Data Security Declaration
Your privacy is very important to Chip 1 Exchange. Therefore we are committed to protecting any information we collect and will limit its use to those purposes which we believe will assist us in better serving our customers. Please review our policy set forth below to learn more about how we collect and use personal information when visiting our website and when providing our services.
We encourage you to contact us at privacy@chip1.com should you have any questions.
1. Scope
This Data Security Declaration applies for the procession of personal information when visiting the Web-Appearance of Chip1 Exchange GmbH. Furthermore this declaration contains all relevant information with regard to the provision of our services.
It does not apply for external websites or other services. Here, the respective data security declarations are to be considered.
References to the legal framework refer to the General Data Protection Regulation (GDPR) of the European Union in the version of May 25th 2018. Additionally, the respective German national legislation (Bundesdatenschutzgesetz/BDSG) in the version of November 26th 2019 applies.
Personal Information ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 GDPR).
2. Controller
The responsible authority for the processing of data is
Chip1 Exchange GmbH
Dornhofstraße 65
63263 Neu-Isenburg
phone: +49 6102 8169-0
E-Mail: info@chip1.com
Represented by:
Volkan Sanverdi, Sasan Tabib
3. Data Protection Officer
We have appointed an external Data Protection Officer:
Ingenieurbüro Pfeil GmbH
Daniel Jahn
Alte Gärtnerei 2
04425 Taucha
Germany
Phone: + 34298 496689
E-Mail: privacy@chip1.com
4. Information regarding the processing of personal data on our Website
4.1 SSL-/TLS-Encryption
This website utilizes SSL- and/or TLS-encryption for securing personal data. A secure connection is established if the address-line in your Browser changes from “http://” to “https://” and indicates a lock-symbol. A third party is not able to read data that is transferred to our website if SSL- or TLS-encryption is enabled.
4.2 Processing of personal data when visiting our website
When visiting our website, selected personal data is automatically processed by our IT-systems. Predominantly these data is technical data (e.g. Information about your Internet browser, operating system or Time of your visit). These data are processed to ensure the functionality of our website. Furthermore, this data can be used to analyze your user behaviour and to improve our services and products.
4.3 Cookies
Our websites utilize cookies. Cookies are not causing any damage on your system and do not contain viruses. Cookies are used, to improve our services, to make it more effective and to improve security. Cookies are small Text files, that are stored in your browser.
Mostly, “Session-Cookies” are used. They are deleted after every session. Other Cookies remain stored on your device until you delete them manually. These Cookies enable us, to recognize your browser during your next visit.
You can change your browser settings, in order to be informed about the inclusion of Cookies. When deactivating Cookies, the functionality can be limited.
Cookies used when exercising the communication process or for the provision of certain functions are processed on the basis of Art. 6(1)f GDPR. We have a vital interest in the storage of cookies in order to provide functional, error-free and optimized services.
4.4 Server-Log-Files
The provider of our websites gathers and stores data automatically in so called Server-Log-Files. Your browser automatically gathers the following data:
- Visited website
- Time of the server-request
- Quantity of exchanged data
- Referrer URL
- Browser type and Browser version
- Operating system
- IP-address
The Data is used für analytic purposes and to improve our services. The Website-operator eventually an This data is not aggregated with data from other sources.
The acquisition of this data is conducted on the basis of Art. 6(1)f GDPR. We have a vital interest in the functional, error-free and optimized services on our website. Therefore, Server-Log-Files must be collected. After 7 days the data is anonymized by shortening of the IP-address on the domain-level. Backtracking of the user is no longer possible.
4.5 Google Analytics
Our websites utilize the services of the web-analytic-service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so called "Cookies". These are small text-files that are stored on your device and enable an analysis of your user behavior on our website.
The following information are processed:
- Browser-Typ/-Version,
- operating system,
- Referrer-URL (previously visited Site),
- Hostname (IP-Adress- anonymized),
- Time of server-request
The Information on your user behaviour, generated by cookies, is regularly transmitted to and stored on a Google-operated server in the USA.
The storage of Google-Analytics-Cookies und the use of analytic tools is conducted on the basis of Art. 6(1)f GDPR. We have a vital interest in the analysis of user behaviour in order to improve our services and our marketing efforts.
To protect your personal data, we have enabled IP-anonymization. Thereby your IP is shortened by Google within the member states of the EU as well as other signatories in the European Economic Area and when transferred in the U.S. Full IPs are transferred to Google servers in the U.S. and shortened there, only in exceptional cases.
