Privacy policy

PennyPlanner GmbH is engaged in the provision of marketing budgeting software.

PennyPlanner GmbH takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

This privacy policy informs you about the type, scope and purpose of processing. The terms used correspond to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible

PennyPlanner GmbH
Breite Straße 27
40213 Düsseldorf

telephone: +49 211 2095842 20
fax: +49 211 2095842 29
email: info@pennyplanner.io
web: https://www.pennyplanner.io

Types of data processed

  • Contact data (such as first/last name, telephone number)
  • Usage data (such as websites accessed, interest in content, access times)
  • Communication data (such as IP address, browser version)

Categories of persons affected

Users of this website such as customers, prospects, employees or business partners.

Purpose of processing

  • Provision of company information
  • Provision of contact options
  • Security measures to protect the website
  • Marketing and analysis of user behavior

Terms and definitions used

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal basis

The basis of data protection law is the individual's right to informational self-determination. In accordance with Article 13 GDPR, we inform you about the legal basis of our data processing. The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfil our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

Cooperation with third parties or processors

If we disclose data to other persons and companies (third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this is only done on the basis of legal permission, if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interest.

If we commission third parties to process data on the basis of order processing, this is done on the basis of Article 28 GDPR.

Transfers to third countries

If we process data in a third country or in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our contractual or pre-contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interest. If processing is permitted, it is carried out on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations.

Rights of the data subjects

Information (Article 15 GDPR)
The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her is being processed. If this is the case, they have a right to information about this data as well as information about, among other things, the purposes of processing, its origin, recipients, the duration of storage and their rights.

Rectification (Article 16 GDPR)
The data subject has the right to request the rectification or completion of inaccurate personal data.

Erasure (Article 17 GDPR)
Data subjects have the right to request the erasure of their data - for example, if it is no longer required for the purpose for which it was originally collected or processed or if consent has been withdrawn. As a special form of the right to erasure, there is now also a “right to be forgotten” if the controller has made the data to be erased public. It must then take reasonable steps to inform the entities processing this data that the data subject has requested that they erase all links to this data, copies or replications.

Restriction of processing (Article 18 GDPR)
The data subject may also request the restriction of processing in certain cases. For example: If the data subject has objected to processing and it has not yet been established whether the legitimate grounds of the controller override those of the data subject.

Right to portability (Article 20 GDPR)
The right to data portability gives data subjects the right, under certain conditions, to receive a copy of the personal data concerning them in a commonly used and machine-readable file format.

Complaint (Article 77 GDPR)
Data subjects have the right to lodge a complaint with the competent supervisory authority.

Right to withdraw consent (Article 7(3) GDPR)
Data subjects have the right to withdraw their consent with effect for the future.

Right to object (Article 21 GDPR)
Data subjects can object to the future processing of their data at any time. The objection can be made in particular against processing for direct marketing purposes.

Data deletion

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This applies, for example, to data that must be retained for commercial or tax law reasons.

Collection of access data and log files

On the basis of our legitimate interest (Article 5(1)(f) GDPR), we store data on every access to the web server to ensure availability. The access data includes the name of the website accessed, file, date and time of access, data volume, status messages, browser type and version, the user's operating system, IP address and any other technical information.

For security reasons, log files are stored for a maximum of 7 days and then deleted. Data for evidence purposes are excluded from deletion until the respective incident has been clarified.

Contact

When contacting us (e.g. by e-mail, contact form, telephone), the user's details are processed in order to deal with the inquiry and the steps required to process it. The user's details may be stored in a suitable program for customer administration or comparable organization.

We delete the data stored on the basis of the inquiries if they are no longer required and do not conflict with statutory archiving obligations.

Cookies and right to object to direct advertising

Cookies are small files that are stored on users' computers. Various information can be stored within the cookies. A cookie can be used to store information about a user (such as browser version, interests of the user) during or after their visit to a website. These cookies can be stored temporarily or permanently.

We may use temporary and permanent cookies and provide information about this in our privacy policy. If the data subject does not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Preventing cookies can lead to functional restrictions on this website.