Privacy policy – Path to Zero

I. General

Thank you for your interest in our website. The protection of your data is important to us. In the following, we would like to give you an overview of how we process your personal data. Personal data is data that can be used to identify you personally.

II. Name and address of the entity responsible

The responsible entity according to the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Path to Zero GmbH
Haid-und-Neu-Straße 7
76131 Karlsruhe
Germany
Tel.: +49 (0) 721 181 2371-0
E-Mail: info@pathtozero.de
Website: pathtozero.de

III. General information on data processing

1. Scope of the processing of personal data

We only process our users’ personal data insofar as this is necessary to provide a functional website and our content and services. Regularly, the processing of our users’ personal data only takes place with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.

3. Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

IV. Creation of log files

Each time our website is accessed, the external service provider hosting the website automatically collects data and information from the computer system of the accessing computer. The following data is collected:

information about the browser type and version used,
the IP address of the user,
date and time of access,
name and path of the retrieved file,
the HTTP status code,
websites from which the user’s system accesses our website,
websites that are accessed by the user’s system via our website.

The data is stored in the system’s log files. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR. Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the case of storing data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

The storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

V. Use of cookies

Cookies are text information that is stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in these strictly necessary cookies:

mtm_consent_removed	Opt-out option for Matomo web analysis (see also Section VII of this privacy policy)
wp-wpml_current_language	Stores the current language (see also https://wpml.org/documentation/support/browser-cookies-stored-wpml/)
wp-wpml_current_admin_language_{hash}	Stores the current administration area language (see also https://wpml.org/documentation/support/browser-cookies-stored-wpml/)
_icl_visitor_lang_js	Stores the redirected language (see also https://wpml.org/documentation/support/browser-cookies-stored-wpml/)
wpml_browser_redirect_test	Tests if cookies are enabled (required by the translation plugin, see also https://wpml.org/documentation/support/browser-cookies-stored-wpml/)

The legal basis for the processing of personal data using strictly necessary cookies is Article 6(1)(f) GDPR.

Our website requires these cookies in order to function correctly. This is also our legitimate interest in the processing of personal data in accordance with Article 6(1)(f) GDPR. The user data collected by strictly necessary cookies is not used to create user profiles.

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

VI. Contact form and e-mail contact

There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option,

the data entered in the input mask

will be transmitted to us and stored.

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing of the data is Article 6(1)(a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6(1)(f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

You can revoke your consent or withdraw your consent to storage by sending an email to revocation@pathtozero.de.

All personal data stored in the course of contacting us will be deleted in this case.

VII. Web analysis by Matomo (formerly PIWIK)

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The following data is stored when individual pages of our website are accessed:

two bytes of the IP address of the calling system of the user,
the website called up,
date and time of the request,
the website from which the user accessed the website (referrer),
the subpages that are called up from the accessed website,
the time spent on the website,
the frequency with which the website is accessed,
the time required to create the website and respond to the request,
the approximate location of the user (based on the truncated IP address),
the time in the user’s local time zone,
the main language of the used browser (Accept-Language header),
user agent of the used browser (User-Agent header).

The software runs exclusively on the servers of our website. Users’ personal data is only stored there. The data is not passed on to third parties. The software is configured so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

The legal basis for the processing of the personal data of the users is Article 6(1)(f) GDPR.

The processing of the personal data of the users enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Article 6(1)(f) GDPR. By anonymizing the IP address, the interest of users in the protection of their personal data is adequately considered.

The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is particularly the case after 90 days.

Matomo respects the “Do-Not-Track” function of the used browser. We also offer our users the option of opting out of the analysis process on our website. To do this, you must uncheck the box below. In this way, a cookie is set on your system that signals our system not to store the user’s data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.

Opt-out from the analysis process

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.


        
        
        You are not opted out. Uncheck this box to opt-out.
		You are currently opted out. Check this box to opt-in.
        The tracking opt-out feature requires cookies to be enabled.

VIII. Data security measures

We protect your data through extensive technical and organizational measures. These measures are regularly reviewed and adapted to technological progress.

This website uses SSL or TLS encryption for data transmission. This means that transmitted data cannot be read by third parties. You can tell that encryption is active by the “https://” in the address bar of your browser and the lock symbol displayed.

IX. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the rights listed below vis-à-vis the controller. Further details can be found in the respective referenced articles of the GDPR.

1. Right of access (see Article 15 GDPR)

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information from the controller about this personal data and further information, such as the purposes for which the personal data is processed; the categories of personal data that are processed; or the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period.

2. Right to rectification (see Article 16 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. Right to restriction of processing (see Article 18 GDPR)

You may request the restriction of the processing of personal data concerning you, e.g. if you believe that the personal data concerning you is incorrect.

4. Right to erasure (see Article 17 GDPR)

You may request the controller to erase your personal data, e.g. if the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or if the personal data concerning you have been unlawfully processed. The right to erasure does not exist if the processing is necessary, e.g. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the establishment, exercise or defense of legal claims.

5. Notification obligation regarding rectification or erasure of personal data or restriction of processing (see Article 19 DSGVO)

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

6. Right to data portability (see Article 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

7. Right to object (see Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

8. Right to revoke the declaration of consent under data protection law (see Article 7(3) GDPR)

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling (see Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Exceptions to this are listed in Article 22 GDPR.

We will not make decisions based solely on automated decision-making, including profiling.

10. Right to lodge a complaint with a supervisory authority (see Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

X. Plugins and tools in use

1. All In One WP Security & Firewall

We use this plugin to defend against brute force login threats and malicious activities. For this purpose, the plugin may for security reasons temporarily store IP addresses and the date and time of access in separate log files on the server. No information is transmitted to third parties or remote server locations.

The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR. The storage is carried out to ensure the functionality of the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the case of storing data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the accesses are deleted or anonymized so that it is no longer possible to identify the accessing client.

The storage of this data is necessary to ensure the security of our information technology systems. Consequently, the user has no option to object.

2. Captcha.eu

To secure our contact forms against misuse, bots, and spam, we use the service “Captcha” provided by Captcha GmbH, located at Muthgasse 2, 1190 Vienna. The service employs cryptographic methods in the background to determine whether the requester is a human or an automated program.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in protecting our website and information technology systems from misuse, bots, and spam.

Further information on data protection regarding the use of Captcha can be found at https://www.captcha.eu/privacy/. A data processing agreement (DPA) has been concluded with the provider.

3. meetergo

We have integrated meetergo on this website. The provider is meetergo GmbH, Hauptstr. 44, 40789 Monheim am Rhein (hereinafter referred to as meetergo). meetergo provides an online appointment scheduling tool. If you make an appointment with us online, the data you enter for this purpose will be stored on meetergo’s servers in Germany. Furthermore, meetergo temporarily records your IP address, your referrer URL, the time of access and can determine that you have made a request to us; this data is used exclusively for the technical provision of the service and is then automatically deleted again.

The use of meetergo is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in making appointments as uncomplicated as possible. If a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR or Art. 9(1)(a) GDPR; the consent can be revoked at any time.

Further information on meetergo’s services can be found at https://meetergo.com. A data processing agreement (DPA) has been concluded with the provider.