Privacy Policy

1. Name and address of the controller

Controller according to the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

managetopia GmbH
Fuerstenwall 228
40215 Dusseldorf
Germany
Tel.: +49 (0) 211 54012250
E-Mail: info@managetopia.com

The data protection officer may be reached under:
managetopia GmbH
Data Protection Officer
Fuerstenwall 228
40215 Dusseldorf
Germany
Email: dsb@managetopia.com

2. General Information on Data Processing

a. Description and scope of the processing of personal data
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases where a previous request for consent is not possible for factual reasons and the processing of the data is permitted by law.

b. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6, par. 1 (a) of the EU General Data Protection Regulation (GDPR) acts as legal basis. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 par. 1 (b) GDPR acts as legal basis. This also applies to processing operations required to carry out pre-contractual actions. 

If processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 par. 1 (c) GDPR acts as legal basis.

In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 par. 1 (d) GDPR acts as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail over the former interests, Art. 6 par. 1 (f) GDPR acts as legal basis.

c. Data deletion and period of data storage
The personal data of the data subject will be deleted or made unavailable to users as soon as the purpose of the storage no longer applies. Personal data may be stored for a longer period of time when this is allowed or required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Data will also be deleted or made unavailable if the storage period prescribed by the said standards expires, unless there is a need for further storage of the data for a contract or fulfillment of a contract.

3. Collection of personal data and creating log files 

a. Description and scope of the processing of personal data
Each time our website is accessed, our system automatically collects data and information from the calling computer system, such as browser type, operating system, IP address, etc.

This data is also stored in the log files of our system. The data are not stored together with other personal data of the user.

b. Legal basis for the processing of personal data
The legal basis for the temporary storage of data and log files is Art. 6 par. 1 (f) GDPR. 

c. Purpose of data processing
Temporary storage of the IP address by the system is necessary to allow delivery of the website to the user's computer. To do this, the user's IP address must be kept for the duration of the session.

This also describes our legitimate interest in processing these data according to Art. 6 par. 1 (f) GDPR.

d. Period for which data will be stored
The data will be deleted as soon as it is no longer needed. In the case of the collection of data for the provision of the website, this is the case when the respective session is finished.

In case of storing the data in log files, this is the case after no more than seven days. If further storage is needed, the IP addresses of the users are deleted or anonymized so that an assignment of the calling client is no longer possible.

e. Right to object
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Therefore it is not possible for the user to object to it when using our website.

4. Use of cookies

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's computer system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after navigating to a different page.

Our cookies are only valid for a short period of time and do not contain any personal information.

The following cookies are used on our website:

Cookie Name Technically Necessary Expiry Purpose
cookielawinfo-checkbox-necessary X 1 year This cookie is used for the GDPR Cookie Consent plugin. This cookie is used to display the "Necessary" category. It does not store personal identifiable information about visitors and is not used for advertising, marketing or similar purposes.
itsec_interstitial_browser X Until Session Ends This third-party cookie from iThemes is a security layer used to protect our website.
MATOMO_SESSID X Until Session Ends The session id cookie from third party matomo is used to activate anonymous tracking on our website. This session id cookie does not capture any personal information, nor cannot connect multiple visits to the site by the same visitor. This cookie will expire after the session is ended.
viewed_cookie_policy X 1 year This cookie is used for the third party GDPR Cookie Consent plugin. This cookie displays the cookie banner listed on the website. It does not store any personal identifiable information.
wordpress_test_cookie X Until Session Ends This cookie is set by WordPress to check if cookies are supported by the user’s browser.

5. Contact Forms and Email Contact

a. Description and scope of the processing of personal data
Our web site contains a contact form which you may use to contact us. In this case, the data entered will be transmitted to us and stored.

In addition to the data entered, the following data will be stored when sending a message:

  • IP address of the calling computer
  • Date and time of sending the message

When sending a message via the contact form, you will be asked to give your consent to the processing of these data, and a reference to this policy will be provided.

To contact us, you may alternatively use the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

Data transmitted are not encrypted and users are asked not to send any confidential personal data via email.

