In the following Data protection declaration we, hotsplots GmbH, will be telling you about the processing of your personal data (e.g. name, address, e‑mail address or usage data) on our website. We process personal data at all times in conformity with the EU General Data Protection Regulation (GDPR). The transmission of your personal data will always be carried out using SSL encryption (including username and password and the remainder of the data relating to the customer area and shop of www.hotsplots.de).
You can print out or save this Data Protection Notice by using your browser’s normal functions. You can also download and archive this Data Protection Notice as a PDF file by clicking here [PDF].
If you are not interested in the data processing of our website but in that of our products, you will find here information on data protection and data security for the usage of our hotspots, e.g. for data capture when using (WLAN) hotspots and data capture in VPN routing. Otherwise since 2005 HOTSPLOTS has been registered with the German Federal Network Agency for its supply of commercial telecommunication services to the public. Insofar as the law requires, there also exists a registration in other countries where HOTSPLOTS operates.
1. Controlling body
The controlling body for the data processing set our below under the terms of the GDPR is
|Telephone: +49 (0)30 — 29 77 348–0
Fax: +49 (0)30 — 29 77 348–99
2. Data Protection Officer
Should you have any questions about data protection, you can contact our Data Protection Officer at any time. He can be reached under the foregoing e‑mail address and under the postal address (to be headed: “FAO HOTSPLOTS Data Protection Officer”).
3. General use of the website
You can visit our website without telling us who you are. You can then use the website in order only to find out about our company and our products. In this case we shall only collect personal data insofar as this is necessary for technical reasons in order to use our website. When anyone visits our website, our webserver automatically and temporarily stores, in so-called log files, some connection data which your browser transmits to us. These are e.g. browser type and version, operating system, URL of last site visited (referrer URL) and time. The information stored in logfiles does not allow of any direct conclusion to be drawn about your person. IP addresses are captured in the webserver’s internal log and erased after a maximum of 24 hours. The processing of these connection data takes place for purposes of enabling use of the website, of system security and of technical administration of the network infrastructure, and for optimising our internet facilities. The legal basis for this data processing is Article 6(1)(b) of the GDPR.
No merger takes place of these data with other data sources. The log files are stored for two months and then automatically erased.
4. Use of contact forms
We offer you a facility to send us messages directly via a contact form. As part of our contact form we record the category of your interest, your name and first name, your e‑mail address and the actual message. Further information is optional. The legal basis for this is Article 6(1)(b) of the GDPR. We shall only use the data recorded via our contact forms in order to process enquiries; afterwards they will be erased after six months.
If you wish to become an installation partner of HOTSPLOTS, we shall provide you with a contact facility via our website. Since the accounts in the customer area (see below) and the accounts of installation partners are linked, we request the HOTSPLOTS username as a compulsory field. All further data, such as personal contact or trading name, are optional.
Of course you can also visit our website without cookies. You can so configure your browser that the acceptance of cookies is normally rejected or you are informed in advance if a cookie is stored.
If you do not accept any cookies, this may lead to restrictions on the use of our website. Cookies are necessary for registration in the customer area on www.hotsplots.de.
6. Customer area and shop
To operate hotspots yourself, to become an installation partner, or to upload credits for the use of hotspots, you must register for the protected customer area. When registering, collection is made of the username and password which the user freely chooses. The password is not stored en clair, but only encrypted, as a so-called hash value. Further collection is made of your name and address, which are necessary for the production of correct vouchers, and of your e‑mail address, which is particularly necessary for HOTSPLOTS, in order to supply mandatory information to customers in case of amendments to the General Terms & Conditions of Business, and for the customer, in order to be able to use the “Password forgotten” function. You have the option of stating a telephone number for telephone support. Further optional information, such as fax number, URL of your own website and VAT Number, are only of importance for the location owner or hotspot operator. The legal basis for this processing is Article 6(1)(b) of the GDPR.
In our shop we offer you a selection of products and installations for operating WLAN hotspots. If you set up a user account in our shop, you will be taken more rapidly through the order process, be able to store several dispatch addresses, follow the progress of your order so far, and much more.
When you register for the shop and undertake the subsequent order process, we collect compulsory data needed for handling the contract (name and first name, e‑mail address, password, invoice and dispatch address). Information such as telephone and fax number is optional. The legal basis for this is likewise Article 6(1)(b) of the GDPR.