On our order Google evaluates the data in order to create reports on website activities and fulfil other related services. Data gathered by Google Analytics is not merged with other data from Google.
You can prevent the storage of cookies by implementing special browser settings. Please be advised that some services may not function properly in this case. Furthermore, you can deny the acquisition of data, generated by the cookie and data regarding your use of our website (including your IP-address) as well as the transmission and procession to and by Google, by downloading and installing the following browser-plugin: https://tools.google.com/dlpage/gaoptout?hl=de.
Additional information regarding the use of personal data by Google Analytics can be found in the Data Security Declaration of Google: https://support.google.com/analytics/answer/6004245?hl=de.
User and Event related data, that is connected to cookies, user recognition Data or promotion-IDs are anonymized /deleted after 14 months. More details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de.
Google inc. Is certified in accordance with the "EU-Privacy-Shield", which ensures the fulfilment of GDPR Data processing- standards.
4.6 Hotjar
Our websites utilize the services of the web-analytic-service Hotjar. The provider is Hotjar Ltd.
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. Personal Data Collected by Hotjar is specified in their privacy policy https://www.hotjar.com/legal/policies/privacy/ .
The use of Hotjar und the use of analytic tools is conducted on the basis of Art. 6(1)f GDPR. We have a vital interest in the analysis of user behaviour in order to improve our services and our marketing efforts.
4.7 Zendesk
We use the Customer Relationship Management (CRM) service “Zendesk” on this website. The tool is operated by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. Zendesk is used to integrate contact forms and forward your inquiries to us. Using Zendesk is optional. If you do not consent to Zendesk collecting your information, we provide alternative contact options for submitting service requests by phone or mail. In order to use Zendesk, you must provide at least one correct email address. The service can also be used pseudonymised. There is no further transfer to third parties. For more information, see Zendesk's privacy policy.
In addition to this, cookies are set with the help of Zendesk. These cookies are cookies that are technically required to ensure the technical functionality of the website and to protect the website from bot-controlled attacks.
The following data can be collected and processed as part of the contact forms that are integrated with the help of Zendesk:
- E-mail address
- Surname
- Address
- With the help of Zendesk’s cookies, the following data is collected and processed:
- IP addresses.
If the data used in the contact forms is used to provide contractual services to data subjects, the legal basis for processing is Article 6 Paragraph 1 Letter b GDPR. Furthermore, Art. 6 (1) a GDPR serves as the legal basis if you have consented to the data processing.
The data processing that takes place via the cookies is based on Art. 6 Para. (1) f GDPR.
Our legitimate interest is that we have to ensure the functionality and security of our website.
The personal data are kept for as long as they are necessary to fulfill the processing purpose. The data will be deleted as soon as they are no longer required to achieve the purpose.
As part of processing via Zendesk, data can be transmitted to the USA. The security of the transmission is checked regularly. Standard contractual clauses and binding corporate rules guaranteed. If these standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, Article 49 (1) (a) GDPR can serve as the legal basis.
5. Information regarding the processing of personal data within our service provision
Insofar the Internet services of Chip1 Exchange provide the option to enter personal or business data, this data is entered by the user on a voluntary basis. To process your enquiry we are obligated to process the transmitted personal information. All information is treated confidentially in accordance with the provisions of the applicable data protection legislation. And all Chip1 Exchange Employees are familiarized, regularly trained and committed to confidentiality.
5.1 Processing purposes
Completion of orders, information regarding orders and delivery data, execution of logistic services, completion of tasks and projects, registration of contract and contact information in fulfilment of tasks or in preparation of orders, accountancy, accounting, dunning, organization and execution of purchase and procurement, sales and marketing, maintain customer and supplier relationship.
5.2 Legal foundations
- Fulfillment of contract and pre-contract measures (Article 6 (1)b GDPR),
- Legal obligations (Article 6 (1)c GDPR),
- Public interest (Article 6 (1)e GDPR),
- Consent (Article 6 (1)a GDPR iccw (Article 6 (1-4) GDPR)
- Safeguarding our vital interests (Article 6 (1)f GDPR),
5.3 Categories of affected data subjects
Interested parties, customers and/or employees of customers, suppliers, partners, mediators, ext. service-providers.
5.4 Categories of personal data
We process personal data, which we receive from data subjects in their function as representatives or Plenipotentiaries of the respective entities (Interested parties, customers and/or employees of customers, suppliers, partners, mediators, ext. service-providers and freelancers).
