Managing Director: Jens Bäuml, Richard Malley
Commercial Register: Berlin, HRB 169071
Responsible for the content according to § 55 paragraph 2 RStV: Jens Bäuml, Richard Malley
Data protection information
of DOYSTER CAPITAL
Your personal data will be handled in accordance with the EU Data Protection Regulation ("GPDR") and other legal requirements as the basis for a trusting business relationship with our partners, customers and interested parties. We maintain the confidentiality of your personal data and guarantee the protection of your personal data through technical and organisational security measures that comply with current security standards.
1.1. The Controller responsible for the processing of the personals data according to Art 4 No 7 GDPR is
(hereinafter "Doyster" or "We")
1.2. Name and contact details of the Data Protection Officer
The data protection officer at Doyster, can be reached at email@example.com.
The data protection officer at Doyster is responsible for the processing of your personal data.
We process certain personal data for the purposes specified in this Data Protection Information on the basis of the GPDR and our legal relationship.
2.1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.3. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
2.4. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
3. TYPE OF DATA
Personal data is information relating to an identified or identifiable natural person. As part of our services, we process data about you to the extent permitted by law, always taking into account the principle of data minimisation. This applies in particular to the following information:
i. Data that you make available to us: When you use our services, you provide us with various information about you, such as your name, contact details, e-mail address and telephone number(s), account information. The data categories that you provide to us depend on your specific contractual relationship with us.
ii. Data that we collect about you: While you are using our website, we automatically collect certain data about you, such as the date and time of your visit, your IP address, data about the device which you use (e.g. browser settings; browser type, operating system, device ID).
iii. Data collected from third parties: In the course of the initiation and performance of a contact, we may also process your personal data provided to us by third parties. For example, data records of contractual partners, cooperation partners and suppliers, as well as other third parties.
iv. Special categories of personal data: In principle, we do not collect and process any special categories of personal data. Special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life, as well as genetic data, biometric data for the unambiguous identification of a natural person. Should it be necessary in individual cases to collect or otherwise process special categories of personal data, such as church membership for tax reasons, we will always process these in accordance with the GPDR and the relevant national regulations as well as the provisions of this Data Protection Information.
4. LEGAL BASIS FOR THE PROCESSING OF YOUR DATA
We process your personal data only if there is a legal basis, usually according to Art. 6, possibly Art. 9 of the GPDR and on the basis of your consent according to Art. 7 GPDR:
i. Consent pursuant to Art. 6 para. 1 sentence 1 lit. a), Art. 7 GPDR, if applicable Art. 9 para. 2 lit. a), Art. 7 GPDR: We process certain personal data only on the basis of your previously given express and voluntary consent. You have the right to revoke your consent at any time with effect for the future.
ii. Performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract pursuant to Art. 6 Para. 1 S. 1 lit. b) GPDR: For the initiation and execution of your contractual relationship with Doyster.
iii. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party pursuant to Art. 6 para. 1 sentence 1 lit. f) GPDR: Doyster processes certain personal data to protect our legitimate interests, provided that there is no reason to believe that your interests or fundamental rights and freedoms in the non-disclosure of your personal data do not prevail.
iv.We will only pass on your personal data to third parties if:
you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a) GPDR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f) GPDR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that your interests or fundamental rights and freedoms in the non-disclosure of your personal data do prevail,
in the event that there is a legal obligation to disclose your personal data pursuant to Art. 6 para. 1 sentence 1 lit. c) GPDR, and
this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b) GPDR.
5. PURPOSE OF DATA PROCESSING
We will process your personal data exclusively for purposes permitted by data protection law. This applies in particular to the purposes listed below:
i. purposes for which you have given us your prior consent;
ii. the processing for the fulfilment of our contract with you;
iii. the fulfilment of legal obligations to which we are subject;
iv. safeguarding our legitimate interests or the legitimate interests of third parties, unless your interests or fundamental rights and freedoms in the non-disclosure of your personal data predominate;
v. the assertion, exercise or defence of legal claims;
vi. Marketing and Advertising.
Your personal data may be processed, for example, for the following specific purposes:
5.1 Contract-related processing purpose
We process your personal data for the implementation of the contract concluded with you, in particular for the purposes of
i. Contract initiation: To initiate a (further) contractual relationship, we send you product and service information.
ii. Contract execution: The contract management organizes the administration and processing of the contracts between you and us.
iii. Customer care: In the context of customer care to advise you and provide support.
iv. Receivables management: We are entitled to receivables from the contracts concluded with you. In order to manage these receivables, we process your personal data (e.g. payments), especially in the case of outstanding receivables. In advance, we will contact you to clarify
v. Termination of contract: When our contractual relationship is terminated, we process your personal data within the framework of the legal retention periods.
vi. Cooperation with partners and suppliers: Doyster cooperates with partners and suppliers in the context of the performance of the contract. In order to guarantee an optimal customer service, Doyster communicates the necessary personal data to the partners and suppliers in the context of the cooperation.