We store the data collected in the customer area and shop only as long as necessary for performing contractual or statutory duties for which we have collected the data. Afterwards we erase the data immediately, unless we still need these data until expiry of the statutory period of limitation for purposes of evidence in civil proceedings or due to statutory duties of storage.
7. Further transmission and recipients
Every usage of your personal data is made only for the foregoing purposes and to the extent necessary in order to achieve these same purposes. We will not pass on your personal data to our service providers or to third parties unless this is necessary for purposes of contact handling or you have expressly consented thereto.
To supply our service, it is necessary in certain business transactions to pass on personal data to selected external service providers:
- For dispatch of goods, the shipper employed to make the delivery (usually DHL Paket GmbH).
- For payment by credit card, the credit organisation employed to process the payment (usually Wirecard AG, cf. information of the Wirecard AG).
- For hotspot-provision contracts, the supplier of the preliminary work, DSL/SIM card provider, etc.
- For hotspot installations, the local installation partner.
- In case of payment default, we avail ourselves of external collection services and, if necessary, legal counsel.
Insofar as we pass on data to service providers, these providers must use the said data solely for performance of their commission. All service providers are carefully selected and commissioned by us. They are contractually bound to follow our instructions, have a duty of confidentiality, and are regularly monitored by us. In all cases the extent of data transmitted is restricted to the requisite minimum.
Transmission of personal data to government institutions and authorities is made only pursuant to compulsory national legal regulations, or if such transmission is required, in case of attacks upon our network infrastructure, for legal remedy and prosecution.
8. Google Maps
Customers and hotspot operators can find out about your products and services regularly via a newsletter. To send the newsletter, your e‑mail address is processed in our systems. You can cancel receipt of the newsletter again at any time. To unsubscribe from the newsletter for customers and hotspot operators, you will find a link at the end of each newsletter. You can also deselect the appropriate button in the customer area. A notice to the contact data given above or in the newsletter (e.g. by e‑mail or letter) is of course likewise sufficient for this purpose. The legal basis for this data processing for purposes of the newsletter is Article 6(1)(a) of the GDPR.
In our newsletters we use normal market technologies by which interactions with the newsletters can be measured (e.g. opening of the e‑mail, links clicked). We use these data in pseudonymised form for general statistical evaluations and to optimise and further develop our contents and customer communication. This is done with the aid of small graphics which are embedded in the newsletter (so-called pixels). These data are collected solely in pseudonymised form, nor are they combined with your other personal data. The legal basis for our legitimate interest in this matter is Article 6(1)(f) of the GDPR. Via our newsletter we aim as far as possible to share information which is relevant to our customers and to understand what our readers are actually interested in. If you do not wish these user patterns to be analysed, you can cancel receipt of the newsletter or disable graphics as standard in your e‑mail program. These data on interaction with our newsletters are stored in pseudonymised form for 30 days and then completely anonymised.
10. Your rights
You have the right to receive information about the processing of your personal data by us at any time. In this context we shall explain the data processing to you and provide you with an overview of the data relating to your person which have been saved.
Should data which we have stored be erroneous or no longer up to date, you enjoy the right to have these data corrected. You can also require that your data be erased. Should such erasure be impossible in the exceptional case due to other legal regulations, these data will be blocked, so that they are only available for this statutory purpose. You can also restrict the processing of your personal data, if e.g. doubts exist on your part as to whether these data are correct.
You also have the right of data transferability, i.e. you may require us to send you a digital copy of the personal data which you have provided.
Insofar as we process your data pursuant to legitimate interests under Articale 6 (1)(f) of the GDPR, under Article 21 of the GDPR, you have the right to lodge objection to the processing of your data and to state to us such grounds arising from your particular situation as, in your opinion, must allow your protected interests to be overriding. Should your objection be an objection to data processing for purposes of direct advertising, you have a general right of objection, which will be implemented by us also without grounds being stated.
To exercise your rights as set out here, you can communicate at any time with the foregoing contact details. You also have the right to lodge a complaint to the data-protection authority to which we are subject (Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin). You can also contact the data-protection authority at your place of residence, which will then pass your application on to the competent authority.
Version 2.3, status: March 2019