We are delighted by your interest in the online offer provided by hystreet.com GmbH. The protection of your privacy is an important issue for us. In the following, we would like to inform you about the handling of personal data when our website at https://hystreet.com is used. Personal data are to be understood as all data that can be related to you personally, e.g. name, address and e-mail address.
For easier orientation, we have divided the following information into the sections (A) Basic information, (B) Visiting our website, (C) Use of our services and (D) Rights of the data subject.
The controller of the data processing within the meaning of article 4.7 of the EU General Data Protection Regulation (GDPR) is:
hystreet.com GmbH Oppenheimstrasse 9 50668 Köln / Cologne, Germany
Telephone: +49 221 77204-251 Fax: +49 221 77204-40
E-mail: datenschutz( at )hystreet.com
You can find more information and additional legal advice in our Imprint.
We are not obliged to appoint a company data protection officer. If you have any questions about legal data protection issues, you may send us your queries using the contact data detailed above.
We protect our website and systems from loss, destruction, access to, alteration or disclosure of your personal data by unauthorized persons by means of technical and organizational measures.
In connection with visits of our website, data that could possibly enable identification (e.g. IP address) will be temporarily stored on our servers for data and system security purposes, but principally no longer than for ten days. The processing of data that could be related to the person for purposes of data and system security is based on GDPR article 6.1.f and our legitimate interest in protecting our systems and preventing misuse.
3.1 Personal data shall only be processed for the period required to fulfil the respective storage purpose or by laws or regulations that apply to us (e.g. retention requirements under commercial or tax law). If a storage purpose no longer applies or a statutorily required storage period expires, the personal data in question shall be routinely deleted in keeping with the statutory requirements, or their processing shall be restricted (e.g. limited processing as part of retention requirements under commercial or tax law).
3.2 The processing of personal data because of a legal duty, namely the fulfilment of statutory retention obligations, is based on GDPR article 6.1.c. Insofar as personal data as per GDPR article 6.1.f are processed for the purpose of preserving evidence, these processing purposes shall lapse upon expiry of the statutory limitation periods, with the regular statutory limitation period amounting to three years.
If you use our website for information only and do not provide us with personal data in any other way, data that are relatable to your person could still accrue from your browser transmitting them to our server. We moreover also use the tracking tool INFOnline.
1. Technical website provision When you visit our website, we collect the following data, which are technically required by us to display our website to you and maintain the stability and security of our online offer:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (actual page)
- Access status/HTTP status code
- Respectively transmitted data volume
- Website from which the request is made
- Operating system and its interface
- Language and version of the browser software.
The legal basis for this collection and processing is GDPR article 6.1.f. Our legitimate interest resides in the provision of a functional website offer and its system security.
You can prevent the installation of cookies in the settings of your internet browser or also set your browser to informing you as soon as cookies are sent. In addition, you can also delete already installed cookies by means of an internet browser or other software program. Please note, however, that you may not be able to use all the functions of our or other online offers if you deactivate cookies in your internet browser.
Our application uses the "SZMnG" measurement system provided by INFOnline GmbH (https://www.INFOnline.de) to determine statistical parameters concerning the use of our offers. This usage measurement is aimed at determining the usage intensity, number of usages and users of our application, as well as their surfing behaviour statistically – based on a consistent standard procedure – and thus at obtaining data that are comparable across the market.
The usage statistics for all digital offers that are members of the German Audit Bureau of Circulation (IVW – http://www.ivw.eu) or take part in studies by the Working Group for Online Media Research (AGOF - http://www.agof.de) are regularly converted into reaches by AGOF and the media analysis working group agma (agma - http://www.agma-mmc.de) and published with the performance value "unique users", as well as by the IVW with the performance values "page impressions" and "visits". These reaches and statistics may be viewed at the respective websites.
The measurement using the SZMnG measuring process provided by INFOnline GmbH is performed with a legitimate interest as per GDPR article 6.1.f.
