Home

Services

Platform

About

Blog

Contact Us

Data Privacy

03-10-2024

Privacy Policy

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Provenance Lab GmbH. The use of the Internet pages of the Provenance Lab GmbH is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data—such as the name, address, e-mail address, or telephone number—shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the Provenance Lab GmbH. By means of this Data Protection Declaration, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of the rights to which they are entitled.

As the controller, Provenance Lab GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may, in principle, have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g., by telephone.

1. Definitions

The Data Protection Declaration of the Provenance Lab GmbH is based on the terms used by the European legislator for the adoption of the GDPR. It should be legible and understandable for the general public, customers, and business partners. To ensure this, we first explain the terminology used:

a) Personal Data
Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, ID number, location data, online identifier, or one or more factors specific to their identity.

b) Data Subject
Any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing
Any operation or set of operations performed on personal data, whether by automated means or not, such as collection, recording, organization, storage, adaptation, retrieval, use, disclosure, alignment, restriction, erasure, or destruction.

d) Restriction of Processing
Marking stored personal data with the aim of limiting their processing in the future.

e) Profiling
Any form of automated processing of personal data to evaluate certain personal aspects, particularly to analyze or predict performance at work, economic situation, health, preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymisation
Processing personal data so that it can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is protected by technical and organizational measures.

g) Controller
The natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of processing personal data.

h) Processor
A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

i) Recipient
A natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. Public authorities that may receive data in a particular inquiry in accordance with EU or Member State law are not considered recipients.

j) Third Party
A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons authorized to process personal data under the authority of the controller or processor.

k) Consent
Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them.

2. Name and Address of the Controller

Controller for the purposes of the GDPR and other applicable data protection laws:

Provenance Lab GmbH
Pappelallee 78/79
10439 Berlin
Germany
Phone: +49 1633933362
Email: info@addtrust.com
Website: www.addtrust.com

3. Collection of General Data and Information

When a data subject or automated system calls up the website of Provenance Lab GmbH, a series of general data and information is collected and stored in server log files. This may include:

  1. Browser types and versions used

  2. Operating system used by the accessing system

  3. Website from which an accessing system reaches our website (referrer)

  4. Sub-websites accessed

  5. Date and time of website access

  6. IP address

  7. Internet service provider of the accessing system

  8. Other similar data and information used in case of attacks on our IT systems

No conclusions about the data subject are drawn from this data. Instead, this information is needed to:

  • Deliver content correctly

  • Optimize content and advertising

  • Ensure long-term viability of our IT systems and website technology

  • Provide law enforcement authorities with necessary information in case of a cyber-attack

The anonymous data of the server log files are stored separately from personal data provided by a data subject.

4. Subscription to Our Newsletters

Users can subscribe to our newsletter via our website. The input form determines what personal data are transmitted. We regularly inform customers and business partners about offers via a newsletter.

Subscription requirements:

  • A valid e-mail address

  • Registration for newsletter shipping (double opt-in procedure)

During registration, we store the IP address assigned by the ISP and the date/time of registration to detect possible misuse.

The personal data collected will be used exclusively for sending the newsletter. No transfer of this data to third parties occurs. The subscription can be terminated at any time, and consent to store personal data for shipping the newsletter can be revoked at any time (e.g., via the unsubscribe link in each newsletter).

5. Newsletter-Tracking

Our newsletters contain tracking pixels to enable statistical analysis of online marketing campaigns. These pixels allow us to see if and when an e-mail was opened and which links were clicked.

These personal data collected via tracking pixels are stored and analyzed to optimize future newsletters. They are not shared with third parties. Consent can be revoked at any time. Unsubscribing from the newsletter is considered a revocation.

6. Routine Erasure and Blocking of Personal Data

We process and store personal data only for the period necessary to achieve the purpose of storage or as mandated by European or Member State law. If the storage purpose ceases to apply or a mandated storage period expires, personal data are routinely blocked or erased.

7. Rights of the Data Subject

a) Right of Confirmation
Data subjects have the right to confirm whether personal data concerning them is being processed.

b) Right of Access
Data subjects have the right to obtain from the controller free information about their stored personal data and a copy of this information. This includes details about:

  • Purposes of processing

  • Categories of personal data processed

  • Recipients to whom data have been or will be disclosed

  • Envisaged storage period or criteria used to determine it

  • Existence of the right to request rectification, erasure, restriction of processing, or to object

  • The right to lodge a complaint with a supervisory authority

  • Source of personal data if not collected from the data subject

  • Existence of automated decision-making, including profiling, and meaningful information about its logic and consequences

  • If applicable, information about transfer to a third country or international organization

c) Right to Rectification
Data subjects have the right to obtain without undue delay the rectification of inaccurate personal data concerning them. Incomplete personal data can be completed by a supplementary statement.

d) Right to Erasure (“Right to be Forgotten”)
Data subjects have the right to request the erasure of personal data without undue delay if certain conditions apply (e.g., data no longer necessary, consent withdrawn, unlawful processing).

e) Right of Restriction of Processing
Data subjects can request restriction of processing if certain conditions apply (e.g., data accuracy contested, processing unlawful but erasure opposed, data no longer needed by controller but required by data subject for legal claims).

f) Right to Data Portability
Data subjects have the right to receive personal data concerning them in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance.

g) Right to Object
Data subjects may object at any time to processing of personal data based on Article 6(1)(e) or (f), including profiling. If processing is for direct marketing, the data subject can object at any time, and we will cease processing.

h) Automated Individual Decision-Making, Including Profiling
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them, unless such decision is necessary for entering into or performing a contract, is authorized by law, or is based on explicit consent.

i) Right to Withdraw Consent
Data subjects may withdraw consent to processing of personal data at any time.

8. Legal Basis for Processing

  • Art. 6(1)(a) GDPR: Consent-based processing.

  • Art. 6(1)(b) GDPR: Processing necessary for the performance of a contract or pre-contractual measures.

  • Art. 6(1)(c) GDPR: Processing required by legal obligations.

  • Art. 6(1)(d) GDPR: Processing necessary to protect vital interests.

  • Art. 6(1)(f) GDPR: Processing for the purposes of legitimate interests, except where these are overridden by data subject’s interests or fundamental rights.

9. Legitimate Interests Pursued by the Controller

If processing is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.

10. Period for Which Personal Data Will Be Stored

The criteria for determining storage periods is the respective statutory retention period. After expiration, the relevant data are routinely deleted as long as they are no longer necessary for contract fulfillment.

11. Provision of Personal Data as Statutory or Contractual Requirement

Providing personal data may be required by law (e.g., tax regulations) or contractual provisions. Sometimes it is necessary for concluding a contract. If data is not provided, the contract may not be concluded. Before providing data, the data subject can contact an employee who will explain whether it is required by law or contract and the possible consequences of non-provision.

12. Existence of Automated Decision-Making

As a responsible company, we do not use automatic decision-making or profiling.