Privacy policy

I. Name and address of data controller

The data controller, within the meaning of the EU GDPR and other national data protection laws of the member states as well as other data protection regulations, is:

PolyCrypt GmbH
Hochschulstr. 1
64289 Darmstadt
Germany

info (at) policy.pt

II. General information on data processing

1. Scope of processing of the personal data
In principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website and of our content and services. The processing of our users’ personal data regularly occurs only with the consent of the user. An exception is made in cases where it is not possible to obtain consent in advance for factual reasons and where the processing of the data is permitted by statutory regulations.

2. Legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for processing operations of personal data, Art. 6 (1) (a) of the EU’s General Data Protection Regulation (GDPR) shall serve as the legal basis.

In the processing of personal data required for the fulfilment of a contract to which the data subject is a party, Art. 6 (1) (b) of the GDPR shall serve as the legal basis. This shall also apply to all processing operations required for the performance of pre-contractual measures.

Insofar as the processing of personal data is required for the fulfilment of a legal obligation (statutory conditions) to which our company is bound, Art. 6 (1) (c) of the GDPR shall serve as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) of the GDPR shall serve as the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) f of the GDPR shall serve as the legal basis for processing.

3.Deletion of data and storage duration
The personal data of the data subject are deleted or blocked as soon as the purpose for their storage lapse. Storage beyond this point may take place if this is provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Data will also be blocked or deleted once the storage period prescribed by the aforementioned standards expires, unless unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing
Each time this website is accessed, our system records data and information from the computer system of the calling computer.

The following data are collected as part of this process:

Information about the browser type and version used
The user’s operating system
The user’ Internet service provider
The user’ IP address
Date and time of access
Websites from which the user’s system has come to our website
Websites accessed by the user’s system via our website
These data are also stored in our system’s log files. These data are not stored together with other
personal data of the user.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) of the GDPR.

3.Analytics Services

For analytics purposes, PolyCrypt GmbH uses Matomo (formerly Piwik), an open-source statistical software. How you use this website is only analysed in an anonymised form to compile reports regarding website activities for the website owner and to offer and render additional services connected to using the website and the Internet as well as to improve the web content.

The data collected by Piwik/Matomo is saved on servers of PolyCrypt GmbH and will not be passed on to third parties under any circumstances. The IP address is being anonymised immediately after processing and prior to saving it with the last two tuples of the IP address not being saved at all. Piwik/Matomo uses so-called “cookies” to track your consent, i.e. text files that are saved on your computer for analysing how you use the websites.

You can prevent the saving of these cookies by modifying the respective settings in your browser software. If your browser supports do-not-track technology and you activated it, your visit will be automatically ignored

4. Purpose of data processing
The system temporarily stores the user’s IP address in order to make the website available on the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

The storage in log files is carried out to ensure the functional capability of the website. The data also help us to optimise the website and ensure the security of our IT systems. No data are evaluated for marketing purposes in this context.
This is also the reasoning behind our legitimate interest in data processing under Art. 6 (1) (f) of the GDPR.

5. Storage duration
The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. When data are collected in order to make the website available, this is the case when the respective session ends.

When data are stored in log files, this is the case after 7 days at the latest. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

6. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files is necessary for operating the website. Therefore, there is no possibility for the user to object.

IV. E-mail contact

1. Description and scope of data processing
On our website it is possible to contact us using the e-mail address provided. In this case, personal data of the user which is transmitted along with the e-mail will be stored.

No data will be disclosed to third parties in this context. Data will be used exclusively for the purposes of correspondence.

2. Legal basis for data processing
The legal basis for the processing of data with the user’s consent is Art. 6 (1) (a) of the GDPR.

The legal basis for the processing of data that are transmitted by e-mail is Art. 6 (1) (f) of the GDPR. If the purpose of making e-mail contact is to conclude a contract, then an additional legal basis for the processing of the data is Art. 6 (1) (b) of the GDPR.

3. Purpose of data processing
The processing of the personal data from the input template serves us only to process the contact. If we are contacted by e-mail, we also have a necessary legitimate interest to process data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage duration
The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data taken from the input template of the contact form and sent by e- mail, data are deleted when the respective correspondence with the user has ended. Correspondence concludes when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The additional personal data that are collected during the sending process are deleted after a period of seven days at the latest.

5. Possibility of objection and elimination
The user can withdraw his consent for the processing of personal data at any time. Users can contact us by e-mail to withdraw their consent for storing the personal data at any time. In this case, correspondence cannot be continued.

An informal notification by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation. In this case, all personal data stored at the time of making contact will be deleted.

V. Rights of the data subject

When your personal data is processed, you become the data subject within the meaning of the GDPR and you shall have the following rights in relation to the data controller:

1. Right of access
You can require a confirmation from the controller if personal data concerning you is processed by us.

If such processing exists, you can request information from the controller about the following information:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information on the source of the data if the personal data are not collected from the data subject;
the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request to be informed about the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transmission.

2. Right to rectification
You have a right to rectification and / or completion to the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction immediately.

3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:

if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or if you objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller prevail over your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used – except for their storage – with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

If the limitation of the processing after the abovementioned conditions is restricted, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Deletion obligation

You have the right to obtain from the controller the erasure of personal data concerning you without delay and the controller shall have the obligation to erase personal data without delay where one of the following grounds applies:

the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
you withdraw consent on which the processing is based according to point (a) of Art. 6 (1), or point (a) of Art. 9 (2) GDPR, and where there is no other legal ground for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you have been unlawfully processed.
The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (a) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as affected person have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The Right to erasure shall not apply to the extent that processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Art. 9 (2) points (h) and (i) as well as Art. 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims.

5. Right to be informed
If you have asserted the right of rectification, erasure or restriction of processing to the controller, he/ she is obliged to notify all recipients to whom your personal data have been disclosed this correction or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right towards the controller to be informed about these recipients.

6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format- Furthermore you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1); and the processing is carried out by automated means.
In exercising of this right you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others shall not adversely affected.
The right to data portability shall not apply to processing of personal data, which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) point (e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility to exercise your right to object by automated means using technical specifications.

8. Right to withdraw declaration of consent
You have the right to withdraw your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This shall not apply if the decision:

is necessary for entering into, or performance of, a contract between you and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or is based on your explicit consent.
This decisions shall not be based on special categories of personal data referred to in Art.9 (1) GDPR, unless point (a) or (g) of Art.9 (2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art.78 GDPR.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.