IANUA Market Limited:
197-213 Oxford Street
10947868, Companies House, United Kingdom
I. Name and address of the responsible party
The responsible party in terms of the General Data Protection Regulation and other national data protection acts as well as other statutory regulations regarding data protection is:
IANUA Market Limited
Jubilee House, 197-213 Oxford Street, London
Contact Email: firstname.lastname@example.org
II. General data processing
1. Extent of processing personal data
Principally, we process personal data of our users only when it is a requirement for providing a functioning website along with our contents and services. The processing of personal data of our users takes place periodically and exclusively after the consent of the user. An exemption is in force for such cases, where a prior obtaining of a consent is not possible for actual reasons and where the processing of the data is permitted by law.
2. Legal basis for processing personal data
When we obtain a consent from the person in question to process their personal data, art. 6 par. 1 lit. a European General Data Protection Regulation (GDPR) serves as the legal basis.
In terms of processing personal data, which are necessary to fulfill a contract, whose signatory party is the person in question, art. 6 par.1 lit. b GDPR serves as the legal basis. This applies also to processes, that are necessary to execute pre-contractual measures. As far as processing of personal data is necessary to execute legal obligations, art. 6 par.1 lt. c serves as the legal basis.
In case that vital interests of the person in question or any natural person require to process personal data, art. 6 par. 1 lit. d GDPR serves as the legal basis.
As far as the processing is necessary to protect a legitimate interest of our company or of a third party and the interests, civil rights and fundamental liberties of the person in question outweigh the first-mentioned interest, art. 6 par. 1 lit. f GDPR serves as the legal basis for processing.
3. Data erasure and length of storage
The personal data of the person in question will be erased or restricted, as far as the purpose of the storage lapses. A storage can take place further, if it is required by the European or national legislator in European legal regulations, laws or other regulations, the person responsible is subject to. A restriction or erasure of data takes place even if a deadline prescribed by the mentioned norms expires, unless there is a requirement to save data for a contract closing or a fulfillment of a contract.
III. Provision of the website and the creation of Logfiles
1. Description and extend of data processing
With every view of our website, our system automatically collects data and information of the computer system of the viewing device.
The following data will be collected:
(1) Information about the type of browser and the used version
(2) The operating system of the user
(3) The internet service provider of the user
(4) The IP address of the user
(5) Date and time of day of the access to the website
(6) Websites, from which the user is forwarded to our website
(7) Websites that are viewed by the system of the user via our website
The data will be stored in the logfiles of our system as well. A storage of these data, along with other personal data, does not take place.
2. Legal basis for processing data
Legal basis for the temporary storage of data and the logfiles is art. 6 par. 1 lit. f GDPR.
3. Purpose of processing data
The temporary storage of the IP address by the system is necessary to enable a distribution from the website to the computer of the user. For this purpose, the IP address from the user needs to be stored.
The storage in logfiles takes place, to ensure operability of the website. Furthermore, the data serve us for optimisation of our website and for securing safety of our information technology systems. An analysis of data for marketing purposes does not take place.
In these purposes lays our legitimate interest for data processing in accordance with art. 6 par. 1 lit. f GDPR.
4. Length of storage
The data will be erased, once they are obsolete for the achievement of the purpose of their collection. In case of the collection of data to provide the website, it is the case when the respective session is over.
In case of storage of data in logfiles, it is the case after no later than seven days. In this case, the IP addresses of the users will be erased, or defamiliarised, so that an attribution of the viewing Client is not possible anymore.
5. Possibility to withdraw
The collection of data in displaying the website and the storage of data in logfiles is necessary to operate the website. Hence, there exists no possibility to withdraw from that, on behalf of the customer.
IV. Usage of cookies
a) Description and extent of the data processing
In the cookies the following data are stored and transferred:
(1) Login information
b) Legal basis for processing data
The legal basis for processing personal data using cookies is art. 6, par. 1 lit. f GDPR
c) Purpose of processing data
The purpose of using technical necessary cookies, is to simplify the use of the website for users. Several functions of our website cannot be provided without using cookies. For these functions it is essential that the browser is recognised after a change of website page.
We need cookies for the following applications:
Login information (Email address and password)
The user data collected by technical required cookies are not used to build a user profile.
The use of analysis cookies takes place for the purpose to improve our website and its contents. Through the analysis cookies we get to know, how our website is used and are able to optimise our services.
For these purposes lays our legitimate interest to process personal data in accordance with art. 6 par. 1 lit f GDPR.
e) Length of storage and deletion
1. Description and extent of data processing
On our website, we offer users the possibility to register with addition of personal data. The data are keyed in through an input mask and are transferred to us and stored. A transfer of data to third parties does not take place. The following data are collected in the process of registration:
(1) First- and surname
(2) E-mail address
At the time of the registration, the following data are stored.
(1) Date and time of day during registration
(2) Mailing list subscription preferences
As part of the registration progress, a consent of the user to process these data will be obtained.
Our website uses the service from MailChimp for the storage of mailing list subscriptions and sending of email newsletters. The provider of this service is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service with which, among other things, the dispatch of newsletters can be organised and analysed. If you enter data for newsletter subscription purposes (e.g. e-mail address), it will be stored on MailChimp’s servers in the USA.