5.2. Consent based processing purpose
In individual cases, we process your personal data on the basis of your declared consent to the processing.
5.3 Purpose of processing on the basis of legitimate interest:
We process your personal data to protect our legitimate interests, unless your interests or fundamental rights and freedoms in the non-disclosure of your personal data predominate:
i. Advertising and marketing: To inform you about our products and services that may be of interest to you.
ii. Services: Certain services are provided by partner companies. To enable the partner companies to perform these services in accordance with the contract, we transfer your personal data to the extent necessary for this purpose.
iii. Receivables management: The contractual relationship concluded with you may result in outstanding receivables. We will give you sufficient opportunity within the framework of our dunning system to settle these. In the event of fruitlessness, we reserve the right in individual cases to involve external lawyers or debt collection companies for the purpose of debt collection. Only information which is absolutely necessary for the collection of the outstanding debt would be transmitted.
5.4 If we intend to process the personal data for a purpose other than that for which the personal data was obtained, we will provide you with information about that other purpose and any other relevant information in accordance with this Data Protection Information prior to such processing.
6. RETENTION PERIOD FOR YOUR DATA
In accordance with Art. 17 GPDR, we only retain your personal data for as long as is necessary for the respective purposes for which we process your personal data. If we process personal data for more than one purpose, it will be automatically deleted or stored in a format that does not allow any direct conclusions to be drawn about you once the last specific purpose has been fulfilled. After the end of the term of a contract we usually delete your data after 5 years at the earliest due to banking storage obligations. If we are legally obliged to store some of your data for longer, for example due to tax obligations, we will normally delete this data 10 years after the end of the contract. A company deletion concept ensures that all your personal data is deleted in accordance with the principle of data minimization and Art. 17 GPDR.
7 TECHNICAL AND ORGANIC MEASURES FOR THE PROTECTION OF YOUR DATA
We process your personal data in accordance with the security requirements of Art. 32 GPDR. For this purpose, we have implemented appropriate technical and organisational security measures which comply with recognised IT standards and are continuously monitored. In this way, we ensure that your data is adequately protected at all times against misuse or any other inadmissible data processing.
8. DATA TRANSFER TO THIRD PARTIES
In certain cases, we will share your personal data with third parties for the purposes described in this Data Protection Information in order to implement the contract. When transmitting your personal data, we ensure that your data is processed, protected and transmitted lawfully.
8.1 Data Transfer to Cooperation Partners of Doyster
If necessary, we send your personal data to our cooperation partners, who process your data completely on our behalf and according to our instructions.
8.2 Data transfer to suppliers
For the purpose of carrying out deliveries and services, we may transfer your personal data to our suppliers.
8.3 Data transfer to other third parties
We transfer your personal data to other third parties, e.g. external service or IT providers, external consultants or cooperation partners, transport and insurance companies, if not already mentioned above, for the purposes defined in section 5 above and within the scope of statutory information and reporting obligations. Doyster will ensure that these third parties guarantee the confidentiality of your personal data. With all other third parties to whom Doyster may transfer your data, Doyster has concluded contracts for compliance with all data protection regulations.
8.4 Data transmission in non-EU member states
Where data is processed in countries outside the EU or the European Economic Area ("EEA"), Doyster will ensure that your personal data is processed in accordance with European Data Protection Standards. If necessary, we will use data transfer agreements on the basis of the EU standard contractual clauses ("SCC") or other data protection permission regulations pursuant to Art. 44 ff GPDR for the security of data transfers to recipients in third countries outside the EU or the EEA, which also ensure appropriate technical and organisational measures for the protection of the personal data transferred, unless this is a country that the EU has already officially recognised as a country that has an adequate and comparable level of data protection.
9. INDIVIDUAL DATA COLLECTIONS
9.1. SERVER LOG-IN FILES
(a) categories of data: When you visit our website, data is automatically stored in the server statistics (so-called server log files), which your browser automatically transmits to us. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL),
the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
For data protection reasons, the host name or IP address of the client accessing your website is anonymised in the log files. Only the entries for the client's host or, if this cannot be determined, the client's IP address are anonymised in the log files. The format of all other entries does not change.
b) Purpose of processing: The above data will be processed by us for the following purposes:
Ensure a well-functioning connection of the website,
To ensure a comfortable use of our website,
Evaluation of system safety and stability
for other administrative purposes.
c) Legal basis for data processing: Art. 6 Para. 1 S. 1 lit. f) GPDR. Our legitimate interest follows from the purposes listed above for the collection of data.
d) Deletion of your data: For security reasons (e.g. to clarify misuse), log file information is temporarily stored anonymously by the provider and then deleted.
