How we protect your data
This privacy policy applies to the following processes:
We take the protection of your personal data and the legal obligations serving this protection very seriously. Legal requirements demand comprehensive transparency regarding the processing of personal data. Only if you are sufficiently informed about the purpose, type, and scope of the processing can the processing be comprehensible to you as the data subject.
The controller within the meaning of the General Data Protection Regulation (GDPR) is
0x101 Cyber Security (UG Haftungsbeschränkt)
Burggasse 3c,
50171 Kerpen
Germany
Email: support@netlockrmm.com
Hereinafter referred to as "controller" or "we."
Information on joint controllers can be found under "Information on joint controllers."
A data protection officer has not been appointed.
The terms used in this privacy policy (e.g., data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the "Definition of terms" section.
We only process personal data to the extent permitted by law. Personal data will only be disclosed in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g., pseudonymization, encryption).
Unless we are legally obliged to store or disclose data to third parties (in particular law enforcement authorities), the decision as to which personal data we process, for how long, and to what extent we disclose it, depends on the purpose for which we process your data and which of our services you use in each individual case.
Personal data will be deleted as soon as the purpose of processing no longer applies or another reason for deletion pursuant to Art. 17 (1) GDPR applies (e.g., you have revoked your consent). In exceptional cases, we may continue to process your personal data if an exception to the obligation to erase applies, in particular in accordance with Art. 17 (3) GDPR or another law (e.g., if there is a legal obligation to store the data).
Processing activities based on consent: We will store data processed on the basis of your consent until you revoke your consent. After any revocation, we will store the data for a period of three years as proof of the consent previously given.
Personal data that we process in the context of a job application (see below) will be stored for a period of six months after completion of the application process.
Insofar as we are required to provide information about the storage period for cookies and similar technologies that require consent, you will find this information in our consent tool.
Storage period with regard to data subject requests: After processing is complete, we will store and retain the data relating to your request in accordance with the applicable provisions. This is done for a period of three years to provide evidence of the implementation of the data subject request.
Automated individual decision-making, including profiling, does not take place.
As a data subject, you have the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR. You have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). The data protection supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2, 440213 Düsseldorf, Germany
However, you are free to lodge a complaint with another data protection supervisory authority.
We will notify all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or any restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18 GDPR, unless such notification is impossible or involves disproportionate effort. We will inform you of the recipients if you request this.
Unless otherwise stated in the information on the legal basis, you are not obliged to provide personal data. If we base the processing on Art. 6 (1) sentence 1 letter b GDPR, your personal data is required for the performance of a contract or for the conclusion of a contract. If you do not provide the personal data, it will not be possible to fulfill the contract or conclude the contract. If you do not provide the data in the cases of Art. 6 (1) sentence 1 letter a, f GDPR, it will not be possible to use the offers affected by this.
Data transfers to third countries outside the European Union (EU) and the European Economic Area (EEA) are only permitted in compliance with the special provisions of Art. 44 ff. GDPR. If your personal data is processed in such a way that it is transferred to a third country, we will indicate the third country transfer and the basis for the transfer below.
General information on the basis for transfers:
Pursuant to Art. 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation, if the processing is based on Art. 6 (1) sentence 1 letter e or f GDPR. This also applies to profiling based on these provisions. If personal data is processed for direct marketing purposes, you have the right, pursuant to Art. 21 (2) GDPR, to object at any time to the processing of your personal data for such purposes; this also applies to profiling insofar as it is related to such direct marketing. The objection can be made informally and should be addressed to the contact details above.
In accordance with Art. 7 (3) sentence 1 GDPR, you have the right to revoke your consent(s) at any time with effect for the future in an informal manner (e.g. by post or email). The lawfulness of the processing carried out on the basis of the consent(s) until revocation remains unaffected by this. Upon your revocation, we will delete the personal data processed on the basis of the consent(s) if there is no other legal basis for their processing. The revocation can be made informally and should be addressed to the contact details above.
The privacy policy provides you with information about data processing based on the provisions of the GDPR and, where applicable, the BDSG. If the provisions of the TDDDG are relevant to individual circumstances, you will find the relevant information in the usercentrics consent tool and in the cookie policy. This also applies to information on the storage or reading of data on your device.
The use of the website(s) and its functions regularly requires the processing of personal data. Unless otherwise indicated, the following statements apply to all websites that we operate and that refer to this data protection information.
Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or can be recognized by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and the secure handling of your personal data on these websites operated by third parties.
| Purpose of processing: | Information security and advertising and personalized marketing measures |
| Legal basis: | Art. 6 (1) sentence 1 letter f GDPR (balancing of interests) |
| Legitimate interests: | Operation, integrity, and security of digital products, promotion of sales activities, design, operation, and availability of digital products, customer acquisition, customer retention, customer recovery |
| Data categories: | Usage data and connection data |
| Recipients of the data: | (IT) service providers |
| Intended transfer to third countries: | No transfer to third countries is intended. |
| Purpose of processing: | User, prospect, and/or customer support |
| Legal basis: | Art. 6 (1) sentence 1 letter b GDPR (pre-contractual measures/performance of a contract) and Art. 6 (1) sentence 1 letter f GDPR (balancing of interests) |
| Legitimate interests: | Integration of desired or necessary functionalities, promotion of sales activities, promotion of economic interests and customer acquisition, customer loyalty, customer recovery |
| Data categories: | Content data, contact data, usage data, and master data |
| Recipients of the data: | (IT) service providers |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Adequacy decision(s)) |
| Purpose of processing: | User, prospect, and/or customer support, advertising, and personalized marketing measures |
| Legal basis: | Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (balancing of interests) |
| Legitimate interests: | Promotion of sales activities, promotion of economic interests, customer acquisition, customer retention, customer recovery, advertising, image improvement, market and opinion research. |
| Data categories: | Contact details, master data, and connection data. |
| Recipients of the data: | (IT) service providers. |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Adequacy decision(s) and standard data protection clauses of the EU Commission) |
| Purpose of processing: | Order fulfillment and contract management, advertising, and personalized marketing measures |
| Legal basis: | Art. 6(1)(b) GDPR (pre-contractual measures/performance of a contract) and Art. 6(1)(f) GDPR (balancing of interests) |
| Legitimate interests: | Operation, integrity, and security of digital products, promotion of sales activities, promotion of economic interests, design, operation, and availability of digital products, customer acquisition, customer retention, customer recovery |
| Data categories: | Content data, contact data, usage data, master data, connection data, and, if applicable, payment data. |
| Recipients of the data: | (IT) service providers. |
| Intended transfer to third countries: | No transfer to third countries is intended. |
| Purpose of processing: | Order fulfillment and contract management |
| Legal basis: | Art. 6 (1) sentence 1 letter b GDPR (pre-contractual measures/fulfillment of a contract) and Art. 6 (1) sentence 1 letter f GDPR (balancing of interests) |
| Legitimate interests: | Integration of desired or necessary functionalities and prevention of criminal offenses, administrative offenses, and other harmful actions |
| Data categories: | Content data, contact data, master data, connection data, and payment data |
| Recipients of the data: | Banks and other financial service providers |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Adequacy decision(s) and standard data protection clauses of the EU Commission) |
| Purpose of processing: | Information security, legal matters, and compliance measures |
| Legal basis: | Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(f) GDPR (balancing of interests) |
| Legitimate interests: | Prevention of criminal offenses, administrative offenses, and other harmful acts |
| Data categories: | Content data, usage data, and connection data |
| Recipients of the data: | (IT) service providers |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Adequacy decision(s) and standard data protection clauses of the EU Commission) |
| Purpose of processing: | Order fulfillment and contract management, user, prospect, and/or customer support, advertising, and personalized marketing measures |
| Legal basis: | Art. 6 (1) sentence 1 letter a GDPR (consent) |
| Data categories: | Content data, contact data, master data, connection data, and payment data |
| Recipients of the data: | (IT) service providers |
| Intended transfer to third countries: | No transfer to third countries is intended. |
| Purpose of processing: | User, prospect, and/or customer support and advertising and personalized marketing measures |
| Legal basis: | Art. 6(1)(b) GDPR (pre-contractual measures/performance of a contract) and Art. 6(1)(f) GDPR (balancing of interests) |
| Legitimate interests: | Promotion of sales activities, promotion of economic interests, customer acquisition, customer retention, customer recovery, advertising, image improvement, market and opinion research. |
| Data categories: | Content data, contact data, and master data. |
| Recipients of the data: | (IT) service providers. |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Adequacy decision(s)) |
| Purpose of processing: | Analysis and performance measurement as well as optimization of products and/or services and advertising and personalized marketing measures |
| Legal basis: | Art. 6 (1) sentence 1 letter f GDPR (balancing of interests) |
| Legitimate interests: | Analysis and optimization of our own offers, services, and advertising measures, promotion of sales activities, promotion of economic interests and advertising and image improvement, market and opinion research. |
| Data categories: | Content data, usage data, and connection data. |
