Privacy Policy
Data Protection Statement
We at OVD Kinegram AG attach immense importance to data protection, that is to say the protection of YOUR personal data. We treat your personal data in confidence and in compliance with the statutory data protection regulations and this Data Protection Statement.
1. Scope
This Data Protection Statement applies equally for all Internet offerings (“Website(s)”) for which OVD Kinegram is considered the controller (see Section 2).
2. Controller and contact information for the data protection officer
2.1 Controller
As defined in the EU General Data Protection Regulation (GDPR) as well as other national data protection laws of the member states, and other data protection provisions, the controller is:
OVD Kinegram AG
a KURZ company
Zählerweg 11
CH-6300 Zug, Switzerland
Telephone: +41 41 555 20 00
2.2 Contact information for the data protection officer
You can contact the controller’s data protection officer at the following address:
Peter Nauer
Observar AG
Lindenstrasse 10
CH-6340 Baar
dsb@kinegram.com
2.3 Contact information for the Data Protection Officer in Singapore
OVD Kinegram (Asia Pacific) Pte Ltd
#42-01, Level 42
Suntec Tower Three
8 Temasek Boulevard
Singapore 038988
+65 6866 3220 (phone)
singapore@kinegram.com
3. Principles of processing personal data
3.1 Scope of personal data processing
As a general rule we do not process our users’ personal data unless it is necessary to enable us to present a functioning website and our content and services. As a matter of course, our users’ personal data is not processed without the user’s consent. One exception would be cases in which it is not possible to obtain the consent beforehand for practical reasons, and/or if processing of the data is permitted by legal provisions.
In particular, your data is processed for the following purposes:
- The online services offered on our Websites (e.g., newsletter, contact form, etc.) are specifically designed to help us reach our business objectives. To this end, we need to continuously optimise the services we provide online (customer satisfaction, security, user friendliness, etc.).
- The main reason we process data is if it is needed to substantiate the legal relationship, or to design or amend the content thereof.
- To send you information, including advertising materials (e.g., the newsletter).
- To lend our Websites still greater appeal; to identify points of particular interest and also publicise usage-based online advertising.
- To analyse and evaluate visitor access events and also to detect any technical problems and respond to them in good time.
3.2. Legal basis for processing personal data
If we obtain consent from the data subject to carry out processing operations on personal data, our activities are governed by Art. 6 Para. 1 letter a GDPR as the legal basis therefor.
If it is necessary to process personal data in order to fulfil a contract to which the data subject is a contracting party, our activities are governed by Art. 6 Para. 1 letter b GDPR as the legal basis. This also applies for processing activities essential for pre-contractual arrangements, in response to enquiries about our products or services, for example.
If we need to process personal data to comply with a legal obligation to which our company is subject, (e.g., tax obligations), the legal basis for this is Art. 6 Para. 1 letter c GDPR.
If it is essential to process personal data to protect the vital interests of the data subject or another natural person, the legal basis therefor is Art. 6 Para. 1 letter d GDPR.
If such processing is essential in order to safeguard the legitimate interests of our company or of a third party and these interests are not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 Para. 1 letter f GDPR serves as the legal basis therefor. This applies e.g. to collections and analyses for statistical purposes, which we carry out to optimise our web offerings.
3.3. Retention period and erasure of personal data
We only process and store your personal data for the period necessary to fulfil the purpose for which it is stored. When its purpose has been fulfilled or ceases to exist, your personal data is erased or blocked. It can be stored for longer than this if such provisions appear in the European or national legislatures in legally binding ordinances, laws or other regulations of the European Union to which the controller is subject. The data is also blocked or erased when a retention period stipulated in the aforementioned norms expires, unless there is a pressing need for continued retention of the data to enable the conclusion or fulfilment of a contract.
4. Providing Websites and compiling logfiles
Every time they are accessed, our Websites automatically capture a range of general data and information, which is stored temporarily in a server’s logfiles.
In this context, the following data may be captured:
- Access to the Website (date and time)
- How you came to the Website (previous page, hyperlink etc.)
