Home E Data pro­tec­tion E Data pro­tec­tion Website

Data pro­tec­tion decla­ra­ti­on (Web­site)

In the fol­lowing Data Pro­tec­tion Noti­ce we, hot­splots GmbH, will be tel­ling you about the pro­ces­sing of your per­so­nal data (e.g. name, address, e‑mail address or usa­ge data) on our web­site. We pro­cess per­so­nal data at all times in con­for­mi­ty with the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR). The trans­mis­si­on of your per­so­nal data will always be car­ri­ed out using SSL encryp­ti­on (inclu­ding user­na­me and pass­word and the rema­in­der of the data rela­ting to the cus­to­mer area and shop of www.hotsplots.de and hotsplots.com).

You can print out or save this Data Pro­tec­tion Noti­ce by using your browser’s nor­mal func­tions. You can also down­load and archi­ve this Data Pro­tec­tion Noti­ce as a PDF file by cli­cking here [PDF].

If you are not inte­res­ted in the data pro­ces­sing of our web­site but in that of our pro­ducts, you will find here infor­ma­ti­on on data pro­tec­tion and data secu­ri­ty for the usa­ge of our hot­spots, e.g. for data cap­tu­re when using (WLAN) hot­spots and data cap­tu­re in VPN rou­ting. Other­wi­se sin­ce 2005 HOTSPLOTS has been regis­tered with the Ger­man Federal Net­work Agen­cy for its sup­ply of com­mer­cial telecom­mu­ni­ca­ti­on ser­vices to the public. Inso­far as the law requi­res, the­re also exists a regis­tra­ti­on in other coun­tries whe­re HOTSPLOTS operates.

1. Con­trol­ling body

The con­trol­ling body for the data pro­ces­sing set our below under the terms of the GDPR is

hot­splots GmbH
Rother­stra­ße 22
10245 Ber­lin
Tele­pho­ne: +49 (0)30 — 29 77 348–0
Fax:              +49 (0)30 — 29 77 348–99
Email: datenschutz(at)hotsplots.de

2. Data Pro­tec­tion Officer

Should you have any ques­ti­ons about data pro­tec­tion, you can con­ta­ct our Data Pro­tec­tion Offi­cer at any time. He can be reached under the fore­go­ing e‑mail address and under the pos­tal address (to be hea­ded: “FAO HOTSPLOTS Data Pro­tec­tion Officer”).

We express­ly point out that if you use this e‑mail address, the con­tents will not be exclu­si­ve­ly noted by our data pro­tec­tion offi­cer. If you wish to exchan­ge con­fi­den­ti­al infor­ma­ti­on, plea­se the­re­fo­re first con­ta­ct us direct­ly via this e‑mail address.

3. Gene­ral use of the website

You can visit our web­site without tel­ling us who you are. You can then use the web­site in order only to find out about our com­pa­ny and our pro­ducts. In this case we shall only collect per­so­nal data inso­far as this is necessa­ry for tech­ni­cal rea­sons in order to use our web­site. When anyo­ne visits our web­site, our web­ser­ver auto­ma­ti­cal­ly and tem­pora­ri­ly stores, in so-cal­led log files, some con­nec­tion data which your brow­ser trans­mits to us. The­se are e.g. brow­ser type and ver­si­on, ope­ra­ting sys­tem, URL of last site visi­ted (refer­rer URL) and time. The infor­ma­ti­on stored in log­files does not allow of any direct con­clu­si­on to be drawn about your per­son. IP addres­ses are cap­tu­red in the webserver’s inter­nal log and era­sed after a maxi­mum of 24 hours. The pro­ces­sing of the­se con­nec­tion data takes place for pur­po­ses of enab­ling use of the web­site, of sys­tem secu­ri­ty and of tech­ni­cal admi­nis­tra­ti­on of the net­work infra­st­ruc­tu­re, and for opti­mi­sing our inter­net faci­li­ties. The legal basis for this data pro­ces­sing is Arti­cle 6(1)(b) of the GDPR.

No mer­ger takes place of the­se data with other data sources. The log files are stored for 100 days and then auto­ma­ti­cal­ly erased.

4. Use of con­ta­ct forms

We offer you a faci­li­ty to send us messages direct­ly via a con­ta­ct form. As part of our con­ta­ct form we record the cate­go­ry of your inte­rest, your name and first name, your e‑mail address and the actu­al mes­sa­ge. Fur­ther infor­ma­ti­on is optio­nal. The legal basis for this is Arti­cle 6(1)(b) of the GDPR. We shall only use the data recor­ded via our con­ta­ct forms in order to pro­cess enqui­ries; after­wards they will be era­sed after six months.