| Recipients of the data: | (IT) service providers. |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Standard data protection clauses of the EU Commission and adequacy decision(s)) |
| Purpose of processing: | Applicant management |
| Legal basis: | Art. 6 para. 1 sentence 1 letter b GDPR (pre-contractual measures/performance of a contract) |
| Data categories: | Applicant and employee data and contact details |
| Recipients of the data: | (IT) service providers |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Adequacy decision(s)) |
| Purpose of processing: | Advertising and personalized marketing measures, analysis and performance measurement, and optimization of products and/or services |
| Legal basis: | Art. 6 (1) sentence 1 letter f GDPR |
| Legitimate interests: | Design, operation, and availability of digital products, advertising and image enhancement, market and opinion research, customer acquisition, customer retention, customer recovery |
| Data categories: | Master data, contact data, content data, usage data, connection data, and, if applicable, location data |
| Recipients of the data: | Platform operators and media (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn")) |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Standard data protection clauses and adequacy decisions) |
| Purpose of processing: | Advertising and personalized marketing measures, analysis and performance measurement, and optimization of products and/or services. |
| Legal basis: | Art. 6 (1) sentence 1 letter f GDPR. |
| Legitimate interests: | Design, operation, and availability of digital products, advertising and image enhancement, market and opinion research, customer acquisition, customer retention, customer recovery. |
| Data categories: | Master data, contact data, content data, usage data, connection data, and, if applicable, location data. |
| Recipients of the data: | Platform operators and media (Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland ("Google")). |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Standard data protection clauses and adequacy decisions) |
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement, user, prospect, and/or customer support, and optimization of products and/or services
Legal basis: Art. 6(1)(f) GDPR
Legitimate interests: Design, operation, and availability of digital products, advertising and image enhancement, market and opinion research, customer acquisition, customer retention, customer recovery
Data categories: Master data, contact data, content data, usage data, connection data, and, if applicable, location data
Recipients of the data: Platform operators and media (Docker, Inc., 3790 El Camino Real # 1052, Palo Alto, CA 94306 ("Docker Hub"))
Intended transfer to third countries: In individual cases, data is transferred to third countries.
(Standard data protection clauses)
GitHub Channel
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement, user, prospect, and/or customer support, and optimization of products and/or services
Legal basis: Art. 6(1)(f) GDPR
Legitimate interests: Design, operation, and availability of digital products, advertising and image enhancement, market and opinion research, customer acquisition, customer retention, customer recovery
Data categories: Master data, contact data, content data, usage data, connection data, and, if applicable, location data
Recipients of the data: Platform operators and media (GitHub B.V Prins Bernhardplein 200, Amsterdam 1097JB, Netherlands or GitHub, Inc. 88 Colin P. Kelly Jr. St. San Francisco, CA 94107 United States ("GitHub"))
Intended transfer to third countries: In individual cases, data is transferred to third countries.
(Standard data protection clauses and adequacy decisions)
Discord Server
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement, user, prospect, and/or customer support, and optimization of products and/or services
Legal basis: Art. 6(1)(f) GDPR
Legitimate interests: Design, operation, and availability of digital products, advertising and image enhancement, market and opinion research, customer acquisition, customer retention, customer recovery
Data categories: Master data, contact data, content data, usage data, connection data, and, if applicable, location data
Recipients of the data: Platform operators and media (Discord Netherlands BV, Schiphol Boulevard 195, 1118 BG Schiphol, Netherlands, or Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA ("Discord"))
Intended transfer to third countries: In individual cases, data is transferred to third countries.
(Standard data protection clauses and adequacy decisions
In the cases listed below, we are joint controllers within the meaning of Articles 4(7) and 26 GDPR. You are free to contact any of the joint controllers directly with your request. Depending on the specific agreement on data subject rights with the other controller, we will forward your request to the other controller.
Operation of the LinkedIn page(s):
In the context of operating our LinkedIn page, we are jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The essence of the agreement can be found here: https://legal.linkedin.com/pages-joint-controller-addendum
LinkedIn is responsible for implementing your rights as a data subject. LinkedIn will inform you about your rights as a data subject at: https://www.linkedin.com/legal/privacy-policy
The terms used in this privacy policy (e.g., data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the "Definitions" section.
From the GDPR
This privacy policy uses the terms from the text of the GDPR. The definitions (Art. 4 GDPR) can be found, for example, at eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679. The definition of health data can be found in Art. 4 No. 15 GDPR. If other special categories of personal data are processed, you will find explanations in Articles 4 and 9(1) GDPR. If the data processed is personal data relating to criminal convictions and offenses, you will find information on this in Article 10 GDPR.