- Which browser (and version) you use
- The operating system you use
- Which Internet service provider you use
- Your IP address, which is assigned to your computer by your Internet service provider for when you connect to the Internet
In rare cases, this (technical) data in the logfiles may be personal data. The temporary storage of the IP address by the system is necessary to enable the Website to be delivered to the user’s computer. To allow this, the user’s IP address has to remain stored for the duration of the session. As a rule, however, we only use this data if it is absolutely necessary for technical reasons to ensure operation and protect our Websites from attacks and misuse; in pseudonymised or anonymised form it is also used for purposes of advertising, market research and to help us design our services to meet current needs. This is why users’ IP addresses are stored as a technical precaution for a period not exceeding 7 days. They may be stored for longer. In this case, the users’ IP addresses are erased or masked so that it is no longer possible to make a connection to the accessing client. This data is not stored together with any of the user's personal data.
The legal basis for temporary storage of the data and logfiles is Art. 6 Para. 1 letter f GDPR.
The capture of the data in order to deliver the Website and storage of the data in logfiles are both essential for enabling operation of the Website. Consequently, the user has no right of objection in this case.
5. Answering your contact requests, enquiries, requests for spare parts
On our Websites, you will find contact forms which you can use to communicate your wishes to us according to your area of interest. The data you supply in the input mask (e.g., your company, name, email address, etc.) is used by us to appropriately respond to your contact.
The legal basis for processing data where the user’s consent has been given is Art. 6 Para. 1 letter a GDPR. The legal basis for processing data associated with the contact form is Art. 6 Para. 1 letter f GDPR. If the email indicates an intent to enter into a contract, a further legal basis for processing is constituted by Art. 6 Para. 1 letter b GDPR. The data is erased as soon as it is no longer needed to fulfil the purpose for which it is collected. You can object to the further processing of your data at any time.
6. Analysis, evaluation and optimisation of our online services
It is our stated aim to continually optimise our online offering for you. For the purposes of analysing and evaluating the behaviour of visitors to our Websites, we use
Google-Analytics.
This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA,
Google-Analytics uses cookies; for more information on this subject, please refer to Section 13. “Cookies” in this Data Protection Statement.
Google Tag Manager.
On our website, we use the service Google Tag Manager of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Tag Manager). Google Tag Manager offers a technical platform to run and bundle other web services and web tracking programs using so-called ‘tags.’ In this context, Google Tag Manager stores cookies on your computer and analyses your surfing behavior (so-called ‘tracking’) if web tracking tools are executed using Google Tag Manager. This data sent by individual tags integrated into Google Tag Manager is aggregated, stored, and processed by Google Tag Manager under a uniform user interface. All integrated ‘tags’ are listed separately again in this privacy policy. Further information on the data protection of the tools integrated in Google Tag Manager can be found in the respective section of this privacy policy. In the course of using our website with activated integration of tags from Google Tag Manager, data such as, in particular, your IP address and your user activities are transmitted to servers of the company Google Ireland Limited. With regard to the web services integrated using Google Tag Manager, the provisions in the respective section of this privacy policy apply. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager before transmission by means of IP anonymization of the source code. Google Tag Manager only collects anonymized IP addresses (so-called IP masking).
The legal basis for data processing is your consent in our information banner regarding the use of cookies and web tracking (consent through clear confirming action or behavior) in accordance with Art. 6(a) GDPR.
On our behalf, Google will use the information obtained through Google Tag Manager to evaluate your visit to this website, to compile reports on website activity, and to provide us with other services related to website and internet usage.
Google will store the data relevant for the Google Tag Manager function for as long as it is necessary to provide the booked web service. Data is collected and stored anonymously. If there is a reference to a person, the data will be deleted immediately, provided that it is not subject to any statutory retention obligations. In any case, deletion takes place after the retention obligation has expired.
You can prevent the collection and forwarding of personal data (especially your IP address) to Google as well as the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser, or activating the ‘Do Not Track’ setting in your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link https://tools.google.com/dlpage/gaoptout?hl=en. Google's security and privacy policies can be found at https://policies.google.com/privacy?hl=en.
7. Delivery of online advertising
In order to be able to present you with online advertising which is tailored individually to your usage behaviour on our Websites, we use the following services/technologies:
Google AdWords Conversion
Google Dynamic Remarketing
Double Click by Google
The provider of these services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA,
These services rely on the use of cookies; for more information on this subject, please refer to Section 13. “Cookies” in this Data Protection Statement.
8. YouTube
The Websites use the YouTube video platform, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. YouTube is a platform that enables the playback of audio and video files.
When you access a page from our Internet presence, the player which is integrated in the page by YouTube creates a link to YouTube that ensures the technical transmission of the video and/or audio file. When the link to YouTube is created, data is transmitted to YouTube. The YouTube server receives information about the specific page of our Internet presence that you visited. If you also happened to be logged into your YouTube account, you would enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this capability entirely by logging out of your YouTube account beforehand.
