This data protection declaration of e*Message Wireless Information Services Deutschland GmbH (hereinafter referred to as “e*Message”) explains to you the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and any associated websites, functions and content, as well as any external online presence, such as our social media profile, (hereinafter jointly referred to as “online offering”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Updated : 24.05.2018
Information Services Deutschland GmbH
Schönhauser Allee 10-11
Tel.: + 49 (0) 30 4171 - 0
For general questions or suggestions regarding data protection, please contact e*Message’s company data protection officer at datenschutz[at]emessage.de.
Categories of persons affected by data processing
contact data, such as telephone, fax and email data, contact history, as well as any other data necessary for fulfilling the contract
contact data, as well as any other data, such as data necessary for the use of the online offering
in particular employees, trainees, rehabilitants, applicants, retired persons, interns data necessary for the decision on establishing or implementing an employment relationship, such as contract and performance data
in particular suppliers, service providers, agents, brokers, agencies contact data such as telephone, fax and email data, contact and order history, as well as any other data necessary for the fulfilment of the contract
Visitors and users of the online offering
hereinafter collectively referred to as “users”
Types of data processed:
In principle, no special data categories are processed unless they are supplied by the user for processing, e.g. entered in online forms.
If personal data (e.g. names or email addresses) is collected on our website, this is done on a voluntary basis. We collect navigation information from website visitors, in order to further improve our offer, for marketing and website optimisation purposes. This is data about the computer and the visit to our website. Personal data is collected within the scope of the following tasks:
We inform you about the legal basis of our data processing in accordance with Art. 13 GDPR.
If not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 (a) and Art. 7 GDPR. Art. 6 para. 1 (b) GDPR is applicable to the processing for the fulfilment of our services and the implementation of contractual measures, as well as to responses to enquiries. Art. 6 para. 1 (c) GDPR applies as the legal basis for the processing in order to fulfil our legal obligations and Art. 6 para. 1 (f) GDPR applies to the processing to safeguard our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. In the event that the essential interests of the data subject or another natural person necessitate the processing of personal data, we refer to Art. 6 para. 1 (d) GDPR.
The operation of the radio network also requires the collection of personal data on the basis of §§ 113a and 113b of the Telecommunications Act (TKG).
We request that you inform yourself regularly about the content of our data protection declaration. It will be adapted as soon as this is made necessary by changes in the data processing carried out by us. We will inform you if the changes require your cooperation (e.g. consent) or any other individual notification.
take appropriate technical and organisational measures in accordance with Art.
32 GDPR to ensure a level of protection appropriate to the risk, taking into
account the state of the technology, the implementation costs and the nature,
scope, circumstances and purposes of data processing, as well as the different
occurrence probability and the severity of the risk to the rights and freedoms
of natural persons.
shall in particular include ensuring the confidentiality, integrity and
availability of data by controlling physical access to the data, as well as any
access to, input, disclosure, securing and separation of data. In addition, we
have established procedures to ensure that data subjects’ rights are exercised,
that data is deleted and that we react to data threats.
already take into account the principle of data protection through technology
design when selecting hardware and software, when developing processing methods
and through data protection-friendly default settings (Art. 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server or to the servers of our suppliers.
as we disclose data to other persons and companies (contract processors or
third parties) within the context of our data processing, transfer data to them
or otherwise grant them access to the data, this shall only take place on the
basis of legal permission (e.g. if a transfer of the data to third parties in
accordance with Art. 6 Para. 1 (b) GDPR is necessary for the fulfilment of the
contract), if you have consented, if there is a legal obligation to do so or on
the basis of our legitimate interests (e.g. when using agents, web hosts,
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
If we have data processed in the context of the use of third party services in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done by disclosure or transfer of data to third parties, this is only done on the basis of your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we will only allow the data to be stored in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that data processing takes place on the basis of special guarantees, for example, such as the officially recognised determination of a data protection level corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or the observance of officially recognised, special contractual obligations (so-called “standard contractual clauses”).
You have the right
You have the right to revoke any consent granted pursuant to Art. 7 para. 3 GDPR with effect for the future.
You may object at any time to the future processing of the data concerning you in accordance with Art. 21 GDPR. The objection may in particular be lodged against processing for the purposes of direct marketing.
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
According to legal requirements, the deletion will take place in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records etc.) or § 147 para. 1 AO (German Fiscal Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation etc.).
Further retention periods apply according to § 95 (3) TKG for inventory data (e.g. names and addresses, as well as user contact data). Traffic data (e.g. telephone numbers, IP addresses) shall remain stored in accordance with Section 113b (1) sentence 1.
process inventory data (e.g. names, addresses and user contact data) and
contract data (e.g. services used, names of contact persons, payment
information) for the purpose of fulfilling our contractual obligations and services
in accordance with Art. 6 para. 1 (b) GDPR.
process traffic data (e.g. telephone numbers, IP addresses) for the purpose of
providing our telecommunications services.
