Home E Data pro­tec­tion E Data pro­tec­tion Website

Data pro­tec­tion decla­ra­ti­on (Web­site)

In the fol­lo­wing Data Pro­tec­tion Noti­ce we, hot­splots GmbH, will be tel­ling you about the pro­ces­sing of your per­so­nal data (e.g. name, address, e‑mail address or usa­ge data) on our web­site. We pro­cess per­so­nal data at all times in con­for­mi­ty with the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR). The trans­mis­si­on of your per­so­nal data will always be car­ri­ed out using SSL encryp­ti­on (inclu­ding user­na­me and pass­word and the rema­in­der of the data rela­ting to the cus­to­mer area and shop of www.hotsplots.de and hotsplots.com).

You can print out or save this Data Pro­tec­tion Noti­ce by using your browser’s nor­mal func­tions. You can also down­load and archi­ve this Data Pro­tec­tion Noti­ce as a PDF file by cli­cking here [PDF].

If you are not inte­res­ted in the data pro­ces­sing of our web­site but in that of our pro­ducts, you will find here infor­ma­ti­on on data pro­tec­tion and data secu­ri­ty for the usa­ge of our hot­spots, e.g. for data cap­tu­re when using (WLAN) hot­spots and data cap­tu­re in VPN rou­ting. Other­wi­se sin­ce 2005 HOTSPLOTS has been regis­tered with the Ger­man Fede­ral Net­work Agen­cy for its sup­p­ly of com­mer­cial tele­com­mu­ni­ca­ti­on ser­vices to the public. Inso­far as the law requi­res, the­re also exists a regis­tra­ti­on in other count­ries whe­re HOTSPLOTS operates.

1. Con­trol­ling body

The con­trol­ling body for the data pro­ces­sing set our below under the terms of the GDPR is

hot­splots GmbH
Rother­stra­ße 22
10245 Ber­lin
Ger­ma­ny
Tele­pho­ne: +49 (0)30 — 29 77 348–0
Fax:              +49 (0)30 — 29 77 348–99
Email: datenschutz(at)hotsplots.de

2. Data Pro­tec­tion Officer

Should you have any ques­ti­ons about data pro­tec­tion, you can cont­act our Data Pro­tec­tion Offi­cer at any time. He can be rea­ched under the fore­go­ing e‑mail address and under the pos­tal address (to be hea­ded: “FAO HOTSPLOTS Data Pro­tec­tion Officer”).

We express­ly point out that if you use this e‑mail address, the con­tents will not be exclu­si­ve­ly noted by our data pro­tec­tion offi­cer. If you wish to exch­an­ge con­fi­den­ti­al infor­ma­ti­on, plea­se the­r­e­fo­re first cont­act us direct­ly via this e‑mail address.

3. Gene­ral use of the website

You can visit our web­site wit­hout tel­ling us who you are. You can then use the web­site in order only to find out about our com­pa­ny and our pro­ducts. In this case we shall only coll­ect per­so­nal data inso­far as this is neces­sa­ry for tech­ni­cal reasons in order to use our web­site. When anyo­ne visits our web­site, our web­ser­ver auto­ma­ti­cal­ly and tem­po­r­a­ri­ly stores, in so-cal­led log files, some con­nec­tion data which your brow­ser trans­mits to us. The­se are e.g. brow­ser type and ver­si­on, ope­ra­ting sys­tem, URL of last site visi­ted (refer­rer URL) and time. The infor­ma­ti­on stored in log­files does not allow of any direct con­clu­si­on to be drawn about your per­son. IP addres­ses are cap­tu­red in the webserver’s inter­nal log and era­sed after a maxi­mum of 24 hours. The pro­ces­sing of the­se con­nec­tion data takes place for pur­po­ses of enab­ling use of the web­site, of sys­tem secu­ri­ty and of tech­ni­cal admi­nis­tra­ti­on of the net­work infra­struc­tu­re, and for opti­mi­sing our inter­net faci­li­ties. The legal basis for this data pro­ces­sing is Artic­le 6(1)(b) of the GDPR.

