Home E Data pro­tec­tion E Data pro­tec­tion hotspot

Data pro­tec­tion decla­ra­ti­on (Hot­spot)

 

This data pro­tec­tion decla­ra­ti­on informs you how hot­splots GmbH pro­ces­ses per­so­nal data and traf­fic data when you use our hotspots.

This data pro­tec­tion decla­ra­ti­on can be prin­ted or saved using the stan­dard func­tions in your brow­ser. You can also down­load and save this data pro­tec­tion decla­ra­ti­on as a PDF file by cli­cking here: [PDF].

1. Respon­si­ble authority

Con­ta­ct for and con­trol­ler of the pro­ces­sing of your per­so­nal data when using our hot­spots wit­hin the terms of the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR) is

hot­splots GmbH
Rother­stra­ße 22
10245 Ber­lin
Ger­ma­ny
Tele­pho­ne: +49 30 — 29 77 348–0
Fax: +49 30 — 29 77 348–99
Email: datenschutz(at)hotsplots.de

Should you have any ques­ti­ons regar­ding data pro­tec­tion in con­nec­tion with our pro­ducts and ser­vices, you can con­ta­ct our data pro­tec­tion offi­cer at any time. This can be done via the abo­ve pos­tal address or the pre­vious­ly sta­ted email address (hea­ding: “FAO Data Pro­tec­tion Offi­cer HOTSPLOTS”).

2. Data pro­ces­sing when using the HOTSPLOTS WLAN

2.1. Traf­fic data

We collect traf­fic data every time our hot­spots are used. This includes:

  1. Hot­spot name
  2. Time stamp (date and time) of log­ins with type of login
  3. Dura­ti­on of use
  4. Amount of data transferred
  5. Ses­si­on ID, tariff ID, time stamp of the last bil­ling data for a session
  6. Hard­ware ID of the ter­mi­nal (MAC address)
  7. Hard­ware ID of the hot­spot rou­ter (MAC address)
  8. IP address of the reques­ting device in the LAN and the hot­spot rou­ter on the Internet
  9. Name of the VPN ser­ver and IP address on the Inter­net can be deter­mi­ned with the help of (a), (b) and ©
  10. User name of a regis­tered user or ticket number
  11. Time stamp (date and time) of unsuc­cess­ful log­in attempts with error type
  12. Average band­widths of the last minu­tes (max. 10 min.), num­ber of packets transferred.

The collec­tion and pro­ces­sing of this traf­fic data is requi­red for estab­li­shing and main­tai­ning telecom­mu­ni­ca­ti­on and for the bil­ling of char­ges. In addi­ti­on to the pur­po­ses descri­bed abo­ve, the traf­fic data a to f is also tem­pora­ri­ly stored intern­al­ly (cf. sec­tion “Maxi­mum sto­rage time”) and sta­tis­ti­cal­ly eva­lua­ted. During the sto­rage peri­od, and as an addi­tio­nal secu­ri­ty mea­su­re, the traf­fic data is pseud­ony­mi­sed if pos­si­ble using the hash algorithm.

In doing so, we pro­tect the secrecy of com­mu­ni­ca­ti­ons, i.e. in par­ti­cu­lar, we do not eva­lua­te the con­tent of the telecom­mu­ni­ca­ti­on nor its spe­ci­fic cir­cum­s­tan­ces and do not pass on the traf­fic data to third par­ties. The sta­tis­ti­cal eva­lua­ti­on of the data is necessa­ry for ope­ra­tio­nal rea­sons, in par­ti­cu­lar for the rec­ti­fi­ca­ti­on of errors and for the pur­po­se of iden­ti­fy­ing impro­per use. The data stored for the sta­tis­ti­cal eva­lua­ti­on does not allow for any infor­ma­ti­on about your per­son to be direct­ly infer­red. The legal basis for the­se data pro­ces­sing ope­ra­ti­ons is Art. 6.1.1.b of the GDPR.