If you wish to beco­me an instal­la­ti­on part­ner of HOTSPLOTS, we shall pro­vi­de you with a con­ta­ct faci­li­ty via our web­site. Sin­ce the accounts in the cus­to­mer area (see below) and the accounts of instal­la­ti­on part­ners are lin­ked, we request the HOTSPLOTS user­na­me as a com­pul­so­ry field. All fur­ther data, such as per­so­nal con­ta­ct or tra­ding name, are optional.

5. Use of cookies

We use so-cal­led coo­kies on our web­pages. The­se are small text files which are stored on your device as soon as you visit one of our web­sites. On the pro­duct request page shop.hotsplots.de, a coo­kie stores the lan­guage in which you acces­sed the web­site until the end of the brow­ser ses­si­on. Ano­t­her coo­kie stores the ses­si­on ID for 90 days.

When log­ging into the cus­to­mer area, a so-cal­led ses­si­on coo­kie must be stored tem­pora­ri­ly until the end of the web brow­ser session.

The­se ser­vices are groun­ded on our legi­ti­ma­te inte­rests. The legal basis is Arti­cle 6(1)(f) of the GDPR. In this way we aim to make a more con­ve­ni­ent and more indi­vi­du­al use of our web­site pos­si­ble for you. Access to and sto­rage of infor­ma­ti­on in the end device is abso­lute­ly necessa­ry in the­se cases and takes place on the basis of the imple­men­ta­ti­on laws of the ePri­va­cy Direc­ti­ve of the EU mem­ber sta­tes, in Ger­ma­ny accord­ing to Sec­tion 25 (2) TTDSG.

Of cour­se you can also visit our web­site without coo­kies. You can con­fi­gu­re your brow­ser in such a way that the accep­t­ance of coo­kies is nor­mal­ly rejec­ted or you are infor­med in advan­ce if a coo­kie is stored. Coo­kies are necessa­ry for regis­tra­ti­on in the cus­to­mer area on my.hotsplots.de.

6. Cus­to­mer area and pro­duct request

To ope­ra­te hot­spots yourself, to beco­me an instal­la­ti­on part­ner, or to upload credits for the use of hot­spots, you must regis­ter for the pro­tec­ted cus­to­mer area. When regis­tering, collec­tion is made of the user­na­me and pass­word which the user free­ly choo­ses. The pass­word is not stored en clair, but only encryp­ted, as a so-cal­led hash value. Fur­ther collec­tion is made of your name and address, which are necessa­ry for the pro­duc­tion of cor­rect vou­chers, and of your e‑mail address, which is par­ti­cu­lar­ly necessa­ry for HOTSPLOTS, in order to sup­ply man­da­to­ry infor­ma­ti­on to cus­to­mers in case of amend­ments to the Gene­ral Terms & Con­di­ti­ons of Busi­ness, and for the cus­to­mer, in order to be able to use the “Pass­word for­got­ten” func­tion. You have the opti­on of sta­ting a tele­pho­ne num­ber for tele­pho­ne sup­port. Fur­ther optio­nal infor­ma­ti­on, such as fax num­ber, URL of your own web­site and VAT Num­ber, are only of impor­t­ance for the loca­ti­on owner or hot­spot ope­ra­tor. The legal basis for this pro­ces­sing is Arti­cle 6(1)(b) of the GDPR.

On our web­site we show a selec­tion of pro­ducts for the instal­la­ti­on and ope­ra­ti­on of WiFi hot­spots. In the case of a pro­duct request, we collect the com­pul­so­ry data nee­ded for the pre­pa­ra­ti­on of an offer (name and first name, e‑mail address and pos­tal address). Optio­nal are details such as com­pa­ny name, VAT ID num­ber, tele­pho­ne num­ber and salutation.

We store the data collec­ted in the cus­to­mer area and pro­duct request only as long as necessa­ry for per­forming con­trac­tu­al or sta­tu­to­ry duties for which we have collec­ted the data. After­wards we era­se the data immedia­te­ly, unless we still need the­se data until expi­ry of the sta­tu­to­ry peri­od of limi­ta­ti­on for pur­po­ses of evi­dence in civil pro­cee­dings or due to sta­tu­to­ry duties of storage.

7. Fur­ther trans­mis­si­on and recipients

Every usa­ge of your per­so­nal data is made only for the fore­go­ing pur­po­ses and to the extent necessa­ry in order to achie­ve the­se same pur­po­ses. We will not pass on your per­so­nal data to our ser­vice pro­vi­ders or to third par­ties unless this is necessa­ry for pur­po­ses of con­ta­ct hand­ling or you have express­ly con­sen­ted thereto.