No mer­ger takes place of the­se data with other data sources. The log files are stored for 100 days and then auto­ma­ti­cal­ly erased.

4. Use of cont­act forms

We offer you a faci­li­ty to send us mes­sa­ges direct­ly via a cont­act form. As part of our cont­act form we record the cate­go­ry of your inte­rest, your name and first name, your e‑mail address and the actu­al mes­sa­ge. Fur­ther infor­ma­ti­on is optio­nal. The legal basis for this is Artic­le 6(1)(b) of the GDPR. We shall only use the data recor­ded via our cont­act forms in order to pro­cess enqui­ries; after­wards they will be era­sed after six months.

If you wish to beco­me an instal­la­ti­on part­ner of HOTSPLOTS, we shall pro­vi­de you with a cont­act faci­li­ty via our web­site. Sin­ce the accounts in the cus­to­mer area (see below) and the accounts of instal­la­ti­on part­ners are lin­ked, we request the HOTSPLOTS user­na­me as a com­pul­so­ry field. All fur­ther data, such as per­so­nal cont­act or tra­ding name, are optional.

5. Use of cookies

We use so-cal­led coo­kies on our web­pages. The­se are small text files which are stored on your device as soon as you visit one of our web­sites. On the pro­duct request page shop.hotsplots.de, a coo­kie stores the lan­guage in which you acces­sed the web­site until the end of the brow­ser ses­si­on. Ano­ther coo­kie stores the ses­si­on ID for 90 days.

When log­ging into the cus­to­mer area, a so-cal­led ses­si­on coo­kie must be stored tem­po­r­a­ri­ly until the end of the web brow­ser session.

The­se ser­vices are groun­ded on our legi­ti­ma­te inte­rests. The legal basis is Artic­le 6(1)(f) of the GDPR. In this way we aim to make a more con­ve­ni­ent and more indi­vi­du­al use of our web­site pos­si­ble for you. Access to and sto­rage of infor­ma­ti­on in the end device is abso­lut­e­ly neces­sa­ry in the­se cases and takes place on the basis of the imple­men­ta­ti­on laws of the ePri­va­cy Direc­ti­ve of the EU mem­ber sta­tes, in Ger­ma­ny accor­ding to Sec­tion 25 (2) TTDSG.

Of cour­se you can also visit our web­site wit­hout coo­kies. You can con­fi­gu­re your brow­ser in such a way that the accep­tance of coo­kies is nor­mal­ly rejec­ted or you are infor­med in advan­ce if a coo­kie is stored. Coo­kies are neces­sa­ry for regis­tra­ti­on in the cus­to­mer area on my.hotsplots.de.

6. Cus­to­mer area and pro­duct request

To ope­ra­te hot­spots yours­elf, to beco­me an instal­la­ti­on part­ner, or to upload cre­dits for the use of hot­spots, you must regis­ter for the pro­tec­ted cus­to­mer area. When regis­tering, coll­ec­tion is made of the user­na­me and pass­word which the user free­ly choo­ses. The pass­word is not stored en clair, but only encrypt­ed, as a so-cal­led hash value. Fur­ther coll­ec­tion is made of your name and address, which are neces­sa­ry for the pro­duc­tion of cor­rect vou­ch­ers, and of your e‑mail address, which is par­ti­cu­lar­ly neces­sa­ry for HOTSPLOTS, in order to sup­p­ly man­da­to­ry infor­ma­ti­on to cus­to­mers in case of amend­ments to the Gene­ral Terms & Con­di­ti­ons of Busi­ness, and for the cus­to­mer, in order to be able to use the “Pass­word for­got­ten” func­tion. You have the opti­on of sta­ting a tele­pho­ne num­ber for tele­pho­ne sup­port. Fur­ther optio­nal infor­ma­ti­on, such as fax num­ber, URL of your own web­site and VAT Num­ber, are only of importance for the loca­ti­on owner or hot­spot ope­ra­tor. The legal basis for this pro­ces­sing is Artic­le 6(1)(b) of the GDPR.

