according to Art. 13 General Data Protection Regulation (GDPR) Data protection has a high value for us. By this data protection declaration, we would like to clarify your rights concerning personal data. Furthermore, we would like to inform you about the type, scope and purpose of the data collected and processed by us: First of all, we would like to briefly point out the most important aspects of data protection at Smart Places. In the second part, you will find explanations that are more detailed on data protection issues.
Responsible within the meaning of the General Data Protection Regulation (GDPR) is: The company: Smart Places Association, Rheineckerstrasse 12, 9425 Thal SG, Schweiz, E-mail: info@smartplacesprotocol.io. If you have any questions or suggestions regarding data protection, you can contact us directly at any time.
You have the right to obtain information about what we have stored about you. Should your data stored by us be incorrectly, you may request correction or deletion of these data. In addition, you may request that these data are locked and thus further processing by us may only be carried out with your consent.
You also have the right to object to the further processing of your data at any time for reasons arising from your particular situation. Furthermore, if you wish, we will make the data you provided available to you for your further use. At your request, we will also send them to a recipient to be designated by you.
Furthermore, you have the right to revoke your consent to the processing of your personal data at any time. This does not affect the legality of the processing that took place until the revocation.
You are also entitled to complain to a supervisory authority.
The personal data collected by us during your visit to our website will be processed and used within our business scope regarding our ambitioned bockchain project. Processing or use of the data collected by us and communicated by you takes place exclusively for the fulfilment of the aforementioned purposes either by us, our affiliated companies and companies commissioned by us for data processing ("contract processors"), provided that these also meet the data protection requirements of the GDPR. (For the processing of data collected on our websites not from us but from third parties, see below: "Who receives my data?")
In addition, your data will only be collected, processed and used for other purposes (market research, consulting and information/advertising, including newsletters) if you have given us your corresponding consent or if the processing in accordance with Art. 6 para. 1 letters b-f GDPR is required, for example to protect the vital interests of natural persons or in the public interest.
We do not intend to use your personal data for any purpose other than that for which they were collected.
We do not carry out profiling within the meaning of Art. 4 GDPR with your data.
A use of the Internet pages of Smart Places is basically possible without active specification of personal data. An exception to this are the following elements on our web pages:
We have set cookies on our website in order to increase the convenience and functionality of our website for you. A typical field of application for cookies is the storage of a certain (login) status during web use, so that a user does not have to log in again for each sub-page of a website. In order to be able to distinguish between different users, a unique identifier is usually stored in a text cookie. The identification stored in the cookie has no personal reference per se. It becomes relevant under data protection law as soon as personal data are stored in a cookie or a link is established between the cookie ID and personal data. Depending on function and intended use, a distinction is made between five categories of cookies:
1. Essential cookies: This type of cookie is required for navigation on the website and for providing the basic functions of the website.
2. Functional cookies: Functional cookies enable the website to store information provided by the user during the visit (login, user name, language and location selection) in order to offer the user a simplified, extended range of functions when he visits the website again.
3. Performance Cookies: Performance cookies serve to improve the user experience by increasing user-friendliness. For this reason, performance cookies collect information about how the website is used (e.g.: Information on the operating system, the browser used, the number of visits, the pages called up in this context and the average length of stay).
4. Analysis cookies: The cookies serve the operator of the website to understand which preferences and search terms are used to access the main and sub-pages of the website.
5. Marketing cookies: Marketing cookies serve the goal of generating added value for the user through relevant content that is tailored to his or her individual interests. This cookie type is also used to measure and control the effectiveness of advertising campaigns. In addition to the frequency of site visits, the marketing cookies also record the duration of use and stay with regard to the content offered. Marketing cookies are also gladly linked to page functionalities of third parties. The information collected in this way may be passed on to third parties, such as the operator of the website.
However, you can prevent the setting of cookies at any time by means of the corresponding settings of your Internet browser and thus permanently object to this. You can use your browser settings to delete individual cookies that have already been saved or the entire cookie inventory. In the following we have compiled links to information and instructions that describe the browser settings to be made in detail and in relation to the provider:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/kb/PH21411?locale=de_DE&viewlocale=en_US
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
You can also individually manage the cookies of many companies and features used for advertising.
In addition, a large number of browsers have already implemented a "Do-Not-Track function" with which you can specify that you do not want to be "tracked" by websites. By enabling this feature, your browser tells advertising networks, websites and applications that you do not want to be tracked for behaviour-based advertising and the like.
