Privacy Policy

I. INTRODUCTION

This Privacy Statement (hereinafter: the ‘Statement’) is aimed at providing appropriate information on the personal data processing performed by Distribusion Technologies GmbH (hereinafter referred to as ‘Distribusion’ or ‘the Controller’) through its website (‘the Website’) and any other activities that it may undertake. The up-to-date version of this Statement is constantly available and retrievable at https://www.distribusion.com/privacy-policy

Distribution accepts the contents of this Statement as binding upon itself and undertakes to ensure that all data processing pursued by it will comply with the requirements of this Statement and the applicable legislation. The third parties working with or for Distribusion who have or may have access to personal data are expected to have read and understood this Statement and to comply with it.

When Distribution provides its products such as API, Booking Engine and Agency Tool to its business partners, the company will be regarded as personal data processor in relation to the business partner who will be regarded as personal data controller. In those cases, a data processing agreement (“DPA”) will be entered between the parties. For more information regarding the services the Company provides as a data processor and you may contact Distribution at the contact details given in the paragraph below

II. INFORMATION ABOUT THE DATA CONTROLLER.

CONTACT DETAILS.

Distribusion Technologies GmbH

Commercial Registry Number: HRB 176406 B

Registration Court: Amtsgericht Berlin-Charlottenburg

Registered address: Wattstraße 10,13355 Berlin

Data protection officer: dpo@distribusion.com.

Address: Wattstraße 10,13355 Berlin

III. PERSONAL DATA. PURPOSES AND LEGAL BASES

OF PROCESSING.

The Controller performs the following data processing activities:

1. CONTACT FORM AND CONTACT VIA EMAIL

Distribusion may process the following information in order to respond to requests submitted through the Website/via email:

full name;
(business) email address;
any other information included in the enquiry / request,

The personal data provided will be used for the purposes of processing and responding to received requests based on the following legitimate interests of the Controller:

to clarify, provide additional information and respond to questions about its products/services/solutions and the information available on its Website;
to improve the quality of its services and facilitate business to client communication.

Whenever a question/request concerns contract related issues, the data processing will be performed on the basis that it is necessary for the performance of a contract with an existing client or in order to take steps at the request of a potential client prior to entering into a contract with them.

2. BUSINESS PARTNERS AND CONTRACTORS

Distribusion also processes data in relation to its business partners and contractors. More information is available here.

3. PROVISION OF THE WEBSITE AND SERVER LOG FILES

The Controller may employ tools and cookies to administer the Website, to enable the access to the Website and to ensure its stability and security. Furthermore, such processing serves the statistical analysis and to tailor its content according to users’ preferences.

With each visit to the Website, Distribusion may automatically collect information that your browser transmits to our server. This information may also be stored in Distribution’s system's log files. The following data may be collected:

The browser software you use, as well as its version and language.
The operating system you use.
The subpages of the Website you visit.
The date and time of your visit to our website.
Transferred data volume.
The country (but not the precise location) from which you accessed the Website.
The duration of your stay on the Website.

When such processing is not essential for the proper functioning of the Website, the Controller only stores cookies on your device and/or tracks them after having obtained your consent.

The processing is necessary to safeguard the predominant legitimate interests of the data controller (Art. 6 para. 1 lit. f GDPR). For more information on the tools and cookies used on the Website, including any data sharing taking place in this regard, please refer to the Website cookie banner, available here.

IV. RETENTION PERIODS

The data under p.1 are stored until the expiration of the terms specified in the applicable German legislation. For example:

invoices and financial documents: according to the terms under §147 (3) German Fiscal Code (Abgabenordnung);
relevant accounting and commercial information: according to the terms of §257 of the German Commercial Code (Handelsgesetzbuch);
other documents - up to 5 years from the provision of the service / termination of the relationship, in accordance with the statutory limitation period for possible claims under our contract.
in the event of a dispute, the data may be processed for the period necessary for the establishment, exercise of or defense from complaints and legal claims.

The data under p.2 is processed until the consultancy has been executed / the request has been administered and for an additional period of no more than 6 months unless further retention is necessary for the establishment, exercise or defence of legal claims.

The data under p.3 is deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of data collected for the provision of the website, this occurs when the respective session ends. Log files are deleted after 30 days.

V. SHARING AND DISCLOSURE OF PERSONAL DATA. TRANSFERRING OF DATA OUTSIDE EAA/EU.

Distribusion may use third parties to support certain activities in the course of our business. Personal data are disclosed to third parties only with enough guarantees to ensure an adequate level of protection and the existence of a legal basis and / or good reason for this. Where this is legal and / or necessary, data may be access by specific recipients, such as:

central and local regulatory authorities that have the power to receive / request information;
crime prevention and detection authorities and regulatory authorities that have the power to request information;
judicial authorities in the manner and conditions provided for by national law;
banks and banking institutions, in connection with the administration of payments;
lawyers, professional consultants, accounting service providers and auditors.
service providers for the purposes of providing and maintaining software products for the implementation of certain internal processes, storage, exchange and tracking of information. In this regard, Distribusion uses the following software products and similar services.

In connection with some of the above processes and services, some of your data may be transferred outside the European Union / European Economic Area. The transfer of such personal data takes place only with appropriate guarantees to ensure an adequate level of protection and compliance with all provisions of the applicable legislation regarding the transfer. For example, an official decision made by the European Commission that a third country, a territory or one or more specified sectors within that third country or the international organisation ensures an adequate level of data protection. Also, adherence to the standard contractual clauses approved by the European Commission provides such safeguards.