On our web­site we show a sel­ec­tion of pro­ducts for the instal­la­ti­on and ope­ra­ti­on of WiFi hot­spots. In the case of a pro­duct request, we coll­ect the com­pul­so­ry data nee­ded for the pre­pa­ra­ti­on of an offer (name and first name, e‑mail address and pos­tal address). Optio­nal are details such as com­pa­ny name, VAT ID num­ber, tele­pho­ne num­ber and salutation.

We store the data coll­ec­ted in the cus­to­mer area and pro­duct request only as long as neces­sa­ry for per­forming con­trac­tu­al or sta­tu­to­ry duties for which we have coll­ec­ted the data. After­wards we era­se the data imme­dia­te­ly, unless we still need the­se data until expiry of the sta­tu­to­ry peri­od of limi­ta­ti­on for pur­po­ses of evi­dence in civil pro­cee­dings or due to sta­tu­to­ry duties of storage.

7. Fur­ther trans­mis­si­on and recipients

Every usa­ge of your per­so­nal data is made only for the fore­go­ing pur­po­ses and to the ext­ent neces­sa­ry in order to achie­ve the­se same pur­po­ses. We will not pass on your per­so­nal data to our ser­vice pro­vi­ders or to third par­ties unless this is neces­sa­ry for pur­po­ses of cont­act hand­ling or you have express­ly con­sen­ted thereto.

To sup­p­ly our ser­vice, it is neces­sa­ry in cer­tain busi­ness tran­sac­tions to pass on per­so­nal data to sel­ec­ted exter­nal ser­vice providers:

  1. For dis­patch of goods, the ship­per employ­ed to make the deli­very (usual­ly DHL Paket GmbH).
  2. For hot­spot-pro­vi­si­on con­tracts, the sup­pli­er of the preli­mi­na­ry work, DSL/SIM card pro­vi­der, etc.
  3. For hot­spot instal­la­ti­ons, the local instal­la­ti­on partner.
  4. In case of pay­ment default, we avail our­sel­ves of exter­nal coll­ec­tion ser­vices and, if neces­sa­ry, legal counsel.

Inso­far as we pass on data to ser­vice pro­vi­ders, the­se pro­vi­ders must use the said data sole­ly for per­for­mance of their com­mis­si­on. All ser­vice pro­vi­ders are careful­ly sel­ec­ted and com­mis­sio­ned by us. They are con­trac­tual­ly bound to fol­low our ins­truc­tions, have a duty of con­fi­den­tia­li­ty, and are regu­lar­ly moni­to­red by us. In all cases the ext­ent of data trans­mit­ted is rest­ric­ted to the requi­si­te minimum.

Trans­mis­si­on of per­so­nal data to govern­ment insti­tu­ti­ons and aut­ho­ri­ties is made only pur­su­ant to com­pul­so­ry natio­nal legal regu­la­ti­ons, or if such trans­mis­si­on is requi­red, in case of attacks upon our net­work infra­struc­tu­re, for legal reme­dy and prosecution.

8. News­let­ter

Cus­to­mers and hot­spot ope­ra­tors can find out about your pro­ducts and ser­vices regu­lar­ly via a news­let­ter. To send the news­let­ter, your e‑mail address is pro­ces­sed in our sys­tems. You can can­cel receipt of the news­let­ter again at any time. To unsub­scri­be from the news­let­ter for cus­to­mers and hot­spot ope­ra­tors, you will find a link at the end of each news­let­ter. You can also desel­ect the appro­pria­te but­ton in the cus­to­mer area. A noti­ce to the cont­act data given abo­ve or in the news­let­ter (e.g. by e‑mail or let­ter) is of cour­se like­wi­se suf­fi­ci­ent for this pur­po­se. The legal basis for this data pro­ces­sing for pur­po­ses of the news­let­ter is Artic­le 6(1)(a) of the GDPR.

