Legal

Privacy Policy

Prisma Insights GmbH

This English version of the Privacy Policy is provided for informational purposes only. In the event of any discrepancies or inconsistencies, the German-language version shall be legally binding.

We, Prisma Insights GmbH (hereinafter referred to as “the Company,” “we,” or “us”), take the protection of your personal data very seriously.
When you use this website, various types of personal data may be processed depending on the nature and scope of your usage. Personal data refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is deemed identifiable if they can be identified directly or indirectly (e.g., by means of an online identifier). This includes information such as name, address, telephone number, and date of birth.

These privacy notices inform you, in accordance with Art. 12 et seq. GDPR (General Data Protection Regulation), about how your personal data is handled when using our website. In particular, they explain which data we collect and for what purposes we use it. Additionally, they inform you about how and for what purpose such processing takes place.

This Privacy Policy expressly refers to the website-specific data processing operations carried out when visiting our website at www.prisma-insights.com

1. Controller

The controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is
Prisma Insights GmbH,
Gut Schmalzhof 1b,
82343 Poecking,
Germany
E-Mail: info@prisma-insights.com

Further information about our company can be found in the . For any questions regarding data protection, you may contact us at any time at info@prisma-insights.com

2. Legal Bases for Data Processing

The processing of personal data is only permitted where a legal basis exists. Our processing activities are carried out on (at least) one of the following legal bases:

  • Art. 6(1)(1)(a) GDPR (“Consent”):Where you have given us consent to process your personal data for specific purposes (e.g., sending informational materials or offers), the processing is lawful based on your consent. You may withdraw your consent at any time. Please note that such withdrawal only takes effect for the future and does not affect processing carried out prior to the withdrawal;
  • Art. 6(1)(1)(b) GDPR: For the performance of a contract to which the data subject is a party, or in order to take steps prior to entering into a contract at the data subject’s request;
  • Art. 6(1)(1)(c) GDPR: We also process your personal data in order to comply with legal obligations that may apply to us in connection with our business activities. These include, in particular, commercial, trade, and tax retention obligations;
  • Art. 6(1)(1)(d) GDPR: To protect the vital interests of the data subject or another natural person;
  • Art. 6(1)(1)(e) GDPR: For the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • Art. 6(1)(1)(f) GDPR (“Legitimate Interests”): We also process your personal data to pursue our legitimate interests, for example to assert or defend legal claims. Furthermore, we process your personal data where necessary for the prevention or prosecution of criminal offences. Processing for the purpose of protecting the legitimate (in particular legal or economic) interests of the controller or a third party will not take place where your overriding interests or fundamental rights prevail;
  • Art. 9 GDPR: In individual cases, the processing of special categories of personal data may occur; the applicable legal basis will then be one of the alternatives set out in Art. 9 GDPR;
  • Finally, specific legal bases may apply depending on the particular processing activity; where this is the case, we will inform you separately.

The storage of information on your device or the access to information already stored on your device is only permitted where one of the following legal justifications applies:

  • § 25(1) TDDDG (German Telecommunications Digital Services Act): Where the end user has given consent based on clear and comprehensive information. Such consent must be obtained in accordance with Art. 6(1)(1)(a) GDPR;
  • § 25(2)(1) TDDDG: Where the sole purpose is the transmission of a communication over a public telecommunications network; or
  • § 25(2)(2) TDDDG: Where storage or access is strictly necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.

3. Data Deletion and Storage Duration

We process and store your personal data for as long as necessary to fulfil the respective purpose of use; this regularly follows from the processing purposes described in these privacy notices. This may also include the period of contract initiation (pre-contractual relationship) and contract performance. Based on this, personal data is routinely deleted in the course of fulfilling our contractual and/or legal obligations unless its temporary further processing is required for the following purposes:

  • Compliance with statutory retention obligations, such as those arising from the German Commercial Code (§§ 238, 257(4) HGB) and the German Fiscal Code (§ 147 AO). The retention and documentation periods stipulated therein may be up to ten years.
  • Preservation of evidence, taking into account statutory limitation periods. Under the provisions of the German Civil Code (BGB), limitation periods may be up to 30 years, while the regular limitation period is three years.

4. Recipients of Data

Within our company, only those departments that require access to your personal data to fulfil our contractual and legal obligations will receive such access.
Service providers and vicarious agents engaged by us (e.g., technical service providers, shipping companies, waste management companies) may also receive data for these purposes. We limit the disclosure of your personal data to what is necessary, taking into account the requirements of applicable data protection law. Some recipients act as processors and are strictly bound to our instructions when processing your personal data. Others act independently as controllers in their own data protection responsibility and are likewise required to comply with the GDPR and other applicable data protection laws.
We may also transfer personal data in individual cases to our legal or tax advisors, who are bound to strict confidentiality by virtue of their professional obligations.
Where possible, we select European-based service providers. Transfers of data to a third country will only take place where the specific requirements of Art. 44 et seq. GDPR are fulfilled. Processing in such cases may only occur on the basis of appropriate safeguards, such as the EU Standard Contractual Clauses, or, in individual cases, your explicit consent.

