We review this Privacy Statement regularly. Occasionally we may need to make changes or additions to this Statement that may affect how we handle your data. We will indicate on this page when the Privacy Statement has changed so please refer to this site for the latest version. This Privacy Statement was last reviewed and updated in May 2021.
Privacy policy
The protection of your personal information is a very serious issue for Plunet GmbH. We maintain the confidentiality of your personal data and handle the information in accordance with the statutory data protection requirements and this privacy policy. The use of our website generally does not require an input of personal data. Wherever personal data is collected on our pages (e.g. name, address or email address), the provision of such information is – wherever possible – voluntary. None of this information is disclosed to third parties without your explicit consent.
Plunet GmbH would like to remind you that any data transmission via the Internet (e.g. email communication) may be vulnerable to security gaps. Absolute protection against access by third parties is not possible.
Name and address of the controller
A controller as defined by the General Data Protection Regulation and other data protection laws and provisions concerning data protection valid in member states of the European Union is Plunet GmbH, represented by its managing director, Marktplatz 24, 97070 Würzburg, Germany, Phone +49 (0)931 321 12 20, Fax +49 (0)931 321 12 22, info@plunet.com.
Data protection officer
You can directly contact the data protection officer appointed by the operator via privacy@plunet.com.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States . Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
You can prevent cookies from being stored via the relevant setting in your browser software; however, we must point out that this setting may prevent you from utilizing the full scope of functionalities on this website. Furthermore, you can prevent the data created by the cookie based on your use of the website (incl. your IP address) from being collected by Google and such data from being processed by Google by downloading and installing the browser plugin that is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Data capture opt-out
You can prevent your data from being collected by Google Analytics by clicking the following link. An opt-out cookie will be stored, which will prevent your data from being collected on future visits to this website: Deactivating Google Analytics.
Further information about the handling of user information by Google Analytics can be found in Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en
Use of Personal Information
Plunet GmbH reserves the right to provide partners and other third parties with general customer information. These partners or third parties contractually bound to Plunet GmbH are permitted to only use the customer information provided for the execution and completion of transactions and functions required in connection with the customer order; this use applies mainly to webinars conducted by our partners. These transactions or functions must fully comply with the guidelines set out in this privacy policy.
In some cases, Plunet GmbH may utilize the personal information of users for the purpose of analyzing general usage patterns on its websites, for contacting the user to clarify ambiguous information, for the processing of customer support queries or for marketing purposes. Personal information in this context are name (company affiliation, if applicable), address, phone number and email address.
Links to websites of third-party providers
Plunet GmbH sites may provide links to third-party applications, products, services, or websites for your convenience and information. If you access those links, you will leave the Plunet site. Plunet GmbH does not control those third party sites or their privacy practices, which may differ from Plunet GmbH‘s practices. We do not endorse or make any representations about third-party sites. The personal data you choose to provide to or that is collected by these third parties is not covered by the Plunet GmbH Privacy Statement. We encourage you to review the privacy policy of any site you interact with before allowing the collection and use of your personal information.
We may also provide social media features that enable you to share information with your social networks and to interact with Plunet on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites.
SSL encryption
The Plunet GmbH homepage uses SSL encryption for security reasons and in order to safeguard the transmission of confidential information, e.g. the requests you send to us as the website operator. An encrypted connection is established when the address line in your browser switches from “http://” to “https://” and a lock icon is displayed in the address line. Data transmitted to us cannot be accessed by third parties when SSL encryption is activated.
Use of cookies
When you visit our Websites we may send a ‘cookie’ to your computer. Cookies are files that store information on your hard drive or browser. They enable our Websites to identify your computer, and recognise that you have visited before. Cookies themselves do not contain any personal information. However, we may link the information we store in cookies to any personally identifiable information you submit while on our site. This three types of cookies are used on this website:
- Session Cookies (Non-Persistent Cookies): Session Cookies are the cookies which exist only while the user is on a particular website. These cookies are deleted once the user exits the web page.
- Persistent Cookies: Persistent Cookies are the cookies which remain on your device for a longer period of time. They are used to recognize a return visitor as a unique user. If the visitor restricts persistent cookies, these cookies fail to gather any information about that visitor.
- Third-party provider cookies: Some cookies are placed on your device and used by third-party providers for analysis and advertising purposes. They are saved either permanently or temporarily, and are stored via various domain names. You can configure your browser to notify you whenever a cookie is placed on your computer and to only permit cookies to be stored on a case by case basis. You can also prevent cookies from being accepted for specific domains or in general, and automatically delete all cookies when you end a browser session. The functionality of this website may be limited when cookies are deactivated.