In our news­let­ters we use nor­mal mar­ket tech­no­lo­gies by which inter­ac­tions with the news­let­ters can be mea­su­red (e.g. ope­ning of the e‑mail, links cli­cked). We use the­se data in pseud­ony­mi­sed form for gene­ral sta­tis­ti­cal eva­lua­tions and to opti­mi­se and fur­ther deve­lop our con­tents and cus­to­mer com­mu­ni­ca­ti­on. This is done with the aid of small gra­phics which are embedded in the news­let­ter (so-cal­led pixels). The­se data are coll­ec­ted sole­ly in pseud­ony­mi­sed form, nor are they com­bi­ned with your other per­so­nal data. The legal basis for our legi­ti­ma­te inte­rest in this mat­ter is Artic­le 6(1)(f) of the GDPR. Via our news­let­ter we aim as far as pos­si­ble to share infor­ma­ti­on which is rele­vant to our cus­to­mers and to under­stand what our rea­ders are actual­ly inte­res­ted in. If you do not wish the­se user pat­terns to be ana­ly­sed, you can can­cel receipt of the news­let­ter or disable gra­phics as stan­dard in your e‑mail pro­gram. The­se data on inter­ac­tion with our news­let­ters are stored in pseud­ony­mi­sed form for 30 days and then com­ple­te­ly anonymised.

If you regis­ter with us or make a purcha­se from us, we will also use your cont­act details to send you fur­ther infor­ma­ti­on rele­vant to you about our pro­ducts and ser­vices by email (“exis­ting cus­to­mer adver­ti­sing”). This may include, in par­ti­cu­lar, news, pro­mo­ti­ons and offers as well as feed­back and other surveys.

The legal basis for this data pro­ces­sing is Artic­le 6(1)(a) of the GDPR in con­junc­tion with Artic­le 7 (3) of the Ger­man Act against Unfair Com­pe­ti­ti­on (UWG), accor­ding to which data pro­ces­sing is per­mis­si­ble for the pur­po­se of exer­cis­ing legi­ti­ma­te inte­rests, inso­far as this rela­tes to the sto­rage and fur­ther use of the data for adver­ti­sing pur­po­ses. You can object to the use of your data for adver­ti­sing pur­po­ses at any time by using a cor­re­spon­ding link in the e‑mails or by noti­fy­ing the abo­ve cont­act details (e.g. by e‑mail or let­ter), wit­hout incur­ring any cos­ts other than the trans­mis­si­on cos­ts accor­ding to the basic rates.

9. Ana­ly­tics tool

This web­site uses the open source web ana­ly­tics ser­vice Mato­mo (form­er­ly Piwik) for sta­tis­ti­cal ana­ly­sis of web­site visits. Mato­mo is ope­ra­ted on our web space (on-pre­mi­se) and no data is pas­sed on to third parties.

With the help of Mato­mo, we are able to ana­ly­se data about the use of our web­site by web­site visi­tors. This enables us to bet­ter under­stand, among other things, which page views were made when and from which regi­on the web­site visi­tors come. To do this, we ana­ly­se various log files (e.g. IP address, refer­rer, brow­sers and ope­ra­ting sys­tems used) and can mea­su­re whe­ther our web­site visi­tors per­form cer­tain actions (e.g. pages view­ed, links cli­cked or files down­loa­ded). The use of this ana­ly­sis tool is based on Art. 6 (1) (f) GDPR. The web­site ope­ra­tor has a legi­ti­ma­te inte­rest in ana­ly­sing user beha­viour in order to opti­mi­se its web­site. The­re is no acti­ve access to end device infor­ma­ti­on accor­ding to Sec­tion 25 TTDSG, but we let Mato­mo eva­lua­te our alre­a­dy exis­ting ser­ver logs (see sec­tion 3).

