Contact us!

Data Privacy Policy

Personal data (referred to below as “data”) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Pursuant to Art. 4 No. 1 of Regulation (EU) 2016/679, General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” refers to any operation or set of operations, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

The party responsible for this website (the “controller”) for the purposes of data protection law is:

pei tel Communications GmbH
Rheinstraße 15 A
14513 Teltow
Germany

Telephone: +49 3328 9363-0
Fax: +49 3328 9363-216
E-mail: info@peitel.com

The controllers data protection officer is:

Firma GENA
Datenschutzbeauftragter
Böttgerstraße 6
65439 Flörsheim
Germany

E-Mail: datenschutz@peitel.com

With regard to the data processing to be described in more detail below, users and data subjects have the right

to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. Art. 15 GDPR);
to correct or complete incorrect or incomplete data (cf. Art. 16 GDPR);
to the immediate deletion of data concerning them (cf. Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 (3) GDPR, to restrict said processing pursuant to Art. 18 GDPR;
to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. Art. 20 GDPR);
to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (cf. Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom the controller discloses data of any such corrections, deletions, or restrictions on processing pursuant to Art. 16, 17 (1), 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, pursuant to Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 (1) (f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of such data is not in breach of any statutory storage obligations or unless otherwise stipulated below.

For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.

The data thus collected will be temporarily stored, but not in association with any other of your data.

The basis for this storage is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

a) Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.

This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

The legal basis for such processing is Art. 6 (1) (b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 (1) (f) GDPR.

When you close your browser, these session cookies are deleted.

b) Third-party cookies

If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analysing, or improving the features of our website.

Please refer to the following information for details, in particular, for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

c) Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact the developer for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact the developer for support.

If you prevent or restrict the installation of cookies, you may not be able to use all of the functions on our website.

If you register for our free newsletter, the data requested from you for this purpose, i.e. your e-mail address and, optionally, your name and address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.

The legal basis for this is Art. 6 (1) (a) GDPR.

You may revoke your prior consent to receive this newsletter under Art. 7 (3) GDPR with future effect. All you have to do is inform us that you are revoking your consent or click the unsubscribe link contained in each newsletter.

If you contact us via e-mail or using the contact form, the data you provide will be used for the purpose of processing your request. We require this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 (1) (b) GDPR.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, for instance, if you place an order or sign a contract based on this data.

We use Google Analytics on our website. This is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).

Through certification according to the EU-US Privacy Shield www.privacyshield.gov/participant, Google guarantees that it will comply with the EU’s data protection regulations when processing data in the United States.

The Google Analytics service is used to analyse how our website is used. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website, will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the Internet in general.

Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at www.google.com/intl/en/policies/privacy/partners, including options you can exercise to prevent such use of your data.

In addition, Google offers an opt-out add-on at tools.google.com/dlpage/gaoptout in addition with further information. This add-on can be installed on most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics’ JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.

Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).

Through certification according to the EU-US Privacy Shield www.privacyshield.gov/participant, Google guarantees that it will comply with the EU’s data protection regulations when processing data in the United States.

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.

By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use policies.google.com/terms and the Terms and Conditions for Google Maps https://www.google.com/intl/en_en/help/terms_maps/.

Google also offers further information at adssettings.google.com/authenticated policies.google.com/privacy.

We use YouTube on our website. This is a video portal operated by YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.

YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.

Through certification according to the EU-US Privacy Shield www.privacyshield.gov/participant, Google and its subsidiary YouTube guarantee that they will comply with the EU’s data protection regulations when processing data in the United States.

We use YouTube in its advanced privacy mode to show you videos. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the advanced privacy mode means that the data specified below will only be transmitted to the YouTube server if you actually start a video.

Without this mode, a connection to the YouTube server in the USA will be established as soon as you access any of our webpages on which a YouTube video is embedded.

This connection is required in order to be able to display the respective video on our website within your browser. YouTube will record and process as a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established.

If you are logged in to YouTube when you access our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account.

For the purpose of functionality and analysis of usage behaviour, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

Further information about the collection and use of data as well as your rights and protection options can be found in Google’s privacy policy at policies.google.com/privacy.

Execution of contracts

The data you transmit in order to utilize our offerings of goods and/or services are processed by us for the purpose of executing contracts and are thus required. It is not possible to enter into or execute a contract unless you provide your data.

The legal basis for processing is point (b) of Article 6(1) GDPR.

We will erase the data when the contract has been executed in full, but we are required to observe the storage periods stipulated under tax and commercial laws in the process.

Within the scope of execution of contracts, we will disclose your data to the transportation company commissioned to deliver the goods or the financial service provider to the extent that disclosing them is required in order to ship the goods or for payment purposes.

The legal basis for disclosing the data in these cases is point (b) of Article 6(1) GDPR.

Customer account / registration function

If you create a customer account with us via our website, we will collect and store the data you enter when registering (including, for example, your name, address, and/or e-mail address) exclusively to perform services prior to entering into a contract, for the performance of a contract, or for customer care purposes (for example, in order to provide you with an overview of your previous orders with us or to offer you a “wish list” function). At the same time, we store the IP address and the date and time of your registration in these cases. These data will not be shared with third parties, of course.

Within the scope of the further registration process, your consent to this processing will be obtained with a reference to this privacy policy. The data we collect in the process will be used exclusively to provide the customer account.

Where you consent to this processing, the legal basis for the processing is point (a) of Article 6(1) GDPR.

Where the opening of the customer account also serves to take steps prior to entering into a contract or for the performance of a contract, the legal basis for this processing is also point (b) of Article 6(1) GDPR.

