Privacy Policy

Information on the collection of personal data

a) In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

b) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (hereinafter “GDPR”) is

RISIMA Consulting GmbH
Frauenbergstraße 31-33
35039 Marburg
Telephone: 06421 30003 0
E-Mail: info@risima.de  

You can reach our data protection officer at: 
3U HOLDING AG
Data Protection Officer
Frauenbergstraße 31-33
35039 Marburg
E-Mail: datenschutz@3u.net 


c) 
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. In doing so, we will also state the specified criteria for the storage period.

 

Contacting us by e-mail

a) When you contact us by e-mail, we will store the data you provide and the resulting personal data (e.g. name, request, e-mail address, telephone number) for the purpose of processing your request and in the event of follow-up questions. We will not pass this data on to third parties without your consent.

b) The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

c) This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

 

Collection of personal data when visiting our website 

a) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security on the basis of Art. 6 para. 1 lit. f GDPR and in accordance with § 25 TTDSG:

 

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • amount of data transferred in each case
  • Website from which the request originates
  • browser
  • Operating system and its interface
  • Language and version of the browser software

b) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall. These cookies are also used on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and § 25 para. 2 TTDSG.

 

 

Use of cookies:

 

Consent management via the Consent Manager 

a) Our website uses the cookie consent technology of CookieYes to obtain your consent to the storage of certain cookies on your end device and to document this in compliance with data protection regulations. The provider of this technology is CookieYes.

b) When you enter our website, a connection is established to the servers of CookieYes in order to obtain your consent and other declarations regarding the use of cookies. CookieYes then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is 

 

Processing for the fulfillment of contractual or pre-contractual obligations (Art. 6 para. 1 lit. b) EU-DSGVO) 

Personal data is processed for the use of our website by you, for the fulfillment of a contract with you as a service provider, when using our network and in the case of a contact relationship. The purposes of data processing and the necessity are primarily based on the purposes specifically determined by the aforementioned legal relationships.  

In the context of a contract with you as a customer, this includes in particular the establishment, structuring, fulfillment, consultation and billing of such a contract together with the services used by you as well as the exchange of personal data with necessary business partners (e.g. transferring or receiving network operators when switching providers). When using our network, we also exchange data with other network operators insofar as this is necessary to establish and maintain the connection as well as for billing and invoicing, including debt collection. This also means that we store data on payment behavior. We need this data in order to be able to carry out the dunning process or a possible blocking. 
In addition, we collect the connection identifiers used and other traffic data in accordance with the TKG if you use our telecommunications network by dialling a number that is realized in our network. In this case, we collect data to establish and maintain the connection and for billing purposes. For this purpose, your subscriber network operator, who provides your connection, informs us of your name and address under certain circumstances and charges for the connection. We also collect data from publicly accessible sources (e.g. commercial registers, your websites, press articles, etc.) and obtain data from credit agencies to the extent permitted by Art. 6 lit. f) GDPR. 
Processing also takes place to process your inquiries and to initiate customer relationships or a comparable contact relationship as well as for job applications. 
For the aforementioned purposes, it may also be necessary for us to pass on your data to group companies or external service providers as part of order processing.

 

Data transfer to third parties 

Within our company, those persons who are entrusted with the processing of your data will have access to it within the scope of necessity or appropriate expediency. Service providers and vicarious agents employed by us, such as service providers in the areas of IT services, telecommunications and logistics, may also receive access to personal data for these purposes if they comply with our written instructions under data protection law and general data secrecy within the scope of order processing and – where applicable – maintain telecommunications secrecy. 

In addition, data is exchanged with the network operators involved as part of the implementation of services in our network, in particular when establishing and maintaining connections across network boundaries and for billing and the collection of receivables. This transmission only takes place to the extent necessary. The details of the data exchange and data processing depend on the type of service used. For further details, please contact your provider of the subscriber line that enables you to dial the services that are implemented in our network. 
We work together with third parties to collect claims. 
In particular, we will not transmit any personal data to third parties for the purposes of advertising or address trading. 
 

