orchideo | easySSP logo

DATA PRIVACY POLICY

Data privacy policy by eXXcellent solutions according to art. 13 and 14 GDPR.

We, eXXcellent solutions GmbH (hereinafter "eXXcellent solutions" or "we" or "us"), take the protection of your personal data very seriously and respect the rules provided by the data privacy laws.

The protection of your personal identifiable data that we gather, process and use due to your visit of our website www.easy-ssp.com (orchideo | easySSP) is an important matter to us. Your data is protected within the framework of existing legislation. Subsequently, you will find information on which data is gathered during your visit and how it is used.

Responsible Authority

The responsible authority in terms of data privacy law is:

eXXcellent solutions GmbH
Beim Alten Fritz 2
89075 Ulm

E-mail: Datenschutz@exxcellent.de
CEO: Dr. Martina Burgetsmeier, Gerhard Gruber, Wilhelm Zorn
Office and register court: Ulm, HRB-Nr. 4309

The operational appointed data privacy officer of eXXcellent solutions GmbH, Mr. Brauch, is available under the above mentioned address and via e-mail at Datenschutz@eXXcellent.de.

Collection, Processing and Usage of Personal Data

Personal data consists of all information related to an identified or identifiable natural person that is an expression of a person's identity, including but not limited to names, addresses, phone numbers, e-mail addresses, contract accounting and payment data.

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

Processed Categories of Data

Log-Files:

When visiting our website www.easy-ssp.com your browser will gather and transfer the following information automatically to the server. If you use the website without registration, only the following personal data will be stored.

  • Browsertype and -version
  • Operating system
  • Your internet protocol (IP) address
  • Date and time of your visit
  • Referring website
  • Visited website

This data is required for a proper performance of services. Storage takes place exclusively in a server log file for own security purposes (e.g. identification of DOS attacks) and for a maximum duration of 3 months.

The legal basis for data processing is art. 6 GDPR. Our valid interest ensues from the above listed purposes for data gathering. Data gathered will not be used to identify the person in any way.

Communication Data:

In the case of registration, further data such as the user's name and e-mail address are collected. This data is required for a functional registration.

Contract Accounting and Payment Data:

If a chargeable service is used, further data such as company information (e.g. the company name) and necessary information regarding the payment method are stored.

Processing Purposes and Legal Basis

We, as well as the service providers commissioned by us, process your personal data for the following processing purposes:

  • Provision of these Online Offers.
    Legal basis: Fulfillment of contractual obligations. The following conditions apply: easySSP Terms of Use.
  • Resolving service disruptions as well as for security reasons.
    Legal basis: Fulfillment of our legal obligations within the scope of data security, and justified interest in resolving service disruptions as well as in the protection of our offers.
  • Registration for usage of services offered on our website.
    Legal basis: Justified interest on our part to execute the services and administration of justified interest of third parties and fulfillment of contractual obligations if relevant for the offered services.
  • Safeguarding and defending our rights.
    Legal basis: Justified interest on our part for safeguarding and defending our rights.

Information Disclosure

Personal identifiable information are passed on only if permitted within the scope of a legal framework, or
  • you gave the explicit approval according to art. 6 para. 1 a) GDPR,
  • the data transfer according to art. 6 para. 1 b) GDPR is required for assertion, exertion or defense of legal claims and there is no reason to believe that you have an overriding worthy of protection interest not to transfer your data,
  • a legal obligation for a data transfer according to art. 6 para. 1 c) GDPR exists,
  • it is permitted by law and required according to art. 6 GDPR for the transaction of contractual relationships with you, and
  • the legitimate interest of the controller in the data processing according to art. 6 para. 1 f) GDPR outweighs the interests and rights of the affected person.

Cookies

Cookie Notice

This website uses cookies. Cookies are small text files containing user-specific data and settings that are stored on your device. On the one hand, they serve the purpose of user friendliness, and on the other hand, they are used for statistical evaluation of site usage. The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with art. 6 GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. Nevertheless, the complete deactivation of cookies may result in restrictions of the use of our website.

Technically necessary Cookies

These cookies are essential in order to enable you to navigate the website and use its features, such as setting your privacy preferences, logging in or filling in forms. Without these cookies, services requested through usage of our website cannot be properly provided. Strictly necessary cookies do not require consent from the user under applicable law.

Functional Cookies

These cookies allow the website to remember choices you make or information you enter (such as your username, language or the region you are in) and provide enhanced, more personal features. They are also used to enable requested functions such as playing videos.
To the extent that information processed with regards to functional cookies should, in a given case, qualify as personal data, the legal ground for that processing is the user’s consent.

Performance Cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and how visitors move around the site. They help us to improve the user friendliness of our website and therefore enhance the user’s experience. Further information collected by performance cookies may include e.g.: internet browser and operating system used, the domain name of the website which you previously visited, the number of visits, average duration of visit, and which pages were visited.
The information collected by these cookies is aggregated and normally cannot be linked to a specific natural person. To the extent that information processed in connection with performance cookies should, in a given case, qualify as personal data, the legal ground for that processing is the user’s consent.