Routine deletion and blocking of personal data
The data subject’s personal data will be processed and stored by the controller only for the length of time required to fulfill the purpose of its storage or to the extent that this is required by EU directives and regulations or other statutory provisions applicable to the controller.
Personal data is routinely blocked or deleted according to statutory provisions as soon as the reason for storage of such information is no longer applicable or the retention period prescribed by EU directives and regulations or other applicable statutory provisions has expired.
Legal basis for processing
Article 6, paragraph 1, point a GDPR is the legal basis for processing operations at Plunet GmbH for which we request consent for specific purposes. Where the processing of personal data is necessary for the performance of a contract in which the data subject is a contractual party, e.g. for processing operations required for the delivery of goods or the provision of other services or return services, then the processing shall be based on Article 6, paragraph 1, point b GDPR. The same shall apply for processing operations necessary in order to take steps prior to entering into a contract, e.g. for requests regarding our products or services.
Where our company is subject to a legal obligation requiring the processing of personal data, e.g. the fulfillment of tax obligations, then such processing shall be based on Article 6, paragraph 1, point c GDPR. In rare instances, the processing of personal data may become necessary for the protection of vital interests of the data subject or of another natural person. In such cases, the processing would be based on Article 6, paragraph 1, point d GDPR. Finally, processing operations may also be based on Article 6, paragraph 1, point f GDPR. This legal basis provides for processing operations not covered by any of the above if processing is necessary for the purposes of the legitimate interests pursued by Plunet GmbH or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. These processing operations are permitted in particular because they are mentioned specifically by the EU legislator. In its opinion, a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47, sentence 2 GDPR).
Rights of the data subject
Right to confirmation
The European legislative and regulatory body grants each data subject the right to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed. Where a data subject wishes to execute this confirmation right, he or she can contact an employee of the controller at any time.
Right of access
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to request at any time information about and a copy of the scope of personal data stored about his or her person free of charge from the controller. The European legislative and regulatory body furthermore grants the data subject the right to request the following information:
- the purpose for processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as
- the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject shall have the right to be informed about whether personal data have been transferred to a third country or to an international organization. To the extent that this is the case, the data subject furthermore has the right to be informed of the appropriate safeguards relating to the transfer.
Where a data subject wishes to execute this right of access, he or she can contact our data protection officer or another employee of the controller at any time.
Right to rectification
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject furthermore has the right to have incomplete personal data completed, including by means of providing a supplementary statement. Where a data subject wishes to execute this right to rectification, he or she can contact an employee of the controller at any time.
Right to erasure (‘right to be forgotten’)
The European legislative and regulatory body grants any data subject affected by the processing of personal data to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and to the extent that processing is not necessary:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) GDPR, or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing.
- the data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR;
- the personal data have been unlawfully processed.
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
Where one of the reasons listed above is applicable and a data subject wishes to arrange a deletion of his or her personal data stored by Plunet GmbH, he or she can contact an employee of the controller at any time.
Where Plunet GmbH has made the personal data public and our company is obliged as a controller pursuant to Article 17 (1) GDPR to erase the personal data, Plunet GmbH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, provided their processing is not required.
Right to restriction of processing
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to request from the controller the restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
- the data subject has objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where one of the conditions listed above is applicable and a data subject wishes to demand a restriction of the use of his or her personal data stored by Plunet GmbH, he or she can contact an employee of the controller at any time.
Right to data portability
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. The individual furthermore has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1), and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and to the extent that this does not adversely affect the rights and freedoms of others.
The data subject can contact an employee of Plunet GmbH at any time in order to exercise the right to data portability.
Right to object
The European legislative and regulatory body grants any data subject affected by the processing of personal information the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions.
In case of an objection, Plunet GmbH shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where Plunet GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject submits his or her objection to Plunet GmbH regarding the processing for direct marketing purposes, Plunet GmbH shall no longer process these personal data for such purposes.
Where personal data are processed at Plunet GmbH for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, shall furthermore have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data subject can directly contact an employee of Plunet GmbH at any time in order to execute the right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may furthermore exercise his or her right to object by automated means using technical specifications.
Automated individual decision-making, including profiling
The European legislative and regulatory body grants every data subject affected by the processing of personal data the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her unless the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller; or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (3) is based on the data subject’s explicit consent.
Where the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) where the decision is based on the data subject’s explicit consent, Plunet GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Where a data subject wishes to execute his or her rights regarding automated decisions, he or she can contact our data protection officer or another employee of the controller at any time.
Right to withdraw a data protection consent
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to withdraw his or her consent to process personal data at any time. Where the data subject wishes to execute his or her right to withdraw this consent, he or she can contact our data protection officer or another employee of the controller at any time.