Data transfer to a third country or to international organizations 

Data is only transferred to countries outside the EU or the EEA (“third country”) if this is necessary for the execution of the contractual relationship (contract for the use of the services implemented in our network). In the case of other contractual relationships, such as a contact relationship, such data transfer only takes place for the fulfillment of this contractual relationship or if this is exceptionally appropriate due to a legitimate interest. The same applies to the use of our website from locations outside the EU or the EEA.  

 

Duration of data storage 

When you use the websites, we store the IP address and usage data for the duration of the usage process. In addition, the IP address is stored insofar as this is appropriate for data security and the clarification or prevention of security or data protection breaches, whereby the appropriateness depends on the specific threat situation. In this case, the IP addresses are only stored for as long as is appropriate for the aforementioned purposes, usually not longer than three months. In the event of a criminal complaint or prosecution or the enforcement of claims against persons who carry out security or data protection violations, the data may be stored and used until the claims have been finally clarified or enforced. 


In order to establish, structure and fulfill a contract with you as a customer of telecommunications services, we store the data until the end of the contract and beyond, namely until the end of the calendar year following the year in which the contract is terminated. At the end of this period, the data is not deleted but blocked, as we are required to store the data for up to 10 years under commercial and tax law. This storage also applies to the invoice totals. In particular, we store the individual connections and the resulting billing data for a period of 3 calendar months if this is necessary for billing purposes with you or other network operators. If the party liable to pay (e.g. you or the user/end customer liable to pay) raises objections in due time, the data will be stored until the objections have been clarified or the claim has been collected. Further storage will only take place in exceptional cases if this is permitted under the TKG (e.g. troubleshooting, investigation and prevention of misuse). 


If you as an end user use a service that is implemented in our network, we process and store your data as part of this usage process for as long as it lasts and is necessary for the usage. After the end of the usage process, we will store your data for a period of 3 calendar months if this is necessary for the purpose of billing you or other network operators. If the party liable to pay (e.g. user/end customer) raises objections in due time, the data will be stored until the objections have been clarified or the claim has been collected. Further storage will only take place in exceptional cases if this is permitted under the TKG (e.g. troubleshooting, clarification and prevention of misuse). 


In the context of a contact relationship, the contact data and communication data are stored and used insofar as this is necessary for the respective communication purpose or appropriate within the scope of reasonableness. 

 

Recovery of outstanding claims 

Insofar as the recovery of an outstanding claim becomes necessary from the contractual relationship or in any other way in the context of safeguarding our legitimate interests – and the interests of the fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail – legal entities are commissioned with the recovery of the claim. The data required for recovery will be transmitted to the commissioned legal entity. The legal basis is Article 6(1)(b) and Article 6(1)(f) of the EU GDPR. 

  

Data security 

The personal data collected and stored by us is treated confidentially and protected against loss, alteration and unauthorized access by third parties by means of suitable technical and organizational precautions. Your personal data is transmitted over the internet in encrypted form. We use SSL encryption (Secure Socket Layer) for data transmission. 

 

Automated decisions, profiling 

We do not carry out any automated decisions (including profiling) with the personal data that we collect when you visit our website. 

 

Your rights 

a) You have the following rights vis-à-vis us with regard to the personal data concerning you:

 

  • Right of access (Art. 15 GDPR), 
  • Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR), 
  • Right to restriction of processing (Art. 18 GDPR), 
  • Right to object to processing (Art. 21 GDPR), see section 6 for more details. 
  • Right to data portability (Art. 20 GDPR). 

 

b) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR).  

 

Objection or revocation against the processing of your data 

a) If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us. 

b) Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing. 

 

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: By post to RISIMA Consulting GmbH | Frauenbergstraße 31-33 | 35039 Marburg. 

Status: 13.06.2023