Privacy Notice
We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of Data Max GmbH. Use of the Data Max GmbH website is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, processing of personal data may become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in line with the country-specific data protection regulations applicable to Data Max GmbH. By means of this privacy notice, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy notice.
Data Max GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example by telephone.
1. Definitions
The privacy notice of Data Max GmbH is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). We use the following terms in this privacy notice:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed. However, public authorities which may receive personal data in the framework of a particular inquiry are not regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Data Max GmbH
Hansastraße 4
80686 München
E-Mail: info@datamax.ai
Website: datamax.ai
3. Cookies
The Data Max GmbH website uses cookies. Cookies are text files that are stored on a computer system via an internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID — a unique identifier consisting of a string of characters by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies, and to recognise and identify a specific browser via its unique cookie ID.
Through the use of cookies, Data Max GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting. The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the internet browser used, and may thus permanently object to the setting of cookies. Furthermore, already set cookies may be deleted at any time via an internet browser or other software programmes. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be entirely usable.
4. Collection of General Data and Information
The Data Max GmbH website collects a series of general data and information when a data subject or automated system accesses the website. This general data and information is stored in the server log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-pages accessed, (5) the date and time of access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data used to defend against attacks on our IT systems.
When using this general data and information, Data Max GmbH does not draw any conclusions about the data subject. This information is needed to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and advertising, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is evaluated statistically and with the aim of increasing data protection and data security.
5. Contact via the Website
The Data Max GmbH website contains information that enables quick electronic contact with our company, including a general email address. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller is stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
6. Routine Erasure and Blocking of Personal Data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as required by applicable law. If the storage purpose no longer applies or if a storage period prescribed by law expires, the personal data is routinely blocked or erased in accordance with legal requirements.
7. Rights of the Data Subject
a) Right of confirmation
Every data subject has the right to obtain confirmation from the controller as to whether personal data concerning them is being processed. To exercise this right, the data subject may contact any employee of the controller at any time.
b) Right of access
Every data subject has the right to obtain free information about the personal data stored about them and a copy of that information. This includes information on: the purposes of processing; categories of personal data; recipients or categories of recipients; the envisaged storage period; the right to request rectification, erasure, restriction or to object; the right to lodge a complaint; the source of the data where not collected from the data subject; and the existence of automated decision-making including profiling. The data subject may contact any employee of the controller at any time to exercise this right.
c) Right to rectification
Every data subject has the right to obtain the rectification of inaccurate personal data concerning them. The data subject may contact any employee of the controller at any time to exercise this right.
d) Right to erasure (right to be forgotten)
Every data subject has the right to obtain the erasure of personal data concerning them without undue delay where one of the following grounds applies and where processing is not necessary: the data is no longer necessary for the purposes for which it was collected; the data subject withdraws consent and there is no other legal basis; the data subject objects to processing and there are no overriding legitimate grounds; the data has been unlawfully processed; erasure is required to comply with a legal obligation; or the data was collected in relation to information society services offered to a child.
Where Data Max GmbH has made personal data public and is obliged to erase it, Data Max GmbH shall take reasonable steps, including technical measures, to inform other controllers processing the data that the data subject has requested erasure. An employee of Data Max GmbH will arrange the necessary steps on a case-by-case basis.
e) Right to restriction of processing
Every data subject has the right to obtain restriction of processing where: the accuracy of the data is contested; the processing is unlawful and the data subject opposes erasure; the controller no longer needs the data but the data subject requires it for legal claims; or the data subject has objected to processing pending verification of whether the controller's legitimate grounds override those of the data subject. The data subject may contact any employee of the controller at any time to exercise this right.
f) Right to data portability
Every data subject has the right to receive personal data concerning them in a structured, commonly used and machine-readable format, and to transmit that data to another controller, where the processing is based on consent or a contract and is carried out by automated means. The data subject may contact any employee of Data Max GmbH to exercise this right.
g) Right to object
Every data subject has the right to object, on grounds relating to their particular situation, to processing of personal data concerning them based on Art. 6(1)(e) or (f) GDPR, including profiling. Data Max GmbH shall no longer process the personal data unless it can demonstrate compelling legitimate grounds which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Where Data Max GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing for such purposes. The data subject may exercise this right by contacting any employee of Data Max GmbH directly.
h) Automated individual decision-making, including profiling
Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for entering into or performance of a contract, is authorised by law, or is based on the data subject's explicit consent. The data subject may contact any employee of the controller to exercise this right.
i) Right to withdraw consent
Every data subject has the right to withdraw their consent to the processing of personal data at any time. The data subject may contact any employee of the controller at any time to exercise this right.
8. Legal Basis for Processing
Art. 6(1)(a) GDPR serves as the legal basis where we obtain consent for a specific processing purpose. For processing necessary for the performance of a contract, Art. 6(1)(b) GDPR applies. For processing necessary for compliance with a legal obligation, Art. 6(1)(c) GDPR applies. In rare cases, processing may be necessary to protect the vital interests of the data subject or another person under Art. 6(1)(d) GDPR. Processing based on our legitimate interests is governed by Art. 6(1)(f) GDPR, in particular where the data subject is a customer of the controller (Recital 47 sentence 2 GDPR).
9. Legitimate Interests Pursued by the Controller
Where processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the conduct of our business for the benefit of the wellbeing of all our employees and shareholders.
10. Duration of Storage
The criterion for the duration of storage of personal data is the applicable statutory retention period. After expiry of that period, the corresponding data is routinely deleted, provided it is no longer necessary for the fulfilment or initiation of a contract.
11. Statutory or Contractual Requirements to Provide Personal Data
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions. Occasionally it may be necessary to conclude a contract that the data subject provides us with personal data which must subsequently be processed by us. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees, who will clarify whether the provision is legally or contractually required or necessary for the conclusion of the contract, and what the consequences of non-provision would be.
12. Automated Decision-Making
As a responsible company, we do not use automatic decision-making or profiling.