At PeakCorteX, we strongly believe you have the right to know how your data is being used. If a choice needs to be made between one practice that deepens a user’s privacy, and another that would diminish it but accelerate our growth, we’ll always take the slower, more private option. Your privacy is very important to us!
1. DATA CONTROLLER
PeakCorteX (“we”, “us” or “our”) respects your privacy and is committed to protect your personal data. As part of our mission to support our users (“you” or “your”), it’s important to us that you feel comfortable and trust us with your personal data when you use our services and our app (“App”).
We’re a small company that’s passionate about helping folks to optimally utilize their time. Our headquarter is in Stuttgart, Germany. Data controller within the meaning of the data protection laws (including GDPR) is Saymon R. Gattnar, email: firstname.lastname@example.org.
2. DATA COLLECTION AND OF GENERAL INFORMATION
When we use the term “personal data”, we are referring to any information that can be used, directly or indirectly, to identify you personally.
– We collect personal information about you only if it is necessary to provide you with our services and only when you provide it directly to us.
– We do not use any of your data for marketing purposes and we never rent, share or sell your data in any way.
– We do not store your personal data on our servers, as PeakCorteX app does not offer a sync or login service of its own or any third-party web-service for that matter.
– We do not use push notifications with marketing messages to interrupt your day.
2.1 WHAT WE DO WITH YOUR PERSONAL DATA
Your personal data is used to provide you our support, and to improve the product. Your personal data is never used for marketing purposes.
As stated in the section above, we only process personal data for the purposes strictly necessary to provide you with the service. Some of the purposes for processing the data provided by you include:
– Providing you with the services
– Improving our services
– Answering your support requests
2.2 OUR COMMITMENT
– We will only collect and use your personal data where we have a legal basis to do so
– We will always be transparent and tell you about how we use your information
– When we collect your data for a particular purpose, we will not use it for anything else without your consent, unless another legal basis applies
– We will not ask for more data than needed for the purposes of providing our services
– We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held
– We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with our commitment
2.3 LEGAL BASIS FOR PROCESSING PERSONAL DATA
– Article 6, Paragraph 1, Item a) of the EU’s general data protection regulation (GDPR) serves as the legal basis for processing personal data, insofar as we have obtained the concerned person’s consent to processing of such data.
– Article 6, Paragraph 1, Item b) of the GDPR serves as the legal basis for processing personal data needed to fulfil a contract to which the concerned person is party.
– This also applies to processing operations needed to implement pre-contractual measures. Article 6, Paragraph 1, Item c) of the GDPR serves as the legal basis for processing personal data needed to fulfil a legal obligation to which our company is subject.
– Article 6, Paragraph 1, Item d) of the GDPR serves as the legal basis for cases in which vital interests of the concerned person or another natural person require processing of personal data.
– Article 6, Paragraph 1, Item f) of the GDPR serves as the legal basis for processing if this is needed to safeguard a legitimate interest of our company or a third party, and this interest is not outweighed by the interests or basic rights and freedoms of the person concerned.
3. DATA COLLECTION AND USE VIA OUR APP
It is substantial to note that we do not retain or store any data you manage in the PeakCorteX app. We simply don’t need to collect any information in order for you to use the app. To protect your privacy the PeakCorteX app does not even utilize any of the popular third-party in-app analytics or crash reporting services. Your personal data stays always in your hands!
Your data stored within the app is stored for as long as you keep the app installed. PeakCorteX app does not store backups on our servers and thus all your app data is deleted once the app itself is deleted (except data in your iTunes backup or on your personal iCloud account storage – that is in your hand). On iOS, you can adjust your privacy and notification options in the Settings.
4. CUSTOMER SUPPORT COMMUNICATION
We save a record of communication including attachments and information you voluntary decide to share with us in the context of support or troubleshooting purposes whenever you communicate with us. This information is normally kept around as long as the case is opened.
Information you voluntary decide to share with us may include:
– Your E-Mail address: this information allows us to answer you.
– Device type, App version, iOS version: in the case you provide us with this information it can help us to diagnose problems or issues.
– Logs: in the case you send them to us, we can use this information to perform technical troubleshooting upon your request. The App may record internal warnings and errors together with occurrence date and time in context of implementation glitches or faulty database queries – if these were to ever arise. This data is used for technical purposes only – that is, to ensure the proper functioning and security of the app.
5. DATA COLLECTION AND USE VIA OUR WEBSITE
5.1 WEBSITE COOKIES
Our website may use “cookies”. Cookies are small text files stored in your browser. We use this information to better understand the user’s interaction with the website and to optimize the browsing experience.
Article 6, Paragraph 1, Item f) of the GDPR serves as a legal basis for processing of personal data using cookies.
