Privacy Policy
We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the just.dot GmbH. The use of the Internet pages of the just.dot GmbH is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the just.dot GmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, the just.dot GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
1. Definitions
The data protection declaration of the just.dot GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alias, the following terms:
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes.
2. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
-
just.dot GmbH
Spinozastr. 14
30625 Hannover, GermanyPhone: +49 (0) 511 5349688
Email: info@justdot.de
Website: www.justdot.com
3. Cookies
The Internet pages of the just.dot GmbH use cookies. Cookies are text files that are stored in a computer system via an Internet browser. Many Internet sites and servers use cookies, which contain a unique cookie ID—a string of characters through which websites and servers can identify a specific Internet browser.
Through the use of cookies, the just.dot GmbH can provide users with more user-friendly services that would not be possible without cookie settings. By means of a cookie, the information and offers on our website can be optimized with the user in mind.
The data subject may, at any time, prevent the setting of cookies through our website via browser settings, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
For more Information, read our Cookies Policy.
4. Collection of General Data and Information
The website of **just.dot GmbH** collects a series of general data and information when a data subject or automated system accesses the website. This general data and information are stored in the **server log files**. Collected data may include:
- (1) The browser types and versions used
- (2) The operating system used by the accessing system
- (3) The website from which an accessing system reaches our website (so-called referrers)
- (4) The sub-websites visited on our site
- (5) The date and time of access to the Internet site
- (6) The Internet Protocol address (IP address)
- (7) The Internet service provider of the accessing system
- (8) Any other similar data and information that may be used in case of cyber-attacks
When using this general data and information, **just.dot GmbH** does not draw any conclusions about the data subject. Instead, this information is used to:
- (1) Deliver the content of our website correctly
- (2) Optimize the content and advertisements of our website
- (3) Ensure the long-term stability and security of our IT systems and website technology
- (4) Provide law enforcement authorities with necessary information in case of cyber-attacks
Therefore, **just.dot GmbH** may analyze **anonymously collected** data and information statistically, with the aim of improving **data protection, security**, and ensuring an **optimal level of protection** for the personal data we process. The **anonymous data in the server log files** are stored separately from all personal data provided by the data subject.
5. Contact Possibility via the Website
The website of the just.dot GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored.
Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
6. Routine Erasure and Blocking of Personal Data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
7. Rights of the Data Subject
Each data subject has the right to obtain confirmation from the controller whether or not personal data concerning them is being processed. To exercise this right, they may contact any employee of just.dot GmbH at any time.
The data subject has the right to obtain free information about their personal data stored at any time. Additionally, they have access to:
- The purpose of processing
- Categories of personal data concerned
- Recipients or categories of recipients to whom the data has been disclosed
- The envisaged period for data storage or criteria used to determine that period
- The right to rectification, erasure, or restriction of processing
- The right to lodge a complaint with a supervisory authority
- The existence of automated decision-making, including profiling
- Whether data has been transferred to a third country or international organization
Data subjects have the right to request rectification of inaccurate personal data without undue delay. This includes providing supplementary statements to complete missing information.
Data subjects may request deletion of personal data if one of the following applies:
- Data is no longer necessary for processing
- The subject withdraws consent and no other legal ground exists
- The subject objects to processing with no overriding legitimate grounds
- Data has been unlawfully processed
- Data must be erased for legal compliance
The subject has the right to restrict processing under specific conditions, such as contesting the accuracy of data, unlawful processing where deletion is not requested, or when data is required for legal claims.
The data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance.
The data subject has the right to object to the processing of their personal data at any time for reasons related to their particular situation. This includes cases where personal data is processed for direct marketing purposes, profiling, or legitimate interest claims.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them, unless it is necessary for the performance of a contract, authorized by law, or based on explicit consent.
The data subject has the right to withdraw their consent to data processing at any time. This withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
8. Legal Basis for Processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis applies when processing is necessary for the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. A legitimate interest is assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
9. The Legitimate Interests Pursued by the Controller or by a Third Party
Where the processing of personal data is based on Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business operations in favor of the well-being of all our employees and shareholders.
10. Period for Which the Personal Data Will Be Stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
11. Provision of Personal Data as a Statutory or Contractual Requirement
We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information on the contractual partner). In some cases, concluding a contract may require the data subject to provide personal data, which must then be processed by us.
For example, a data subject is obligated to provide personal data when entering into a contract with our company. Failure to provide the required personal data would mean that the contract cannot be finalized. Before submitting personal data, the data subject may contact any employee of our company. The employee will clarify whether the provision of personal data is required by law, contract, or necessary for contract completion. Additionally, they will explain whether there is an obligation to provide such data and the possible consequences of non-provision.
Existence of Automated Decision-Making
As a responsible company, we do not engage in **automated decision-making or profiling**.
This privacy policy has been developed in collaboration with the specialists at **LegalTech at Willing & Able**, the creators of the **cnil DPIA system**. The legal texts included in our privacy policy generator have been reviewed and published by **Prof. Dr. h.c. Heiko Jonny Maniero** from the **German Association for Data Protection** and **Christian Solmecke** from **WBS Law**.
As a responsible company, we do not use automatic decision-making or profiling.