In this context, there is no disclosure of data to third parties. The data is used exclusively for processing the conversation.

b. Legal basis for the processing of personal data
In the presence of consent by the user according to Art. 6 par. 1 (a) GDPR, this forms the legal basis for the processing of personal data.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 par. 1 (f) GDPR. In case the e-mail contact aims at the conclusion of a contract, additional legal basis for processing is Art. 6 par. 1 (b) GDPR.

c. Purpose of data processing
The processing of the personal data from the input form serves only to process the contact. In case of contact by e-mail processing the contact is also the legitimate interest to process the data.

Any other personal data processed during the posting process is intended to prevent misuse of the contact form and to ensure the security of our IT systems.

d. Period for which data will be stored
The data will be deleted as soon as it is no longer needed to achieve its purpose. In the case of personal data from the contact form and those sent by e-mail, this is the case when the conversation with the user ends. The conversation ends when circumstances allow us to conclude that the issue has been finally clarified.

Additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

e. Right to object
Users may revoke their consent to the processing of personal data at any time. If the user has contacted us by e-mail, he can do so at any time. In such a case, the conversation can not be continued.

All personal data collected in the course of the conversation will be deleted in this case.

6. Rights of the Data Subjects

If your personal data is processed, you are a data subject in the sense of GDPR and have the following rights towards us as the controller:

a. Right to confirmation
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is performed, you may request the following information from the controller:

  1. The purposes for which the personal data are processed;
  2. The categories of personal data processed;
  3. The recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
  4. The planned period for which personal data concerning you will be stored, or, if this information is not available, criteria for determining the period for which data will be stored;
  5. The existence of the right to rectification or erasure of personal data concerning you, of the right to restriction of processing performed by the controller, and the right to object to this processing;
  6. The existence of a right of appeal to a supervisory authority;
  7. All available information regarding the source of the data if the personal data is not collected from the data subject;
  8. The existence of automated decision-making including profiling according to Art. 22 par. 1 and 4 GDPR and – in relevant cases – meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal data relates to a third country or an international organization. In this context, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

b. Right to rectification
You have a right of rectification and / or completion towards the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

c. Right to restrict processing
You may request the restriction on the processing of personal data concerning you under the following conditions:

  1. If you contest the accuracy of your personal data, processing will be restricted for a period of time that enables the controller to verify the accuracy of your personal data;
  2. The processing is unlawful and you reject the deletion of personal data and instead demand the restriction of the use of personal data;
  3. The controller no longer needs personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
  4. If you have objected to the processing in accordance with Art. 21 (1) GDPR and it is not yet certain whether the legitimate interests of the controller outweigh your legitimate interests.

If the processing of personal data concerning you has been restricted, such data may be used – apart from their storage – only with your consent or to Asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for the sake of an important public one Interest of the Union or of a member state.

If processing was restricted based on the conditions listed above, you will be informed by the controller before the restriction is lifted.

d. Right to erasure (to be forgotten)

a) Deletion Obligations
You may require the controller to delete your personal data without delay, and the controller is required to delete this data immediately if one of the following is true:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent to the processing in accordance with. Art. 6 par. 1 (a) or Art. 9 par. 2 (a) GDPR and there is no other legal basis for processing.
  3. You file an objection against the processing in accordance with Art. 21 par. 1 GDPR and there is no prior justifiable reasons for the processing, or you file an objection against the processing in accordance with Art. 21 par. 2 GDPR.
  4. Your personal data has been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
  6. The personal data relating to you were collected in relation to information society services offered in accordance with Art. 8 par. 1 GDPR.

b) Information to Third Parties
If the controller has made the personal data concerning you public and is required to delete them according to Art. 17 par. 1 GDPR, the controller will – taking into account the technology available and the cost of implementation – take appropriate measures, including technical ones, to inform the controllers which process these personal data that you as the data subject require them to delete all links to these personal data as well as copies or replicas of these personal data.

c) Exceptions
The right to delete does not apply if processing is required for the following:

  1. To exercise the right to freedom of expression and information;
  2. To fulfill a legal obligation which requires processing under the law of the Union or of the member states to which the controller is subject, or performing a task in the public interest or in the exercise of public authority delegated to the controller;
  3. For reasons of public interest in the field of public health pursuant to Art. 9 par. 2 (h) and (i) and Art. 9 par. 3 GDPR;
  4. For archival purposes which are in the public interest, for scientific or historical research purposes or for statistical purposes according to Art. 89 par. 1 GDPR, insofar as the right to freedom of expression and information as listed above is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. To assert, exercise or defend legal claims.

e. Right to information
If you have asserted the right to rectification, deletion or restriction of processing to the controller, the latter is obliged to notify all recipients to whom personal data concerning you have been disclosed, to inform them of this correction or deletion of data or limitation of processing, unless this proves to be impossible or is associated with a disproportionate effort.

You have a right to be informed by the controller about these recipients.

f. Data transfer
You have the right to obtain the personal data that you provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer these data to another controller without hindrance by the controller to whom the personal data were originally provided, provided that:

  1. The processing is based on consent according to Art. 6 par. 1 (a) GDPR or Art. 9 par. 2 (a) GDPR or on a contract according to Art. 6 par. 1 (b) GDPR, and
  2. Processing is done by automated methods.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another as far as this is technically feasible. Freedoms and rights of others may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task of public interest or in the exercise of public authority delegated to the controller.

g. Right to object
You have the right, at any time and for any reason whatsoever arising from your particular situation, to object to the processing of personal data relating to you if processing is based on Art. 6 par. 1 (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you, unless the controller can prove compelling legitimate grounds for processing, which outweigh your interests, rights and freedoms, or the processing is for the assertion, exercise or defense of legal claims.

If personal data relating to you is used for direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

In connection with the use of information society services – notwithstanding Directive 2002/58 / EC – you may exercise your right to object through automated procedures using technical specifications.

h. Right to revoke the declaration of consent to processing of personal data concerning you
You have the right to revoke your declaration of consent at any time. Revoking the consent will not affect the legality of any processing performed before the revocation.

i. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the GDPR.

The supervisory authority to which the complaint was lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

7. Use of matomo (former PIWIK)

Description and scope of the processing of personal data
This site uses matomo, an open source web analytics tool, to analyse the user behaviour on our web site. This software sets cookies (see above for a description of cookies) on the user's computer. If a page of this web site is called, the following data are stored:

  1. two bytes of the IP address of the calling user system
  2. the web page called
  3. the web site from where the user called this page (referrer)
  4. the pages called from the current page
  5. the duration how long the user stayed on the web page
  6. the number of calls of the web page

We have activated the "Force tracking without cookies" setting for our website. As a result, matomo will ignore all tracking cookies on server side. The matomo session id cookie is used to activate anonymous tracking on our website. This session id cookie does not capture any personal information, nor cannot connect multiple visits to the site by the same visitor. This cookie will expire after the session is ended.

The software is configured to save only part of the IP address of the users visiting our site, e.g. 192.168.xxx.xxx. As a result, mapping the abbreviated IP address to the calling system is not possible.

Data collected for analytic purposes is stored on a AWS cloud-based secured server hosted in Frankfurt, Germany where strict data protection, security, and GDPR compliance terms and regulations apply.

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 par. 1 (f) GDPR.

Purpose of data processing

The processing of users' personal data enables us to analyze the browsing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. At the same time, this is our legitimate interest in the processing of the data according to Art. 6 par. 1 (f) GDPR. By pseudonymisation of the IP addresses, the interest of users in the protection of their personal data is sufficiently taken into account.

Period for which data will be stored

The data will be deleted automatically after a maximum period of 45 days.

Right to object
Cookies are stored on the computer of the user and transmitted from there to us. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies already saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.

Interested in our portfolio? Project Inquiry? Questions related to an upcoming project?
We will find the best course of action and suitable solution to transform your business.

CONTACT