To sup­ply our ser­vice, it is necessa­ry in cer­tain busi­ness tran­sac­tions to pass on per­so­nal data to selec­ted exter­nal ser­vice providers:

  1. For dis­patch of goods, the ship­per employ­ed to make the deli­very (usual­ly DHL Paket GmbH).
  2. For hot­spot-pro­vi­si­on con­tracts, the sup­plier of the preli­mi­na­ry work, DSL/SIM card pro­vi­der, etc.
  3. For hot­spot instal­la­ti­ons, the local instal­la­ti­on partner.
  4. In case of pay­ment default, we avail our­sel­ves of exter­nal collec­tion ser­vices and, if necessa­ry, legal counsel.

Inso­far as we pass on data to ser­vice pro­vi­ders, the­se pro­vi­ders must use the said data sole­ly for per­for­mance of their com­mis­si­on. All ser­vice pro­vi­ders are care­ful­ly selec­ted and com­mis­sio­ned by us. They are con­trac­tual­ly bound to fol­low our inst­ruc­tions, have a duty of con­fi­den­tia­li­ty, and are regu­lar­ly moni­to­red by us. In all cases the extent of data trans­mit­ted is restric­ted to the requi­si­te minimum.

Trans­mis­si­on of per­so­nal data to government insti­tu­ti­ons and aut­ho­ri­ties is made only pur­suant to com­pul­so­ry natio­nal legal regu­la­ti­ons, or if such trans­mis­si­on is requi­red, in case of attacks upon our net­work infra­st­ruc­tu­re, for legal reme­dy and prosecution.

8. News­let­ter

Cus­to­mers and hot­spot ope­ra­tors can find out about your pro­ducts and ser­vices regu­lar­ly via a news­let­ter. To send the news­let­ter, your e‑mail address is pro­ces­sed in our sys­tems. You can can­cel rece­i­pt of the news­let­ter again at any time. To unsub­scri­be from the news­let­ter for cus­to­mers and hot­spot ope­ra­tors, you will find a link at the end of each news­let­ter. You can also deselect the appro­pria­te but­ton in the cus­to­mer area. A noti­ce to the con­ta­ct data given abo­ve or in the news­let­ter (e.g. by e‑mail or let­ter) is of cour­se like­wi­se suf­fi­ci­ent for this pur­po­se. The legal basis for this data pro­ces­sing for pur­po­ses of the news­let­ter is Arti­cle 6(1)(a) of the GDPR.

In our news­let­ters we use nor­mal mar­ket tech­no­lo­gies by which inter­ac­tions with the news­let­ters can be mea­su­red (e.g. ope­ning of the e‑mail, links cli­cked). We use the­se data in pseud­ony­mi­sed form for gene­ral sta­tis­ti­cal eva­lua­tions and to opti­mi­se and fur­ther deve­lop our con­tents and cus­to­mer com­mu­ni­ca­ti­on. This is done with the aid of small gra­phics which are embed­ded in the news­let­ter (so-cal­led pixels). The­se data are collec­ted sole­ly in pseud­ony­mi­sed form, nor are they com­bi­ned with your other per­so­nal data. The legal basis for our legi­ti­ma­te inte­rest in this mat­ter is Arti­cle 6(1)(f) of the GDPR. Via our news­let­ter we aim as far as pos­si­ble to share infor­ma­ti­on which is rele­vant to our cus­to­mers and to under­stand what our rea­ders are actual­ly inte­res­ted in. If you do not wish the­se user pat­terns to be ana­ly­sed, you can can­cel rece­i­pt of the news­let­ter or dis­able gra­phics as stan­dard in your e‑mail pro­gram. The­se data on inter­ac­tion with our news­let­ters are stored in pseud­ony­mi­sed form for 30 days and then com­ple­te­ly anonymised.

If you regis­ter with us or make a purcha­se from us, we will also use your con­ta­ct details to send you fur­ther infor­ma­ti­on rele­vant to you about our pro­ducts and ser­vices by email (“exis­ting cus­to­mer adver­ti­sing”). This may inclu­de, in par­ti­cu­lar, news, pro­mo­ti­ons and offers as well as feed­back and other surveys.

The legal basis for this data pro­ces­sing is Arti­cle 6(1)(a) of the GDPR in con­junc­tion with Arti­cle 7 (3) of the Ger­man Act against Unfair Com­pe­ti­ti­on (UWG), accord­ing to which data pro­ces­sing is per­mis­si­ble for the pur­po­se of exer­cis­ing legi­ti­ma­te inte­rests, inso­far as this rela­tes to the sto­rage and fur­ther use of the data for adver­ti­sing pur­po­ses. You can object to the use of your data for adver­ti­sing pur­po­ses at any time by using a cor­re­spon­ding link in the e‑mails or by noti­fy­ing the abo­ve con­ta­ct details (e.g. by e‑mail or let­ter), without incur­ring any cos­ts other than the trans­mis­si­on cos­ts accord­ing to the basic rates.

