectively addressed to the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information. If you still need assistance, you can contact us.
- Purpose of processing: Communication with users connected and registered on social networks; information and advertising for our products, offers, and services; external presentation and image maintenance; evaluation and analysis of users and content of our presence on social media.
- Legal basis: The legal basis for the processing of personal data is our legitimate interest as stated above, pursuant to Art. 6(1)(f) of the GDPR. If you have given us or the controller of the social network your consent to the processing of your personal data, the legal basis is Art. 6(1)(a) in conjunction with Art. 7 of the GDPR.
- Data transfer/Recipient category: Social network.
- The privacy policies, options for information, and options for objection (opt-out) of the respective networks/service providers can be found here:
Rights of the Data Subject
- Objection or Revocation of Data Processing
If the processing is based on your consent according to Art. 6(1)(a), Art. 7 of the General Data Protection Regulation (GDPR), you have the right to revoke your consent at any time. The lawfulness of the processing carried out based on your consent before its revocation shall remain unaffected. If we base the processing of your personal data on the balancing of interests according to Art. 6(1)(f) GDPR, you can object to the processing. This is the case when the processing is not necessary for the performance of a contract with you, as explained in detail in the following description of the functions. If you exercise your right to object, we request that you provide us with the reasons why we should not process your personal data as we have done. After reviewing your objection, we will either stop or adjust the data processing, or demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right to object free of charge. You can inform us about your objection to advertising using the following contact details:
Große Brunnenstraße 34
22763 Hamburg, Germany
Managing Director: Mr. Arvid John
Commercial Register No.: HRB 124547
Court of Registration: Hamburg
Email Address: email@example.com
- Right to Information
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to obtain information about your personal data stored by us, in accordance with Art. 15 GDPR. This includes information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged storage period, the origin of the data if it was not collected directly from you, and other relevant information.
- Right to Rectification
You have the right to request the correction of inaccurate personal data concerning you or the completion of incomplete personal data, in accordance with Art. 16 GDPR.
- Right to Erasure
You have the right to request the erasure of your personal data stored by us, in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights for further storage oppose this.
- Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data if one of the conditions set out in Art. 18(1)(a) to (d) GDPR is met:
- If you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
- If the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
- If the controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise, or defense of legal claims; or
- If you have objected to processing pursuant to Art. 21(1) GDPR, pending the verification whether the legitimate grounds of the controller override your grounds.
- Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transmission of those data to another controller, in accordance with Art. 20 GDPR.
- Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority in the member state of your habitual residence, place of work, or the place of the alleged infringement.
To protect all personal data transmitted to us and to ensure that the data protection regulations are complied with by us and our external service providers, we have implemented appropriate technical and organizational security measures. Among other things, all data transmitted between your browser and our server is encrypted via a secure SSL connection.
As of: June 16, 2023