In this privacy policy we inform visitors of our website (www.bvp-datasecurity.com) as well as existing and potential clients (hereinafter “Data Subjects”) about the processing of their personal data when using our website and the other offers described below.
Personal data means any information relating to an identified or identifiable person. In particular, this includes information that enables us to draw conclusions about Data Subjects identity, such as name, telephone number, address or e-mail address. But also certain identifiers such as IP address or the device ID of the used end device belong to personal data.
1. Information and Contact Details
The point of contact and so-called controller (hereinafter “we” or “us”) for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) is
Bronislava V. Panchenko
Triq Il-Qawra, Kennedy Grove Court, Pth. No. 6
St. Paul’s Bay
SPB 1908
Malta
E-Mail: bp@bvp-datasecurity.de
Website: www.bvp-datasecurity.com
2. Hosting
This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter “IONOS”).
Personal data collected on this website is stored on the servers of IONOS. This includes IP addresses, contact requests, meta and communication data, contract data, contact details, names and website accesses.
This data processing is used for the purpose of fulfilling the contract with (potential) clients (Art. 6 para. 1 lit. b GDPR) and in the interest of secure and fast provision of the online presence by the provider (Art. 6 para. 1 lit. f GDPR). IONOS will only process personal data to the extent necessary to fulfill its performance obligations.
For more information, see: IONOS’ privacy policy.
3. Data Processing
3.1. Visiting this Website
IONOS automatically collects and stores the following information in so-called server log files, which are automatically transmitted to us by the browser used:
► Referrer (previously visited website)
► Requested website or file
► Browser type and browser version
► Operating system used
► Device type used
► Time of access
► IP address in anonymised form (used only to determine the location of access)
This data is not merged with other data sources.
This data processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR and our legitimate interest in a technically correct and error-free presentation and optimisation of this website, for which the aforementioned processing of the server log files is necessary.
3.2. SSL and TLS Encryption
To protect personal data and other confidential content during the transmission of content when using the website between Data Subjects and us and vice versa, SSL or TLS encryption is used for security reasons. Data Subjects can recognise that the encrypted connection is active by the character string “https://” in the address line of the browser and the lock symbol in the browser display.
If SSL or TLS encryption is activated, the data Data Subjects transmit to us is protected according to the current state of the art and cannot be read by third parties.
3.3. Making contact
When Data Subjects contact us, whether by e-mail, phone or contact form on this website, we store and process Data Subjects contact and all related personal data (e.g. name, content of the request, telephone number, e-mail address) for the purpose of processing the contact. We do not pass this data on to third parties without the consent of Data Subjects.
If the requests of Data Subjects are necessary in connection with the fulfilment of a contract or the implementation of pre-contractual measures, we process the data pursuant to Art. 6 para. 1 lit. b GDPR. In all other cases, we process the data pursuant to Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the effective processing of the information and contacts transmitted to us.
We store the personal data Data Subjects send us via the contact form or we received via e-mail or phone until the purpose for data processing no longer applies (e.g. when the processing of the contact has been completed), Data Subjects request us to delete it or revoke their consent. Legal obligations, such as retention obligations, remain unaffected by this.
3.4. Online Meetings
We use „Teams“ to conduct online meetings for communication and cooperation with existing or potential clients (hereinafter „Meetings“). Teams is a video teleconferencing software. The provider is Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Ireland („Microsoft”).
During a Meeting, the following data may be processed under certain circumstances:
► Participant details: Display name, if applicable, first name, last name, phone, e-mail address, password (encrypted for authentication), profile picture;
► Metadata: Meeting topic and description, IP address, participant’s phone number, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of participant’s last activity on Teams, number of chat and channel messages, number of meetings attended, duration of time for audio, video, and screen sharing;
► For chat, or channel message usage: text data for display and logging if necessary;
► For audio usage: recording data of the microphone;
► For video use: recording data of the video camera;
► For recordings: Audio, video and screen sharing for storage in the cloud / Microsoft Stream;
► For telephone use: incoming and outgoing phone numbers, country name, start and end time, possibly other connection data such as the IP address of the device.
The Meetings are conducted in the context of existing or potential contractual relationships with clients, the legal basis is Art. 6 para. 1 lit. b GDPR.
For more information, see Microsoft’s privacy policy.
4. Storage Period
If this privacy policy does not contain a specific storage period for certain data processing, we will only process or store the personal data until the purpose for the data processing in question no longer applies. If Data Subjects legitimately request the deletion of the relevant personal data or revoke their previously granted consent to the processing of the relevant personal data, we will delete this data unless there are other legally permissible reasons for storing the relevant personal data. Legally permissible reasons may include, in particular, retention periods under tax or commercial law. If such reasons exist, the relevant personal data will be deleted once these reasons no longer apply.