9. Ana­ly­tics tool

This web­site uses the open source web ana­ly­tics ser­vice Matomo (form­er­ly Piwik) for sta­tis­ti­cal ana­ly­sis of web­site visits. Matomo is ope­ra­ted on our web space (on-pre­mi­se) and no data is pas­sed on to third parties.

With the help of Matomo, we are able to ana­ly­se data about the use of our web­site by web­site visi­tors. This enab­les us to bet­ter under­stand, among other things, which page views were made when and from which regi­on the web­site visi­tors come. To do this, we ana­ly­se various log files (e.g. IP address, refer­rer, brow­sers and ope­ra­ting sys­tems used) and can mea­su­re whe­ther our web­site visi­tors per­form cer­tain actions (e.g. pages view­ed, links cli­cked or files down­loa­ded). The use of this ana­ly­sis tool is based on Art. 6 (1) (f) GDPR. The web­site ope­ra­tor has a legi­ti­ma­te inte­rest in ana­ly­sing user beha­viour in order to opti­mi­se its web­site. The­re is no acti­ve access to end device infor­ma­ti­on accord­ing to Sec­tion 25 TTDSG, but we let Matomo eva­lua­te our alrea­dy exis­ting ser­ver logs (see sec­tion 3).

We have made the fol­lowing data pro­tec­tion set­tings for Matomo:
IP anony­mi­sa­ti­on
We use IP anony­mi­sa­ti­on for the ana­ly­sis with Matomo. This means that your IP address is shor­ten­ed befo­re ana­ly­sis so that it can no lon­ger be clear­ly assi­gned to you.
We host Matomo exclu­si­ve­ly on our own ser­vers, so that all ana­ly­sis data remains with us and is not pas­sed on.
Sto­rage peri­od: Old logs are auto­ma­ti­cal­ly dele­ted after 100 days at the latest.

10. Your rights

You have the right to recei­ve infor­ma­ti­on about the pro­ces­sing of your per­so­nal data by us at any time. In this con­text we shall exp­lain the data pro­ces­sing to you and pro­vi­de you with an over­view of the data rela­ting to your per­son which have been saved.

Should data which we have stored be erro­ne­ous or no lon­ger up to date, you enjoy the right to have the­se data cor­rec­ted. You can also requi­re that your data be era­sed. Should such era­su­re be impos­si­ble in the excep­tio­nal case due to other legal regu­la­ti­ons, the­se data will be blo­cked, so that they are only avail­ab­le for this sta­tu­to­ry pur­po­se. You can also restrict the pro­ces­sing of your per­so­nal data, if e.g. doubts exist on your part as to whe­ther the­se data are correct.

You also have the right of data trans­fe­ra­bi­li­ty, i.e. you may requi­re us to send you a digi­tal copy of the per­so­nal data which you have provided.

Inso­far as we pro­cess your data pur­suant to legi­ti­ma­te inte­rests under Arti­ca­le 6 (1)(f) of the GDPR, under Arti­cle 21 of the GDPR, you have the right to lodge objec­tion to the pro­ces­sing of your data and to sta­te to us such grounds ari­sing from your par­ti­cu­lar situa­ti­on as, in your opi­ni­on, must allow your pro­tec­ted inte­rests to be over­ri­ding. Should your objec­tion be an objec­tion to data pro­ces­sing for pur­po­ses of direct adver­ti­sing, you have a gene­ral right of objec­tion, which will be imple­men­ted by us also without grounds being stated.

To exer­cise your rights as set out here, you can com­mu­ni­ca­te at any time with the fore­go­ing con­ta­ct details. You also have the right to lodge a com­p­laint to to any data-pro­tec­tion aut­ho­ri­ty (for us, the respon­si­ble aut­ho­ri­ty is Ber­lin Com­mis­sio­ner for Data Pro­tec­tion and Free­dom of Infor­ma­ti­on, Fried­rich­stras­se 219, 10969 Ber­lin). For examp­le, you can con­ta­ct the data-pro­tec­tion aut­ho­ri­ty at your place of resi­dence, which will then pass your app­li­ca­ti­on on to the com­pe­tent authority.

Your enqui­ries regar­ding the asser­ti­on of data pro­tec­tion rights and our respon­ses to them will be stored for docu­men­ta­ti­on pur­po­ses for a peri­od of up to three years and, in indi­vi­du­al cases, for a lon­ger peri­od if the­re are grounds for asser­ting, exer­cis­ing or defen­ding legal claims. The legal basis is Art. 6 (1) lit. f GDPR, based on our inte­rest in defen­ding against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and ful­fil­ling our accoun­ta­bi­li­ty obli­ga­ti­ons under Art. 5 (2) GDPR.

Ver­si­on 2.4, sta­tus: July 2022