The personal data are processed for the purpose of creating statistics and defining user cate-gories. The statistics enable us to track and document the use of our offer. The user categories form the basis for an interest-oriented provision of advertising materials and/or promotional measures. A usage measurement that ensures comparability with other market participants is indispensable for marketing this application. Our legitimate interest arises from the economic exploitability of the findings obtained from the statistics and user categories and the market value of our application – also in direct comparison with third-party applications - derivable by means of the statistics.
We also have a legitimate interest in providing the pseudonymized data to INFOnline, AGOF and IVW for market research (AGOF, agma) and statistical purposes (IVW, INFOnline). And we furthermore also have a legitimate interest in providing the pseudonymized data to INFOnline for the further development and provision of interest-oriented advertising materials.
INFOnline GmbH collects the following data regarded as person-related under the GDPR:
- IP address: Every appliance needs a unique address for data transmission in the internet, the so-called IP address. Storing the IP address for a short while at least is technically required by the way the internet works. The IP addresses are truncated before any processing takes place and only processed further in an anonymized fashion. There is no storage or processing of untruncated IP addresses.
- A device identifier: To recognize devices again, the reach measurement uses unique de-vice identifiers, or a signature created from various automatically transmitted data of your appliance. A measurement of the data and subsequent attribution to the respective identifier may also be possible when you open other applications that also use the "SZMnG" measuring process provided by INFOnline GmbH. The following unique identifiers may be transmitted to INFOnline GmbH as hashes:
- Advertising identifier
- Installation ID
- Android ID
- Vendor ID
The INFOnline GmbH measurement process used in this application collects usage data. This happens to determine the performance values "page impressions", "visits" and "clients" and generate other parameters from them (e.g. qualified clients). In addition to this, the measured data are also used as follows:
- So-called geolocalization, i.e. tracing of your website visit to the place where it is displayed, is only applied on the basis of the anonymized IP address and only down to the geographical level of the German Länder/regions. The geographical information obtained this way cannot be used to draw conclusions about a user's actual place of residence in any case.
- The usage data of a technical client (e.g. a browser in a device) are merged across applications and stored in a database. These data are used for the technical estimation of the social information age and gender and provided to the service providers of AGOF for further reach processing. In the AGOF study, a random sample is used for the technical estimation of social features: age, gender, nationality, occupation, marital status, general information on the household, household income, place of residence, internet use, online interests, place of use, user type.
The full IP address is never stored by INFOnline GmbH. The truncated IP address is stored for 60 days maximum. The usage data in combination with the unique identifier are stored for a maximum of 6 months.
Neither the IP address nor the truncated IP address are disclosed. To create the AGOF study, data with client identifiers are disclosed to the following service providers of AGOF:
- Kantar Deutschland GmbH (https://www.tns-infratest.com/)
- Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
- Interrogare GmbH (https://www.interrogare.de/)
See section D (below).
We offer our users a separate opt-out option in our website. This serves to install a cookie in your system that signals to our system not to store the user's data: Opt-Out
Further information on the data protection in the measuring process is available from the website of INFOnline GmbH (https://www.infonline.de), which operates the measuring system, from the data protection page of AGOF (http://www.agof.de/datenschutz) and from the data protection page of IVW (http://www.ivw.eu).
We offer you various options in our website for getting in touch with us or sending us messages. You can especially also contact us by telephone or e-mail. If you contact us in this manner, we shall store and process the data communicated by you (e.g. your e-mail address, possibly your name and telephone number) to process your request. The legal basis insofar are GDPR articles 6.1.b and 6.1.f. Our legitimate interest resides in an efficient and structured registration and processing of requests. We delete the collected data as soon as their storage is no longer required or restrict their processing if they are subject to statutory retention requirements.
In the registration process, we collect the first name, name, company name (optional), e-mail address (jointly referred to as the "person master data"), your confirmation that you are 16 years of age, and the password you need to enter. The password only serves for system login (see also section C.2.2 below).
