In the following Data Protection Notice we, hotsplots GmbH, will be telling you about the processing of your personal data (e.g. name, address, e‑mail address or usage data) on our website. We process personal data at all times in conformity with the EU General Data Protection Regulation (GDPR). The transmission of your personal data will always be carried out using SSL encryption (including username and password and the remainder of the data relating to the customer area and shop of www.hotsplots.de and hotsplots.com).
You can print out or save this Data Protection Notice by using your browser’s normal functions. You can also download and archive this Data Protection Notice as a PDF file by clicking here [PDF].
If you are not interested in the data processing of our website but in that of our products, you will find here information on data protection and data security for the usage of our hotspots, e.g. for data capture when using (WLAN) hotspots and data capture in VPN routing. Otherwise since 2005 HOTSPLOTS has been registered with the German Federal Network Agency for its supply of commercial telecommunication services to the public. Insofar as the law requires, there also exists a registration in other countries where HOTSPLOTS operates.
1. Controlling body
The controlling body for the data processing set our below under the terms of the GDPR is
|Telephone: +49 (0)30 — 29 77 348–0
Fax: +49 (0)30 — 29 77 348–99
2. Data Protection Officer
Should you have any questions about data protection, you can contact our Data Protection Officer at any time. He can be reached under the foregoing e‑mail address and under the postal address (to be headed: “FAO HOTSPLOTS Data Protection Officer”).
We expressly point out that if you use this e‑mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, please therefore first contact us directly via this e‑mail address.
3. General use of the website
You can visit our website without telling us who you are. You can then use the website in order only to find out about our company and our products. In this case we shall only collect personal data insofar as this is necessary for technical reasons in order to use our website. When anyone visits our website, our webserver automatically and temporarily stores, in so-called log files, some connection data which your browser transmits to us. These are e.g. browser type and version, operating system, URL of last site visited (referrer URL) and time. The information stored in logfiles does not allow of any direct conclusion to be drawn about your person. IP addresses are captured in the webserver’s internal log and erased after a maximum of 24 hours. The processing of these connection data takes place for purposes of enabling use of the website, of system security and of technical administration of the network infrastructure, and for optimising our internet facilities. The legal basis for this data processing is Article 6(1)(b) of the GDPR.
No merger takes place of these data with other data sources. The log files are stored for 100 days and then automatically erased.
4. Use of contact forms
We offer you a facility to send us messages directly via a contact form. As part of our contact form we record the category of your interest, your name and first name, your e‑mail address and the actual message. Further information is optional. The legal basis for this is Article 6(1)(b) of the GDPR. We shall only use the data recorded via our contact forms in order to process enquiries; afterwards they will be erased after six months.
If you wish to become an installation partner of HOTSPLOTS, we shall provide you with a contact facility via our website. Since the accounts in the customer area (see below) and the accounts of installation partners are linked, we request the HOTSPLOTS username as a compulsory field. All further data, such as personal contact or trading name, are optional.
We use so-called cookies on our webpages. These are small text files which are stored on your device as soon as you visit one of our websites. On the product request page shop.hotsplots.de, a cookie stores the language in which you accessed the website until the end of the browser session. Another cookie stores the session ID for 90 days.
When logging into the customer area, a so-called session cookie must be stored temporarily until the end of the web browser session.
These services are grounded on our legitimate interests. The legal basis is Article 6(1)(f) of the GDPR. In this way we aim to make a more convenient and more individual use of our website possible for you. Access to and storage of information in the end device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25 (2) TTDSG.
Of course you can also visit our website without cookies. You can configure your browser in such a way that the acceptance of cookies is normally rejected or you are informed in advance if a cookie is stored. Cookies are necessary for registration in the customer area on my.hotsplots.de.
6. Customer area and product request
To operate hotspots yourself, to become an installation partner, or to upload credits for the use of hotspots, you must register for the protected customer area. When registering, collection is made of the username and password which the user freely chooses. The password is not stored en clair, but only encrypted, as a so-called hash value. Further collection is made of your name and address, which are necessary for the production of correct vouchers, and of your e‑mail address, which is particularly necessary for HOTSPLOTS, in order to supply mandatory information to customers in case of amendments to the General Terms & Conditions of Business, and for the customer, in order to be able to use the “Password forgotten” function. You have the option of stating a telephone number for telephone support. Further optional information, such as fax number, URL of your own website and VAT Number, are only of importance for the location owner or hotspot operator. The legal basis for this processing is Article 6(1)(b) of the GDPR.
On our website we show a selection of products for the installation and operation of WiFi hotspots. In the case of a product request, we collect the compulsory data needed for the preparation of an offer (name and first name, e‑mail address and postal address). Optional are details such as company name, VAT ID number, telephone number and salutation.
We store the data collected in the customer area and product request only as long as necessary for performing contractual or statutory duties for which we have collected the data. Afterwards we erase the data immediately, unless we still need these data until expiry of the statutory period of limitation for purposes of evidence in civil proceedings or due to statutory duties of storage.
7. Further transmission and recipients
Every usage of your personal data is made only for the foregoing purposes and to the extent necessary in order to achieve these same purposes. We will not pass on your personal data to our service providers or to third parties unless this is necessary for purposes of contact handling or you have expressly consented thereto.
