Data protection 2019-05-03T10:40:39+00:00

Legal information

Privacy Policy

We appreciate your visit on our website https://roamsys.com and your interest in our company. The protection of your personal data such as your IP number, your date of birth, your name, telephone number and your address, etc. is important to us.

The purpose of this Privacy Policy is to inform you about the personal data we collect when you visit our site and how we use it.

Our data protection practice complies with the legal regulations, in particular those of the law of 1 August 2018 relating to the organization of the Commission Nationale pour la Protection des Données and on the general system of data protection (the “Law of 1 August 2018”), the law of 30 May 2005 relating to the protection of privacy in the electronic communications sector as amended (the “Law of 30 May 2005”) and the General Data Protection Regulation of the EU (the “GDPR”).

This means that we will only process your personal data insofar as it is necessary for the functional provision of this website and our contents and services, as well as for the processing of enquiries and, if applicable, for the processing of orders/contracts, but only insofar as there is a justified interest within the meaning of art. 6 (1) (f) GDPR or any other valid legal ground for the processing of personal data.

Your personal data will be used for other purposes than the one defined in this Privacy Policy only to the extent that you have given your prior and specific consent separately, e.g. for the sending of promotional information by newsletter.

  1. Controller

The controller regarding this website within the meaning of art. 4(7) GDPR and other national data protection laws of the Member States and other provisions under the GDPR is:

ROAMSYS S.A.
13, Fausermillen
6689 Mertert
Luxembourg

E-Mail: info@roamsys.com
Fax: +352 26740 540

  1. Name and Address of the data protection officer

With regard to art. 37 GDPR we have designated a data protection officer. You can communicate with our data protection officer using the following contact details:

Name: Sandra Dury
Address: DURY Compliance & Consulting GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany
E-Mail: dsb@datenschutz-compliance.de

  1. Creation of log files

Each time you access our website, our system automatically collects data and information of your accessing device. The processing of personal data carried out in this context is as follows:

  • Scope of the processing and personal data processed
      1. Information concerning the browser type and the Browser version used
      2. The operating system of the accessing device
      3. The IP address of the accessing device
      4. Date and time of access
      5. Websites and resources (images, files, additional page content) which were accessed
      6. Websites which refers to our website and which directed the users device to our website (referrer tracking)

This data is stored in the log files of our system. This data is not stored together with personal data of a specific user in such a way that individual users can be identified.

  • Legal basis for the processing of personal data

Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the following, outlined purpose.

  • Purpose of data processing

Logging is carried out for maintaining compatibility as far as possible, for combating misuse and for troubleshooting reasons. In order to achieve those purposes it is necessary to log the technical data of the accessing devices. We also use this technical data to optimize the website and to ensure the security of our IT systems.

  • Duration of storage

The aforementioned technical data is erased as soon as it is no longer required to achieve the aforementioned purposes, but at the latest three (3) months following the use of our website.

  • Possibility to object and demand deletion

You may object to this processing according to art. 21 GDPR and demand deletion of data according to art. 17 GDPR by following the indications under section 9 of this privacy policy.

  1. Special functions

Our site offers different functions which collect personal data as follows:

 

4.1 Login area

  • Scope of the processing of personal data and personal data processed

The registration and login data you have entered with us.

  • Legal basis for the processing of personal data

art. 6(1)(a) GDPR (consent by clear confirmatory act or conduct)

  • Purpose of data processing

On our website you have the possibility to use a separate login area. If you have forgotten your password or your user name for this area, you have the option of having this data sent to you again after entering your contact data (e-mail address). We collect, store and process the data that arises within the scope of using the login area only for the purpose of combating misuse and eliminating faults or maintaining functionality. The data will not be used for other purposes or passed on to third parties.

  • Duration of storage

The collected data is stored as long as you maintain a user account with us.

The data collected as part of the ‘Forgotten user name or password’ function will only be used to resend forgotten access data.

  • Possibility to withdraw consent and demand deletion

You may demand deletion of data according to art. 17 GDPR and withdraw your consent according to article 7(3) GDPR by following the indications under section 9 of this privacy policy.

