Data protection Version, September 2024 Protecting your privacy is very important to us. Below we will inform you in detail about how your data is handled. Collection, processing and use of personal data You can visit our site without providing any personal information. We only store access data (technical information) without personal reference - even if the visit may take place via newsletter links - e.g. - the name of your Internet service provider - the page from which you visit us - the name of the requested file - Information about browser type and version used - The user's operating system This data is evaluated exclusively to improve our offering and for network security purposes, for example in order to be able to combat attacks, and does not allow any conclusions to be drawn about your person. We collect, store and process your data for the order processing of your purchase and possible subsequent warranty processing as well as for advertising purposes (e.g. reminders of expiring certificates by email or telephone). Personal data is collected if you voluntarily provide it to us when ordering goods or when opening a customer account or registering for the newsletter, agreeing to this use and only to the extent that it is necessary. This therefore results in a legitimate interest in accordance with Art. 6 I f GDPR. Use of cookies We use so-called cookies on our website. Cookies are small files that are stored on your data carrier and store certain settings and data for exchange with our system via your browser. This storage helps us to design the website accordingly for you and makes it easier for you to use, for example by saving certain entries you make so that you do not have to repeat them constantly. Your browser allows you to make restrictive settings for the use of cookies, which may result in our offering no longer working for you or to a limited extent. Cookies can also be deleted there. Session cookies The session cookies (also called session cookies) are deleted after you close your browser. Data security When you enter a payment method, your payment data will be transmitted once, encrypted, over the Internet to our payment service provider. We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification and distribution of your data by unauthorized persons. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others. Legal basis for processing personal data To the extent that we obtain the consent of the data subject for processing personal data, Art. 6 I a GDPR serves as the legal basis for the processing of personal data. When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 I b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If you carry out orders for third parties, you expressly guarantee the lawfulness of the processing within the meaning of Article 6 GDPR. The same applies if data is entered by employees of your company when ordering. If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 I c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 I d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 I f GDPR serves as the legal basis for the processing. In this case, our legitimate interests, in addition to the purposes listed above, are: - Protection of the company from material or immaterial damage - The professionalization of our products and services - Cost optimization We also process personal data in order to comply with commercial or tax retention obligations. For statutory or contractual requirements, we have marked the respective input fields in the input masks on our website that you must fill out so that we can provide the service you require. Contact person for data protection If you have any questions about the collection, processing or use of your personal data, information, correction, blocking or deletion of data or revocation of consent given, please contact our contact person for data protection: Rudolf Fiedler c/o DPP Data Protection GmbH To Gottschalkhof 2 60594 Frankfurt am Main Tel.: +49 (0)69 175366960 Email: datenschutz@regfish.de Web tracking tool Google Analytics with the “anonymize IP” extension This website uses Google Analytics for web analysis. This is a service provided by Google Inc. (“Google”) Google Analytics uses “cookies”. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google observes the data protection regulations within the framework of the GDPR and a corresponding contract exists in this regard. Google will use this information to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with other Google data. You can prevent the installation of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to fully use all of the functions of this website. If you do not want information about your website visit to be transmitted to Google Analytics, you have the option of installing a “deactivation add-on” for your browser. We have also made settings whereby Google Analytics deletes the last part of the IP addresses of visitors to our website. This means that we do not come into possession of any data that would allow us to draw conclusions about you personally. Data deletion and storage period The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies or is no longer necessary. It may happen that personal data is stored for the period in which claims can be asserted against our company (legal limitation periods can range from three to thirty years). Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Corresponding proof and storage obligations arise from, among other things, the Commercial Code, the Tax Code and the Money Laundering Act. The storage periods are then up to ten years. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract. Disclosure of personal data to third parties Your personal data will be passed on to service providers/suppliers we use to carry out the order (e.g. certification authorities). They are obligated to process data on orders through contracts and are regularly checked by us. We may also be legally obliged to make personal data available to German and international authorities. The legal basis for this is Art. 6 I c GDPR in conjunction with local and international regulations and agreements. When ordering SSL certificates, SMIME certificates, CodeSigning certificates or similar products, as well as domains and associated services, in order to fulfill the contract, it is necessary, among other things, to transmit personal data to the respective certification authority (hereinafter CAs, or registries) in order to carry out the respective order. When ordering SSL certificates, there are always direct contracts between the certificate holder and the CA, and in the case of domain registrations, in most cases there are direct contracts between the registry and the domain holder. In this context, depending on the respective CA or registry, it may happen that data is transferred to third countries, even if an adequate level of data protection is not guaranteed. Furthermore, data may be publicly viewable via certain browser functions or Whois databases. The client expressly agrees to the transfer of data for the above-mentioned points. He assures that the processing is admissible in accordance with Art. 6 I GDPR and that the transfer can also take place to third countries for reasons in accordance with Art. 49 GDPR, whose level of protection cannot be guaranteed by the contractor. The client is generally aware of which registries are located in which country. Consequently, the contractor assumes no liability in these cases. Right to object in accordance with Art. 21 GDPR You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 I e or f GDPR; This also applies to profiling based on these provisions. The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes. In connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications Rights of the data subject It is important to our company to make our processes for processing personal data transparent. We would therefore like to point out that in addition to the right to object, you can exercise other rights if the relevant legal requirements are met: Right to information in accordance with Art. 15 GDPR Right to correction in accordance with Art. 16 GDPR Right to deletion (“right to be forgotten”) in accordance with Articles 17 and 19 GDPR Right to restriction of processing in accordance with Art. 18 GDPR Right to information in accordance with Art. 19 GDPR Right to data portability in accordance with Art. 20 GDPR (no) automated decision in individual cases including profiling in accordance with Art. 21 GDPR To exercise your rights, you can contact datenschutz@regfish.de by email. In order to be able to process your application and for identification purposes, we would like to point out that we process your personal data in accordance with Art. 6 I c GDPR. Consent You have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation. In some cases, despite the revocation, we are entitled to continue processing your personal data on another legal basis (to fulfill a contract). Right to complain to a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR. The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 GDPR. The Hessian data protection officer PO Box 3163 65021 Wiesbaden Email: poststelle@datenschutz.hessen.de