Additional definitions
Data categories
When we specify the categories of data processed, this refers in particular to the following data:
Master data (e.g., names, addresses, dates of birth)
Contact details (e.g., email addresses, telephone numbers, messenger services)
Content data (e.g., text entries, photographs, videos, contents of documents/files)
Contract data (e.g., subject matter of the contract, terms, customer category)
Payment data (e.g., bank details, payment history, use of other payment service providers)
Usage data (e.g., history on our website, use of certain content, access times, contact or order history)
Connection data (e.g., device information, IP addresses, URL referrers)
Location data (e.g., GPS data, IP geolocation, access points)
Diagnostic data (e.g., crash logs, website/app performance data, other technical data for analyzing malfunctions and errors)
Applicant and employee data (e.g., employment history, working hours, vacation time, periods of incapacity to work, appraisals, training and further education, social data, bank details, social security number, health insurance/ health insurance number, salary expectations and salary data, tax identification number, certificates and documents, working hours, public offices held, social security data, data on occupational integration management)
The data categories listed above may constitute social data within the meaning of Section 67 (2) SGB X.
Purposes of data processing
In the following sections, we list the purposes pursued as categories of purposes for the sake of clarity and readability.
In some cases, there may be overlaps with our "legitimate interests" (see definitions below). This is in the nature of things.
Unless otherwise specified, the purposes are to be understood as follows:
Advertising and personalized marketing measures: This includes, for example, the launch of public and, where applicable, restricted-access websites, apps, and/or external pages for general information about our products/services (e.g., general website about our company, press pages, social media pages), personalized communication with users, interested parties, and/or customers (e.g., newsletters), display of (personalized) recommendations and advertising measures (e.g., personalized newsletters, display of advertising on other websites, search engines, social media pages, and/or apps, as well as in advertising networks in general), Merging and linking data (possibly involving other parties such as publishers in advertising networks) to ensure commission claims for advertising material.
Security and emergency management: all processes that serve to ensure compliance with the relevant safety requirements and the prevention and/or handling of accidents and emergencies in the respective context are recorded, such as access controls, video surveillance, logging, evacuation, rescue of persons, and damage limitation.
Analysis and performance measurement as well as optimization of products and/or services: Includes, for example, opinion polls and voting, comparative tests (so-called A/B testing), analysis and (usually aggregated) evaluation of user, prospect, and/or customer behavior in the online and/or offline area (e.g., through click paths, mouse movements, and heat maps), analysis and evaluation of the success of general and, where applicable, personalized marketing measures, and the needs-based design of our (digital) products and services based on the analyzed demand and/or usage behavior.
Order fulfillment and contract management: This includes all processing operations necessary to fulfill the relevant orders/contracts, such as the processing of master and contact data to fulfill customer orders, payment processing, including any necessary transfer of data to payment service providers, the processing of returns, and license verification.
Operation and further development of internal IT systems: This includes, among other things, user management, authentication, and technical logging, as well as IT support and the further development and adaptation of systems and the associated processing of personal data. This applies regardless of whether the IT systems are operated by the controller itself or by a service provider (processor).
| Purpose of processing: | Advertising and personalized marketing measures, analysis and performance measurement, and optimization of products and/or services. |
| Legal basis: | Art. 6 (1) sentence 1 letter f GDPR. |
| Legitimate interests: | Design, operation, and availability of digital products, advertising and image enhancement, market and opinion research, customer acquisition, customer retention, customer recovery. |
| Data categories: | Master data, contact data, content data, usage data, connection data, and, if applicable, location data. |
| Recipients of the data: | Platform operators and media (Docker Inc., 144 Townsend Street, San Francisco, CA 94107, United States) |
| Intended transfer to third countries: | In individual cases, data is transferred to third countries. (Standard data protection clauses and adequacy decisions) |
We have established a joint controller relationship (Art. 26 GDPR) with LinkedIn for the LinkedIn profile page. Information on your rights and the joint responsibility can be found in the LinkedIn Page Insights Joint Controller Addendum.
We have established a joint controller relationship (Art. 26 GDPR) with YouTube for the YouTube channel page. Information on your rights and the joint responsibility can be found in the YouTube Data Processing Terms.
The following terms describe categories of personal data:
In the following sections, we list our purposes as categories for the sake of clarity and readability:
The legitimate interests listed are to be understood as follows:
The following categories of recipients may receive personal data:
| Purpose of processing: | Analysis and performance measurement as well as optimization of products and/or services, advertising, and personalized marketing measures |
| Legal basis: | Section 25 (1) TDDDG |
| Data categories: | Connection data, usage data, content data if applicable |
| Recipients of the data: | IT service providers |
| Intended transfer to third countries: | None |