Privacy notice
for “experimenta explorer” app use
Data privacy statement of experimenta gGmbH, Experimenta-Platz, D-74072 Heilbronn
We take data protection seriously and want to do everything we can to protect your privacy when you use our app. That’s why we have drafted this privacy policy to explain how we use your data. We reserve the right to change the content from time to time. We thus recommend consulting our privacy policy again at regular intervals.
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
experimenta gGmbH
Experimenta-Platz
74072 Heilbronn
Tel.: 07131 – 88795 0
email: info@experimenta.science
Website: www.experimenta.science
II. Name and address of the data protection officer
The controller’s data protection officer is:
Mirella Eiberger
Tel.: 07131 – 88795 621
email: datenschutz@experimenta.science
III. General information on data processing
1. Scope of the processing of personal data
As a rule, we process the personal data of our users only to the extent necessary to offer a functioning app as well as our content and services. We only regularly process the personal data of our users subject to the user’s consent. An exception applies in those cases in which it is not possible to obtain previous consent for actual reasons and the processing of data is permitted by legal regulations.
2. Legal basis for processing personal data
The legal basis for our seeking to obtain the consent of the data subject to process personal data is point (a) of Art. 6(1) the EU General Data Protection Regulation (GDPR).
The legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract is point (b) Art. 6 (1) of the GDPR. This also applies to all processing required to implement pre-contractual measures.
The legal basis for processing of personal data necessary for compliance with a legal obligation to which our company is subject is point (c) of Art. 6 (1) of the GDPR.
The legal basis for processing of personal data necessary in order to protect the vital interests of the data subject or of another natural person is point (d) of Art. 6 (1) of the GDPR.
The legal basis for processing necessary for the purposes of the legitimate interests pursued by our company or by a third party,
except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject
which require protection of personal data is point (f) of Article 6(1) GDPR.
3. Erasure of data and storage period
The data subject’s personal data are erased or blocked as soon as the purposes for which said data were stored are no longer necessary. Data can also be stored when required by European or national legislatures for compliance with Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or erasure of data also occurs if a prescribed retention period stipulated by said standards expires unless a need for continued storage of data exists to conclude or fulfill a contract.
IV. Email contact
1. Description and scope of data processing
It is possible to establish contact using the email address provided. In this case, the user’s personal data transmitted by email are stored. No data are passed on to third parties in this context. Data are only used to process the conversation.
2. Legal basis for data processing
The legal basis for processing data transmitted when an email is sent is point (f) of Article 6(1) GDPR. If the purpose of email contact is to conclude a contract, the additional legal basis for processing is point (b) of Article 6(1) GDPR.
3. Purpose of data processing
When contact is established by email, it represents the required legitimate interest in the processing of data .
4. Storage period
Data are deleted as soon as said data are no longer necessary for the purpose for which it was collected. This is the case for personal data sent by email once the respective conversation with the user has ended. The conversation is over when it can be determined from the circumstances that the matter or issue in question has been conclusively resolved.
5. Opt-out and delete options
If a user contacts us by email, he or she can withdraw his or her consent to the storage of his or her personal data at any time. In this case, the conversation will not be continued.
All personal data stored during communication will be deleted in this case.
V. Use of Google Analytics
1. Scope and purpose of the processing of personal data
We use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Use includes Universal Analytics. This makes it possible to assign data, sessions and interactions over several devices to a pseudonymized user ID and thereby analyze user activities across several devices.
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Since we have enabled the IP anonymization, Google will truncate/anonymize the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA (for example, in the event of technical failures in Europe).
Google will not associate your IP address with any other data transmitted by your browser within the framework of Google Analytics. On behalf of the operator of the “experimenta explorer” App, Google will use this information for the purpose of evaluating your use of the “experimenta explorer” APP, compiling reports on App activity for App operators and providing other services relating to App activity and internet usage to the App provider.
This represents a legitimate interest in data processing.
a. Legal basis for the processing of personal data.
The legal basis for the use of Google Analytics is Section 15 (3) of the German Telemedia Act (TMG) and point (f) of Article 6(1) GDPR.
b. Storage period
The cookies we send and the data linked with cookies, user recognition (e.g. user ID) or advertising ID are automatically deleted after 14 months. Data whose storage period has expired is deleted automatically once every month. For more information on our Terms of Use and Privacy Policy go to https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de
2. Opt out and delete options
You can deactivate/activate Google Analytics under Setting (iOS: Settings -> “experimenta explorer” App -> Google Analytics -> disable/enable; Android: directly in the “experimenta explorer” App menu under Privacy Policy -> Google Analytics -> disable/enable). However, we do wish to point out that in this case you may not to be able to use all functions of the “experimenta explorer” App.
VI. In-App browser, Website Privacy Policy
Our Privacy Policy on our website also applies to use of the In-App browser. Our Privacy Policy can be found at https://www.experimenta.science/de/datenschutz.
You can disable the In-App browser under settings (iOS: Settings -> “experimenta explorer” App -> In-App browser -> disable; Android: directly in the “experimenta explorer” App menu under Privacy Policy -> In-App browser -> disable).
VII. Rights of the data subject
If your personal data is processed, you are an affected data subject within the meaning of the GDPR and you may assert the following rights against the controller:
1. Right of access (Right to information)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
d) the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing pursuant to these requirements shall be informed by the controller before the restriction of processing is lifted.