Our commitment to your data and to data protection
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.
In the next sections we explain when and how we process personal data about you when you visit our website.
Relevant legal basis
In accordance with the DPA and the GDPR, the following legal basis, unless specifically described below apply to the processing of your personal data:
- the legal basis for obtaining consent is Art. 6 para. 1 lit. a) and rt. 7 GDPR,
- the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6 para. 1 lit. b) GDPR,
- the legal basis for processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c) GDPR, and
- the legal basis for processing in order to protect our legitimate interests is Art. 6 para. 1 lit. f) GDPR.
These rights are standardised in both the DPA and GDPR. This includes:
- the right to information ( 15 GDPR),
- the right to rectification (Article 16 GDPR),
- the right to erasure (Article 17 GDPR),
- the right to restriction of data processing (Article 18 GDPR),
- the right to data portability (Article 20 GDPR),
- the right to object to data processing (Article 21 GDPR),
- the right to revoke any consent you have given (Art. 7 (3) GDPR), and
- the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
Purposes of use of personal data and legal basis
- a) Log Files
We only collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behaviour, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our website offer and to defend against attempted attacks on our web server. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your device.
- b) Hosting
The hosting services used by us for the purpose of operating this website is Catalyst Host LLC. In doing so Catalyst, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of our website and services, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for our services, including but not limited to our services Art. 6 para. 1 lit. f) GDPR.
- c) Contact requests
When contacting us (e.g., via e-mail, phone, or social media), your details are processed for the purpose of handling the request and its processing. Your details may be stored in a customer relationship management system or comparable enquiry organisation. We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
- d) Business-related processing
In addition, we process: Contract data (e.g., subject matter of the contract, term, category of customer), and Payment data (e.g., bank details, payment history). of our customers, prospective customers for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
- e) Contractual services
We process the data of our customers within the scope of our contractual services. In doing so, we process:
inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, messages), contract data (e.g., subject matter of contract, term), payment data (e.g., bank details, payment history), usage data and metadata (e.g., in the context of evaluating and measuring the success of marketing measures). The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
As a matter of principle, we do not process special categories of personal data, unless these are components of commissioned processing. The purpose of the processing is the provision of contractual services, billing, and our customer service. We process data that is necessary for the justification and fulfilment of contractual services and point out the necessity of their disclosure. Disclosure to external parties only takes place if it is necessary in the context of the service.
When processing the data provided to us within the scope of providing our services, we act in accordance with the instructions of the client as well as the legal requirements of order processing pursuant to Art. 28 GDPR and do not process the data for any other purposes than those specified in the services.
We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (6 years).
In the case of data disclosed to us by the user within the scope of a services, we delete the data in accordance with the specifications of the services, in principle after the end of the services.
- f) Careers and Applications
If you apply for a role or job, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is Art. 6 para. 1 lit. b) GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is Art. 6 para. 1 lit. a) GDPR. The legal basis for data processing after a rejection is Art. 6 para. 1 lit. f) GDPR.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.
You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.
- g) Cookies and similar technologies
Transfer of personal data
Fidesta will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.
Fidesta is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for Fidesta pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by Fidesta process your data exclusively in accordance with our instructions. Fidesta remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures, and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 para. 1 lit. c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Fidesta’s legitimate interests (legal basis for processing: Art. 6 para. 1 lit. f) GDPR).
It goes without saying that Fidesta ensures that the respective service provider guarantees data security before passing on personal data. Fidesta will therefore only commission companies that can guarantee secure and proper data processing based on their qualifications and their technical and organisational capabilities.
Storage and retention
Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or – if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period. We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.
Fidesta is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, Fidesta may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 para. 1 lit. c) GDPR for compliance with a legal obligation to which we are subject. Fidesta is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of Fidesta, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of Fidesta pursuant to Art. 6 para. 1 lit. f) GDPR. Insofar as the disclosure of special category data is necessary for the assertion of claims or the defence against claims, the related data processing is based on Art. 9 (2) f) GDPR.
Our main operations are based in in the British Virgin Islands and your personal data is generally processed, stored and used within in the British Virgin Islands and other countries in the European Economic Area (EEA). In some instances, your personal data may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal data is protected in the same way as if it was being used within the British Virgin Islands and the EEA. Where we need to transfer your data outside the British Virgin Islands or the EEA, we will use one of the following safeguards:
- The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- Transfers to a non-EEA country with privacy laws that give the same protection as the British Virgin Islands and the EEA.
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Fidesta.
Direct marketing in the context of a customer relationship
We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 para. 1 lit. b) GDPR or on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, quotation purposes, Fidesta is entitled to contact you for these purposes via the communication channels you have ticked in this consent.
Security and confidentiality
To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal data, we take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration, or destruction and to ensure its availability.
Online presences in social media
We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.
Personal data and children
Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal data being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
Links to other website
The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.
This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.
Who should I contact for more information?
Fidesta Ltd (BVI)
Charles Court, 1st Floor
189 Main Street
PO B 4406
British Virgin Islands
Tel: + 1 284 494 8945
Fax: + 1 284 494 8789