We have made the fol­lo­wing data pro­tec­tion set­tings for Mato­mo:
IP anony­mi­sa­ti­on
We use IP anony­mi­sa­ti­on for the ana­ly­sis with Mato­mo. This means that your IP address is shor­ten­ed befo­re ana­ly­sis so that it can no lon­ger be cle­ar­ly assi­gned to you.
Hos­ting
We host Mato­mo exclu­si­ve­ly on our own ser­vers, so that all ana­ly­sis data remains with us and is not pas­sed on.
Sto­rage peri­od: Old logs are auto­ma­ti­cal­ly dele­ted after 100 days at the latest.

10. Your rights

You have the right to recei­ve infor­ma­ti­on about the pro­ces­sing of your per­so­nal data by us at any time. In this con­text we shall explain the data pro­ces­sing to you and pro­vi­de you with an over­view of the data rela­ting to your per­son which have been saved.

Should data which we have stored be erro­n­eous or no lon­ger up to date, you enjoy the right to have the­se data cor­rec­ted. You can also requi­re that your data be era­sed. Should such era­su­re be impos­si­ble in the excep­tio­nal case due to other legal regu­la­ti­ons, the­se data will be blo­cked, so that they are only available for this sta­tu­to­ry pur­po­se. You can also rest­rict the pro­ces­sing of your per­so­nal data, if e.g. doubts exist on your part as to whe­ther the­se data are correct.

You also have the right of data trans­fera­bi­li­ty, i.e. you may requi­re us to send you a digi­tal copy of the per­so­nal data which you have provided.

Inso­far as we pro­cess your data pur­su­ant to legi­ti­ma­te inte­rests under Arti­cale 6 (1)(f) of the GDPR, under Artic­le 21 of the GDPR, you have the right to lodge objec­tion to the pro­ces­sing of your data and to sta­te to us such grounds ari­sing from your par­ti­cu­lar situa­ti­on as, in your opi­ni­on, must allow your pro­tec­ted inte­rests to be over­ri­ding. Should your objec­tion be an objec­tion to data pro­ces­sing for pur­po­ses of direct adver­ti­sing, you have a gene­ral right of objec­tion, which will be imple­men­ted by us also wit­hout grounds being stated.

To exer­cise your rights as set out here, you can com­mu­ni­ca­te at any time with the fore­go­ing cont­act details. You also have the right to lodge a com­plaint to to any data-pro­tec­tion aut­ho­ri­ty (for us, the respon­si­ble aut­ho­ri­ty is Ber­lin Com­mis­sio­ner for Data Pro­tec­tion and Free­dom of Infor­ma­ti­on, Alt-Moa­bit 59–61, 10555 Ber­lin, email: mailbox@datenschutz-berlin.de). For exam­p­le, you can cont­act the data-pro­tec­tion aut­ho­ri­ty at your place of resi­dence, which will then pass your appli­ca­ti­on on to the com­pe­tent authority.

Your enqui­ries regar­ding the asser­ti­on of data pro­tec­tion rights and our respon­ses to them will be stored for docu­men­ta­ti­on pur­po­ses for a peri­od of up to three years and, in indi­vi­du­al cases, for a lon­ger peri­od if the­re are grounds for asser­ting, exer­cis­ing or defen­ding legal claims. The legal basis is Art. 6 (1) lit. f GDPR, based on our inte­rest in defen­ding against any civil claims under Art. 82 GDPR, avo­i­ding fines under Art. 83 GDPR and ful­fil­ling our accoun­ta­bi­li­ty obli­ga­ti­ons under Art. 5 (2) GDPR.

Ver­si­on 2.5, sta­tus: Febru­ary 2023