For more information about the collection and use of your data by YouTube and your rights in this regard and setting options for protecting your privacy, please refer to the notes on data protection there under policies.google.com/privacy.
9. Mouseflow
We use the Mouseflow service provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark.
The transmission and processing of personal data takes place exclusively on servers in the European Union.
The legal basis for the transmission of personal data is your consent in accordance with EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.
The service collects information about your user behavior on our website and processes this in the context of a technical user behavior analysis.
You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.
Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://mouseflow.de/privacy/.
The provider also offers an opt-out option at https://mouseflow.com/opt-out-old/.
10. Flowplayer
On our website, we use the flowplayer.org service provided by Flowplayer AB, Regeringsgatan 29, 5th Floor, 111 53 Stockholm, Sweden; website: https://flowplayer.com/. The transmission and processing of personal data takes place exclusively on servers in the European Union.
The legal basis for the transmission of personal data is your consent in accordance with EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.
The service is a plugin that we need in order to be able to display all content on our website to you. The plugin makes our website more attractive and easier to experience for our site visitors.
Flowplayer also offers the possibility to analyze and monetize videos. Videos are connected via an API. When loading or viewing a video, data is reloaded from Flowplayer's servers, and the video is displayed and analyzed on our website. This includes personal data such as your IP address and user activities that are transmitted to Flowplayer’s servers and processed there.
You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.
Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://flowplayer.com/privacy-policy.
11. LinkedIn
We use the LinkedIn service provided by LinkedIn Ireland Unlimited Company, Wilton Place, 2 Dublin, Ireland on our website, e-mail: info_impressum@cs.linkedin.com, website: https://www.linkedin.com/. Processing also takes place in a third country, for which there is no Commission adequacy decision. Therefore, the usual level of protection of the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, authorities tc. can access the collected data.
The legal basis for the transfer of personal data is your consent pursuant to EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.
When using the LinkedIn plugin, we establish a connection to the LinkedIn platform in order to to give signed-in LinkedIn members the opportunity to interact with us.
You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.
Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.
The provider also offers an opt-out option at https://www.linkedin.com/help/linkedin/answer/68763?lang=en.
12. LinkedIn Analytics
We use the LinkedIn Analytics service provided by LinkedIn Ireland Unlimited Company, Wilton Place, 2 Dublin, Ireland on our website, e-mail: info_impressum@cs.linkedin.com, website: https://www.linkedin.com/. Processing also takes place in a third country, for which there is no Commission adequacy decision. Therefore, the usual level of protection of the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, authorities etc. can access the collected data.
The legal basis for the transfer of personal data is your consent pursuant to EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.
The service is a plugin that we need in order to be able to display all content on our website to you. The service may also be used for tracking and/or advertising integration.
You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.
Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://www.linkedin.com/help/linkedin/answer/68763?lang=en.
The provider also offers an opt-out option at https://www.linkedin.com/help/linkedin/answer/68763?lang=en.
13. Cookies
Our Websites use cookies under certain circumstances. Cookies are small text files which are stored in the Internet browser and/or on the user’s computer system and enable your use of the Website to be analysed.
Cookies serve to make our Websites and online services more user-friendly, more effective and more secure. These and similar technologies are used for wide variety of purposes, including storing your settings, logging in and authentication, interest-related online advertising, analyses and statistics.
The legal basis for processing personal data using cookies is Art. 6 Para. 1 letter f GDPR. When they access our Websites, users are informed about the use of cookies in an info banner and referred to this Data Protection Statement.
Most of the cookies we use are of the type known as “session cookies”. They are deleted automatically at the end of your visit to our Website. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser again the next time you visit.
You yourself decide on the use of cookies:
You can make settings in your browser so that you are informed when cookies are set, and you can decide whether to accept them on a case by case basis, for certain cases, or to block them generally, and activate the automatic deletion of cookies when you close your browser.
Deactivating cookies may have the effect of limiting the functionality of the Website.
In the following section, we will provide details about the services on our Websites that use/implement cookies:
13.1 Google-Analytics
Our Websites use functions provided by the web analysis service Google Analytics to determine which content on our Websites is most interesting to you, for example.
The information generated by the cookie about your use of this Website is usually transmitted to a Google server in the USA and stored there.
