With this data privacy statement, we would like to give you an overview of the collecting and processing of your data in relation to the current data privacy regulations at Scriptor Dokumentations Service GmbH.

1. What data do we collect from you?

On the basis of our legitimate interests (Art. 6 para. 1 of the GDPR), we collect data related to every access to the server on which our web pages are located. Access-related data includes:

• The web page visited
• The referrer URL
• The time of the server request (your visit)
• The amount of data sent, in bytes
• The browser used and the browser version
• The operating system being used
• The IP address used

For security reasons, the log files are stored for no more than 90 days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the related incident has been conclusively clarified.

1.1 Cookies

“Cookies” refer to small files that are stored on users’ computers. Different data can be stored in these cookies. The primary purpose of a cookie is to store user data (related to type of device, storage medium, etc.) during or after a visit to a web page. “Permanent” or “persistent” cookies remain stored even after the browser is closed (e.g. login status). They are suitable for saving user interests and assessing reach or marketing purposes. “Third-party cookies” are those of providers other than the party responsible for the web pages (other cookies are known as “first-party cookies”). If you do not want cookies to be stored on your computer, you must set the relevant options in your browser yourself and configure their deletion. Excluding cookies may lead to functional restrictions on these web pages.

1.2 Newsletter

You will find the essential information about our newsletter below (contents, registration, cancellation, dispatch and analyses). By subscribing to the newsletter, you agree to the procedures explained here.

1.2.1 Contents

The term newsletter covers all electronic communications (primarily via e-mail) that we send for promotional purposes (information about us and our services). Dispatches are only sent when justified by an underlying consent of the recipient or legal permission (Art. 6 para. 1 of the GDPR in conjunction with § 7 para. 2 No. 3 of the German Unfair Competition Act (UWG), and § 7 para. 3 of the UWG).

1.2. 2 Subscribing

The subscription to our newsletter takes place after a personal conversation and consent have occurred. This means that it is not possible for third-party e-mail addresses to be added to our distribution list. Consent to the newsletter is logged in our CMS system when the “Newsletter” field is selected. Changes to your stored data are also logged. We log your registration/subscription based on our legitimate interest in a user-friendly and secure mail distribution system that takes account of our documentation obligations (Art. 6 para. 1 of the GDPR). This means that it is not possible for third-party e-mail addresses to be added to our distribution list. Consent to the newsletter is logged in our CMS system when the “Newsletter” field is selected. Changes to your stored data are also logged. We log your registration/subscription based on our legitimate interest in a user-friendly and secure mail distribution system that takes account of our documentation obligations (Art. 6 para. 1 of the GDPR).

1.2.3 Cancelling

You can revoke and cancel your consent to the newsletter at any time. To do so, please send an e-mail to info@scriptor.de or click on the unsubscribe link at the end of each newsletter. Unsubscribed e-mail addresses are stored for up to three years due to the obligation to provide proof of consent (a legitimate interest pursuant to Art. 6 para. 1 of the GDPR).

1.2.4 Newsletter provider

We send our newsletters using the Outlook software from the US provider Microsoft.

1.2.5 Analyses

There are no analyses by additional programs of user behaviour with regard to the use of the newsletter.

1.3 Establishing contact

In the event that you contact us (e.g. by e-mail, telephone, product enquiry or social media), we will process your details for this purpose in accordance with Art. 6 para. 1 of the GDPR. Your details may be stored in a customer relationship management system (“CRM system”) or similar database. We delete such requests if they are no longer necessary. In the event that we contact you, you can find out how we handle your data according to Art. 13 and Art. 14 of the GDPR on our website.

2. Deleting data

In accordance with the legal provisions (Art. 17 and 18 of the GDPR), personal data processed by us will be deleted or restricted after the purpose for processing this data has ceased to exist. For some processing, there are also explicit deletion periods specified in the privacy statement (see above). The restriction concerns cases where data are not deleted because they are necessary for other legitimate purposes and continue to be used only in relation to those legitimate processing operations. The statutory retention obligations which prevent immediate deletion after the purpose no longer applies must be observed. In particular, the documentation obligations under commercial law (§ 257 para. 1 of the German Commercial Code) and tax law (§ 147 para. 1) are decisive here. They allow deletion only after 6 years (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) or 10 years (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

3. Transmitting to third parties

Insofar as data is transferred to other persons or companies within our processing procedures or such third parties gain access to your data in another way, this will only be done on based on Art. 6 para. 1 of the GDPR, your consent or our legitimate interest. In addition, a contract processing agreement shall be concluded as necessary (Art. 28 of the GDPR).