We process usage data (e.g. the websites from our offering which have been visited, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes.
to concluding a contract, we will share your data (name, address, email
address, details of the company and, if applicable, contract and receivables
data) with the IHD Gesellschaft für Kredit und Forderungsmanagement mbH,
Augustinusstr. 11 B, 50226 Frechen, as well as other cooperating credit
agencies if necessary, for a credit check in the event of a credit risk, to
verify that the address provided is valid and for the purpose of debt
The legal basis for sharing your data is Art. 6 I b GDPR and Art. 6 I f GDPR. Sharing data on the basis of Art. 6 I f GDPR may only take place provided it is necessary to safeguard the legitimate interests of our company and does not outweigh the interests or fundamental rights and freedoms of the affected person which require the protection of personal data. For the purpose of deciding on the establishment, implementation or termination of the contractual relationship, we also collect or use automatically generated probability values, the calculation of which may include address data, among other things.
information on our contractual partner IHD, in accordance with Art 14 GDPR,
i.e. the business purpose, the purpose of storing data there, the legal basis,
the data recipients of IHD, the right to self-disclosure and the right to
deletion and correction, and profiling, is available at
Information on IHD’s contractual partners in the credit agency sector is available at: www.ihd.de/datenschutz#vertragspartner.
contacting us (via contact form or email), the user’s details will be
processed, in order to handle and complete the contact request in accordance
with Art. 6 para. 1 (b) GDPR.
User data can be stored in our customer relationship management system and marketing automation platform (“CRM & Marketing System”) or a comparable enquiry system.
registration service allows visitors to our website to learn more about our
company, download content and provide their contact information. This information
is stored on our software partner’s servers HubSpot. We
may use them to contact visitors to our website and to determine which of our
company’s services are of interest to them. All the information collected by us
is subject to this data protection declaration. All the information collected
is used exclusively for marketing optimisation purposes.
We will delete the requests provided they are no longer required. Enquiries from customers with customer accounts are assigned to this account, so we refer to the customer account details for deletion. The data collected will furthermore be deleted in accordance with section 12 of this data protection declaration
Users can only write comments and contributions after prior registration. This requires consent to data storage and use, as well as acceptance of our data protection declaration.
collect data about every access to the server on which this service is located
(so-called server log files) on the basis of our legitimate interests in
accordance with Art. 6 para. 1 (f) GDPR. The access data includes the name of
the website accessed, file, date and time of access, amount of data
transmitted, notification of successful access, browser type and version,
user’s operating system, referrer URL (the website visited beforehand), IP
address and requesting provider.
Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify cases of abuse or fraud) and then deleted. Data which needs to be stored beyond this time for evidence purposes is excluded from deletion until the respective incident has been clarified conclusively.
are pieces of information which are transferred from our web server or third
party web servers to the user’s web browser and stored there for later
retrieval. Cookies can be small files or other types of information storage.
use “session cookies” which are only stored for the duration of the current
visit to our online presence (e.g. to enable the use of our online offering in
the first place). A randomly generated unique identification number, a
so-called session ID, is stored in a session cookie. In addition, a cookie
contains information about its origin and storage period. These cookies cannot
store any other data. Session cookies are deleted when you have finished using
our online service and log out or close your browser, for example.
measurement in this data protection declaration.
If users do not want cookies stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies can lead to functional restrictions of our online offering.
Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf, in order to evaluate the use of our online offering, compile reports on activities and provide us with further services associated with the use. Pseudonymous usage profiles can be created from the processed data.
We use Google Analytics to display ads placed by Google and its partners within our advertising services only to those users who have shown an interest in our online services or users with specific characteristics (e.g. interests in specific topics or products determined on the basis of the websites visited) which we transmit to Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). We also use Remarketing Audiences to ensure that our ads are in line with the potential interests of users and are not annoying.
We only use Google Analytics with the IP anonymisation enabled. This means that the user’s IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. The storage of cookies can be prevented by a corresponding setting in the browser software. In addition, users can prevent the sharing of the data generated by the cookie and related to their use of the online offering with Google, as well as the processing of this data by Google by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the use of data by Google, settings and objection options can be found on the Google websites:https://www.google.com/intl/de/policies/privacy/partners („Google’ use of data in your use of our partners’websites or appsr“), https://policies.google.com/technologies/ads („Use of data for advertising purposes“), https://adssettings.google.com/authenticated („Information Google uses to display advertisements“).
Dispatch of the newsletter and the performance measurement are based on the recipients’ consent in accordance with Art. 6 para. 1 (a), Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the legal permission according to § 7 para. 3 UWG. The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR and serves as proof of consent to receiving the newsletter.
Cancellation/revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.
maintain online presences within social networks and platforms, in order to
communicate with customers, interested parties and users who are active there
and to inform them about our services. When calling up the respective networks
and platforms, the terms and conditions and the data processing guidelines of their
respective operators apply.
Unless otherwise stated in this data protection declaration, we process the data of users who communicate with us within social networks and platforms, e.g. posting on our online presence or sending us messages.
We embed YouTube videos on our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. A connection to the YouTube servers is established when you visit a page with the YouTube plugin. YouTube will be informed of which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.
If the saving of cookies is deactivated for the Google Ad programme, no such cookies are used when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you will need to block the storage of cookies in the browser.
We offer links to third-party providers within our online offering. e*Message has no influence whatsoever on the content and design of these websites belonging to other providers. The guarantees of this data protection declaration do not apply there. If the links are used, the provider in question will be able to see the user’s IP address
The following presentation provides an overview of third party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data. The companies based in the USA (incl. Facebook) are certified under the Privacy Shield Agreement and thus offer a guarantee of compliance with European data protection law