Data privacy statement
Thank you for your interest in SelF, our company and your visit to our website. A use of our website is basically possible without providing personal data. However, special services of our website may require the processing of personal data. If processing of personal data is required, there is either a legal basis for processing or we obtain your consent. In doing so, the regulations of the General Data Protection Regulation and country-specific data protection regulations are observed.
In the course of this data privacy statement, esatus AG would like to inform about the type, scope and purpose of the collected, used and processed personal data and comply with the duty of transparency, in particular by clarifying the rights of persons concerned.
1. Contact details of the responsible person and the data protection officer
Responsible for data processing:
esatus AG
Rheinstraße 5
63225 Langen
Tel.: +49 6103 90295-0
Mail: info@esatus.com
Website: www.esatus.com
Data protection officer:
Tel.: +49 6103 90295-0
Mail: dsb@esatus.com
2. General information about data processing
Regardless of the visit to this website, esatus AG only processes personal data:
- To initiate employment relationships and contractual relationships
- To carry out contractual or legal obligations
- To carry out the electronic communication (e-mailing)
- For documentation of the customer and order history
- To use photos from events for promotional purposes
- For other purposes, which are explicitly indicated on consent declarations
The personal data are processed on the basis of the following legal bases:
- On the basis of a declaration of consent (Art. 6 para. 1 lit. a GDPR), e. g. when using photos of events
- For initiating or fulfilling contractual relationships (Art. 6 para. 1 lit. b GDPR), e. g. in the execution of consulting services
- To fulfill legal obligations (Art. 6 para. 1 lit. c GDPR), e. g. if data is forwarded to appropriate authorities
- To be able to respond to incoming requests in order to safeguard legitimate interest and thus to process e-mail addresses (Art. 6 para. 1 lit. f GDPR)
- For the decision to establish an employment relationship (§26 BDSG)
Specific data processing operations on this website are defined below. If you are a customer, supplier, partner or other interested party whose data are processed even without visiting this website, please note in particular points 6, 7 and 8 of this privacy policy.
3. Collecting general information
We automatically save information in our logfiles, which your browser transfers during page access. These are:
- Browser type / and version
- Used operating system
- Referer URL (the previously visited website)
- IP address of the accessing computer
- Time and date of the server request
These data serve the statistical evaluation of the use of our service as well as the fight against abuse (in particular by automated mass access) and are not assignable for us to particular and / or determinable persons (legitimate interest of the data processing according to Art. 6 para.1 lit. f GDPR). A combination of this data with other data and data sources will not be made.
4. Contact via the website
If an affected person contacts esatus AG by e-mail, personal data voluntarily communicated will be automatically saved for the purpose of processing or contacting (legitimate interest in the processing of data according to Art. 6 para.1 lit. f GDPR).
5. Integration of external videos
Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.
If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.
Vimeo complies to the EU-U.S. Privacy Shield Framework.
6. Deletion and blocking of personal data
If the purpose of a processing ends or a legally prescribed storage or archiving period expires, the personal data will be deleted or blocked in accordance with the statutory provisions.
7. Rights of persons concerned
All subsequent rights of persons concerned may be claimed at any time, e.g. by request by mail to info@esatus.com. By addressing by e-mail or addressing an employee, the request will be processed and executed without delay.
7.1. Right to confirmation
Concerned persons have the right to ask for confirmation of the processing of personal data concerning them.
7.2. Right to information
Affected persons have the right to request information about their personal data free of charge and to receive a copy of them. In addition to the copy, the following information is provided:
- Processing purposes
- Categories of personal data
- Recipients or categories of recipients in third countries or international organizations
- If possible, the planned duration of the storage of personal data and, if this is not possible, the criteria for determining the duration
- The existence of further rights of concerned persons, the existence of a right of appeal with a supervisory authority
- The existence of automated decision making including profiling
- If the personal data were not collected from the concerned person, all available information about the origin of the data
In addition, should the data be transmitted to a third country or an international organization, appropriate guarantees, such as the use of EU standard contractual clauses, will be communicated.