For more information about how Google Analaytics handles user data, please refer to the Google Data Protection Statement: support.google.com/analytics/answer/6004245
Browser Plugin
You can prevent cookies from being stored by making the corresponding setting in your browser software; but we would point out that in this case you may not be able to use the full range of functions offered on this Website. You can also prevent collection of the data generated by the cookie relating to your use of the website (including your IP address) and processing of that data by Google by downloading and installing the browser plugin which is available on the following link: tools.google.com/dlpage/gaoptout
Objection to data capture
You can object to the capture of your data by Google Analytics by clicking on the following link. An “opt-out” cookie is set, which prevents your data from being captured when you visit this Website in future: Deactivate Google Analytics. Deleting all of the cookies in your browser also deletes the corresponding opt-out cookie.
Contract data processing
We have entered into an agreement for contract data processing with Google, and we apply the strict regulations of the German data protection authorities to the use of Google Analytics to the fullest extent.
IP anonymisation
We use the “Activate IP anonymisation” function on this Website. However, this entails your IP address being truncated by Google beforehand within the member states of the European Union or in other signatory states of the Agreement of the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On the instructions of the operator of this Website, Google will use this information to analyse your use of the Website, to compile reports on Website activities and to provide additional services for the Website operator associated with Website and Internet use. The IP address that is transmitted by your browser as part of the Google Analytics function is not merged with other data by Google. The cookies stored by Google Analytics is deleted at the latest after 14 months.
13.2 Google AdWords Conversion
In the context of Google-AdWords we use the "Conversion-Tracking” analysis service on our Websites.If you have come to our Website via a Google advertisement, a cookie is placed on your computer. These conversion cookies lose their validity after 30 days and are not used to dentify you personally. If you visit certain pages on our Websites and the cookie has not expired, we and Google can see that you as a user have clicked on one of the advertisements that were placed with Google and were consequently redirected to our page.
Google uses the information collected with the aid of the conversion cookies to prepare visit statistics for our Website. From these statistics we learn the total time spent by users who have clicked on our advertisement, and also which pages of our Website were subsequently accessed by the respective user. However, neither we nor other providers who use Google-Adwords in our advertising receive any information that enables us to identify users personally.
You can prevent the conversion cookies from being installed by making corresponding settings in your browser, for example with the browser setting that deactivates the automatic setting of cookies generally, or which specifically only blocks the cookies from the “googleadservices.com” domain.
For more detailed information and the Google Data Protection Statement, please visit:
- www.google.com/policies/technologies/ads/
- www.google.de/policies/privacy/
13.3 Google Dynamic Remarketing
This function serves to present to visitors to the Website interest-specific advertisements for “similar target groups” within the Google advertising network. The browser of the Website user stores cookies which render the user recognisable when they return to Websites which belongs to the Google advertising network. On these pages, the user can then be presented with advertisements relating to the content the visitor viewed previously on Websites that use the Google Remarketing function. By its own account, Google does not collect any personal data in this process.
Option to object
If you still do not wish to have the Google Remarketing function on your computer, you can deactivate it generally by making the corresponding settings at www.google.com/settings/ads.
Alternatively, you can deactivate the use of cookies for interest-specific advertising via the Advertising Network Initiative (NAI) by following the instructions at www.networkadvertising.org/managing/opt_out.asp.
For more detailed information about Google Remarketing and the Google data protection statement, please visit: www.google.com/privacy/ads/ .
13.4 DoubleClick by Google
DoubleClick by Google also uses cookies to offer you advertisements of interest specifically to you. In this case, a pseudonymised ID number is assigned to your browser to check which
advertisements have been shown in your browser and which advertisements were accessed. The cookies contain no personal information. The use of the DoubleClick cookies only enables Google and its partner Websites to switch advertisements based on the previous visits to our or other Internet websites. The information generated by the cookies is transmitted to a server in the USA and stored there by Google for analysis. By using our Websites, you state that you agree to the processing of data collected about you by Google as well as the methods by which the data is processed and the stated purpose thereof as described above.
Option to object
You can deactivate the DoubleClick cookies by making the appropriate settings in Google directly:
www.google.com/settings/ads or
on a deactivation page of the network advertising initiative (NAI):
www.networkadvertising.org/managing/opt_out.asp
14. Data transfer
For the purposes described in Section 3.1, your data is also transmitted to the responsible offices of OVD Kinegram and to affiliates of OVD Kinegram if this is necessary in order to fulfil the stated purposes and thus conforms to the legal permission regulations or if you have given your consent for the transmission.