CONTACT FORM AND EMAIL CONTACT
On our website a contact form is available. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:
First name and surname
The following data will also be stored at the time the form is sent:
The IP address of the user
Date and time of registration
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.
Alternatively, you can contact us via the e-mail addresses provided. In this case, the personal data transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.
Most browsers automatically accept cookies. The following data is stored and transmitted in the cookies:
The user data collected by technically necessary cookies are not used to create user profiles.
b) Purpose of processing: The purpose of this use of technically necessary cookies is to simplify the use of websites for users.
c) Legal basis for data processing: The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests
d) Duration of storage, objection and removal options
These can be found for the respective browsers under the following links:
Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
If cookies are deactivated for our website, it is possible that not all functions of the website can be used to the full extent.
Temporary cookies (session cookies) are automatically deleted when you close your browser.
9.3. THIRD-PARTY PROVIDERS
It may happen that contents or services of third parties, such as city maps of other websites, are integrated within our online offerings. For the integration of third-party content it is always precondition that the third-party provider perceives the IP address of the user, since they would not be able to send the content to the user's browser without the IP address. The IP address is therefore required for the presentation of the content. Furthermore, the providers of the third-party content can set their own cookies and process the user data for their own purposes. User profiles can be created from the processed data. We will use these contents as data-minimizing and data-avoiding as possible and select reliable third-party providers with regard to data security.
Insofar as Google services such as Google Maps are used on these Internet pages, these are carried out by a server call, possibly a Google server in the USA, even if the Google headquarters is now in Ireland. To ensure an appropriate level of protection for your personal data, Google has adopted the EU-US Privacy Shield, which is available at https://www.privacy-shield.gov/EU-US-Framework As a result of this agreement between the United States and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
We currently use services from the following third parties:
(a) categories of data: We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website such as
used operating system
Referrer URL (the previously visited page)
Host name of the accessing computer (IP address),
Time of the server request
are transferred to a Google server in Ireland and stored there. However, if IP anonymisation is enabled on this website, your IP address will be previously truncated by Google within Member States of the European Union or other EEA treaties. Only in exceptional cases will the full IP address be transmitted and truncated to a Google server in Ireland. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Objection to data collection:
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de). Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting your information across multiple devices, you must opt-out on all systems you use.
Overview of data protection: http://google.com/intl/de/analytics/learn/privacy.html, as well as the
(a) categories of data: This website links to Google Maps for interactive maps and directions. Google Maps is a map service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you use Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in Ireland When you visit a website on our website that contains Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your browser and integrated into the website by it.
Date and time of the visit to the relevant website
Internet address or URL of the website accessed
(Start) address entered during route planning
For more information, please refer to the above link (Google Services Privacy Statement).
We have no influence on the further processing and use of the data by Google and can therefore assume no responsibility for this.
You can find detailed instructions on how to manage your own data in connection with Google products here: https://policies.google.com/privacy/update?hl=de under "Privacy settings".
By using our website, you consent to the processing of data about you by Google Maps in the manner and for the purposes set out above.
Google Web Fonts
(a) categories of data: In order to present our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If the browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.
Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible - but currently also unclear whether and for what purposes - for the operators of such libraries to collect data.
b) Purpose of processing: We use Google services to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information (https://www.google.com/policies/privacy/).
c) Legal basis for data processing: The use of Google services constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GPDR.
We have concluded a contract with Google for order data processing.
Social media plugins from Facebook are used on our website to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from Facebook.
If you call up a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website by it.
By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. Facebook can directly associate your visit to our website with your Facebook account. The information may also be published on Facebook and displayed to your Facebook friends.
Facebook can use this information for the purpose of advertising, market research and tailoring Facebook pages to your needs. Facebook creates usage, interest and relationship profiles for this purpose, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
We use the so-called two-click solution to protect your data. Initially, no user data is transmitted to the operators of the social networks. Only when you activate the initially greyed out button does the data transfer begin, as indicated by a corresponding message.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information (https://www.facebook.com/about/privacy/).
9.3.3 Instagram, LinkedIn, Xing, Twitter
On our website we have also Plugins / Share-Buttons from
Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"),
LinkedIn " Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
TwitterTwitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103
XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany
Each time you visit our website that is equipped with such a plugin or share button, the plugin or share button causes the browser you are using to download a corresponding display of the social media operator's component. Your browser then establishes a direct connection to the servers of the social media operator. The content of the plugin is transmitted by the social media operator directly to your browser and integrated into the page. Through this integration, the social media operator receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile or account there or are not logged in there.
This information (including your IP address) is transmitted directly from your browser to the social media operator and stored there.
