Data protection in white font against blue backdrop

1. General information about the collection of personal data

(1) In the following data protection statement, we would like to explain how we handle personal data that is transmitted to us when you use our web platform "thesis.me" or our offers. Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses or user behavior.

(2) Person responsible according to Art. 4 No. 7 DS-GVO:

Dr. Mathias Kunze
ONSITES Group LTD
Business Center "Bee Garden”
173 Prilep Street, 3rd floor, Office 30
9000 Varna
Bulgaria
E-mail: gdpr(at)onsites.com

(3) You can contact our company data protection officer at gdpr(at)onsites.com or at the above address with the addition "The Data Protection Officer" / "Attn: Dr. Mathias Kunze".

2. Data subject rights

(1) You have the following rights vis-à-vis us regarding the persоnal related data concerning you:

• Right to information (Art. 15 DS-GVO) about your personal data processed by us;
• Right to rectification (Art. 16 DS-GVO) or completion of your personal data processed by us;
• Right to erasure (Art. 17 DS-GVO) of your personal data processed by us, unless the processing is exceptionally required under Art. 17 (3) DS-GVO;
• Right to restriction of processing (Art. 18 DS-GVO);
• Right to information (Art. 19 DS-GVO);
• Right to data portability (Art. 20 DS-GVO);
• Right to withdraw consent once given to us (Art. 7(3) DS-GVO). The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

(2) Furthermore, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data by us is unlawful. These are the state data protection commissioners; you can find the contact responsible for you at the following URL, for example: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

(3) Objection to the processing of your data: Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the fulfillment of a contract with you, which is presented by us in each case in the corresponding description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing. Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your advertising objection using the following contact details:

ONSITES Group LTD
Business Center “Bee Garden”
173 Prilep Street, 3rd floor, Office 30
9000 Varna
Bulgaria
E-mail: gdpr(at)onsites.com

3. Data security

Since the security of your data is important to us, your personal data is transmitted using secure SSL or TLS encryption/connection. TLS (Transport Layer Security) or its predecessor SSL (Secure Socket Layer) is a protocol for encrypting data transmissions on the Internet. With this we protect your personal data from unauthorized access. You can recognize the encryption of the connection in the browser line by the sign "https//:" or the lock symbol. In addition, we secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Despite regular checks, however, complete protection against all dangers is not possible.

4. Visit of our web platform

When using our web platform for information purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. As soon as you request a file from our web platform, access data is obtained and stored by default.

This data record consists of:

• the page from which the file was requested,
• the name of the file,
• the date and time of the request,
• the amount of data transferred,
• the access status / HTTP status code (i.e., whether the file was transferred or possibly not found, etc.)
• a description of the type as well as the version of the web browser used,
• the operating system installed, the language of the operating system and the resolution set,
• the IP address used.

This data is necessary for us to display our Internet presence to you and to ensure stability and security. Furthermore, they are evaluated for internal statistical purposes and for the technical administration of the Internet presence. The legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO. Our legitimate interest follows from the aforementioned purposes of data collection.

5. Use of the ordering system to configure printing and binding products

(1) If you wish to use our ordering system to configure printing and binding products, you must first register as a so-called "user" and be logged in. In the case of a configuration of printing and binding products, the following personal data will be transmitted to us and integrated into the ordering process:

• Name
• Your address
• E-mail address
• Telephone number

Further data to be collected can be seen from the respective input masks, whereby the necessary mandatory data is specially marked in each case. All other information is voluntary.

The provision of your personal data serves the purpose and is necessary to the extent that it is required for the conclusion of the contract and the processing of your order. The legal basis is Art. 6 para. 1 p. 1 lit. b DS-GVO.

(2) For the configuration of each printing and binding product, it is necessary to carry out a file upload for each configuration order. Since academic theses are documents with sensitive content, the upload of these documents is encrypted. These uploaded documents are received in the admin dashboard, which is also encrypted by means of a password and to which only the responsible administrator is granted access. The administrator monitors the entire production process, while at no time is the content of the document to be printed and bound inspected. In the event of print-related problems, the administrator merely inspects the document to correct such problems. If the user has ordered an optional ancillary service such as data check or formatting services, these activities are carried out by corresponding professionals before the regular printing process, who also only take into account and honor the ordered and not the content-related concerns of the printing and binding products. In general, upload files submitted by users will be deleted no later than thirty days after the order is placed. Immediate deletion after the completion of the printing and binding order can be done by sending a message to the support.

(3) Due to requirements of commercial and tax law, we are obliged to store your address, payment and order data for a period of ten years. Your data will therefore not be completely deleted even in those cases where storage is no longer required for the contract concluded. However, processing is limited to the extent that processing is necessary to comply with legal obligations. The legal basis is Art. 6 para. 1 p. 1 lit. c DS-GVO.