Cookies are stored on the user’s computer and transmitted from it to our website. As a user, you therefore have full control of the utilization of cookies. You can disable or restrict transmission of cookies by changing their settings in your Internet browser. Cookies already stored can be deleted at any time. This task can also be automated. Disabling cookies for our website might prevent full use of all the website’s functions in future
5.2 BROWSER DATA
Certain technical data is automatically transmitted to us by your browser when you access our website. Such information includes data about your internet browser, operating system, IP address, time of the page request, referrer URL, device information, session information and status or error codes. The information may be processed in order to ensure the functionality of our website, gather statistical information about the use and development of our website, and for general data security and error analysis purposes.
5.3 ANALYTICS SERVICES
In order to improve our web presence, we collect anonymous aggregate data about visitors to our website with the help of Google Analytics, a web analytics service provided by Google, Inc. (Google Ireland Limited Gordon House, Barrow Street, Dublin 4). We don’t use any features that track you as a person, we just want to know how people are using the PeakCorteX website so we can improve our offering.
For further information on Google Analytics please refer to:
– Website settings: opt-out certain cookies directly on our website
– Browser settings: you can disable cookies in your browser settings
– Google analytics: install the opt-out browser add-on
Please note that certain features on our website may not be available as a result.
5.4 THIRD PARTY LINKS
Our website may contain links to or from partner websites or other third-party sites. These sites and any services that may be accessible through them have their own privacy policies. As we are not responsible for the privacy practices of these sites, we recommend that you review their privacy policies before submitting personal data to them.
6. PROTECTING CHILDREN
We never knowingly collect personal information from children under 13, or equivalent minimum age in the relevant jurisdiction, unless their parent provided verifiable consent. If we learn that we have collected personal information from a child under 13, or equivalent minimum age in the relevant jurisdiction, without consent of their parent, we will take steps to delete this information as soon as possible.
Parents or guardians who believe that we hold information about their children can contact us at email@example.com.
7. RIGHTS OF THE CONCERNED PERSON
If your personal data are processed, you are a concerned person within the meaning of the GDPR, and have the following rights vis-à-vis the responsible party:
7.1. RIGHT TO DISCLOSURE
You can request confirmation from the responsible party as to whether data concerning your person are processed by us.
If such processing has occurred, you can request the responsible party to disclose the scope and content of data processing as follows:
1. The purposes for which personal data are processed.
2. The categories of personal data which are processed.
3. The recipients / categories of recipients to which data concerning your person have been, or will be, disclosed.
4. The planned duration of storing data concerning your person or, if specific details are not possible here, criteria for determining the storage duration.
5. The existence of a right to rectification or deletion of data concerning your person, right to restriction of processing by the responsible party, or right of objection to such processing.
6. The existence of a right of complaint to a supervisory authority.
7. All available information on the origin of any personal data collected from a source other than the concerned person.
8. The existence of automated decision-making mechanisms, including profiling, in accordance with Article 22, Paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and intended effects of such processing for the person concerned. You are entitled to request information on whether data concerning your person are communicated to a third-party country or an international organization. In this context, you may request information on the appropriate safeguards pursuant to Article 46 of the GDPR in connection with communication.
7.2. RIGHT TO RECTIFICATION
You have a right to rectification and/or completion vis-à-vis the responsible party, insofar as processed data concerning your person are incorrect or incomplete. The responsible party must perform the rectification immediately.
7.3. RIGHT TO RESTRICTION OF PROCESSING
You can request restrictions on processing of data concerning your person under the following conditions:
1. If you dispute the correctness of the data concerning your person for a period which allows the responsible party to review the correctness of the personal data.
2. If processing is unlawful and you refuse deletion of the personal data and instead call for restrictions on use of the personal data.
3. If the responsible party no longer requires the personal data for processing, although you require these data to assert, exercise or defend legal claims.
4. If you have issued an objection to processing pursuant to Article 21, Paragraph 1 of the GDPR and it is not yet definite whether the responsible party’s legitimate reasons outweigh your reasons. If processing of data concerning your person has been restricted, these data – irrespective of their storage – may only be processed with your consent, or in order to assert, exercise or defend legal claims, or protect the rights of another natural or legal person, or for reasons of important public interest in the EU or a member state. If processing has been restricted according to the requirements above, you will be informed by the responsible party before the restriction is lifted.
7.4. RIGHT TO DELETION
A) OBLIGATION TO DELETE
You can request the responsible party to immediately delete data concerning your person, and the responsible party will be obliged to do so. The following reasons must exist for this:
1. The data concerning your person are no longer necessary for the purposes for which they were collected or processed in any other way.
2. You withdraw your consent on which processing was based in accordance with Article 6, Paragraph 1, Item a) or Article 9, Paragraph 2, Item a) of the GDPR, and there is no other legal basis for processing.
3. You object to processing as per Article 21, Paragraph 1 of the GDPR, and there are no overriding, legitimate grounds for processing, or you object to processing as per Article 21, Paragraph 2 of the GDPR.