We are permitted to forward personal data to third parties if for example participations in promotional activities or competitions etc. are jointly offered by us with a third party provider. In these cases you will be advised in a separate notice that your personal data will be sent to third parties before it is transmitted.
We use external service providers in some cases to process your personal data. These providers have been selected by us with extreme care and engaged in writing. They are bound by our instructions and are reviewed by us regularly. The service providers will not communicate this personal data to third parties.
Furthermore, we ensure that your personal data is not communicated to third parties unless we are obliged to do so by law or unless you have explicitly stated that we may do so.
15. Notes on data security
15.1 Data security on the Internet
The Worldwide Web is a publicly accessible system. If personal data is divulged online, this data is transmitted at the user’s risk. The data can be lost in transit or may fall into the hands of unauthorised third parties. OVD Kinegram has adopted measures to guarantee the confidentiality and security of your personal data.
Your data is protected conscientiously from being lost, destroyed, falsified, manipulated or exposed to unauthorised access or unauthorised disclosure e.g., by the following methods:
- If you transmit your personal data to us via our Website or in an email, it will only be used for the purpose stated in Section 3.1.
- Our employees are bound individually to observe a duty to confidentiality and are obliged to observe the principles of data secrecy.
- Our security measures reflect the current state-of-the-art as far as reasonably possible.
- The security of our systems is checked regularly, so that we can permanently protect the data entrusted to us from any damage, loss or access.
- The data protection officer works continuously to ensure that the provisions of the law are maintained.
15.2 Recommendations for improving your personal data security
- You can configure your browser so that you are informed as soon as cookies are to be set, so that you can accept them globally or on a case by case basis, or reject them globally (see Section 13).
- You can see whether an Internet connection is secure, among other things, from the address. If the address begins with https, this indicates that the connection is secure (e.g. 'https://example.de'). We are making every effort to convert all of our Websites to https where this has not yet been done. Another indicator is the symbol of a locked padlock in the bottom icon tray of your browser.
- We will never ask you to communicate confidential data such as a PIN number or your password by email, over the phone or by SMS, nor will we ask you to return or specify this data or enter access data directly.
16. Rights of data subjects
If personal data about you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights in respect of the controller. Regarding this matter, please contact our data protection officer using the contact information provided in Section 2.2
16.1 Right to information
You have the right require that we provide you with information about the personal data we have stored relating to you.
16.2 Right to rectification
You have the right to require that personal data relating to you be corrected and/or completed immediately.
16.3 Right to restriction of processing
You have the right to require that the processing of your personal data be restricted if you are contesting the accuracy of the data, if the processing is unlawful but you reject the option to have it erased and we do not need the data any more but you need it to enforce, exercise or defend your legal rights or you have submitted an objection to the processing in accordance with Art. 21 Para. 1 GDPR. If the processing of the personal data relating to you has been restricted, apart from saving it, this data can only be processed with your consent or in order to enforce, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of substantive public interest of the union or of a member state. If the restriction of processing has been restrained pursuant to the above conditions, you will be informed by us before the restriction is cancelled.
16.4 Right to erasure (“right to be forgotten”)
You have the right to request the erasure of personal data relating to you that is stored with us, unless it is essential for the exercise of the right to the free exchange of opinion and information, processing to fulfil a legal obligation for reasons of public interest or for enforcing, exercising or defending legal rights.
16.5 Right to notification
If you have exercised your right to rectify, erase or restrict processing (16.2-16-4), we will notify all recipients to whom we have disclosed personal data relating to you of this rectification or erasure of the data or of the restriction of processing thereof unless this proves impossible or is associated with unreasonable additional effort.
16.6 Right to data portability
You have the right to have personal data that you provided to us delivered to you or a third party in a structured, standard, machine-readable format. If you require that the data be transmitted directly to another controller, this will only be done if it is technically possible.
16.7 Right to object
If your personal data is processed on the basis of legitimate interests as stipulated in Art. 6 Para. 1 letter f GDPR, you have the right to file an objection to the processing pursuant to Art. 21 GDPR. The controller will discontinue processing personal data relating to you unless it can prove the existence of compelling reasons worthy of protection for continuing to process it which outweigh your interests, rights and freedoms or if processing serves the cause of enforcing, exercising or defending legal rights.
16.8 Right to withdraw consents relating to data protection law
You have the right to withdraw your consent under data protection law at any time with effect for the future. The data that is collected before such withdrawal becomes legally enforceable is unaffected thereby.
16.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular within the Member State of your habitual
residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
17. Updating of this Data Protection Statement
It may be necessary (e.g., in the light of changes to the law) to update our Data Protection Statement. We therefore reserve the right to amend or supplement this Data Protection Statement whenever necessary. We will publish the change here. We therefore recommend that you review this Data Protection Statement regularly to ensure that your knowledge is up to date.
Data Protection Statement
KINEGRAM® Apps
We at OVD Kinegram AG attach immense importance to data protection, that is to say the protection of YOUR personal data. We treat your personal data in confidence and in compliance with the statutory data protection regulations and this Data Protection Statement.
1. Scope
This Data Protection Statement applies for the usage of OVD Kinegram application (the "App") for which OVD Kinegram is considered the controller (see Section 2).
2. Controller and contact information for the data protection officer
2.1 Controller
As defined in the EU General Data Protection Regulation (GDPR) as well as other national data protection laws of the member states, and other data protection provisions, the controller is:
OVD Kinegram AG
Zählerweg 11
CH-6300 Zug, Switzerland
Phone +41 41 555 20 00
Fax +41 41 555 20 20
dsb@kinegram.com
2.2 Contact information for the data protection officer
You can contact the controller's data protection officer at the following address:
Hermann Bissig
Observar AG
Lindenstrasse 10
CH-6340 Baar
hermann.bissig@observar.ch
3. Principles of processing personal data
3.1 Scope of personal data processing
As a general rule we do not process our users' personal data unless it is necessary to enable us to present a functioning App. As a matter of course, our users' personal data is not processed without the user's consent. One exception would be cases in which it is not possible to obtain the consent beforehand for practical reasons, and/or if processing of the data is permitted by legal provisions.
In particular, your data is processed for the following purposes:
- Calculating App usage levels
- Helping diagnose server and performance problems
3.2 Legal basis for processing personal data
If we obtain consent from the data subject to carry out processing operations on personal data, our activities are governed by Art. 6 Para. 1 letter a GDPR as the legal basis therefor. If it is necessary to process personal data in order to fulfil a contract to which the data subject is a contracting party, our activities are governed by Art. 6 Para. 1 letter b GDPR as the legal basis. This also applies for processing activities essential for pre-contractual arrangements, in response to enquiries about our products or services, for example. If we need to process personal data to comply with a legal obligation to which our company is subject, (e.g., tax obligations), the legal basis for this is Art. 6 Para. 1 letter c GDPR. If it is essential to process personal data to protect the vital interests of the data subject or another natural person, the legal basis therefor is Art. 6 Para. 1 letter d GDPR. If such processing is essential in order to safeguard the legitimate interests of our company or of a third party and these interests are not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 Para. 1 letter f GDPR serves as the legal basis therefor. This applies e.g. to collections and analyses for statistical purposes, which we carry out to optimise our web offerings.
3.3 Retention period and erasure of personal data
We only process and store your personal data for the period necessary to fulfil the purpose for which it is stored. When its purpose has been fulfilled or ceases to exist, your personal data is erased or blocked. It can be stored for longer than this if such provisions appear in the European or national legislatures in legally binding ordinances, laws or other regulations of the European Union to which the controller is subject. The data is also blocked or erased when a retention period stipulated in the aforementioned norms expires, unless there is a pressing need for continued retention of the data to enable the conclusion or fulfilment of a contract.
4. Collected Data
In the context of using the App, the following data may be captured:
- Access to the App (date and time)
- Mobile Device Type
- Generated device ID
- The operating system you use
- Your IP address, which is assigned to your computer by your Internet service provider for when you connect to the Internet
- GPS coordinates
- Type of the scanned passport
- Contact details through forms, such as phone number
In rare cases, this (technical) data in the logfiles may be personal data. The temporary storage of the IP address by the system is necessary to enable the App to be delivered to the user's device. To allow this, the user's IP address has to remain stored for the duration of the session. As a rule, however, we only use this data if it is absolutely necessary for technical reasons to ensure operation and protect our Apps from attacks and misuse; in pseudonymised or anonymised form it is also used for purposes of advertising, market research and to help us design our services to meet current needs. This is why users' IP addresses are stored as a technical precaution for a period not exceeding 7 days. They may be stored for longer. In this case, the users' IP addresses are erased or masked so that it is no longer possible to make a connection to the accessing client. This data is not stored together with any of the user's personal data.
The legalbasis for temporary storage of the abov mentioned data is Art. 6 Para. 1 letter f GDPR.
The capture of the data in order to deliver the App and storage of the data in logfiles are both essential for enabling operation of the App. Consequently, the user has no right of objection in this case.
5. GPS coordinates
We collect the GPS coordinates where your device is located, when you are using the scan function of your App. On first launch, the App will therefore request to allow the use of your location data. If technically supported by your mobile device, you may turn off the use of location data in the settings of your mobile device at any time.
6. Other Non-Personal Data
The "Operating system", the "Mobile Device Type" and the "Browser Version" (when scanning with laptop or PC) are automatically collected when using the scan function of your App. However such information is not assigned to and cannot be linked to a specific person. We use this information to determine the attractiveness of our App and improve its performance or content. We do not collect your mobile device user name, the International Mobile Equipment Identity number or other mobile device identi?cation (e.g. UDID), the Serial number or the Model number of your mobile device.
7. Data transfer
For the purposes described in Section 3.1, your data is also transmitted to the responsible offices of KURZ and to affiliates of KURZ if this is necessary in order to fulfil the stated purposes and thus conforms to the legal permission regulations or if you have given your consent for the transmission.
We use external service providers in some cases to process your personal data. These providers have been selected by us with extreme care and engaged in writing. They are bound by our instructions and are reviewed by us regularly. The service providers will not communicate this personal data to third parties.
Furthermore, we ensure that your personal data is not communicated to third parties unless we are obliged to do so by law or unless you have explicitly stated that we may do so.
8. Rights of data subjects
If personal data about you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights in respect of the controller. Regarding this matter, please contact our data protection officer using the contact information provided in Section 2.2
8.1 Right to information
You have the right require that we provide you with information about the personal data we have stored relating to you.
8.2 Right to rectification
You have the right to require that personal data relating to you be corrected and/or completed immediately.
8.3 Right to restriction of processing
You have the right to require that the processing of your personal data be restricted if you are contesting the accuracy of the data, if the processing is unlawful but you reject the option to have it erased and we do not need the data any more but you need it to enforce, exercise or defend your legal rights or you have submitted an objection to the processing in accordance with Art. 21 Para. 1 GDPR. If the processing of the personal data relating to you has been restricted, apart from saving it, this data can only be processed with your consent or in order to enforce, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of substantive public interest of the union or of a member state. If the restriction of processing has been restrained pursuant to the above conditions, you will be informed by us before the restriction is cancelled.
8.4 Right to erasure ("right to be forgotten")
You have the right to request the erasure of personal data relating to you that is stored with us, unless it is essential for the exercise of the right to the free exchange of opinion and information, processing to fulfil a legal obligation for reasons of public interest or for enforcing, exercising or defending legal rights.
8.5 Right to notification
If you have exercised your right to rectify, erase or restrict processing (15.2-15-4), we will notify all recipients to whom we have disclosed personal data relating to you of this rectification or erasure of the data or of the restriction of processing thereof unless this proves impossible or is associated with unreasonable additional effort.
8.6 Right to data portability
You have the right to have personal data that you provided to us delivered to you or a third party in a structured, standard, machine-readable format. If you require that the data be transmitted directly to another controller, this will only be done if it is technically possible.
8.7 Right to object
If your personal data is processed on the basis of legitimate interests as stipulated in Art. 6 Para. 1 letter f GDPR, you have the right to file an objection to the processing pursuant to Art. 21 GDPR. The controller will discontinue processing personal data relating to you unless it can prove the existence of compelling reasons worthy of protection for continuing to process it which outweigh your interests, rights and freedoms or if processing serves the cause of enforcing, exercising or defending legal rights.
8.8 Right to withdraw consents relating to data protection law
You have the right to withdraw your consent under data protection law at any time with effect for the future. The data that is collected before such withdrawal becomes legally enforceable is unaffected thereby.
8.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular within the Member State of your habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
9. Updating of this Privacy Notice
It may be necessary (e.g., in the light of changes to the law) to update our Privacy Notice. We therefore reserve the right to amend or supplement this Privacy Notice whenever necessary. In case we decide to change this Privacy Notice, you may be prompted to accept changes to this Privacy Notice during subsequent updates to the App. No update to this Privacy Notice shall apply to you without your prior consent.
20.02.2023, 11:04