2.2. Regis­tered HOTSPLOTS users

It is pos­si­ble to use your per­so­nal­ly selec­ted access data to log in to some of our hot­spots, if you have pre­vious­ly regis­tered with us. After regis­tering you also have the opti­on to top up your account for using our hot­spots in the cus­to­mer area. Fur­ther infor­ma­ti­on about data collec­tion and pro­ces­sing rela­ting to regis­tra­ti­on can be found in the data pro­tec­tion decla­ra­ti­on for our web­site. If you use our hot­spots as a regis­tered cus­to­mer, in addi­ti­on to the traf­fic data men­tio­ned abo­ve, we will also collect bil­ling data and your so-cal­led inven­to­ry data for bil­ling pur­po­ses and rea­sons of fraud pre­ven­ti­on. The legal basis is Art. 6.1.1.b of the GDPR. The inven­to­ry data includes:

  • User­na­me and password
  • First name and surname
  • Address
  • Email address
  • Bank details (account hol­der, IBAN, BIC, bank).

Also, if spe­ci­fied by you:

  • Com­pa­ny
  • Tele­pho­ne and fax number
  • Web­site
  • VAT no.

2.3. Users with loca­ti­on tickets

If you use our hot­spots with a loca­ti­on ticket, in addi­ti­on to the spe­ci­fied traf­fic data, we will also save the pro­per­ties of the ticket such as ticket num­ber and pass­word as well as data on the vali­di­ty of the ticket for bil­ling pur­po­ses. The legal basis is Art. 6.1.1.b of the GDPR.

2.4. Con­ta­ct

You have various opti­ons by which you can con­ta­ct us, in par­ti­cu­lar by email or using the con­ta­ct form on our web­site. In this con­text, we pro­cess data sole­ly for the pur­po­se of com­mu­ni­ca­ting with you. The legal basis is Art. 6.1.1.b of the GDPR. The data collec­ted by us when you use the con­ta­ct form will be auto­ma­ti­cal­ly dele­ted after pro­ces­sing of your request is com­ple­ted, unless we still need your request to ful­fil con­trac­tu­al or legal obli­ga­ti­ons (cf. sec­tion “Maxi­mum sto­rage time”).

3. Dis­clo­sure of data

In princip­le, data collec­ted by us shall be dis­c­lo­sed only if:

  • You have given your express con­sent to this in accordance with Art. 6.1.1.a of the GDPR
  • Dis­clo­sure as per Art. 6.1.1.f of the GDPR is requi­red for the estab­lish­ment, exer­cise or defence of legal claims and the­re is no rea­son to assu­me that you have an over­ri­ding and legi­ti­ma­te inte­rest in pre­ven­ting the dis­clo­sure of your data
  • In accordance with Art. 6.1.1.c of the GDPR, we are requi­red by law to dis­c­lo­se it or
  • This is per­mis­si­ble by law and in accordance with Art. 6.1.1.b of the GDPR is requi­red for the imple­men­ta­ti­on of con­trac­tu­al rela­ti­ons­hips with you or for the exe­cu­ti­on of pre-con­trac­tu­al mea­su­res under­ta­ken at your request.

A pro­por­ti­on of the data pro­ces­sing may be under­ta­ken by our ser­vice pro­vi­ders. The­se inclu­de the ope­ra­tors of the data cen­tres in which our data­ba­se and web ser­vers are loca­ted (Inter­xxi­on Deutsch­land GmbH and Plus­server GmbH). Alt­hough they are unab­le to log into the ser­vers, they can come into con­ta­ct with the hard­ware. The IT ser­vice pro­vi­der who ser­vices our ERP sys­tem, Inte­ro Tech­no­lo­gies GmbH, is able to see part of the inven­to­ry data and the accoun­ting sys­tem. If we dis­c­lo­se data to our ser­vice pro­vi­ders, they are only per­mit­ted to use the data to ful­fil their tasks. The ser­vice pro­vi­ders were care­ful­ly selec­ted and com­mis­sio­ned by us. They are con­trac­tual­ly bound by our inst­ruc­tions, have access to appro­pria­te tech­ni­cal and orga­ni­sa­tio­nal mea­su­res to pro­tect the rights of the per­sons con­cer­ned and are regu­lar­ly moni­to­red by us.

4. Maxi­mum sto­rage time

In princip­le, we store per­so­nal data only for as long as requi­red to ful­fil the con­trac­tu­al or sta­tu­to­ry obli­ga­ti­ons for which we have collec­ted the data. The data is then dele­ted immedia­te­ly, unless we need the data until expi­ry of the sta­tu­to­ry limi­ta­ti­on peri­od for evi­den­tia­ry pur­po­ses for civil claims or for sta­tu­to­ry reten­ti­on requirements.