For more information about data sharing and data transfer taking place please contact Distribution at the contact details given in the paragraph below.

VI. DATA SUBJECTS’ RIGHTS

At any time while the Controller owns or processes their personal data, data subjects have the following rights:

1. Right to information

Data subjects have the right to be informed about the collection and use of their personal data which this Privacy Statement is aimed at.

2. Right of access

At the request of a data subject, the Controller will provide information as to whether personal data concerning them are being processed by it or by data processors according to its instructions, what categories of data are processed, what is their source, what are the purpose, legal basis and duration of processing, details of the processor and its activities related to processing, the circumstances and impacts of any personal data breach, the measures taken in order to eliminate them, and, where data are transferred - the legal basis of such transfer and the recipient of the data. Information will be provided free of charge, provided that the party’s request is not manifestly unfounded or excessive. Otherwise, a fee may be charged.

3. Right to rectification

The data subject has the right to request the updating (rectification) of incomplete, inaccurate, inappropriate or obsolete data about them. The Controller must notify of the rectification the data subject and any parties to whom the data were transferred for processing. The notification may be omitted if proved impossible or if it involves disproportionate effort.

4. Right to erasure

Personal data must be erased if they have been processed unlawfully; are no longer necessary in relation to the purposes for which they were processed; the data subject withdraws their consent when the processing was based on such and there is no other legal ground for the processing; if, on grounds relating to their particular situation, the data subject objects to the processing of their data which is performed on the basis of the legitimate interest of the Controller, and there are no overriding legitimate grounds for the processing; the period of data retention prescribed by the applicable legislation has expired; the erasure of personal data has been instructed by court or by the competent supervisory authority.

The Controller may be allowed to retain the data even in the cases listed above if the processing is necessary to ensure compliance with a statutory obligation or for the establishment, exercise or defense of legal claims.

The Controller must notify of the rectification of the data subject and any parties to whom the data were transferred for processing. The notification may be omitted if proved impossible or if it involves disproportionate effort.

5. Right to restriction

Instead of erasing personal data, the Controller may restrict their processing if: the data subject requests so or when the accuracy of the personal data is contested by the data subject - for a period enabling the Controller to verify the accuracy; the processing of the personal data is unlawful and the data subject opposes their erasure and requests the restriction of their processing instead; the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; the data subject has objected to processing of their personal data for direct marketing purposes; pending the verification whether the legitimate interests of the Controller override those of the data subject.

In cases of such restriction, the personal data may only be processed as long as the reason that prevented their erasure continues to exist.

The Controller must notify the data subject and any parties to whom the data were transferred for processing of the restriction of processing. The notification may be omitted if proved impossible or if it involves disproportionate effort.

6. Right to object

On grounds relating to their particular situation, data subjects have the right to object to the processing of personal data performed on the basis of the legitimate interest of the Controller or to the processing for direct marketing purposes. In the latter case, the Controller should suspend such processing immediately upon receiving the objection, without undue delay.

7. Right to object to automatic decision-making, including profiling

Data subjects have the right to object to a decision-making that is based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. If the Controller starts performing such decision-making, the Controller will notify the data subjects thereof.

8. Right to data portability

Data subjects have the right to request the Controller to provide them with the personal data held about them by the Controller in a structured, commonly used and machine-readable format, provided that the Controller processes data based on their consent or contract and the processing is carried out by automated means.

9. Right to withdraw consent for processing

When the Controller processes personal data on the basis of a data subject’s consent, the data subject has the right to withdraw their consent at any time and without paying any fees, bearing in mind that such withdrawal will not affect in any way the lawfulness of the processing performed based on their consent before the withdrawal.

10. Remedies in case of violations of data subject rights

If data subjects consider that their privacy and data protection rights have been violated, they may:

lodge a formal complaint with the respective supervisory authority, which in the case of Distribusion is the Berlin Commissionaire for Data Protection and Information Security (Berliner Beauftragte für Datenschutz und Informationssicherheit - BBDI). The contact details of the BBDI are, as follows:

Name: Berliner Beauftragte für Datenschutz und Informationssicherheit
Address: Alt-Moabit 59-61, 10555 Berlin
Е-mail: mailbox@datenschutz-berlin.de
Web-site: https://www.datenschutz-berlin.de/
Phone No.: +49 30 13889-0

2. take legal action before a court to appeal the actions/decisions of the BBDI (after having previously lodged a complaint with the BBDI);

3. bring a legal action in court against the Controller and claim compensation for any damages incurred as a result of the processing of personal data carried out by the Controller.

VII. DATA SUBJECT REQUESTS

In order to exercise any of their rights or obtain more information about the protection of their personal data, data subjects may contact the Controller by email (at the Controller’s contact details indicated above in the beginning of this Statement). The Controller may ask data subjects to provide additional information that may be needed to verify their identity.

The Controller responds to any requests related to data subjects’ rights as soon as possible in the form in which the request was made, but in any case, no later than within 30 days from its filing. If the Controller does not execute a data subject’s request within 30 days of receiving it, the Controller states the factual and legal reasons for the rejection. If the request is rejected, the Controller informs the data subject of the possibilities of seeking a legal remedy before the competent supervisory authority or court.

VIII. CONCLUDING PROVISIONS

If you have any questions regarding the protection of personal data, you can contact us at our contact details provided above. Distribusion may request additional information necessary to verify the identity of the applicant.

Last Update: June 2024