Privacy Policy

We are pleased about your visit on our website. Privacy is very important to us and we want you to feel secure while visiting our website.

You can therefore visit our website without disclosing your personal data. However, as soon as you make use of individual functions, services or offers on our website, personal data may be processed. We only collect, process and use personal data if you have consented to the collection, processing and use or a corresponding legal basis exists.
We reserve the right to change the privacy policy at any time with effect for the future. The current version of the privacy policy can be called up, saved and printed out at any time on our website.

Below we inform you in detail about the type, scope and purpose of the personal data collected, used and processed by us and inform you about the rights you are entitled to as the person concerned.

1. Name and address of the responsible party
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

envelio GmbH
Eupener Str. 165
50933 Köln
CEO: Dr. Simon Koopmann, Dr. Fabian Potratz
Telephone: +49 221 42310 – 160
E-mail: info@envelio.de

2. Name and address of the data security officer
The data security officer of the responsible party is:
Philipp Erlinghagen
Eupener Str. 165
50933 Köln
E-mail: philipp.erlinghagen@envelio.de

3. Access data in server log files
Every time you visit our website, we automatically store access data in so-called server log files.

This includes date and time of retrieval, transferred data volume and, if applicable, name of the requested file, browser used and its version, operating system used, requested URL including subpages and referrer URL (URL that you visited immediately before).

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your terminal. To do this, your IP address must remain stored for the duration of the session.

The legal basis for the temporary storage of your data and log files is Art. 6 para. 1 lit. f GDPR.

This data is evaluated exclusively to ensure the permanent and trouble-free operation of the website and to improve the content of our website as well as for transmission to law enforcement authorities in the event of a cyber-attack and to ensure the security of our information technology systems. Your data will not be evaluated for marketing purposes in this context.

Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

The data of the server log files are stored separately from all other personal data provided by you.

The collection of the data for the provision of the website and the storage of the data in log files is necessary for the operation of our website. Consequently, there is no possibility of objection.

4. Usage of cookies
To make visiting our website attractive and to enable the use of certain functions, we use so-called “cookies” on our website. These are small text files that are stored on your device via a browser.

Many cookies contain a so-called cookie ID. It consists of a string of characters through which websites and servers can be assigned to a specific browser in which the respective cookie was stored. After the end of the browser session, most of the cookies we use are deleted (“session cookies”). The permanent cookies (“persistent cookies”), on the other hand, remain on your end device.

The following data is stored and transmitted in the cookies: Language settings, entered search terms, frequency of page views, use of website functions.

Your data collected on our website will be pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to you. The data will not be stored together with other personal data of yours.

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

The purpose of using technically necessary cookies is to simplify the use of our websites for you (e.g. your settings are stored). Some functions of our website cannot be offered without the use of cookies. For this it is necessary that your browser is recognized even after a page change. If cookies are not accepted or deactivated, the functionality of our website may be restricted.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used by you and can thus constantly optimize our offer.

For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

Some of the third-party services we include may use cookies. Please refer to the websites of the respective providers for information on the respective mode of operation and data processing. You can find the services we use in this data protection declaration.

Cookies are stored on your terminal and transmitted to our website. You therefore have control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general or set so that the setting of cookies is prevented and thus permanently contradict the setting of cookies. You can also delete cookies that have already been set at any time via your browser. The transmission of Flash cookies cannot be prevented via the settings of your browser, but by changing the settings of the Flash Player. This also applies to all third-party cookies listed below.

5. Google Analytics
We use Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google Analytics”). The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. The USA is an unsafe third country. However, Google Inc. has voluntarily certified itself under the US-EU data protection agreement “Privacy Shield” and has thus committed itself to comply with EU data protection regulations.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR.
Google Analytics uses methods that enable an analysis of your use of the website, in particular from which website you came to our website (so-called referrer), which subpage you access or how often and for how long you view a subpage. Google Analytics uses cookies for this purpose. Every time you visit a page of our website on which Google Analytics is integrated, your browser on your device is automatically prompted to transmit data to Google Analytics for the purpose of analysis.

By activating IP anonymization on our website, the IP address is reduced prior to transmission within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymous IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet.

Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Pseudonymous user profiles can be created from the processed data.

You can prevent Google from collecting the data generated by the cookie and relating to your use of our website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on available under this link http://tools.google.com/dlpage/gaoptout?hl=en. The installation of the browser add-on is considered a contradiction by Google.

As an alternative to the browser plug-in or within browsers on mobile devices, please click this link to object to the collection and use of your data by Google Analytics with effect for the future. An opt-out cookie is stored on your mobile device. If you delete your cookies, you must click the link again.

The privacy policy of Google can be found here https://policies.google.com/privacy.

6. WordPress Stats
We use the plugin Jetpack with the subfunction WordPress.com-Stats (“Stats”) to analyze our website, a tool for statistical analysis of visitor accesses from Automattic Inc. 60 29th Street #343, San Francisco, CA 94110-4929, USA. The information generated about your use of this website is usually transferred to a Stats server in the USA and stored there. The USA is an unsafe third country. Stats has, however, voluntarily certified itself under the US-EU data protection agreement “Privacy Shield” and has thus committed itself to comply with EU data protection regulations.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR.

By using cookies, Stats can enable an analysis of your use of the website. Usage profiles can be created from the processed data, whereby these are only used for analysis and not for advertising purposes. The IP address is made anonymous immediately after processing and before it is stored. Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR lies in these purposes.

For more information, please see Stats’ privacy policy: https://automattic.com/privacy/ and Jetpack cookie notices: https://jetpack.com/support/cookies/.

7. Integration of YouTube
We include videos from the social network youtube.com, which is operated by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). YouTube LLC is a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

When you visit our website, a direct connection to YouTube’s servers is established via your browser. Your browser is automatically prompted by the video embedded on our website to download a representation of the corresponding component from YouTube. As part of this technical process, YouTube is informed about which specific subpage of our website you are visiting.

If you use the videos, the corresponding information – e.g. by pressing the play button – is transmitted from your browser to YouTube, if necessary linked to your user account and saved.

The legal basis for the use of your data is Art. 6 para. 1 lit. f GDPR.
Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR lies in the optimization and economic operation of our website.

If you are logged in with your personal Google Account while visiting our site, YouTube may associate your account with your visit and the pages of our site that you have specifically visited.

If you don’t have a Google Account, YouTube may still store your IP address.
If you do not want such processing, you must log out of your Google Account and delete your cookies before visiting our site.

You can object to the use of your data by Google at any time by clicking on the following link: https://adssettings.google.com/authenticated.

For further information on data protection, please refer to YouTube’s privacy policy https://policies.google.com/privacy?hl=en.

8. E-mail
Due to legal regulations, our website contains information that enables us to be contacted electronically and to communicate directly with you. This includes above all our e-mail address. As far as you contact us by e-mail, the personal data transmitted by you are automatically stored.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the establishment of contact is aimed at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

However, we use the personal data transmitted by you exclusively for the processing of your concrete inquiry. The data provided will always be treated confidentially.

Your data can be stored in a customer relationship management system (CRM system) or another organization tool for customer data.

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the conversation with you has been terminated. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

9. Data protection
We protect our website and other systems through numerous technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Despite regular checks, however, complete protection against all risks is not possible and cannot be provided by us. For this reason, you are free to transmit your personal data to us at any time by other means, for example by telephone or by post.

10. Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

For the processing of personal data required for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that your vital interests or the vital interests of another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

11. Legitimate interests in the processing
If the processing of your personal data is based on Article 6 para. 1 lit. f GDPR, it is in our legitimate interest, unless otherwise stated, to carry out our business activities. In all other respects, we have stated our purposes and interests within the scope of the above list of processing.

12. Data erasure and storage time
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you revoke your consent. Furthermore, data may be stored if this has been stipulated by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. If the purpose of storage ceases to apply, you revoke your consent or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

13. Right to disclosure
You also have the right to receive free disclosure from us at any time about your personal data stored and a copy of this disclosure. You also have a right of access to the following information:

– the processing purposes,
– the categories of personal data being processed,
– the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organizations,
– if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
– the existence of a right of rectification or deletion of personal data concerning you or of a restriction on processing by the party responsible or of a right of opposition to such processing,
– the existence of a right of appeal to a supervisory authority,
– if the personal data are not collected from the person concerned: all available information on the origin of the data and,
– the existence of automated decision-making, including profiling in accordance with Article 22 para. 1 and para. 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned.