  • Inven­to­ry data from our regis­tered users (cf. also 2.2) is dele­ted in the fourth year fol­lowing the end of the last expi­red con­tract or in the year fol­lowing can­cel­la­ti­on of the cus­to­mer account, if no con­tract has been concluded.
  • Inven­to­ry data from loca­ti­on tickets (cf. also 2.3) is dele­ted in the fourth year fol­lowing the date of the last pos­si­ble use.
  • In princip­le, traf­fic data from suc­cess­ful log­ins is stored for up to 7 days. Other­wi­se, this data is gene­ral­ly alrea­dy dele­ted if it is more than 3 days old. Only if we also need the traf­fic data for bil­ling pur­po­ses, will we also save it for lon­ger: Traf­fic data rele­vant to bil­ling is dele­ted on a mon­th­ly basis if it is more than 3 mon­ths old.

5. Your rights

You have the right to request infor­ma­ti­on regar­ding the pro­ces­sing of your per­so­nal data by us at any time. As part of the pro­vi­si­on of infor­ma­ti­on, we will exp­lain the data pro­ces­sing and pro­vi­de you with an over­view of your per­so­nal data which we have stored.

If the data stored by us is incor­rect or no lon­ger cur­rent, you have the right to have this infor­ma­ti­on corrected.

You may also restrict the pro­ces­sing of your data, for examp­le, if you are of the opi­ni­on that the data stored by us is incorrect.

You also have the right to data por­ta­bi­li­ty, i.e. that we will send you a digi­tal copy of the per­so­nal data pro­vi­ded by you if you so request.

In order to assert your rights as descri­bed here, con­ta­ct us at the abo­ve men­tio­ned address at any time. This also app­lies if you wish to obtain copies of gua­ran­tees veri­fy­ing an ade­qua­te level of data protection.

Final­ly, you have the right to com­p­lain to the data pro­tec­tion super­vi­so­ry aut­ho­ri­ty respon­si­ble for us. You may assert this right with a super­vi­so­ry aut­ho­ri­ty in the Mem­ber Sta­te of your place of resi­dence, your place of work or the loca­ti­on of the sup­po­sed bre­ach. The respon­si­ble super­vi­so­ry aut­ho­ri­ty for Ber­lin, the loca­ti­on of the head­quar­ters of hot­splots GmbH, is: Sta­te Com­mis­sio­ner for Data Pro­tec­tion and Free­dom of Infor­ma­ti­on Ber­lin, Fried­rich­str. 219, DE-10969 Berlin.

6.Right of revo­ca­ti­on and objection

At any time, you have the right to revo­ke con­sent pre­vious­ly given to us. As a con­se­quence, we will cea­se pro­ces­sing any data based on this con­sent in the future. The revo­ca­ti­on of con­sent does not affect the lega­li­ty of the pro­ces­sing car­ri­ed out on the basis of the con­sent up to the revocation.

Inso­far as we pro­cess your data based on legi­ti­ma­te inte­rests, you have the right to object at any time to the pro­ces­sing of your data for rea­sons rela­ting to their par­ti­cu­lar situation.

Should you wish to exer­cise your right of revo­ca­ti­on or objec­tion, it is suf­fi­ci­ent to send an infor­mal mes­sa­ge to the address or email address sta­ted above. 

7. Data security

We main­tain up-to-date tech­ni­cal mea­su­res to gua­ran­tee data secu­ri­ty, in par­ti­cu­lar to pro­tect your per­so­nal data against risks ari­sing during data trans­fers as well as from acqui­si­ti­on by third par­ties. The­se are adjus­ted in accordance with the cur­rent sta­te of the art. Our secu­ri­ty con­cept is trans­mit­ted to the Ger­man Federal Net­work Agen­cy at regu­lar inter­vals and inspec­ted by this body.

8. Chan­ges to the data pro­tec­tion declaration

We may occa­sio­nal­ly update this data pro­tec­tion decla­ra­ti­on, for examp­le, when we adapt our web­site or legal or regu­la­to­ry requi­re­ments are changed.

Ver­si­on 1.0 / Issue: June 2018