(4) We will use the data that you have transmitted to us in the course of your order exclusively for the processing of your order. We use the external service providers named below to process the order:

(a) For the delivery of the individually manufactured printing and binding products, it is necessary to pass on your address data to our parcel service providers. They are obliged to treat your data confidentially and to store and use it exclusively for the purpose of delivery and to delete it again after successful delivery. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DS-GVO.

(b) For payment processing, your payment data will be passed on to the commissioned credit institution or the respective selected payment service provider. The legal basis for the transfer of data is here Art. 6 para. 1 p. 1 lit. b DS-GVO. Your payment data will be transferred to the corresponding payment service provider depending on the payment method you have selected. The payment service provider is responsible for your payment data. Information in particular about the responsible body of the payment service providers and the categories of personal data processed by the payment service providers can be found at https://www.stripe.com.

6. E-mail advertising in the case of existing customer relationships

(1) If you have printing and binding products manufactured by us or make use of the optional services associated with them and have sent us your e-mail address in this context, we reserve the right to send you e-mails in the future with offers for similar goods or services to the goods you have already purchased (so-called direct advertising). According to § 7 para. 3 UWG, no separate consent is required. The legal basis is our legitimate interest in personalized direct advertising pursuant to Art. 6 (1) p. 1 lit. f DS-GVO.

(2) You can object to this processing at any time. To do so, write either

• an e-mail to gdpr(at)onsites.com or
• contact the contact details of the responsible party mentioned above or
• contact the support or
• click the unsubscribe button in the e-mail you receive. For this, you will only incur transmission costs according to the prime rates.

7. When contacting us by e-mail or contact form

(1) In the course of your contact by e-mail or via the contact form on our website, personal data is collected and stored by us. Which personal data is collected in the case of contact via the contact form can be seen from the contact form. In the course of contacting us by e-mail, the following personal data is collected and stored by us: e-mail address and e-mail text as well as other voluntarily provided data. We process the data you provide exclusively for processing your contact request. The legal basis is Art. 6 para. 1 p. 1 lit. b DS-GVO or our legitimate interest in responding to your request pursuant to Art. 6 para. p. 1 lit. f DS-GVO.

(2) If storage is no longer necessary, we will delete all personal data collected in this context. If there is a legal obligation to retain data, processing will be limited to this purpose. The legal basis is Art. 6 para. 1 lit. c DS-GVO.

8. Cookies

(1) This web platform uses cookies. Cookies are small text files that your Internet browser stores on your terminal device (PC, laptop, tablet, smartphone, etc.). They are used to make the use of our offer more pleasant and comfortable for you or for analytical purposes. If you call up the corresponding page again, the cookies enable recognition of your end device. Among other things, this can mean that data you have entered once is available when you fill out the form again or that a configuration process for printing and binding products that has already begun can be continued. If the cookies are used for the purpose of concluding or executing the contract, the legal basis is Art. 6 para. 1 p.1 lit. b DS-GVO. If the cookies are used to ensure our legitimate interests in the pleasant and comfortable functionality as well as analysis and improvement of our Internet presence, the legal basis is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DS-GVO. If cookies are used, which are necessary for the operation of the website, the legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO. In this respect, the operation of our website represents our legitimate interest.

(2) This web platform uses the following types of cookies:

• For the most part, we use cookies that are automatically deleted from your hard drive after you close your browser or log out (transient cookies, especially so-called session cookies).
• Other cookies remain on your computer and cause us to recognize your terminal device during your next visit (so-called persistent or permanent cookies). These cookies are automatically deleted from your system after a preset period of time, which differs depending on the cookie.

(3) You can change the storage of cookies in your browser settings at any time, e.g., refuse to accept cookies altogether, third-party cookies (cookies that are set by a third party, i.e., not by the actual Internet site on which you are currently located) or individual cookies, or delete them. However, we would like to point out that in this case it may no longer be possible to use our web platform to its full extent. To safeguard your privacy, we recommend that you delete the cookies on your terminal device and the browser history at regular intervals.

9. Storage period of personal data

The storage period of personal data depends on the respective statutory retention period (e.g., commercial and tax retention periods). When the legal retention periods have expired, we delete the respective personal data as long and so far as the personal data is not required for contract performance or contract initiation or we no longer have a legitimate interest in storing it.

10. Passing on of data in other respects

(1) In some cases, we use external service providers to process your data and to provide this website. These have been carefully selected and commissioned by us. They are bound by our instructions and are regularly controlled. The legal basis is Art. 28 DS-GVO.

(2) Beyond the cases named above, we will only pass on your personal data to third parties in the cases named below:

• if you have given us your express consent for this in accordance with Art. 6 (1) p. 1 lit. a DS-GVO, or
• if there is a legal obligation for the transfer according to Art. 6 para. 1 p. 1 lit. c DS-GVO, e.g., in the context of criminal prosecution, or
• the disclosure is required pursuant to Art. 6 (1) sentence 1 (f) for the purpose of asserting or defending legal claims or exercising rights, and it cannot be assumed that the disclosure is contrary to an overriding interest of the data subject that merits protection.