Privacy Policy
Introduction
For our processes involving customer data we follow the General Data Protection Regulation (GDPR) of the European Union. We only process data that is needed to operate and optimize our website and to initiate or fulfill our contract with you as a customer.
On this page we describe in detail what data we process for what purpose and for how long it is stored.
The description is subdivided in sections, one for each of the following data categories:
- contact data
- server data
For every category we also cite the relevant passages of the GDPR to point out the legal basis for the data processing in the respective category. In order to improve the readability of this text, we keep the citations as short as possible: For example "Article 6, paragraph 1, point (a) of the GDPR" is cited as "Art.6(1)(a) GDPR".
Responsible Party
ecarver GmbH
(our contact details are listed here)
Contact Data
When you contact us via e-mail, phone or mail, we save the data that you provide with your request to be able to answer it. For example, if you send us an e-mail with your inquiry, that e-mail (with the contact details it contains) is stored by us. The data is used for no other purpose but to answer your request [Art.6(1)(f) GDPR] and/or to initiate or fulfill a contract with you [Art.6(1)(b) GDPR].
We delete the data, if there is no further correspondence and no active contract with you for a period of one year.
The fulfilled contracts themselves (that also contain customer data) have to be archived by us for a period of ten years. This is required by German tax law [Art.6(1)(c) GDPR].
We would like to encourage you to use encrypted e-mails when contacting us (you can find our public GnuPG key here). Then the tax authorities will be the only third party that will have access to your contact data.
Server Data
Whenever you visit our website, the server of our web hosting service will automatically save the following data in an access log:
- anonymized IP address (only the first three bytes, e.g. 178.5.176.xxx)
- date and time of access
- accessed page
- transfer protocol
- error code
- number of downloaded bytes
- referrer page
- browser type and version
- operating system
This data is required to operate our website [Art.6(1)(f) GDPR]. We also use the open-source tool AWStats to extract user statistics from the access log, this is done to optimize our website [Art.6(1)(f) GDPR]. The server data is exclusively used for these two purposes. The access logs are stored separately from the contact data described in the previous section, and cannot be linked to it due to the anonymization of the IP. The logs are deleted automatically after 60 days.
Your Rights
You have the right to request...
- a copy of all personal data we hold about you
- the rectification of inaccurate personal data
- the erasure of your personal data
- that the processing of your personal data is restricted or stopped
Please contact us if you want to exercise any of these rights or if any questions arise concerning our privacy policy (our contact details are listed here).
Should we be unable to clarify the issue, you also have the right to lodge a complaint with a Data Protection Authority.