We, Prisma Insights GmbH (hereinafter: “the company”, “we” or “us”), take the protection of your personal data seriously.
When you use this website, various personal data are processed depending on the type and scope of use. Personal data is information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly (e.g. by reference to an online identifier). This includes information such as name, address, telephone number and date of birth.
This data protection notice informs you in accordance with Art. 12 et seq. GDPR about how we handle your personal data when you use our website. In particular, it explains what data we collect and what we use it for. It also informs you how and for what purpose this is done.
This privacy policy expressly refers to the website-specific data processing processes when visiting our website at www.prisma-insights.com.

1. Person responsible

The controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is
Prisma Insights GmbH
Alpspitzstr. 26a
82319 Starnberg
Germany
E-Mail: info@prisma-insights.com

Further information about our company can be found in the imprint.
If you have any questions about data protection, you can contact datenschutz@prisma-insights.com at any time.

2. Legal basis for data processing

Processing of personal data is only permitted if there is a legal basis for doing so. Our processing is carried out on (at least) one of the following legal bases:

  • Art. 6 para. 1 sentence 1 lit. a GDPR (“consent”): If you have given us your consent to process personal data for specific purposes (e.g. sending you information material and offers), the lawfulness of this processing is based on your consent. You can withdraw your consent at any time. Please note that the revocation is only effective for the future and processing up to that point is not affected;
  • Art. 6 para. 1 sentence 1 lit. b GDPR: for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Art. 6 para. 1 sentence 1 lit. c GDPR: We also process your personal data in order to fulfill other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law;
  • Art. 6 para. 1 sentence 1 lit. d GDPR: to protect the vital interests of the data subject or another natural person;
  • Art. 6 para. 1 sentence 1 lit. e GDPR: for the performance of a task carried out in the public interest or in the exercise of official authority ves
  • Art. 6 para. 1 sentence 1 lit. f GDPR (“Legitimate interests”): We also process your personal data in order to pursue our legitimate interests, e.g. to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data insofar as this is necessary for the prevention or prosecution of criminal offenses. Processing is carried out to protect the legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject prevail.
  • Art. 9 GDPR: In individual cases, special personal data may also be processed; the authorization is then based on one of the alternatives in Art. 9 GDPR.
  • Finally, special legal bases may also apply to the processing; we will inform you about this separately.

The storage of information in your terminal equipment or access to information that is already stored in the terminal equipment is only permitted if it is covered by one of the following justifications:

  • Section 25 (1) TDDDG: If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
  • Section 25 (2) no. 1 TDDDG: If the sole purpose is the transmission of a message via a public telecommunications network or
  • Section 25 (2) no. 2 TDDDG: If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

3. Data erasure and storage duration

We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage; this regularly results from the processing purposes described in this data protection notice. This may also include the periods for the initiation of a contract (pre-contractual legal relationship) and the performance of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

  • Fulfillment of statutory retention obligations, e.g. arising from the German Commercial Code (Sections 238, 257 (4) HGB) and the German Fiscal Code (Section 147 AO). The retention and documentation periods specified there are up to ten years.
  • Preservation of evidence, taking into account the statute of limitations. According to the provisions of the German Civil Code, these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

4. Recipients of data

Within our company, those departments that need your data to fulfill our contractual and legal obligations will have access to it.
Service providers and vicarious agents employed by us (e.g. technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. We limit the transfer of your personal data to what is necessary in accordance with data protection regulations. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own responsibility under data protection law and are also obliged to comply with the requirements of the GDPR and other data protection regulations.
Finally, in individual cases we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.
When selecting recipients of data, we rely on European companies wherever possible. Data is only transferred to a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. Processing may therefore only take place on the basis of special guarantees, such as so-called “standard contractual clauses” or, in individual cases, consent.

5. Data processing in detail

Unless otherwise described below for the processing operations, the general statements in this data protection notice apply.

5.1 Visit the website

Type and scope of the processed data
For the purpose of the technical provision of the website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time you visit our website and automatically stored in so-called server log files. These are

  • Browser type and browser version
  • Operating system
  • Website from which the access is made
  • Host name of the accessing computer
  • Date and time of access
  • IP address of the requesting computer

The storage of the aforementioned access data is necessary for technical reasons in order to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. Beyond the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our website purely statistically and without drawing any conclusions about your person. This data is not merged with other data sources, nor is it analyzed for marketing purposes.
The access data collected as part of the use of our website is only stored for the period for which this data is required to achieve the aforementioned purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.

Legal basis

If you visit our website to find out about our range of products and services or to use them, the basis for the temporary storage and processing of access data is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or in order to take steps prior to entering into a contract. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
If the processing of the data requires the storage of information in your terminal equipment or access to information that is already stored in the terminal equipment, Section 25 (1), (2) TTDSG is the legal basis for this.

5.2 Contact form

Type and scope of the processed data
If you send us inquiries via the contact form, your message, including the contact details you provide there, will be stored and processed by us for the purpose of processing and answering the inquiry and in the event of follow-up questions. We do not pass this data on to third parties unless this is necessary in the context of processing and responding to your contact request or you have given us your consent to do so.
The data you enter in the contact form will remain with us until the purpose for data storage/processing no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Legal basis
If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, otherwise to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the appropriate response to customer/contact inquiries or with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

6. No automated decision-making (including profiling)

We do not intend to use personal data collected from you for automated decision-making (including profiling).

7. No obligation to provide personal data

In principle, there is no legal or contractual obligation to provide us with personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.

8. Rights of data subjects

You can assert your rights as a data subject with regard to your processed personal data against us at any time. As the data subject, you have the following rights:

  • You can request information about your data processed by us in accordance with Art. 15 GDPR.
    In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect data or the completion of your data stored by us;
  • You can request the deletion of your data stored by us in accordance with Art. 17 GDPR. This is possible unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • You can request the restriction of the processing of your data in accordance with Art. 18 GDPR. This applies if the accuracy of the data is disputed by you or the processing is unlawful;
  • In accordance with Art. 20 GDPR, you may receive the data you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller (“data portability”);
  • You can object to the processing in accordance with Art. 21 GDPR if the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR.
    This is particularly the case if the processing is not necessary for the performance of a contract with you. If it is not an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing;
  • In accordance with Art. 7 para. 3 GDPR, you can withdraw your consent once given – i.e. your voluntary, informed and unequivocal consent, made clear by means of a declaration or other unambiguous confirmatory act, that you consent to the processing of the personal data concerned for one or more specific purposes – at any time, if you have given such consent. As a result, we may no longer continue the data processing that was based on this consent in the future; and
  • In accordance with Art. 77 GDPR, you can complain to a data protection supervisory authority about the processing of your personal data in our company.

9. Changes to the data protection information

We will regularly review our data protection information to see if it needs to be adapted or supplemented. This data protection notice is valid as of November 2024.