Marketing Cookies

Marketing cookies (also referred to as targeting or advertising cookies) are used to deliver adverts on third party websites more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign.
Legal basis for the processing of personal data in connection with marketing cookies (if any) is the user’s consent.

You can edit your cookie choices at any time in the cookie settings.

Cookie List

You may find detailed information about the different cookies (e.g. purpose of the cookie and recipient of the information collected by the cookie) here:

Technically necessary Cookies

Name Description Lifespan Cookie Host
AWSALB Used to direct the user requests to the same target server so that the user authentication mechanism works without errors. 7 days AWS
AWSALBCORS Used to direct the user requests to the same target server so that the user authentication mechanism works without errors. 7 days AWS
AUTH_SESSION_ID Used within the user authentication mechanism. Session KeyCloak
AUTH_SESSION_ID_LEGACY Used within the user authentication mechanism. Session KeyCloak
COOKIE_CONSENT Used to store that the user has set his cookie preferences. 1 year easySSP
KC_RESTART Used within the user authentication mechanism. Session KeyCloak
KEYCLOAK_IDENTITY Used within the user authentication mechanism. Session KeyCloak
KEYCLOAK_IDENTITY_LEGACY Used within the user authentication mechanism. Session KeyCloak
KEYCLOAK_SESSION Used within the user authentication mechanism. 10h/16h KeyCloak
KEYCLOAK_SESSION_LEGACY Used within the user authentication mechanism. 10h/16h KeyCloak
kc-access Used within the user authentication mechanism. Session GateKeeper
kc-state Used within the user authentication mechanism. Session GateKeeper
request_uri Used within the user authentication mechanism. Session GateKeeper
OAuth_Token_Request_State Used within the user authentication mechanism. Session GateKeeper

Functional Cookies

Name Description Lifespan Cookie Host
FUNCTIONAL_KEYCLOAK_LOCALE Used to store which cookie preferences the user has set. 1 year easySSP
KEYCLOAK_LOCALE Used to set the user language on a page. Session easySSP

Integration of Services and Third-Party Consents

The following Sections apply to various third-party services and consents that are integrated into our website and web app. Please note that information about cookies (and similar technologies) integrated into our website and services is contained in a separate cookie notice on this website, which is described in more detail in Section 4.

On our website, we integrate third-party content, such as fonts from www.myfonts.com. This always requires that the user's IP address is transmitted to these providers so that the provider can deliver the content to the user. We have no influence if the providers store this IP address and, for example, evaluate it statistically. Insofar as we are aware of this, we inform the users about it.

External Links

Our Online Offers may contain links to internet pages of third parties, in particular providers who are not related to us. We have no influence on the collection, processing and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is naturally beyond our control.

Security Notes

Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.

We are using appropriate technical and organizational security measures to protect your data against accidental and intentional manipulations, partial or complete loss, destruction and unauthorized third party access. Our security measures are continuously improved according to technical developments.

Full data security cannot be guaranteed for e-mail communication, thus we recommend sending confidential information by mail.

Right of Information, Cancellation and Objection

Users can contact us based on data privacy law to retrieve free information about personal identifiable information we store, and request closure and deletion as long as there is no retention obligation.
You have the right to

  • request information according to art. 15 GDPR about your personal identifiable information processed by us. In particular, you can request information about the purpose of the processing, the category of personal identifiable information, the category of recipients your data is or will be revealed to, the planned storage period, the existence of the right to correction, deletion, and restriction of processing or cancellation, the existence of the right of complaint, the origin of your data if not gathered by us, and about the existence of an automated decision making including profiling;
  • request immediate correction or completion of your stored personal identifiable data according to art. 16 GDPR;
  • request deletion of your stored personal identifiable data according to art. 17 GDPR provided that processing is not required for exercising the right of free expression and information, for fulfillment of legal obligations, for reasons of public interest or for assertion, exercise and defense of legal claims;
  • request restriction of processing of your personal identifiable information according to art. 18 GDPR provided that you deny the data correctness, processing is unlawful and you deny deletion while we don’t require the data any longer but you require the data for assertion, exercise and defense of legal claims or provided that you filed an objection against processing according to art. 21 GDPR;
  • request the personal identifiable information you provided according to art. 20 GDPR in a structured, common and machine-readable format or request the transfer to another responsible person;
  • cancel your approval according to art. 7 para. 3 GDPR. This means that we are not allowed to continue data processing based on your former approval and
  • according to art. 77 GDPR complain to a regulatory authority. Usually you can contact the regulatory authority of your common residence or workplace or the residence of our register court.
  • If you would like to exercise your rights, e-mail to Datenschutz@exxcellent.de.

Currency and Change of Data Privacy Policy

This data privacy policy was created based on regulations of different legislations including art. 13/14 EU-GDPR 2016/679. The data privacy policy is currently valid (April 2021) and refers exclusively to the website www.easy-ssp.com and the application contained therein, unless otherwise mentioned.

eXXcellent solutions Logo © 2022 eXXcellent solutions