7.3. Right to correction
Concerned persons have the right to request a correction of incorrect personal data and to demand a completion of incomplete data, taking into account the purposes of the processing.
7.4. Right to be deleted or right to be forgotten
Concerned persons have the right to request the deletion of their personal data, which will be deleted immediately upon request, if one of the following reasons applies and processing is not required:
- The personal data has been collected for purposes or otherwise processed for which they are no longer necessary
- The concerned person revokes their consent to processing and it lacks any other legal basis for processing
- The concerned person objects to the processing and there are no high-level legitimate reasons for processing or the concerned person objects to direct mail
- The personal data were processed unlawfully
- The deletion of the data is required to fulfill a legal obligation
- The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR
If esatus AG has made personal data of the concerned person public and is required to delete it in accordance with Art. 17 para. 1 GDPR, esatus AG takes appropriate measures, taking into account the available technology and the implementation costs, to inform other data controllers who are responsible for the data processing published personal data, to inform that the concerned person has requested the deletion of any links to such personal data or copies of such personal data from these other data controllers unless the processing is required.
7.5. Right to restriction of processing
Concerned persons have the right to restrict processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by the concerned person (for a period that allows an examination by the person in charge)
- The processing is unlawful, but the concerned person refuses to delete it and requires a restriction of use
- The person in charge no longer needs the data for the purposes of the processing, but the concerned person requires it for asserting or exercising or defending legal claims
- The concerned person has objected to the processing and it is not yet clear whether the legitimate reasons of the person responsible or the legitimate interests of the person concerned outweigh
7.6. Right to data portability
Concerned persons have the right to data portability. This right entitles concerned persons to receive their personal data in a structured, common and machine-readable format. The concerned person therefore has the right to transfer this data to another person responsible or to request the transfer from the former person responsible to the new person responsible.
7.7. Right to objection
The concerned person may object to data processing based on a "legitimate interest" (Art. 6 para. 1 lit. f GDPR). As a result, further data processing is prohibited unless it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the concerned person, or the processing is for the purpose of enforcing, pursuing or defending legal claims. If esatus AG processes personal data for direct mail, an objection can be filed at any time.
7.8. Automated decisions in individual cases including profiling
As a responsible company we refrain from automatic decision-making or profiling.
7.9. Right of withdrawal
Concerned persons have the right to withdraw consent to processing at any time.
7.10. Right of appeal to the supervisory authority
If you have the impression that the processing of your data violates data protection law or your data protection claims have been violated in any way, you can complain to the Hessian Data Protection Officer.
8. Recipient of personal data
The recipients of personal data on this website, besides esatus AG, is the CJe GmbH (www.cje.de) through the webhosting of this website. It is only about personal data collected that your browser automatically provides (see point 3) and personal data provided in case of contacting the esatus AG via e-mail (see point 4). In order to guarantee data protection compliant transmission, a corresponding order processing contract was concluded. Regarding personal data received by Vimeo, please refer to the privacy policy of Vimeo (see point 5).
If you are a customer, partner, supplier or other interested party of esatus AG and you are in contact with us through contractual relationships or other requests, it may happen that processors, such as IT support service providers or cloud providers gain access to personal data from you. In addition, cooperations with third parties to fulfill a contractual relationship may be necessary. A transfer of personal data to a third country outside the EU does not take place.
In addition, if required by law, your personal information may be forwarded to the appropriate authorities.
SeLF is a solution developed by the esatus AG, a information security specialist with a strong focus on Identity & Access (I&A). In alignment with its mission «Enforcing Information Security» and being vendor neutral, esatus AG offers conceptual and implementation support across a wide range of solutions.
Starting out offering services around I&A in the financial sector, today esatus AG supports clients from various industries in their I&A challenges. Navigating the extensive regulations institutions face, esatus AG was able to develop in-depth knowledge. All this experience is now available in the SeLF solution suite.