We use the person master data for contract performance purposes and customer care, including communication. The legal basis for this is GDPR article 6.1.b. The data are also processed in keeping with GDPR article 6.1.c for the purpose of fulfilling legal obligations, namely compliance with statutory retention obligations, and in keeping with GDPR article 6.1.f for documentation purposes and the preservation of evidence. We furthermore process personal data of our users in keeping with GDPR article 6.1.f for customer relations purposes. This data processing is based on our legitimate interest in optimizing the information offered, being able to provide customers and/or business partners with interest- and needs-oriented information, and refining our service offer. For details of the right to object to data processing for direct marketing purposes, see section D below.
If you have registered for the login area, we shall store your e-mail address and the login password. You can then simply log in with your e-mail address and password in the future. We use these data for the described purposes of offering you this service. This login option exists for the duration of the usage relationship, unless the account is terminated. The legal basis is GDPR article 6.1.b insofar.
Based on the consent provided to us in the registration process, which is revocable at any time with effect for the future, we collect information on the evaluations and exports undertaken by registered users in the login area. This includes information on the locations, periods and dimensions viewed by the users, in order to create usage statistics, especially, on the basis of these data, and gain knowledge about the attractiveness of the locations in question. The legal basis is provided by GDPR article 6.1.a.
We only process and store personal data of registered users for the period required to fulfil the purpose of their storage or for as long as required by laws or regulations that the controller of the processing is subject to, e.g. by retention periods under commercial or tax law. If personal data are processed as per GDPR article 6.1.f for the purpose of preserving evidence, these processing purposes shall lapse upon expiry of the statutory limitation periods, with the regular statutory limitation period amounting to three years. If the storage purpose lapses or one of the statutorily required storage periods the controller of the processing is subject to expires, the personal data shall be routinely deleted in keeping with the statutory requirements, or their processing shall be restricted.
We are happy to inform you on your rights under the GDPR as a "data subject". According to this, you are vested with the following rights with respect to the personal data relating to you:
- Right to information (GDPR article 15.1 and 15.2)
- Right to rectification (GDPR article 16) and/or erasure (GDPR article 17)
- Right to restrict the processing (GDPR article 18)
- Right to data portability (GDPR article 20)
- Right to object to the processing (GDPR article 21)
- Right to withdraw your consent (GDPR article 7.3)
- Right to lodge a complaint with a supervisory authority (GDPR article 77)
We have also summarized the key aspects of your rights as a data subject under the GDPR for you supplementary below, with this presentation laying no claim to completeness, but only addressing the main features of the rights of data subjects under the GDPR:
- Right to information (including the right to confirmation and rights to data access)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.
The data subject shall have a right to access the personal data concerning him or her and to the following information:
- the purposes of the processing;
- the categories of the personal data being processed;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in GDPR articles 22.1 and 22.4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject;
- where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to GDPR article 46 relating to the transfer. The data subject has a right to be provided with a copy of his or her personal data undergoing processing.
- Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to restrict the processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or
- the data subject has objected to processing pursuant to GDPR article 21.1 pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Right to erasure
The data subject shall have the right, subject to the statutorily required necessity of data processing (see GDPR article 17.3 for exceptions), to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to GDPR articles 6.1.a or 9.2.a and there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to GDPR article 21.1 and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to GDPR article 21.2.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in GDPR article 8.1.
- Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hin-drance from the controller to which the personal data have been provided, where the processing is based on a consent or on a contract pursuant to GDPR article 6.1.b and the processing is carried out by automated means. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
- Right to withdraw consent
The data subject shall have the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority
Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The data protection supervisory authority of relevance for us is: LDI – Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (North-Rhine Westphalian Commissioner for Data Protection and Freedom of Information), Kavalleriestr. 2-4, 40213 Düsseldorf.
- Separate information on objection rights as per GDPR article 21.1.2
You have the right to object, at any time and on grounds relating to your particular situation, to the processing of your personal data based on GDPR articles 6.1.e or 6.1.f, including profiling based on those provisions. If you object, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
If you wish to exercise your rights as a data subject or have general questions concerning data protection, you may contact us anytime. Please see the information provided in section A.1 or the Legal notice of our website for our contact details.
Version dated: 10/08/2018