In particular:
- Contact information (name, title, surname, phone, fax, Mobil phone, internet-address, E-Mail, position, company, company address, number of employees, branch, customer-type, contact-history und correspondence, Information with regard to Quotations and und initiation of business),
- Account data (order information, payment information, account information, bank, IBAN, BIC, name of the account holder, Information to fulfil contractual duties,
- Personal data from quotations, orders, contracts address, contact-data, contract components).
5.5 Categories of recipients
Internal entities that are involved in the fulfilment of business processes (e.g. purchase, sales, marketing, administration, order execution, accounting).
Public authorities such as social insurance agencies and fiscal authorities in case of prioritized legislations External contractors (processing on behalf Art. 4 & Art. 28 GDPR fort he processing purposes mentioned above).
Further distribution of personal data is only happening with explicit consent according to Art. 6(1)a GDPR or a legal obligation according to Art. 6 (1)c GDPR is in place.
5.6 Legal retention/deletion
If the legal retention period is over, we delete the respective personal data- as long as personal data is no longer needed for preparation of a contract or performance of a contract or a legitimate interest for the storage is no longer given.
Storage period of personal data:
- 10 years according to § 14 UStG.
- 10 years according to § 147 AO for all tax-relevant information.
- 10 years according to § 257 1 Nr. 1 + 4 HGB.
6. Processing personal data in applications
We offer to apply digitally (e.g. via E-Mail). Processing of applicant data proceeds in accordance with data security legislation. Furthermore, applicant data is handled as restricted data.
If you transmit your application, we process the related personal data (e.g. contact- und communication, application documents, notes taken during interviews insofar they are necessary to justify the decision for or against an employment relationship. The legal foundation is § 26 BDSG-new/ German national legislation (initiation of an employment relationship), Art. 6 (1) b GDPR (general initiation of a contract) and in case you consented – Art. 6(1) a GDPR. The consent can be revoked at any time. Internally, your personal data is only transmitted to recipients, involved in the application process.
If an application is successful, the transmitted personal data is stored in our computer systems on the basis of § 26 BDSG-new und Art. 6(1)b GDPR with the purpose to initiate an employment relationship.
If we cannot offer you a position, you decline a job offer, withdraw your consent or request deletion of your data, we keep your personal information no longer than 6 months after the end of the application process in order to retrace particularities of the application process (Art. 6 (1)f GDPR).
You have the right to veto against the procession of your data at any time. We will keep your data as long as our significant interest is not interfering with your personal interests.
7. Data subject rights
You can obtain information about your personal data at any time free of charge on the basis of data protection regulations or demand their correction, completion, deletion or blocking, if this is not contrary to statutory regulations. You may also request that the processing of your personal data be restricted
Withdrawal of consent (Art. 7 GDPR)
You have the right to withdraw your consent at any time. The withdrawal of consent is not affecting the lawfulness of processing based on consent before the withdrawal.
Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
Right to lodge a complaint at the responsible supervisory authority (Art. 13 GDPR)
You have the right to lodge a complaint with a supervisory authority. Equally, you can complain or submit a request about the data processing to the data protection officer. The data subject can address the complaint to the supervisory authority in his or her federal state or to the supervisory authority in the federal state of the responsible company. The supervisory authority in Germany is mostly the Landesbeauftragte für Datenschutz und Informationsfreiheit.
Right to data portability (Art. 20 GDPR)
It is the right of the data subject to receive the personal data, which he provided the responsible, if the processing is based on a consent (Article 6(1)a or Article 9 (2 ) GDPR or a contract (Article 6 (1) GDPR. The responsible has to provide the data in a structured, common and machine-readable format for the data subject.
Right to access, immediate rectification, correction and immediate erasure (Art. 15,16,17 GDPR)
You can request the confirmation of the responsible that his or her data are processed. If personal data of the data subject are processed by the responsible you have the right to access, immediate rectification, correction and immediate erasure of your personal data.
Right to restriction of processing (Art. 18 GDPR)
You have the right to demand the limitation of the processing from the responsible.
Therefore you can contact us any time under the given contact information
The right to restrict processing your data is possible in the following scenarios.
If you doubt the correctness of your processed information, we need some time in ordert to verify your claim. In this case you can demand the restriction of processing for the time given.
If your personal information were obtained unlawful, you can request restriction instead of deletion.
If we no longer need your information the personal data would be deleted by the responsible authority, but the data subject would be required to claim, exercise or defend against legal claims. You also have the right to object against the process, however, it is not determined yet, whether the legitimate reasons of the responsible outweigh those of the data subject. Any recipient of the personal data has to be informed accordingly by the responsible authority.