Privacy policy

1. Data controller

We, as the company, are the data controller within the meaning of the European General Data Protection Regulation (GDPR).

Above the Line GmbH

Managing Director Sigrid Narjes Theresienstraße 31
80333 München

For all data protection inquiries, please contact 2. Legal basis

The legal basis for the collection and processing of personal data is always the most recent version of the European law. All legal bases listed below are contained in the General Data Protection Regulation (GDPR). Depending on the purpose of the data collection, one or more of the following legal bases apply:

  • Consent - legal basis: Article 6 (1) (a) of the General Data Protection Regulation (GDPR).

    What this means is that consent must be an unambiguous indication of your wishes (e.g.: "I hereby consent to ..."). Consent may be given either in writing in the form of a statement or by another unambiguous affirmative action. This being said, consent must always be voluntary! In addition, consent of the data subject must be specific and unambiguous indication of the data subject's wishes by which he or she signifies agreement to the processing of personal data. To this end, the data subject has to be adequately informed and understand what he or she is consenting to.

  • Necessary processing for the performance of a contract or implementation of pre-contractual measures - legal basis: Article 6 (1) (b) GDPR

    What this means: we need the data to meet our contractual obligations towards you or we need the data to prepare the contract with you.

  • Processing for compliance with legal obligations - legal basis: Article 6 (1) (c) GDPR
    What this means: we are required e.g. by law or other (national / regulatory) provisions to

    process data.

  • Processing for the purposes of the legitimate interests in accordance with Article 6 (1) (f) GDPR

    What this means: the processing is necessary for the purposes of our or third-party legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

3. Rights of data subjects

You are a data subject if any personal data about you are processed. As a data subject you have the following rights with respect to the data processing we carry out - within the scope specified in the respective Articles of the General Data Protection Regulation:

  • Right of access under Article 15 GDPR

  • Right to rectification under Article 16 GDPR

  • Right to erasure ("right to be forgotten") under Article 17 GDPR

  • Right to restriction of processing under Article 18 GDPR

  • Right to data portability under Article 20 GDPR

  • Right to object under Article 21 GDPR

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR.

4. Data erasure and length of storage

The personal data of the data subject will be deleted or blocked as soon as the data is no longer required for the purpose for which it was originally stored. In addition, such storage may be provided for by Union or national laws, regulations or other provisions to which the controller is subject. The data will also be blocked or erased upon expiry of the storage period prescribed by the laws and regulations specified above, unless there is a need to continue storing the data for purposes of contract conclusion or performance.

I. Specific types of data processing 1. Data collection when visiting the website

a) Scope of data processing
When you visit our website, the following data is collected and stored by our web server:

  • IP address

  • Date and time of the inquiry

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (concrete page)

  • Access status/ HTTP status code

  • Amount of data transferred

  • The referring website from which you accessed our website

  • Browser

  • Operating system and its interface

  • Language and version of the browser software

  • Screen resolution

  • Unique device names (MAC addresses or IMEI for mobile devices)

    The IP address or the host name are only available to us in anonymised form in the log files. The other data is stored in the log files of our system. This data is not stored together with other personal data of the user.

b) Legal basis

The legal basis for the processing of data is Article 6 (1) (f) GDPR.
The legitimate interest within the meaning of Article 6 (1) (f) GDPR lies in the functionality of our website and its availability.

c) Purpose of data processing
The temporary storage of the IP address by the system is necessary to display the website on the user’s computer. To do this, it is necessary to store the user’s IP address for the duration of the session.
The data is stored in log files to ensure the website's functionality. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

  1. d)  Duration of storage
    The log files are deleted in the system at the latest after 6 weeks. If there is a need to store the data for the aforementioned purpose for longer due to specific events, the data may be stored for longer periods. In any case, as mentioned above, the IP addresses of the users will be anonymised to prevent it from being used to identify any particular user.

  2. e)  Available remedies
    The collection of data for website provisioning and storage of data in log files is essential for the operation of the website. Users, therefore, do not have the right to object in this case.

2. Contact

  1. a)  Scope of data processing
    You can use the email address provided to contact us. In this case, the user's personal data transmitted by email will be stored.

  2. b)  Legal basis
    The legal basis for the processing of data transmitted when an email is sent is Article 6 (1) (f) and where applicable also (a) GDPR. If the purpose of the email is to conclude a contract, then the additional basis for the processing of data will be Article 6 (1) (b) GDPR.
    The legitimate interest within the meaning of Article 6 (1) (f) GDPR lies in responding to the customers' inquiries or contact requests on other topics.

  3. c)  Purpose of data processing
    We store the data to initiate contact with you at the request of the communication partner.

  4. d)  Duration of storage
    The data is stored as long as necessary to process the inquiry. Where these are commercial letters, which are subject to statutory retention requirements under commercial and tax laws, we will store these for the required statutory retention period.

  5. e)  Available remedies
    The user has the option at any time to withdraw his or her consent to the processing of personal data or to object to further use. Users who contact us by email can object to the storage of their personal data at any time. The data can only be erased if this does not conflict with any statutory retention requirements. In this case, the data will be blocked from further use and the parties will no longer be able to engage in further communications.

    May 25th 2018

Munich +49 (0)89 599 08 4-0