We use the so-called two-click solution to protect your data. Initially, no user data is transmitted to the operators of the social networks. Only when you activate the initially grayed out button does the data transfer begin - as indicated by a corresponding note.
For further information and setting options, please contact the social media operators’ websites:
9.3.4 Embedded YouTube videos and Vimeo videos
On our website plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated. Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there.
On some of our Web sites, we embed YouTube videos from operators YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, and Vimeo videos from operators LLC, 555 West 18th Street, New York, New York 10011, USA.
Each time you access a page that offers a video clip, a direct connection is established between your browser and an operator's server in the USA. Information about your visit and your IP address is stored there.
We use the so-called two-click solution to protect your data. Initially, no user data is transmitted to the operators of the social networks. Only when you click on the video does the data transfer begin.
Further information on data protection at "Youtube" can be found in the provider's data protection declaration at: https://support.google.com/youtube/answer/2801895?hl=de
Further information on data protection at "Vimeo" can be found in the provider's data protection declaration at: https://vimeo.com/privacy
10. DATA SUBJECTS RIGHTS AFFECTED AND RIGHT TO APPEAL
As a person affected by the processing of your personal data, you can assert certain rights with us ("Data Subject Rights") in accordance with the GPDR and other relevant data protection regulations, see the following section:
10.1 Rights of data subjects
i. Right of access pursuant to Art. 15 GPDR: You can request information from us about your personal data that we have stored about you at any time. In particular, you can request information about the processing purposes, the data categories, the recipients to whom your data is transferred, the origin of the data if we have not collected it directly from you, the planned storage period, as well as about the existence of an automated decision-making process including profiling and, if applicable, meaningful information about its details;
ii. Right of rectification pursuant to Art. 16 GPDR: You may request us to rectify incorrect or incomplete personal data without delay. We will take reasonable steps to keep the information we hold about you and process about you accurate, complete, current and relevant based on the most current information available to us.
iii. Right to deletion pursuant to Art. 17 GPDR: You may request us to delete your personal data, provided that the legal requirements are met. According to Art. 17 GPDR, this may be the case, for example, if
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
you revoke your consent, which is the basis of the data processing, and there is no other legal basis for the processing;
you object to the processing of your personal data and there are no overriding legitimate reasons for the processing, or you object to the processing for direct marketing purposes;
the personal data have been unlawfully processed;
unless the processing is necessary:
to ensure compliance with a legal obligation which requires us to process your personal data, in particular with regard to legal retention periods;
to assert, exercise or defend legal claims.
iv. Right to limitation of processing pursuant to Art. 18 GPDR: You may request that we restrict the processing of your personal data if
You dispute the accuracy of the personal data for the period of time we need to verify the accuracy of the data;
the processing is unlawful and you refuse to delete your personal data and instead request that we restrict its use;
we no longer need your personal information, but you need it to enforce, exercise or defend your legal rights;
you have objected to the processing as long as it is not yet clear whether our legitimate reasons outweigh yours.
v. Right to data transfer in accordance with Art. 20 GPDR: At your request, we will provide you with the personal data that you have provided to us in a structured, common and machine-readable format so that you can transfer it to another responsible person. However, you have this right only if the data processing is based on your consent or is necessary in order to carry out a contract.
vi. Right of revocation pursuant to Art. 7 para. 3 GPDR: You have the right to revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future.
vii. Right to object pursuant to Art. 21 GPDR: If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GPDR, you have the right to object to the processing of your personal data pursuant to Art. 21 GPDR if there are reasons for doing so which result from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation. In the event of an objection, we will no longer process your personal data. The latter does not apply if we can prove compelling reasons for processing worthy of protection that outweigh your interests or if we need your personal data to assert, exercise or defend legal claims;
If you wish to exercise your right of revocation or objection, simply send an e-mail to firstname.lastname@example.org
viii. to complain to a supervisory authority pursuant to Art. 77 GPDR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace (see par. 10.4 below).
10.2 Deadlines for compliance with data subjects' rights
As a matter of principle, we endeavour to respond to all enquiries within 20 working days. However, this period may be extended due to the specific rights of the persons concerned or the complexity of your enquiry.
10.3 Limitation of information for the fulfilment of data subjects' rights
In certain situations we may not be able to provide you with information about all of your personal information due to legal requirements. If we need to decline your request for information in such a case, we will also inform you of the reasons for the refusal.
10.4 Complaints to Regulatory Authorities
Doyster will always protect your rights. However, if you believe that we have not adequately addressed your complaints or concerns, you have the right to file a complaint with an appropriate data protection authority.
11. LEGAL BASIS
You can download the text of the GPDR from the following homepage:
12. CONTACT DETAILS
Please address written enquiries/orders to us via the contact channels listed below:
Data Protection Officer: