Thank you for choosing to visit our websites and applications (this applies to both the web-based application and an installed application downloaded from an application store; hereinafter simply referred to as “app” in abbreviation) and your interest in our company. The protection of your data and information is of the highest importance to us. With the following information on data protection, we would like to inform you for what purposes and to what extent we collect or process your personal data and information when you use our websites, apps or software, and how we protect your privacy when you provide us with your data.
Accountability and Reliability
CAY SOLUTIONS GmbH (Nussbergstr. 17, 38102 Braunschweig, phone: +49 531 224 337 60, e-mail: firstname.lastname@example.org) is the operator of these websites and apps, and is responsible for compliance with the applicable data protection regulations within the provisions of Art. 4 para. 7 GDPR. We store and process the personal data and information of our users in accordance with the relevant regulations, in particular the General Data Protection Regulation (GDPR, according to EU-GDPR), the German Federal Data Protection Act (BDSG/FDPA) and the German Telemedia Act (TMG) in their current versions. All personal data will only be collected for specified, clear and legitimate purposes and will not be kept longer than necessary.
Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person (e.g. name, date of birth and contact data).
In principle, you can use our websites and apps without providing your personal data and information. However, for certain applications of our websites and apps, it may become necessary for you to provide us with your data. Therefore, there may be restrictions on the use of our websites and apps without providing your data. As soon as you visit our websites and apps, our web servers temporarily store each access in a log file. The following data may be collected and stored until automated deletion: e.g. IP address, date and time of access, transferred data volumes, reports on the success of accessing the websites and apps, identification data of the browser and operating system used, the website used for access, and the IP address of your Internet access provider. This data is processed for the purpose of enabling the use of the websites and apps, system security, technical administration of the network infrastructure and optimization of the Internet offering. This is to be regarded as a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
Acquisition of other Data
We collect, store and process your personal data and information (e.g. first name, surname, address, e-mail address, telephone number) if a business relationship exists or is to be established, e.g. within the scope of a subscription or an order, as well as with regard to the content and changes to the business relationship. In addition, we use your personal data regarding you having submitted it to us for registration on our website and having consented to the processing of your personal data. We also collect, store and process your personal data when you contact us via the contact form, blog function, the career page or by sending us an e-mail, this being necessary to process your enquiries and correspondence. The personal data and information collected by us will be deleted immediately as soon as they are no longer required for this purpose. This does not apply if there are legal retention periods. Providing your personal data is voluntary.
On our blog, we publish various articles on topics related to our activities. As a visitor, you have the possibility to make public comments. When you submit a comment, it will be displayed with the name you entered. We recommend using a pseudonym. Required for our blog function is the indication of the user name and the e-mail address. All other information is voluntary. The e-mail address is required since we have to contact you if a third party complains about your comments. The legality of this data processing results from Art. 6 para. 1 p. 1 lit. b and f GDPR. Your IP address is stored when you make a comment. This is necessary for us to be able to take action against liability claims in cases of possible publication of illegal content. Your comments will be published after a review. We reserve the right to delete comments if they are objected to as unlawful by third parties.
On our website you can subscribe for a free newsletter. To transmit the newsletter the only mandatory information is your e-mail address. We will use your name, if provided, to personalise the newsletter. The provided data will not be given to third parties. For the newsletter subscription, we use a so-called double-opt-in-process. In detail this means, that after receiving your subscription, we send a confirmation e-mail to your provided e-mail address. There, we kindly ask you to approve, that you would like to receive the newsletter. Provided that you confirm your request of receiving the newsletter, we will store your data as long as you unsubscribe from the newsletter or revoke your approval. The storage is entered for the sole purpose of transmitting the newsletter to you. Furthermore, we save, in each case of subscription and approval, your IP-address and the time of approval to prevent abuse of your personal data. You can revoke your approval of transmission the newsletter at any time. To do so, click on the provided link in the bottom of the newsletter, send an e-mail to email@example.com or a message to the contact that is mentioned in the imprint. In case of a withdrawal or cancellation of the newsletter, your data will be removed from the mailing list and subsequently deleted completely. As far as we raised your contact data (e-mail address and if available your name) in the course of further business relations, the related retention periods are valid.
On our website we use the service of MailChimp (Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA) for the distribution of newsletters. In the course of these services, inter alia, the distribution of the newsletter is organised and analysed. Hence, the data provided in the course of the newsletter reception (i.e. your e-mail address or your name) is saved on the servers of MailChimp in the USA. Furthermore, our newsletter campaigns are analysed with MailChimp. Provided that you open the e-mails sent by MailChimp, data that is included in the e-mails connects with the MailChimp servers. With this process we can determine, whether newsletter messages have been opened and optionally which links have been clicked. Furthermore, in the course of the analysis technical information, i.e. time of demand, IP-address or browser type, are collected. This technical information only conduces the static analysis of the newsletter campaigns and cannot be associated with the recipient of the newsletter. The analysis is implemented to be able to customize to the interests of the recipients. In case you don’t agree to the described analysis, you have to unsubscribe from the newsletter. For this purpose, there is a corresponding link in each newsletter message, as described in the paragraph before. Furthermore, you can unsubscribe by sending an e-mail to firstname.lastname@example.org or sending a message to the contact given in the imprint. The data processing for the newsletter happens due to your permission pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. You can revoke your permission and thus unsubscribe from the newsletter at any time as described above. The withdrawal is valid for the future data processing. The legality of the data processing at the time before the withdrawal won’t be affected by the withdrawal. The personal data that is collected for the purpose of the newsletter will be saved until an incoming withdrawal. In case of a withdrawal the data, collected in the course of the newsletter distribution, will be deleted at CAY SOLUTIONS GmbH and the servers of MailChimp. As far as we raised your contact data (e-mail address and if available your name) in the course of further business relations, the related retention periods are valid. MailChimp has a certification according to the “EU-US-Privacy-Shield“. This is an agreement between the European Union and the USA, that is designed to assure the compliance of the european, data protection perspective standards. Further information to the data processing of MailChimp can be found via the following link: https://mailchimp.com/legal/terms/.
Disclosure of Data
Analysis of Websites and Apps
To optimize the contents and offers of our websites and apps, and to collect statistical evaluations, various technical programs are used to record data about the behavior of the user of the websites and apps anonymously. For this purpose, data on click behavior, visit duration, system settings and user origin are collected as text files through the use of analysis software. Cookies are stored on your computer for these evaluations. The collected data may be stored on the servers of the operators of the analysis tools. The data collected will not be used for a personal identification of the user, and will not be combined with other personal data of the user. You can prevent the installation of cookies by setting your browser accordingly. However, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. In the following section, we describe in detail the analysis tools we use. The following analysis tools are used for this purpose on our websites and apps:
Google Tag Manager
Our websites and apps use social plug-ins of various social networking sites. As soon as you open one of our websites and apps that contains such a plug-in, the content of the plug-in is transferred directly to your browser. Through the use of social plug-ins, we offer you the possibility to interact directly with our contributions via the comment function. By clicking on the respective social media plug-in, you will be forwarded directly to our website at the corresponding social network and your data will be transmitted to the servers of the respective social network provider. This data forwarded includes the IP address, date and time of access, identification data of the browser and operating system used, and the website used to access the page. We’d like to point out that we have no influence on the extent of data processing by the relevant provider of the social network. The purpose, type and scope of data collection as well as the further processing and use of the data can therefore be found in the data protection guidelines of the respective provider. Please take note that most of the social network providers’ servers may be located in countries outside the European Union. Companies processing data in countries outside the European Union are subject to data protection laws which often do not guarantee the protection of personal data to the same extent as the data protection laws of the European Union. The following social plug-ins are offered on our websites and apps:
The Facebook plug-ins on our websites are operated by Facebook Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, USA. Facebook plug-ins will always show the Facebook logo. Once you use their plug-ins, your browser will establish a direct connection to Facebook, meaning your information is sent directly to a Facebook server. If you are logged into Facebook while you are visiting our website, Facebook can directly associate your visit with your account. When a comment is sent or the “Like button” is pressed, this information is also transmitted to and stored by a Facebook server in the USA. In addition, your Facebook interactions are published directly on Facebook and may be visible to your Facebook friends. If you do not want such interaction, it is your responsibility to log out of Facebook before visiting our websites and also to prevent the Facebook plug-ins from loading on our websites by using a “Facebook blocker”. For the purpose and scope of data collection as well as the further processing and use of the data, please refer to Facebook’s Data Policy: https://www.facebook.com/policy.php.
The Twitter plug-ins on our websites are operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. All Twitter plug-ins will show the Twitter logo. Once you use their plug-ins, your browser will establish a direct connection to Twitter, meaning your information is sent directly to a Twitter server. If you are logged into Twitter while visiting our website, Twitter allows you to assign your visit directly to your account. When a comment is sent or the “Twitter button” is pressed, this information is also transmitted to and stored by a Twitter server in the USA. In addition, your Twitter interactions will be published directly on Twitter and may be visible for your Twitter contacts. If you do not want such interaction, it is up to you to log out of Twitter before visiting our websites and also to prevent the Twitter plug-ins from loading on our site by using a “script blocker”. For the purpose and scope of data collection as well as the further processing and use of the data, please refer to the Twitter data guideline: https://twitter.com/privacy.
The LinkedIn plug-ins on our websites are operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. All LinkedIn plug-ins willhshow the LinkedIn logo. As soon as you use their plug-ins, your browser establishes a direct connection to LinkedIn, meaning your information is transmitted directly to a LinkedIn server. If you are logged into LinkedIn while you are visiting our website, LinkedIn allows you to assign your visit directly to your account. By clicking the LinkedIn “Share-Buttons” while logged into your LinkedIn account, you can link the contents of these websites on your LinkedIn profile. We’d like to point out that we, as the provider of this website, have no knowledge of the content of the transmitted data and their use by LinkedIn. For the purpose and scope of data collection as well as the further processing and use of the data, please refer to LinkedIn’s data protection information: https://www.linkedin.com/legal/privacy-policy.
The YouTube plug-ins on our websites are operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066 USA. All YouTube plug-ins show the YouTube logo. Once you use their plug-ins, your browser will establish a direct connection to YouTube, meaning your information is sent directly to a YouTube server. If you are logged into YouTube while you are visiting our website, YouTube can directly associate your visit with your account. When a comment is sent or the “YouTube button” is pressed, this information is also transmitted to and stored by a YouTube server in the USA. In addition, your YouTube interactions will be published directly on YouTube and may be visible to third parties. If you do not want such interaction, it is your responsibility to log out of YouTube before visiting our websites and also to prevent the YouTube plug-ins from loading on our site by using a “script blocker”. For the purpose and scope of data collection as well as the further processing and use of the data, please refer to YouTube’s data policy: https://www.google.de/intl/de/policies/privacy/.
The Instagram plug-ins on our websites are operated by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. All Instagram plug-ins can show the Instagram logo. Once you use their plug-ins, your browser contacts Instagram directly, meaning your information is sent directly to an Instagram server. If you are logged into Instagram while you are visiting our websites, Instagram allows you to associate your visit directly with your account. When a comment is sent or the “Instagram button” is pressed, this information is also transmitted to and stored by an Instagram server in the USA. In addition, your Instagram interactions are published directly to Instagram and may be visible to third parties. If you do not want such interaction, it is up to you to log out of Instagram before visiting our websites and also to prevent the Instagram plug-ins from loading on our site by using a “script blocker”. Please refer to Instagram’s data policy for the purpose and scope of data collection as well as the further processing and use of the data : https://www.instagram.com/legal/privacy/.
Data Collection when Using the App
(1) Downloading the App
When you download our app from the App Store, the necessary information is sent to the App Store. This information includes the user name, the e-mail address and customer number of your account, the time of download and the individual device identification number. However, we have no influence over this procedure and are therefore not responsible for it. In principle, you can use our app without providing your personal data and information. However, for certain applications of our app it may be necessary for you to provide us with your data and information. Therefore, there may be restrictions on the use of our app without providing your data.
(2) Use of the App
As soon as you visit our app, our web servers temporarily store each access in a log file. This is necessary to be able to offer you the corresponding functions of our app. The following data may be collected and stored until it is automatically deleted: IP address, date and time of access, transferred data volumes, messages about the success of accessing the app, identification data of the browser and operating system used, the website from which access is made, and the IP address of your Internet access provider. This data is processed for the purpose of enabling the use of the app, system security, technical administration of the network infrastructure and optimization of the Internet offering. CAY SOLUTIONS GmbH processes personal data for the customer, which the customer enters within the scope of using the contractual software. The contractual software is offered by CAY SOLUTIONS GmbH as Software as a Service, i.e. hosting, maintenance and provision of the corresponding software. For this purpose, the customer processes personal data arising in connection with the use of school software, such as first name, surname, absences, grades, school subject, etc.. Furthermore, CAY SOLUTIONS GmbH stores customer data in order to establish the contractual relationship at all (including first name, surname, address data, birthday, telephone number, e-mail, account details). This is to be regarded as a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) Customer’s Control Rights
The customer has the right to check CAY SOLUTIONS GmbH’s compliance with the legal data protection regulations or the customer’s instructions at any time to the required extent. The customer can check the technical and organizational measures at the premises of CAY SOLUTIONS GmbH or any subcontractors during normal business hours after prior notification and within a reasonable period of time. The customer will ensure that the controls are only carried out to the necessary extent if the operational processes of CAY SOLUTIONS GmbH or subcontractors are disturbed by the controls.
(4) Deletion of Personal Data after the end of the Contract
After termination of the contractual relationship by deletion of the customer account, CAY SOLUTIONS GmbH will delete all data of the customer in conformity with the data protection. With the deletion of the account, the customer agrees to the deletion of the data. This does not apply to anonymous data on statistical use within the meaning of Section 7 (5), Sentence 3 of the TEGO.CLASS General Terms and Conditions. The customer must also independently secure their data before deleting their account.
(5) Passing on of Personal Data to Payment Service Providers
CAY SOLUTIONS GmbH uses a payment service provider to collect the remuneration for the use of TEGO.CLASS. The necessary data (surname, first name, address, telephone number, e-mail, bank account details) will therefore be transmitted to them for payment processing. The customer consents to this transfer by confirming these data protection provisions and the TEGO.CLASS General Terms and Conditions as part of the ordering process. The transmitted data will be used exclusively for the purpose of payment processing and will be deleted after complete deletion of the customer’s account. They have the possibility to revoke their consent towards CAY SOLUTIONS GmbH at any time with effect for the future. However, they will not be able to use TEGO.CLASS, as only direct debit or credit card payment is available.
We have taken extensive technical and organizational security measures to protect the data and information you transmit from unauthorized access and misuse by third parties. These measures meet the high legal requirements of national regulations and are always adapted to the current state-of-the-art.
As the person concerned, you have the following rights against us according to Art. 15-22, GDPR:
- Right to information,
- Right to correction or deletion,
- Right to limitation of processing,
- Right of opposition to the processing,
- Right to data transferability.
If you have given us your consent to the use of personal data, you can revoke it at any time. Please contact us by e-mail at email@example.com. Alternatively, please let contact us by mail. In addition, there is the possibility of complaining to a data protection supervisory authority about the data processing of your personal data. The data protection supervisory authority responsible for Vaitego is “Die Landesbeauftragte für den Datenschutz Niedersachsen, Prinzenstr. 5, 30159 Hannover”.
Inclusion, Topicality and Change of the Data Protection Declaration
By using our websites and apps, you agree to the use of your data and information as described above. The data protection declaration was last updated 20.06.2018 and is currently valid. Due to the continuous development of our websites and apps as well as the implementation of new technologies, it may become necessary to adapt our data protection declaration at any given point in the future. CAY SOLUTIONS GmbH therefore reserves the right to change the data protection declaration at any time with effect for the future. We advise you to visit our website regularly to keep yourself informed about the current status of our data protection declaration.
Contact our data protection officer at CAY SOLUTIONS GmbH
Data Protection Officer
CAY SOLUTIONS GmbH Nussbergstr. 17
38102 Brunswick, Germany
Or by e-mail at: firstname.lastname@example.org