The following information is to be provided pursuant to Art. 13 et sqq. GDPR where personal data are collected from the data subject.
Compliance Essentials GmbH
Lochhamer Str. 31
We process personal data for the performance of the contract with registered users of our GDPR-Portal as well as for processing support requests. Personal data is generally processed in accordance with Art. 6 para. 1 lit. f GDPR. A data protection impact assessment has been conducted with the conclusion that the interests of the data subjects do not override the interests of the contract parties, in part due to the technical and organisational measures taken. In cases where a natural person commissions us to process their own personal data, such processing is done in accordance with Art. 6 para. 1 lit. b GDPR. In case of a registration in the GDPR portal the following data is processed:
If you request support for the usage of the GDPR-portal, your data is processed to for working on your request and for the case, that follow up questions arise.
For technical reasons as a registered user of the GDRP-Portal while signing in and after the sign-in procedure a limited amount of data (so-called connection data) is processed each time when accessing the GDPR-Portal. This data is technically required in order to establish and execute a connection between your end device and our servers as well as for the functionality of the services we offer. This data is also processed to keep the user session alive and to prevent unauthorized access to this session. We process the following data for the purposes described in accordance with Art. 6 para. 1 lit. f GDPR:
A session cookie will be placed on your device after signing in to the GDPR-Portal. This cookie is used for securing your log-in sessions and keeping it alive.
Furthermore, we process personal data of visitors to the GDRP-portal in order to improve its quality and content. The analysis of the usage is done with the help of the tool Matomo, which we host ourselves. Your IP address will only be processed in abbreviated form and is thus anonymized. A conclusion to a certain person is therefore not possible. The processing of personal data takes place regularly on the basis of Art. 6 para. 1 lit. f DSGVO. A data protection impact assessment has been conducted with the conclusion that the interests of the data subjects do not override the interests of us to improve the quality and content of the GDRP-Portal, in part due to the technical and organisational measures taken. If you do not want the processing for analysis purposes, you can object or withdraw your objection at any time by clicking on the following button:
In this case, an opt-out cookie will be set in your browser to prevent the collection of usage data. Please note that this setting is only valid within your browser and only works if cookies are permitted. If you use a different browser, an opt-out cookie must also be set here to prevent the collection of usage data. In case all cookies are deleted in your browser, the opt-out cookie must be again.
We may transfer personal data to the following categories of recipients:
Personal data will not be transferred to countries outside of the European Union or the EEA. Data is processed on servers located in Germany only.
Compliance Essentials employs the legally required technical and organisational measures to protect personal data from loss, destruction, manipulation, theft and other unauthorised access.
Personal data will be stored only as long as it’s required for the fulfilment of the purposes for which the data was collected originally and to establish, execute or defend legal claims, or as long as it is legally required. The legal requirements for retention periods primary result from trade and tax law (particularly sections 147 AO and 257 HGB). Data due for deletion respectively after omission of legal claims will be securely erased in accordance with all legal requirements.
You may exercise the following rights as a data subject:
If you want to exercise your rights please send your request via email or letter post to the contact details specified above.
Pursuant to Art. 77 para. 1 GDPR you may engage a supervisory authority with a complaint at any time. The Bayerische Landesamt für Datenschutzaufsicht, Postfach 1349, D-91504 Ansbach is in charge of as generally. Alternatively you may contact your local supervisory authority.