MailChimp is certified according to the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA that is intended to ensure compliance with European data protection standards in the USA.
MailChimp enables us to analyse our newsletter campaigns. When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web beacon) connects to the servers of MailChimp in the USA. In this way it can be determined whether a newsletter message has been opened and which links have been clicked. In addition, technical information is collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want an analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
Data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the MailChimp servers after unsubscribing from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
You can find more details in the MailChimp data protection regulations at: https://mailchimp.com/legal/terms/.
Conclusion of a Data Processing Agreement
We have concluded a so-called “Data Processing Agreement” with MailChimp, in which we commit MailChimp to protect the data of our customers and not to pass it on to third parties. This contract can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing- agreement/sample-agreement/.
2. Legal basis for data processing
Legal basis for processing data in case of a consent of the user is art. 6 par. 1 lit.f GDPR.
3. Purpose of data processing
A registration of the user is necessary to keep available certain contents and services.
The registration is necessary to display the entire functionality of the website (E-Mail notifications). Registrations enable Ianua to verify the identity of the users and when necessary to exclude users. After the registration of the user, either follows i) the erasure of the data from trade.ianua.market if the user does not obtain access to Ianua, or ii) the anonymisation of personal data like first- and surname and company. The email address and phone number remain, in addition to date and time of the day and last login (Date and time of the day). After the user tested the system (usually 30 days or longer as requested from the customer or Ianua), the data including email address, phone number, company (anonymised), first- and surname (anonymised) as well as the last activities, date of the registration and the last login at demo.ianua.market are erased.
4. Length of storage
The data are erased, as soon as they are a no longer necessary to their purpose of collection. This is the case for the collected data during the process of registration, if the registration on our website is abolished or altered.
5. Possibility to withdraw
As a user you have at any time the possibility to withdraw registration. The data, which are stored about you, can be altered anytime.
Anytime, the users can make a written application to email@example.com or to the above-mentioned address for erasure of their account and/or for alteration of their data.
VII. Rights of the person in question
If personal data from you are processed, you are the person in question for the purpose of GDPR and the following rights appertain to you:
1. Right to information
You can request confirmation from the person in authority, if personal data, which are affecting you, are processed by us.
If such a processing is existing, you can request to obtain information about:
(1) The purpose, on which personal data can be processed;
(2) The categories of personal data, which are processed;
(3) The recipient e.g. the categories of recipients, towards which the data relating to you got revealed, or will be revealed;
(4) The planned length of storage of the personal data relating to you, or, if concrete statements regarding that are not possible, criteria for the determination of the length of storage;
(5) The existence of a right to correct or to erase the personal data relating to you, a right of restriction of processing through the person in authority or a right to withdraw this processing;
(6) The existence of a right of complaint at a regulating authority;
(7) All available information about the origin of the data, if the personal data are not collected at the person in question;
(8) The existence of an automatised decision making including profiling in accordance with art. 22 par. 1 ad 4GDPR and – at least in these cases – comprehensive information about the involved logic as well as the scope and the intended consequences of such a processing for the person in question;
You have the right, to request information, if the personal data relating to you are transferred to a third-party country or to an international organisation. In this context, you can require to be briefed about the suitable guarantees in accordance with art. 46 GDPR.
2. Right to correction
You have the right of correction and/or completion towards the person in authority, as long as the personal data processes, which are relating to you, are incorrect or incomplete. The person in authority is obliged to do the correction immediately.
3. Right to restriction the processing
Under the following requirements, you can request to restrict the processing of data relating to you:
(1) If you deny the correctness of the personal data relating to you, which enables the person in authority to verify the correctness of the personal data;
(2) the processing is illegitimate and you decline the erasure of the personal data and instead request a restriction of the use of the personal data;
(3) the person in authority no longer needs the personal data for the purpose of processing, however you need those data to raise a claim, to execute or to defend titles or
(4) when you withdraw the processing in accordance with art. 21 par. 1 GDPR, without certainty, whether the justified reasons of the person in authority outweigh yours.
If processing the data relating to you was restricted, these data, apart from your storage – can be only processed with your consent, or to raise a claim, to execute or to defend titles or to protect the rights of another natural or legal person, or for reasons of an important public interest of the union or a member state.
If the restriction of processing was restricted in accordance with the above mentioned requirements, you will be briefed before the restrictions will be overturned.
4. Right to erasure
a) Obligation to erase
You can request to erase the relevant personal data relating to you of the person in authority immediately, and the person in authority is obliged to erase these data immediately, as long as one of the following reasons is accurate:
(1) The personal data relating to you are no longer necessary for purposes they have been collected or processes in any way.
(2) You withdraw your consent in accordance with art. 6 par. 1 lit. a or art. 9 par. 2 lit. a GDPR, where processing relied in, and an otherwise legal basis for processing is absent.
(3) You withdraw processing in accordance with art. 21 par. 1 GDPR and no prior justified reason for processing exist. Or you withdraw processing, in accordance with Art. 21 pat. 2 GDPR.