4. The data concerning your person have been unlawfully processed.
5. Deletion of data concerning your person is required to fulfil a legal obligation according to the laws of the EU or a member state to which the responsible party is subject.
6. The data concerning your person were collected in relation to information society services according to Article 8, Paragraph 1 of the GDPR.
B) INFORMATION TO THIRD PARTIES
If the responsible party has publicized the data concerning your person, and is obliged to delete them according to Article 17, Paragraph 1 of the GDPR, said party will take appropriate measures, also of a technical nature, taking into account available technology and implementation costs, to inform those responsible for processing personal data, that you as a concerned person have required them to delete all links to these personal data as well as any copies or replications of such data.
There is no right to deletion insofar as processing is required
1. to exercise the right to freedom of expression and information.
2. to comply with a legal obligation which requires processing according to the law of the EU or the member states to which the responsible party is subject, or to fulfil a task which is in the public interest or carried out in the exercise of official authority to which the responsible person has been delegated.
3. for reasons of public interest in the field of public health according to Article 9, Paragraph 2, Items h) and i), as well as Article 9, Paragraph 3 of the GDPR.
4. for archiving in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Article 89, Paragraph 1 of the GDPR, insofar as the right mentioned in Section a) is expected to prevent or seriously impair achievement of the objectives of this processing.
5. to assert, exercise or defend legal claims.
7.5. RIGHT TO INFORMATION
If you have asserted the right to rectification, deletion or restriction of processing vis-à-vis the responsible party, they are obliged to communicate this correction or deletion of data or restriction of processing to all recipients to whom the data concerning your person were disclosed, unless this proves impossible or requires disproportionate effort.
You are entitled vis-à-vis the responsible party to be informed about these recipients.
7.6. RIGHT TO DATA PORTABILITY
You have the right to obtain, in a structured, conventional and machine-readable format, the data which concerns your person and which you provided to the responsible party. Furthermore, you have the right to convey these data to another responsible party without hindrance by the responsible party to whom the personal data were provided, if
1. processing is based on consent pursuant to Article 6, Paragraph 1, Item a) of the GDPR, or Article 9, Paragraph 2, Item a) of the GDPR, or a contract as per Article 6, Paragraph 1, Item b) of the GDPR.
2. processing takes place using automated procedures.
In exercising this right, you are also entitled to have the data concerning your person be delivered directly by a responsible party to another responsible party insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired as a result.
The right of data transfer does not apply to processing of personal data required for fulfilment of a duty lying in the public interest or carried out as part of exercise of official authority delegated to the responsible party.
7.7. RIGHT TO OBJECTION
For reasons arising from your specific situation, you have the right to object at any time to processing of your personal data on the basis of Article 6, Paragraph 1, Item e) or f) of the GDPR; this also applies to profiling based on these provisions. The responsible party no longer processes the data concerning your person, unless they can demonstrate compelling, defensible reasons for processing which outweigh your interests, rights and freedoms, or unless processing serves to assert, exercise or defend legal claims.
If data concerning your person are processed for the purpose of direct advertising, you are entitled at any time to object to the processing of your personal data for the purpose of such advertising; this applies also to profiling insofar as it is associated with such direct advertising.
If you object to processing for purposes of direct advertising, the data concerning your person will no longer be processed for these purposes.
In conjunction with the use of information society services, you are able to exercise your right of objection by means of automated procedures which make use of technical specifications – regardless of directive 2002/58/EC.
7.8. RIGHT TO REVOKE THE DECLARATION OF CONSENT REGARDING DATA PRIVACY
You have the right revoke your declaration of consent regarding data privacy at any time. Revocation of consent does not influence the legality of the processing carried out on the basis of the consent until revocation.
7.9. AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING
You have a right not to be subjected to decisions which are based exclusively on automated processing – including profiling – and which have legal implications for you or affect you significantly in a similar way.
This does not apply if a decision:
1. is necessary for conclusion or fulfilment of a contract between you and the responsible party.
2. is permissible on the basis of the EU’s or a member state’s legislation to which the responsible party is subject, and this legislation contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests.
3. is made with your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9, Paragraph 1 of the GDPR, unless Article 9, Paragraph 2, Item a) or g) applies, and appropriate measures for protecting your rights and freedoms as well as your legitimate interests have been taken.
With regard to the cases mentioned in (1) and (3), the responsible party is to take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to effect human intervention on the part of the responsible party, to express one’s own point of view, and to contest the decision.
7.10. RIGHT OF COMPLAINT TO A SUPERVISORY AUTHORITY
Irrespective of any other administrative or judicial appeal, you are entitled to file a complaint with a supervisory authority, in particular, in the member state containing your residence, your workplace or the location of the alleged infringement, if you believe that processing of data concerning your person is contrary to the GDPR.
The supervisory authority with which the complaint has been filed informs the complainant about the status and results of the complaint, including the possibility of legal remedy according to Article 78 of the GDPR.