You also have a right of access to information on whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transmission.

14. Right to correction
You have the right to request the immediate correction and/or completion of incorrect or incomplete personal data concerning you. We shall make the correction without due delay.

15. Right to limitation of processing
You have the right to request us to restrict processing if one of the following conditions applies:

– The accuracy of the personal data is disputed by the person concerned for a period of time which enables the party responsible to verify the accuracy of the personal data.
– The processing is unlawful, the person concerned refuses to delete the personal data and instead requests that the use of the personal data be restricted.
– The party responsible no longer needs the personal data for the purposes of the processing, but the person concerned needs them to assert, exercise or defend legal claims.
– The person concerned has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person concerned outweigh those of the responsible party.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the European Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

16. Right to erasure
You have the right to demand that we delete your personal data immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

– The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
– The person concerned withdraws his/her consent on which the processing was based pursuant to Article 6 para. 1 lit. a GDPR or Article 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
– The person concerned objects to processing under Article 21 para. 1 GDPR and there are no overriding legitimate grounds for processing or the person concerned objects to processing under Article 21 para.2 GDPR.
– The personal data have been processed unlawfully.
– The deletion of personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the party responsible is subject.
– The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If the personal data have been made public by us and we as responsible party are obliged to delete the personal data pursuant to Art. 17 para. 1 GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other responsible parties for data processing who process the published personal data, that the person concerned has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other responsible parties for data processing, insofar as the processing is not necessary.

The right to cancellation does not exist if the processing is necessary:

– to exercise freedom of expression and information;
– for the performance of a legal obligation required for processing under the law of the European Union or of the Member States to which the party responsible is subject, or for the performance of a task in the public interest or in the exercise of official authority conferred on the party responsible;
– for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
– for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
– to assert, exercise or defend legal claims.

17. Right to notification
If you have exercised your right of correction, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis us to be informed about these recipients.

18. Right to data transferability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without our interference, provided that the processing is based on the consent provided for in Article 6 para. 1 lit. a GDPR or Article 9 para. 2 lit. a GDPR or on a contract pursuant to Article 6 para. 1 lit. b GDPR and that the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task, in the public interest or in the exercise of public authority which was transferred to us.

Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly by us to another person responsible, insofar as this is technically feasible and provided that the rights and freedoms of other people are not affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the person responsible.

19. Right of objection
You have the right to object at any time to the processing of personal data concerning you based on Art. 6 para. 1 lit. e or f GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions.

We will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If you object to our processing for direct advertising purposes, we will no longer process your personal data for these purposes.

You also have the right to object to the processing of your personal data concerning you, which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, for reasons arising from your particular situation, unless such processing is necessary to fulfil a task in the public interest.

You can contact us at any time to exercise your right of objection. You may also, notwithstanding Directive 2002/58/EC, exercise your right of opposition in relation to the use of Information Society services by means of automated procedures using technical specifications.

20. Right to revoke your consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time. The revocation of consent shall not affect the legality of the processing carried out based on the consent until revocation.

21. Right to automated decisions in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect against you or significantly affects you in a similar manner, provided that the decision:

– is not necessary for the conclusion or performance of a contract between you and us, or
– is admissible by law of the European Union or of the Member States to which we are subject, and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
– with your express consent.

Is the decision

– necessary for the conclusion or performance of a contract between you and us, or
– it is done with your explicit consent,

we will take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain an individual’s intervention from us to state our position and to challenge the decision.

22. Existence of automated decision making
We do not perform automatic decision making or profiling.

23. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

24. Legal or contractual provisions for the disclosure of personal data; necessity for the conclusion of the contract; obligation of the person concerned to provide the personal data; possible consequences of failure to provide them
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for you to provide us with personal data, which we will subsequently have to process. For example, you are obliged to provide us with your personal data when you conclude a contract with us. Failure to provide your personal data would mean that the contract with you could not be concluded.

May 2018