Privacy Policy

Introduction

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites, mobile applications, and external online presences, such as our social media profiles (collectively referred to as the “online offering”).

The terms used are not gender-specific.

Inhaltsübersicht

Controller

Owner:

Aidai Kazakbaeva
Bahnhofstr. 4b
13055 Berlin
Germany

Authorized persons:

Aidai Kazakbaeva

Email address:

info@panda-code.de

Legal Notice:

www.panda-code.de/en/legal-notice/

Overview of Processing Activities

The following overview summarizes the types of processed data, the purposes of their processing, and refers to the affected individuals.

Types of processed data

  • Inventory data.
  • Contact data.
  • Content data.

Categories of data subjects

  • Communication partners.

Purposes of processing

  • Provision of contractual services and customer service.
  • Handling of contact inquiries and communication.

Legal Bases for Processing

Below is an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or business. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures requested by the data subject.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

In addition to the GDPR, national data protection regulations in Germany may apply, including the Federal Data Protection Act (BDSG). The BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making including profiling.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

Among the measures taken are, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as their access, input, disclosure, availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures in accordance with the principles of data protection, through technical design and privacy-friendly settings.

SSL encryption (https): To protect data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of Personal Data

As part of our processing of personal data, it may occur that the data is transmitted to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data transmission within the organization: We may transmit personal data to other entities within our organization or grant them access to this data. If this transfer is for administrative purposes, the data transfer is based on our legitimate business and economic interests or, if necessary for the fulfillment of our contractual obligations, or if consent of the data subjects or legal permission is present.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing occurs in the context of using third-party services or disclosing/transferring data to other individuals, entities, or companies, this only occurs in compliance with legal requirements.

Unless expressly consented to or required by contract or law, we process or allow the processing of data only in third countries with an adequate level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as their processing permissions are revoked or other permissions expire (e.g., if the purpose of processing this data has ceased to exist or it is not necessary for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection information may also provide further details on the storage and deletion of data that take precedence for the respective processing.

Use of Cookies

Cookies are small text files or other storage mechanisms that store information on devices and retrieve information from devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as for the functionality, security, and convenience of online offerings, as well as for analyzing visitor flows.

Consent Notes: We use cookies in accordance with legal requirements. Therefore, we obtain the users’ prior consent, unless this is not required by law. Consent is not required, in particular, if storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) expressly requested by them. The revocable consent is clearly communicated to users and includes information about the respective cookie use.

Notes on data protection legal bases: The legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users give their consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies is based on our legitimate interests (e.g., in the business operation of our online offering and improving its usability) or, if the use of cookies is necessary to fulfill our contractual obligations, when processing is required. We will clarify the purposes for which cookies are processed during the course of this privacy policy or in the context of our consent and processing processes.

Storage period: Regarding the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes his device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. The data collected using cookies can also be used for reach measurement. Unless we provide explicit information about the type and storage period of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can have a storage period of up to two years.

General notes on revocation and objection (opt-out): Users can revoke any consents they have given at any time and also object to processing in accordance with legal requirements under Art. 21 GDPR (further information on objection will be provided in this privacy policy). Users can also declare their objection through the settings of their browser.

Further notes on processing processes, procedures, and services:

  • Processing of cookie data based on consent: We use a cookie consent management procedure in which users’ consent to the use of cookies or the processing and providers mentioned in the context of the cookie consent management procedure can be obtained, managed, and revoked by users. The consent declaration is stored to avoid having to repeat the query and to be able to prove the consent in accordance with legal obligations. Storage can take place on the server and/or in a cookie (so-called opt-in cookie or using comparable technologies) to be able to assign the consent to a user or his device. Subject to individual information about providers of cookie management services, the following information applies: The storage duration of the consent can be up to two years. For this purpose, a pseudonymous user identifier is created and stored together with the time of consent, information about the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, system, and device used.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, telephone, or social media) and within existing user and business relationships, the information of the inquiring individuals is processed to the extent necessary to respond to contact inquiries and any requested measures.

The response to contact inquiries and the management of contact and inquiry data in the context of contractual or pre-contractual relationships are carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and, moreover, based on the legitimate interests in answering inquiries and maintaining user or business relationships.

  • Processed data types: Master data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact inquiries and communication; Provision of contractual services and customer service.
  • Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR); Legal obligation (Art. 6(1)(c) GDPR).

Further notes on processing processes, procedures, and services:

  • Contact form: When users contact us via our contact form, email, or other communication channels, we process the data communicated to us in this context to handle the reported issue. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment, and otherwise based on our legitimate interests and the interests of communication partners in responding to their concerns and our legal retention obligations.

Modification and Update of the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as your cooperation (e.g., consent) or other individual notification becomes necessary due to the changes.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to check the information before contacting them.

Definition of Terms

In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are mainly defined in Art. 4 GDPR. The legal definitions are binding. The following explanations are primarily intended to aid understanding. The terms are sorted alphabetically.

  • Personal data: “Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special features expressing the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
  • Controller: The “controller” is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.
  • Processing: “Processing” is any operation or set of operations performed with or without the aid of automated processes in connection with personal data. The term is broad and covers practically every handling of data, whether it be collecting, evaluating, storing, transmitting, or deleting.

Legal text by Dr. Schwenke - for more information, please click.