PRIVACY POLICY OF MODUS OPERANDI GMBH
FOR DIGITAL SERVICES

We, MODUS OPERANDI GmbH, Eppsteiner Straße 55, 60323 Frankfurt/Main, Germany, registered in the Commercial Register [Handelsregister] of the Local Court [Amtsgericht] of Frankfurt am Main HRB 134356, kontakt@modus-operandi.de, Tel. +49 172 78 35 196 (“MODUS OPERANDI“, “we” or “us“) inform you below about the processing of your personal data when you (“you” or “user“) visit our website (www.modus-operandi.de). Personal data is any information by which you can be identified as a natural person (see Article 4 No. 1 GDPR). We thus fulfill our obligations under the EU General Data Protection Regulation (“GDPR“) to transparently inform the persons affected by data processing by us (cf. Articles 13 and 14 GDPR).

I. Controllership

  1. The controller responsible for data processing pursuant to Article 4 No. 7 GDPR is MODUS OPERANDI (see preamble).
  2. MODUS OPERANDI is not obliged under applicable law to appoint a data protection officer.

II. Processing of users' personal data when visiting our website; legal basis for processing

  1. When using the website for informational purposes, i.e. simply viewing the content after accessing the website without providing us with any other information (e.g. via registration or a contact form), we collect, store and use the following data, which your browser transmits to our server and is automatically stored in a so-called server log file (log files):
  • IP address
  • date and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • content of the request (page visited)
  • access status/HTTP status code
  • amount of data transferred in each case
  • previously visited page
  • browser type and browser version
  • operating system
  • language and version of the browser software
  1. In addition, when you use our website, we use technical aids for various functions that can be stored on the end device you are using (“cookies“). Cookies are small data records that are assigned to the browser you are using and stored on your end device, e.g. by means of a characteristic character string, and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make digital services more user-friendly and effective overall, i.e. more pleasant for you. Cookies may contain data that makes it possible to recognize the terminal device or browser used. In some cases cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

    You can adjust the settings of your browser so that you are informed about the setting of cookies and only allow cookies in specific cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You can regularly obtain the procedure for deactivating cookies via the “Help” function of your Internet browser. If cookies are deactivated, the functionality and/or full availability of this website may be limited.

    We only use cookies on our website that are technically absolutely necessary to display our website completely and correctly or to enable support functions. These are generally transient cookies (session cookies), which are deleted when you leave the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website.

  1. The data processing described above under Section II. No. 1 and No. 2 are technically necessary in order to display our website to you so that you can visit it and use the services offered there. They are also necessary for technical reasons to ensure system security (e.g. to create backups). The data is not analyzed for marketing purposes in this context.
  2. The legal basis for data processing is in each case Article 6 Paragraph 1 Sentence 1 (f) GDPR; when using cookies, which are absolutely necessary to provide you with an expressly requested service, Section 25 Paragraph 2 No. 2 Telecommunication and Digital Services Privacy Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG). The purposes described under Section II. No. 3 are also our legitimate interests.
  3. The data collected as part of the use of our website in accordance with Section II. No. 1 above will only be stored for the period for which this data is required to achieve the aforementioned purposes. The data contained in log files is stored on our web server for 14 days as standard for IT security purposes and for a maximum of two months for backup purposes.

We do not use any social media plugins on our website. If our website contains symbols from social media providers (e.g. LinkedIn), we only use these to passively link to the pages of the respective providers.

III. Processing of personal data when using the contact form or contacting us by e-mail; legal basis for processing

  • When you contact us via the contact form available on the website, the personal data you provide will be transmitted and stored. This includes:
  • time of transmission
  • your name
  • the e-mail address provided by you
  • the subject of your message and your message
  1. If you contact us via the e-mail address provided by us, the personal data transmitted by you in the e-mail will be stored.
  2. The data according to Section III. No. 1 and No. 2 above will be processed primarily for the purpose of processing and answering the transmitted request and in the event of follow-up questions. They may also be processed for the assertion of and defense against legal claims.
  3. The legal basis for the processing of transmitted customer inquiries is Art. 6 paragraph 1 (f) GDPR; the purposes described above in Section III. No. 3 are also our legitimate interests. If the purpose of the contact is to conclude a contract or initiate contractual negotiations, Article 6 paragraph 1 (b) GDPR also applies.
  4. The data transmitted in accordance with Section III No. 1 and No. 2 above will be deleted as soon as they are no longer required for the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no longer any reasons for storing the data.

IV. Transmission of data to third parties

  1. If and insofar as we transfer data to third parties or another body or disclose it to them in accordance with the purposes described above in Section II. 3. or III. 3., this will only be done to the extent necessary.
  2. Service providers may work for us as processors within our scope of business. They will only act in accordance with our instructions and are contractually obliged to comply with all applicable data protection regulations.
  3. There are no plans to transfer data to data recipients in third countries, i.e. countries outside the European Economic Area, where the applicable data protection law may not provide the same level of protection.

V. No automated decision-making

We do not intend to use data for automated decision-making (including profiling).

VI. Data security

Your data will only be stored in Germany. We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are kept up to date in line with technological developments. In particular, your data is protected by the use of a comprehensive anti-malware tool (imunify360) on our servers.

VII. Your rights as a data subject affected by data processing

You can assert your rights as a data subject against us using the contact details provided in the preamble. You have a right:

  • to request information about your data processed by us in accordance with Article 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • to immediately request the correction of incorrect data or the completion of your data stored by us in accordance with Article 16 GDPR;
  • in accordance with Article 17 GDPR, to demand the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend against legal claims;
  • in accordance with Article 18 GDPR, to demand the restriction of the processing of your data if the accuracy of the data is disputed by you or the processing is unlawful;
  • in accordance with Article 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
  • pursuant to Article 21 GDPR to object to the processing if the processing is based on Article 6 paragraph 1 (e) or (f) GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If it is not an objection to direct advertising, we would like you to explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of a justified objection, we will examine the situation and either discontinue or adapt the data processing or explain our compelling reasons worthy of protection on the basis of which we will continue the processing;
  • in accordance with Article 7 Paragraph 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future;
  • to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. For example, you can contact the supervisory authority of your usual place of residence or our registered office (The Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/).

VIII. Up-to-dateness and amendments

This privacy policy was last updated in March 2024. It may become necessary to amend this privacy policy due to an expansion of our business activities or due to changes in legal or administrative requirements. The current privacy policy can also be requested at any time by sending an e-mail to kontakt@modus-operandi.de.

We hope that this information has helped you to exercise your rights. If you need further information on our privacy policy, please do not hesitate to contact us.