5. Note on data protection law outside the European Economic Area
This privacy policy is addressed to Data Subjects from the European Economic Area (hereinafter “EEA”), which is why the aforementioned information, including the legal basis and data subject rights, comply with the requirements of the GDPR as well as other EU and Maltese laws.
For Data Subjects outside the EEA, other legal bases and data subject rights may be relevant based on the law applicable to them. However, where necessary, we always obtain the consent of Data Subjects to process their data. Certain conditions and exceptions apply to the exercise of data subject rights, depending on the law applicable to them. Based on the legal situation, we may or must therefore refuse certain requests.
As a company based in Malta, when this website is accessed, data of Data Subjects are transferred to the European Economic Area. If we transfer data to other countries, this will only take place if an adequate level of data protection exists for these countries, security measures have been taken or exemptions exist. Within the framework of this data protection declaration, it is stated to which countries we transfer data and to what extent adequacy decisions have been made for transfers to the US, for example (such as EU-US, UK-US or Swiss-US Data Privacy Framework). Data Subjects can obtain information at any time about the recipients of their data and the measures taken to ensure an adequate level of data protection. To exercise their rights, Data Subjects may contact us at any time using the contact details provided in section 1.
6. Data subject rights
6.1. Overview of Data Subject Rights
Data Subjects are entitled to the data subjects rights at any time if the respective legal requirements are met.
Right to withdraw the consent (Art. 7 para. 3 GDPR)
More information on withdrawal is available to Data Subjects under section 6.b.
Right to object (Art. 21 GDPR)
More information on objection is available to Data Subjects under section 6.b.
Right of access by the Data Subject (Art. 15 GDPR)
Data Subjects have the right to request a copy of any personal data which we hold about them.
Right to rectification (Art. 16 GDPR)
Data Subjects have the right to rectify their personal data, if they consider that the information we are holding is inaccurate.
Right to erasure (Art. 17 GDPR)
Data Subjects have the right to ask us to delete their personal data, if they consider that we do not have the right to hold it.
Right to restriction (Art. 18 GDPR)
Data Subjects have the right to restrict processing of their personal data.
Right to data portability (Art. 20 GDPR)
Data Subjects have the right to receive their personal data which we hold about them and to transmit those data to another controller.
6.2. Right of Withdrawal and Objection
Right to withdraw the consent (Art. 7 para. 3 GDPR)
Data Subjects have the right to withdraw their consent for the processing of their personal data (to the extent such processing is based on previously obtained consent) at any time. This has the consequence that we no longer continue the data processing based on this consent with the future effect. The withdrawal of consent does not affect the lawfulness of the processing based on the consent until the withdrawal. If Data Subjects wish to exercise their right of withdrawal, an informal message using the contact details above in section 1 will suffice.
Right to object (Art. 21 GDPR)
Data Subjects have the right to object to the processing of their data, if we process Data Subjects data on the basis of legitimate interests, at any time on grounds relating to their particular situation. If it is a matter of objecting to the processing of data for direct marketing purposes, Data Subjects have a general right of objection, which will also be implemented by us without giving reasons. If Data Subjects wish to exercise their right of withdrawal, an informal message using the contact details above in section 1 will suffice.
Right to lodge (Art. 77 GDPR)
Data Subjects have the right to lodge a complaint with any data protection authority within the EU, for example, a supervisory authority in the member state of their residence, workplace or the location of the alleged violation. For us, the competent supervisory authority is the Information and Data Protection Commissioner, Floor 2, Airways Hous, Triq Il-Kbira,Tas-Sliema SLM 1549, Malta, e-mail: idpc.info@idpc.org.mt.
6.3. Exercise of Data Subject Rights
To exercise the Data Subjects rights, Data Subjects can contact us at any time using the contact details above in section 1. This also applies if Data Subjects wish to receive copies of the legal safeguards demonstrating an adequate level of data protection in case of data transfer to third countries. Provided that the respective legal requirements are met, we will comply with the data subject request.
The data subject requests and the responses of us to them will be stored for the documentation purposes for a period of up to three years and, in individual cases, for longer if this is necessary for asserting, exercising or defending legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on the interest of us in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling the accountability obligations under Art. 5 para. 2 GDPR.
7. Changes to this Privacy Policy
We will update this privacy policy from time to time, for example if we adapt our website or there is a change in the legal or regulatory requirements.
Last amended: February 2024