You can also prevent scripts from being loaded by default. NoScript allows JavaScript, Java and other plugins to be executed only on trusted domains of your choice. For information and instructions on how to edit this feature, please contact the provider of your browser.
Our Internet pages collect a series of general data with each call, above all of a technical nature, which is stored in the log files of the server. Among the data collected are the browsers and versions used, the operating system used, the website or sub-website from which you access our website (so-called referrer), the date and time of your access, your IP address and your Internet service provider. The collection of the data serves the optimised functionality as well as the security of our web offer. The server log files are stored separately from personal data collected specifically for statistical purposes. We do not evaluate the information in order to draw conclusions about your person.
If you visit our Facebook page, we will not collect personal information from you, unless you post on our Facebook page, comment on posts on our Facebook page. Page, use the Like feature, write us a Facebook message or use other Facebook offers to interactively connect to our Facebook page. In such cases, you will provide us with your username, your profile photo and any other information that is made public on your Facebook profile. We do not store any of this data additionally, unless you make requests to us that require storage for further processing. As soon as this purpose and possible legal retention periods cease to apply, we will delete your data.
We have no influence on the processing of your data by Facebook itself. For more information, please read Facebook's privacy policy: https://www.facebook.com/privacy/explanation
When you visit the Instagram Profile of the Smart Places, we do not collect any personal information from you unless you comment on contributions on our Instagram Profile, use the Like feature, write us an Instagram message, or use other Instagram offerings to interactively connect with our Instagram Profile. In these cases, you will disclose your username, profile photo, and any other information published on your Instagram profile to us. We do not store any of this data additionally unless you submit requests to us that require storage for further processing. We will delete your data as soon as this purpose and possible legal retention periods no longer apply. We have no influence on the processing of your data by Instagram itself. To find out more, please read Instagram's Privacy Policy: https://help.instagram.com/155833707900388
If you visit the Youtube channel of Smart Places we do not collect any personal data from you, unless you comment contributions on our Youtube channel, write us a message about Youtube or use other offers of Youtube to interactively connect with our Youtube channel. In such cases, you will disclose to us your username, profile picture, posts on your own Youtube channel and any other information made public on your Youtube channel. We do not store any of these data in addition, unless you submit requests to us that require storage for further processing.
We will delete your data as soon as this purpose and possible legal retention periods no longer apply. We have no influence on the processing of your data by Youtube itself. To find out more, please read Youtube's privacy policy: https://www.youtube.de/t/privacy
We have no influence on the processing of your data by Instagram itself. To find out more, please read Instagram's Privacy Policy: https://help.instagram.com/155833707900388
If you visit the Twitter profile of Smart Places, we do not collect any personal data from you, unless you comment posts on our Twitter profile, use the like function, write us a Twitter message or use other Twitter offers to interactively connect with our Twitter profile. In such cases, you will provide us with your username, your profile photo and any other information that is made public on your Twitter profile. We do not store any of this data additionally, unless you make requests to us that require storage for further processing. As soon as this purpose and possible legal retention periods cease to apply, we will delete your data.
We have no influence on the processing of your data by Twitter itself. For more information, please read Twitter's privacy policy: https://help.twitter.com/de/rules-and-policies/update-privacy-policy
Contact form
If you contact us via the contact form, your personal data will be transmitted to us via SSL and automatically saved for processing or contacting purposes. This personal data will not be passed on to third parties.
Online applications for job advertisements of Smart Places can be sent to us by e-mail, via the speculative application form or via the input forms of the online job exchange you use. We place the highest value on demonstrable compliance with the GDPR. For this reason, your applicant data will be deleted after six months, unless you have agreed to your data being processed for a longer period of time. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution.
The data collected from you will be stored by us for the duration of the business relationship, taking into account existing retention periods.
We collect and store the data provided by you for the fulfilment of the contract to be concluded and implemented with you. In all other respects, we are obliged to do so in accordance with tax regulations.
We collect and store the data provided by you for the fulfilment of the contract to be concluded and implemented with you. In alUse of the Internet pages of us is basically possible without active specification of personal data. If a data subject wishes to make use of special services of our company via our website (e.g. the use of the contact form), the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, the data subject generally must consent to us processing their data.l other respects, we are obliged to do so in accordance with tax regulations.
The processing of personal data, such as the name, address, email address or telephone number of a data subject, always takes place in accordance with legal requirements.
We have implemented numerous technical and organisational measures as the responsible party for the processing of personal data in order to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Due to legal regulations, the website of us contains information which enables quick contact to our company as well as direct communication with us. If a data subject contacts the responsible person by email or via a contact form, any personal data transmitted by the data subject is automatically stored.
Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties. This data will be deleted once the purpose has been achieved, unless legal or official storage obligations intervene.
Art 6 I (a), GDPR serves our company as a legal basis for processing operations through which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I b GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person.
In addition, processing operations could be based on Article 6 I (f) GDPR if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Efficient, customer-friendly and high-quality service provision is one of the most justified interests.
We collect and process the personal data of applicants for the purpose of facilitating the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the responsible person by electronic means, for example by email or via a web form on the website. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents shall be deleted after six months at the latest.
According to the GDPR, data subjects are entitled to the following rights. If you, as a data subject, wish to exercise one or more of these rights, you can contact our data protection officer or another employee of the data controller at any time.
As a person affected by the processing of personal data, you have the right to revoke your consent to the processing of personal data at any time with effect for the future. An email or other written declaration to us is sufficient for this purpose. You can send your revocation to: dpo@smartplaces.io
As a data subject affected by the processing of personal data, you have the right at any time to receive free information from the data controller about the personal data stored about you and a copy of the personal data. The right to information concerns the following information:
- the purposes of processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of a right to rectification or erasure of the personal data concerning you or of a restriction of the processing by the person responsible or of a right to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22 (I) and (IV) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third party or to an international organisation. If this is the case, the data subject has, in addition, the right to obtain information about the appropriate guarantees in connection with the transfer.
As a data subject affected by the processing of personal data, you have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
As a data subject affected by the processing of personal data, you have the right to request that the personal data concerning you be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary (i.e. the data are no longer required);
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6 (I) of the GDPR, or point (a) of Article 9 (II) of the GDPR, and where there is no other legal ground for the processing;
- The data subject objects to the processing pursuant to Article 21 (I) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (II) of the GDPR;
- The personal data havebeen unlawfully processed;
- The personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the data controller is subject;
- The personal data have been collected in relation to information society services provided in accordance with Article 8 I of the GDPR.
If the personal data has been made public by us and if our company is responsible for deleting personal data as the person responsible pursuant to Art. 17 I GDPR, we take appropriate measures to protect others for data processing, taking into account the available technology and implementation costs, to notify the persons responsible who process the personal data published, in particular the deletion of all links to these personal data or of copies or replications of this personal data, as far as the processing is not necessary. We will arrange what is necessary in individual cases.
As a data subject affected by the processing of personal data, you have the right to request the restriction of processing if one of the following conditions is met:
- The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information;
- The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data;
- We no longer need the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims;
- You have objected to the processing pursuant to Art. 21 I GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh yours.
As a person affected by the processing of personal data, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance by the controller, provided that the processing is based on the consent provided for in Article 6 I (a) GDPR or Article 9 II (a) GDPR or on a contract pursuant to Article 6 I (b) GDPR and that the processing is carried out using automated procedures or provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the data controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 I of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
As a data subject affected by the processing of personal data, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out in order to safeguard a legitimate interest of the person responsible.
This also applies to profiling based on these provisions, whereby we point out it does not carry out any profiling.
We do not process the personal data in the event of an objection, unless we can prove compelling legitimate reasons for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
If we processes personal data in order to operate direct mail, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
As a data subject, you are entitled not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against you or significantly affects you in a similar manner, provided that the decision
1. is necessary for entering into, or performance of, a contract between the you and a data controller;
2. is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
3. or with your express consent.
We do not use purely automated decision systems with regard to the processing of personal data that have a legal effect on you or significantly impair you in a similar way.
As a data subject affected by the processing of personal data, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you consider that the processing of personal data concerning you is contrary to data protection law.
With the development of data protection law, terms have become established that are not always self-explanatory. The explanations in Art. 4 GDPR are quoted in extracts below:
1. “Personal data” means all information, which relates to an identified or identifiable natural person (hereinafter “affected person”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier like a name, with an identification number, with location data, with an online identity or with one or several special features, the reflection of a physical, physiological, genetic, psychic, financial, cultural or social identity of this natural person.
2. "Processing" means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, collection, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction;
3. "Restriction of processing" is the marking of personal data stored in order to limit its future processing.
4. "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
5. "Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or an identifiable natural person.
6. A "Responsible person" is a natural or legal person, public authority, agency or other body, which either alone or with others, determines purposes and means of processing of personal data; where purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
7. An "Order processor " is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the responsible person.
8. "Recipient" means a natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.
9. A "Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the responsible person or order processor, is authorised to process personal data.
10. "Consent" of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
11. "Consent" of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.