Core ConnectionCore Connection by MA'AT
/

Privacy Policy

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR):

Core Connection GmbH i.Gr. (limited liability — in formation) Höllgraben 11 97723 Oberthulba Germany

Email: service@core-maat.com Website: www.core-maat.com

Represented by the Managing Director: Joana Haut

2. General information on data processing

The protection of personal data is of high importance to Core Connection GmbH i.Gr. (limited liability).

We process personal data exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the relevant national data protection provisions.

This privacy policy provides information on:

  • which data we collect
  • the purposes for which the processing takes place
  • the legal basis on which this is done
  • the rights of data subjects

3. Legal bases for processing

Unless otherwise stated in this privacy policy, personal data is processed on the basis of the following legal grounds:

  • Art. 6 (1) (a) GDPR – consent
  • Art. 6 (1) (b) GDPR – performance of a contract or pre-contractual measures
  • Art. 6 (1) (c) GDPR – legal obligation
  • Art. 6 (1) (f) GDPR – legitimate interest

Legitimate interests within the meaning of Art. 6 (1) (f) GDPR may include in particular:

  • operation and security of the website
  • protection against misuse and cyberattacks
  • technical stability of the systems
  • communication with business partners and prospects

4. Definitions

This privacy policy uses the terms of the General Data Protection Regulation.

In particular, the term "personal data" refers to any information relating to an identified or identifiable natural person.

"Processing" means any operation involving personal data, such as:

  • collection
  • storage
  • use
  • transmission
  • erasure

5. Processing when visiting the website

When this website is accessed, information is automatically collected by the web server. The following data in particular may be processed:

  • IP address
  • date and time of access
  • page accessed
  • referrer URL
  • browser type and version
  • operating system
  • host name of the accessing device

This data is stored in so-called server log files. Processing serves to ensure:

  • system security
  • stability of the website
  • error analysis
  • detection of misuse

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest).

Our legitimate interest lies in the secure and stable operation of the website.

6. Hosting

This website is hosted by an external service provider.

Hosting provider: STRATO AG Otto-Ostrowski-Straße 7 10249 Berlin Germany

The hosting provider processes personal data exclusively in accordance with our instructions and on the basis of a data processing agreement pursuant to Art. 28 GDPR.

Hosting in particular involves the processing of:

  • server log files
  • IP addresses
  • access data

Processing serves the purpose of the secure and reliable operation of the website.

Legal basis: Art. 6 (1) (f) GDPR. Our legitimate interest lies in the secure, stable and efficient operation of our website.

STRATO may engage further technical service providers as sub-processors in order to provide its services.

7. Data transfer to third countries

Where personal data is transferred to service providers outside the European Union or the European Economic Area, this is done exclusively in compliance with the legal requirements of the GDPR.

This is based in particular on adequacy decisions of the European Commission or standard contractual clauses pursuant to Art. 46 GDPR.

8. Use of automated systems and artificial intelligence

As part of our services and in some cases during the technical processing of data, automated systems or artificial intelligence technologies may be used.

This may include in particular:

  • automated data processing
  • AI-based analysis processes
  • automated workflows
  • algorithmic decision support
  • automated communication or classification of data

The use of such systems takes place exclusively within the scope of statutory requirements and contractual agreements with our clients.

Core Connection GmbH i.Gr. (limited liability) does not make any decisions based solely on automated processing within the meaning of Art. 22 GDPR that produce legal effects on data subjects or significantly affect them in a similar way.

9. Contact

If you contact us by email or via a contact form, the personal data you submit will be processed. When a contact form is used, data is transmitted encrypted via HTTPS.

This may include in particular:

  • name
  • email address
  • company
  • phone number
  • content of the message

Processing serves to handle your request and to communicate with you.

The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in handling requests).

10. Recipients of personal data

Personal data is only transferred to third parties where this is necessary for the performance of a contract or where there is a legal obligation to do so.

Disclosure only takes place to the extent necessary to fulfil the respective purposes or where there is a legal obligation.

Where external service providers are used, this is done on the basis of data processing agreements pursuant to Art. 28 GDPR.

11. Cookies

Our website currently uses only technically necessary cookies.

Cookies are small text files stored on your device.

Technically necessary cookies serve to:

  • provide basic website functions
  • ensure the security of the website
  • enable technical processes

Legal basis: Art. 6 (1) (f) GDPR. Our legitimate interest lies in the secure and functional operation of the website.

Should analysis or marketing cookies be used in the future, this will only take place on the basis of consent pursuant to Art. 6 (1) (a) GDPR.

Details of cookies in use can be viewed in your browser settings.

12. Storage period

Personal data is stored only for as long as is necessary for the respective purpose.

Server log files are usually stored for a limited period and then automatically deleted.

Data from contact requests is deleted as soon as the purpose of processing ceases to apply and no statutory retention obligations exist.

In addition, statutory retention obligations, in particular under commercial and tax law, may result in longer storage periods.

13. Rights of data subjects

Data subjects have the following rights under the GDPR:

  • right of access (Art. 15 GDPR)
  • right to rectification (Art. 16 GDPR)
  • right to erasure (Art. 17 GDPR)
  • right to restriction of processing (Art. 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object (Art. 21 GDPR)

14. Right to lodge a complaint with a supervisory authority

Data subjects have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data.

In Germany this is in particular the data protection authority of the federal state in which the data subject has their habitual residence.

15. Data security

Core Connection GmbH i.Gr. (limited liability) uses technical and organisational security measures to protect personal data against loss, manipulation or unauthorised access.

These measures are regularly reviewed and adapted to the state of the art.

Security measures in use may include in particular:

  • encrypted data transmission (HTTPS / TLS)
  • access restrictions
  • regular security updates
  • network and infrastructure protection measures
  • organisational access controls

16. Changes to this privacy policy

Core Connection GmbH i.Gr. (limited liability) reserves the right to amend this privacy policy in order to adapt it to changed legal requirements or technical developments.

The current version is always available on this website.