(4) The personal data relating to you was processed illegitimate.
(5) The erasure of the personal data relating to you is necessary to fulfil a legal obligation in accordance with European legislation or the legislation of the member states, is subject to the person in authority.
(6) The personal data relating to you were collected in terms of offered services of an information society in accordance with art. 8 par. 1 GDPR.
b) Information to third parties
As long as the person in authority made the relevant personal data public and as long as he is obliged to the erasure of those, in accordance with art. 17 pat. 1 GDPR, he takes appropriate measures, also in a technical way, with reference to the available technology and the costs of implementing, to inform the person in authority of the data processing, that you as the person in question requested the erasure of all links to these personal data or of all copies and replications.
The right to erasure does not exist as long as processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation, that is subject to processing in accordance with the legislation of the European union or the member states, the person in authority is subject to, requires, or, to exercise a task, that is in the public interest or to exercise public legislature, that was brought forward to the person in authority;
(3) for reasons of the public interest in regarding public health in accordance with art. 9 par. 2 lit. h and as well as art. 9 par. 3 GDPR;
(4) on behalf of the public interest arising purposes of archiving, scientific research purposes or for statistical purposes in accordance with art. 89 par. 1 GDPR, as long as the right mentioned in section a) probably rules out the achievement of the goals of processing or impacts them seriously, or
(5) to enforce, exercise, or defend titles.
5. Right to instruction
If you exercised the right to instruction, erasure or restriction of processing towards the person in authority, this person is obliged to make the correction or erasure of the data or the restrictions of processing, to all recipients, where the relevant personal data were published, unless this is unachievable or with disproportionate effort.
Towards the person in authority, you have the right to be briefed about these recipients.
6. Right of transfer of data
You have the right to receive the relevant personal data relating to you, that was provided to the person in authority, in a structured, on machine-readable format.
Furthermore, you have the right to transfer these data to another person in authority, without being impeded by the person in authority, you provided the personal data, as long as
(1) Processing is based on a consent in accordance with art. 6 par. 1 lit. a GDPR or art. 9 par. 2 lit. a GDPR or on a contract in accordance with art. 6 par. 1 lit. b GDPR
(2) Processing takes place along with automatised procedures.
In exercising this right, you have further the right to obtain, that the relevant personal data will be transferred directly form one person in authority to another person in authority, as long as this is feasible. Liberties and rights of other persons are not allowed to be affected negatively.
The right of transfer of data holds not for processing personal data, which are required to exercise a task for the public interest or takes place in exercising public legislature, that was transferred to the person in authority.
7. Right to withdraw
Anytime, you have the right, for reasons that result from special situations, to withdraw the processing of personal data relating to you, that occurred in accordance with art. 6 par. 1 lit. e or f GDPR; this also applies for profiling based on these regulations.
The person in authority processes the relevant personal data no longer, unless he can prove reasons worth being protected, which outweigh your interest, rights and liberties, or the processing serves to raise of a claim, to exercise or to defend a claim.
If the relevant personal data are processed to operate direct marketing, you have the right at any time, to withdraw the processing of the personal data relating to you for marketing purposes; this also applies for profiling as long as it is connected with direct marketing.
If you withdraw the processing for purposes of direct marketing, the personal data relating to you will be processed no longer. You have the possibility, in context of the use of Services of information societies – regardless of guideline 2002/58/EG – to exercise your right to withdraw through automatised procedures, where technical specifications are used.
8. Right to withdraw the declaration of consent of the Data Security Policy
Anytime, you have the right to withdraw your declaration of consent to the data Security Policy. Through withdrawing the declaration of consent, the processing until the withdraw is not affected.
9. Automatised decision in individual cases including profiling
You have the right not to be exclusively subject to an automatised processing – including profiling – depending decision, that develops legal impact for you or heavily affects you negatively in a similar way. This does not apply if the decision
(1) is necessary for closing or fulfilling a contract between you and the person in authority,
(2) is legitimate on the ground of the legislation of the European union, the person in authority is subject to and the legislation contains appropriate measures to protect their rights and liberties as well as their justified interest or
(3) which take place with your explicit consent.
Nevertheless, these decisions are not permitted to depend on special categories in accordance with art. 9 par. 1 GDPR, as long as art. 9 par. 2 lit. a or g GDPR does not hold and appropriate measures to protect the rights and liberties as well as their justified interests took place.
Concerning to the cases mentioned in (1) and (3), the person in authority takes appropriate measures, to protect the rights and the liberties as well as their justified interests, wherefore at least the right to obtain the intervention of a person on behalf of the person in authority, to demonstrate the own stance and to refute the decision, belongs to.
10. Right to complaint at a regulating authority
Regardless of alternative redress procedure in terms of administrative or judicial law, you have the right to complaint at a regulating authority, especially in the member state of your location of residence, your job, or the location of the suspected violation, if you have the view, that the processing of the personal data relating to you violates the GDPR.
The regulating authority, where the complaint was filled, briefs the appellant about the stage and the results of the complaint including the possibility of a judicial redress procedure.