You can withdraw your consent to the opening and maintenance of the customer account with effect for the future at any time pursuant to Article 7(3) GDPR. All you need to do for this is notify us of your withdrawal.

The data collected in this regard will be erased as soon as the processing is no longer required. In the process, however, we are required to observe the storage periods stipulated under tax and commercial laws.

Credit rating checks and scoring

Where we offer you, as part of our offerings of goods and/or services, the fundamental possibility of paying based on an invoice and you utilize this option, we reserve the right to obtain a credit rating from a credit bureau (such as Creditreform, Schufa, Bürgel or infoscore) on the basis of mathematical and statistical procedures. To this end, your data will be forwarded to the credit bureau to the extent that these data are relevant to the contract; this pertains to items such as your name and address. We will use the subsequent information on the statistical likelihood of default of payment to decide whether to offer you the option of paying based on an invoice.

The legal basis for this processing is our legitimate interest in ensuring that our claims are safeguarded against default pursuant to point (f) of Article 6(1) GDPR.

Implementation of data protection and privacy with Bridge

For all PTC5 and Platform6 generation phones, an online service called “Bridge” is available for configuration and management of phone books and for location tracing. This document discloses which data are stored in order to perform the services and where, along with how secure transfer is ensured.

Bridge is a virtual computer hosted by MITTWALD (https://www.mittwald.de/) at a data center in Germany. This provider provides the technical infrastructure, while the design and implementation of the service are performed exclusively by the company pei tel.

When Bridge is used, phones connect to Bridge and share data. The phone always logs in to Bridge for the first time using the IMEI (worldwide unique ID of the built-in modem) and will transmit the following data to bridge upon request:

  • important current configuration settings, including SIM settings, but never the
  • online password, PINs, etc.;
  • some statistics, such as version information, connected hardware, connection quality;
  • phone book data; and
  • periodically, the phone’s current position (can be adjusted in settings).

In turn, Bridge can do the following:

  • transmit configurations to the phone, thereby changing the way the phone works;
  • transmit data for the phone book; and
  • provide update data (if the phone requests this).

This transfer takes place only if:

  • the phone is registered with Bridge with a valid user (who does not have to be online) and
  • the phone and Bridge can confirm each other’s identity (not in the pre-release).

The phone can receive and process a de-registration from Bridge if a user has deleted their account while the phone was offline. All data transfers take place with basic encryption (TLS). In addition, however, data content is always encrypted with a personal “preshared key” between Bridge and the device using SHA128/CBC (not in the pre-release). This replaces checking of certificates, which is highly problematic in the embedded segment, and closes potential security gaps for PTC5 devices that only support TLS1.0. The “preshared key” is located in the device’s flash and can never be read out, but can be deleted by restoring the device to factory settings. On Bridge, this key is centrally assigned in encrypted format to the device (this means there is exactly one key for each device for the implementation).

Bridge manages the data transferred in a database, MariaDB, which is also encrypted and whose key is requested externally when the system is started. Consequently, an external backup of the system cannot be used to read out data. These data are actively processed for display by the Web server, which can only be contacted via TLS (lock symbol in browser). To this end, users are required to authenticate themselves on the server (e-mail address as user name and password). Alternative login methods (such as Google ID) are not implemented. The user is required to activate access to their device using the device’s IMEI and the online password (which the user can change after registering the device for the first time and is never stored in the database) one time via SMS service (alternative data path linked to phone number). Since there are also hardware without MMI (voice box) and fleet users, manual interaction on the device (entering a pre-set key) was deliberately not used. This means it is even more important for the customer to personalize their online password, which is also used, in particular, for SMS-based services.

To provide customer services, selected parts of the device configuration are visible to employees of pei tel outside of Bridge. Specifically, these are:

  • authorizations;
  • version information, including historical version information;
  • status information on help in case of errors; and
  • during the pre-release phase, location information (eliminated after release).

Bridge administrators (pei tel developers) have full access to all data in keeping with their function, but have received relevant instructions and undertaken an obligation to safeguard secrecy.

There is no further processing or sharing of data outside of Bridge.

As a result of log mechanisms, personal data may be present in log areas for a limited time during procedures on Bridge. These data are subject to automatic erasure rotation and are systematically reduced in the course of the further development and evolution of Bridge. In the absence of publicly accessible alternatives, the Bridge server is used under an alternative domain name (virtual host) with a second developer database for further development.

Online job applications/publication of job advertisements

You can apply for jobs at our company via our website. In the case of these digital applications, we collect your application data electronically in order to process your application.

The legal basis for this processing is section 26 (1) first sentence of the Federal Data Protection Act (BDSG, Bundesdatenschutzgesetz) in conjunction with Art. 88 (1) GDPR.

If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the usual organizational and administrative process, naturally in compliance with further legal obligations.

The legal basis for this processing is section 26 (1) first sentence BDSG in conjunction with Art. 88 (1) GDPR.

If we do not hire you, we will automatically delete the data submitted to us two months after the final decision is made. We will not delete the data, however, if we are required to store the data for legal reasons, such as evidence of equal treatment of applicants, until any legal action has been concluded, or for a period of up to four months.

In this case, the legal basis is Art. 6 (1) (f) GDPR and section 24 (1) No. 2 BDSG. Our legitimate interest lies in any legal defence we may have to mount.

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 (1) (a) GDPR. You may withdraw your consent at any time with future effect pursuant to Art. 7 (3) GDPR.

Beyond that, if you have any questions regarding the processing of your personal data, suggestions or complaints, you can contact our data protection officer at datenschutz@peitel.de or contact the Brandenburg State Commissioner for Data Protection and Access to Information (https://www.lda.brandenburg.de/de/beschwerdeformular).