To supply our service, it is necessary in certain business transactions to pass on personal data to selected external service providers:
- For dispatch of goods, the shipper employed to make the delivery (usually DHL Paket GmbH).
- For hotspot-provision contracts, the supplier of the preliminary work, DSL/SIM card provider, etc.
- For hotspot installations, the local installation partner.
- In case of payment default, we avail ourselves of external collection services and, if necessary, legal counsel.
Insofar as we pass on data to service providers, these providers must use the said data solely for performance of their commission. All service providers are carefully selected and commissioned by us. They are contractually bound to follow our instructions, have a duty of confidentiality, and are regularly monitored by us. In all cases the extent of data transmitted is restricted to the requisite minimum.
Transmission of personal data to government institutions and authorities is made only pursuant to compulsory national legal regulations, or if such transmission is required, in case of attacks upon our network infrastructure, for legal remedy and prosecution.
Customers and hotspot operators can find out about your products and services regularly via a newsletter. To send the newsletter, your e‑mail address is processed in our systems. You can cancel receipt of the newsletter again at any time. To unsubscribe from the newsletter for customers and hotspot operators, you will find a link at the end of each newsletter. You can also deselect the appropriate button in the customer area. A notice to the contact data given above or in the newsletter (e.g. by e‑mail or letter) is of course likewise sufficient for this purpose. The legal basis for this data processing for purposes of the newsletter is Article 6(1)(a) of the GDPR.
In our newsletters we use normal market technologies by which interactions with the newsletters can be measured (e.g. opening of the e‑mail, links clicked). We use these data in pseudonymised form for general statistical evaluations and to optimise and further develop our contents and customer communication. This is done with the aid of small graphics which are embedded in the newsletter (so-called pixels). These data are collected solely in pseudonymised form, nor are they combined with your other personal data. The legal basis for our legitimate interest in this matter is Article 6(1)(f) of the GDPR. Via our newsletter we aim as far as possible to share information which is relevant to our customers and to understand what our readers are actually interested in. If you do not wish these user patterns to be analysed, you can cancel receipt of the newsletter or disable graphics as standard in your e‑mail program. These data on interaction with our newsletters are stored in pseudonymised form for 30 days and then completely anonymised.
If you register with us or make a purchase from us, we will also use your contact details to send you further information relevant to you about our products and services by email (“existing customer advertising”). This may include, in particular, news, promotions and offers as well as feedback and other surveys.
The legal basis for this data processing is Article 6(1)(a) of the GDPR in conjunction with Article 7 (3) of the German Act against Unfair Competition (UWG), according to which data processing is permissible for the purpose of exercising legitimate interests, insofar as this relates to the storage and further use of the data for advertising purposes. You can object to the use of your data for advertising purposes at any time by using a corresponding link in the e‑mails or by notifying the above contact details (e.g. by e‑mail or letter), without incurring any costs other than the transmission costs according to the basic rates.
9. Analytics tool
This website uses the open source web analytics service Matomo (formerly Piwik) for statistical analysis of website visits. Matomo is operated on our web space (on-premise) and no data is passed on to third parties.
With the help of Matomo, we are able to analyse data about the use of our website by website visitors. This enables us to better understand, among other things, which page views were made when and from which region the website visitors come. To do this, we analyse various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. pages viewed, links clicked or files downloaded). The use of this analysis tool is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its website. There is no active access to end device information according to Section 25 TTDSG, but we let Matomo evaluate our already existing server logs (see section 3).
We have made the following data protection settings for Matomo:
We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you.
We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not passed on.
Storage period: Old logs are automatically deleted after 100 days at the latest.
10. Your rights
You have the right to receive information about the processing of your personal data by us at any time. In this context we shall explain the data processing to you and provide you with an overview of the data relating to your person which have been saved.
Should data which we have stored be erroneous or no longer up to date, you enjoy the right to have these data corrected. You can also require that your data be erased. Should such erasure be impossible in the exceptional case due to other legal regulations, these data will be blocked, so that they are only available for this statutory purpose. You can also restrict the processing of your personal data, if e.g. doubts exist on your part as to whether these data are correct.
You also have the right of data transferability, i.e. you may require us to send you a digital copy of the personal data which you have provided.
Insofar as we process your data pursuant to legitimate interests under Articale 6 (1)(f) of the GDPR, under Article 21 of the GDPR, you have the right to lodge objection to the processing of your data and to state to us such grounds arising from your particular situation as, in your opinion, must allow your protected interests to be overriding. Should your objection be an objection to data processing for purposes of direct advertising, you have a general right of objection, which will be implemented by us also without grounds being stated.
To exercise your rights as set out here, you can communicate at any time with the foregoing contact details. You also have the right to lodge a complaint to to any data-protection authority (for us, the responsible authority is Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin). For example, you can contact the data-protection authority at your place of residence, which will then pass your application on to the competent authority.
Your enquiries regarding the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for a longer period if there are grounds for asserting, exercising or defending legal claims. The legal basis is Art. 6 (1) lit. f GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5 (2) GDPR.
Version 2.4, status: July 2022