5. Specific Data Processing Activities

Unless otherwise described in the following sections, the general information provided in these privacy notices applies to all processing operations.

5.1 Visiting the Website

Type and scope of processed data
To ensure the technical provision of our website, we must process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use its functions. This information is automatically collected each time you visit our website and stored in so-called server log files. These include:

  • Browser type and version
  • Operating system
  • Website from which the access originates
  • Hostname of the accessing device
  • Date and time of access
  • IP address of the requesting device

Storing this access data is technically necessary to provide a functional website and ensure system security. This also includes the required temporary storage of your IP address, which may—in exceptional circumstances—allow a theoretical link to your identity. Beyond the purposes mentioned above, we use server log files exclusively for the demand-oriented design and statistical optimisation of our website, without drawing any conclusions about your identity. This data is not merged with other data sources, nor is it analysed for marketing purposes. Access data collected as part of your use of the website is stored only for the period necessary to achieve these purposes. Your IP address is stored on our web server for IT security reasons for a maximum of seven days.

Legal basis
Where you visit our website in order to obtain information about our products and services or to use them, the legal basis for the temporary storage and processing of access data is Art. 6(1)(1)(b) GDPR, which permits the processing of data for the performance of a contract or in order to take steps prior to entering into a contract at the request of the data subject. In addition, Art. 6(1)(1)(f) GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest lies in providing you with a technically functioning and user-friendly website and in ensuring the security of our systems. Where the processing of the data requires the storage of information on your device or access to information already stored on your device, § 25(1), (2) TTDSG is the legal basis.

5.2 Contact Form

Type and scope of processed data
If you send us inquiries via the contact form, your message—including the contact details you provide—will be stored and processed for the purpose of handling and responding to your inquiry and any follow-up questions. We do not disclose this data to third parties unless this is necessary to process your inquiry or you have given us prior consent.
Data entered into the contact form is stored until the purpose for processing ceases to apply (e.g., after your inquiry has been fully handled). Mandatory statutory retention obligations remain unaffected.

Legal bases

If you contact us within an existing contractual relationship or prior to entering into such a relationship to request information about our services, the data you provide is processed pursuant to Art. 6(1)(1)(b) GDPR. In all other cases, processing takes place either to pursue our legitimate interests according to Art. 6(1)(1)(f) GDPR, namely responding appropriately to customer inquiries, or based on your consent pursuant to Art. 6(1)(1)(a) GDPR.

6. Keine automatisierte Entscheidungsfindung (einschließlich Profiling)

We do not intend to use the personal data collected from you for automated decision-making (including profiling).

7. No Obligation to Provide Personal Data

In general, there is no legal or contractual obligation to provide us with personal data. However, we may be unable to provide certain services—or only to a limited extent—if you choose not to provide the data required for that purpose.

8. Rights of Data Subjects

You may exercise your rights as a data subject in relation to the personal data processed by us at any time. As a data subject, you have the following rights:

  • Pursuant to Art. 15 GDPR, you may request information about the personal data concerning you that we process.
    In particular, you may request information about the purposes of processing, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of rights to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data (if it was not collected from you), as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
  • Pursuant to Art. 16 GDPR, you may request the immediate rectification of inaccurate data or the completion of incomplete data stored by us;
  • Pursuant to Art. 17 GDPR, you may request the erasure of your data. This applies insofar as the processing is not required for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;
  • Pursuant to Art. 18 GDPR, you may request the restriction of processing of your data. This applies, in particular, where the accuracy of the data is contested by you or the processing is unlawful;
  • Pursuant to Art. 20 GDPR, you may receive the data you have provided to us in a structured, commonly used, and machine-readable format or request the transmission of such data to another controller (“data portability”);
  • Pursuant to Art. 21 GDPR, you may object to the processing of your data where the processing is based on Art. 6(1)(1)(e) or (f) GDPR. This is particularly the case where processing is not required for the performance of a contract with you. Unless your objection concerns direct marketing, we ask you to explain the reasons why we should not process your data as previously carried out. In the event of a justified objection, we will review the situation and will either discontinue or adjust the processing or demonstrate compelling legitimate grounds for continuing the processing;
  • Pursuant to Art. 7(3) GDPR, you may withdraw any consent you have given at any time, if you have provided such consent. In this context, consent means your freely given will, expressed on the basis of sufficient information and in an unambiguous manner by a statement or by some other clear confirming action, by which you indicate that you agree to the processing of the relevant personal data for one or more specific purposes. Such withdrawal means that we may no longer continue the data processing that was based on this consent for the future; and
  • Pursuant to Art. 77 GDPR, you may lodge a complaint with a supervisory authority regarding the processing of your personal data by our company.

9. Changes to the Privacy Notice

We regularly review whether these privacy notices require adjustments or updates. These privacy notices are current as of November 2024.