  • Characteristics of the provision of personal data

The provision of personal data is a contractual requirement for the usage of the service protected through the authentication. It is not a requirement necessary to enter into a contract. If you are not providing the personal data required, you are not able to use the service that is protected through the authentication.

 

4.2 Form for newsletter request

  • Scope of the processing of personal data

We use the newsletter service of the company Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, USA (following “MAILCHIMP”). By subscribing to our newsletter on our website we receive your e-mail address used for the subscription and if necessary further contact details, as far as you provide them via the registration form. As we use the newsletter service of MAILCHIMP our newsletter e-mails will transfer personal data – e.g. the date and time of reading the newsletter, the count of openings of the emails that have been sent, and information about the links that have been clicked, together with the respective time they have been clicked – to us and our service provider MAILCHIMP. This data processing only happens if your e-mail program is configured to allow this data transfer.

  • Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (consent by clear confirmatory act or conduct) and regarding the newsletter analysis art. 6(1)(f) GDPR (legitimate interest). The legitimate interest for the newsletter analysis lies within our aim to ensure a proper functioning and visualisation of our newsletter and to receive information whether or not our content is of any interest to our readers.

  • Purpose of data processing

The data entered in our newsletter registration form is used exclusively to distribute our newsletter and to ensure the visualisation and proper functioning of the newsletter in your e-mail program. In our newsletter we will inform you about all our services and our news. We will send out a confirmation email following the request containing a link that you have to click to complete the request for our newsletter (double opt-in).

 

Newsletter analysis:

For the purpose of statistical analysis of the newsletter, we evaluate the retrieval of the newsletter and clicks on links which are contained in the newsletter. For this analysis the e-mails sent by us contains so-called web-beacons or tracking-pixels, which are one-pixel-images loaded from our systems. In the newsletter included links contain an ID to evaluate how often these links were clicked on. This data is stored anonymously only for statistical usage and is not linked to the single newsletter-recipients.

Please note that the analysis above is not possible if your e-mail program blocks the visualisation of images by default. In this case the newsletter is not visualised completely and you may not be able to use the full functionality of our newsletter. Once you visualise the images manually and click on the links contained in the newsletter, the newsletter analysis will take place.

  • Duration of storage

You can cancel our newsletter at any time by clicking the unsubscribe link also contained in every newsletter e-mail. Your data will be deleted without delay after you have unsubscribed. Your data will also be deleted without delay in the case of an incomplete request. We reserve the right to erase your data and block your e-mail-address without specifying reasons and without prior or subsequent information.

  • Possibility to object, withdraw consent and demand deletion

You may object to the processing relating to newsletter-analysis according to art. 21 GDPR, demand deletion of data according to art. 17 GDPR and withdraw your consent relating to the sending of newsletter according to art. 7(3) GPDR by following the indications under section 9 of this privacy policy.

  • Characteristics of the provision of personal data

The provision of personal data is neither a statutory nor contractual requirement. It is also not a requirement necessary to enter into a contract. Furthermore you are not contractually obliged to provide the personal data and it has no contractual consequences if you fail to provide such data. The only consequence is that you are not able to receive our newsletter.

  • Transfer of data to a third country

Personal data are transferred to Rocket Science Group LLC based in the United States of America (USA) on the basis of the EU-US Privacy Shield mechanism, ensuring an adequate level of data protection when transferring personal data in the USA. More information on the EU-US Privacy Shield and the status of Rocket Science Group LLC within this mechanism may be accessed by accessing the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG

  1. Statistical evaluation of the visits to the website – Webtracker

We collect, process and store the following data when you access this website or individual files on the website: IP address, website from which the file was retrieved, name of the file, date and time of the retrieval, transferred data volume and notification of the success of the retrieval (so-called web log).

We use this access data exclusively in non-personalized form for the continuous improvement of our Internet offer and for statistical purposes. We also use the following web trackers to evaluate visits to this website:

 

5.1 Google-Analytics

  • Scope of the processing of personal data

On our site we use the web tracking service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter GOOGLE ANALYTICS). GOOGLE ANALYTICS uses cookies within the framework of web tracking, which are stored on your computer and which enable an analysis of the use of our website and your surfing behaviour (so-called tracking). We carry out this analysis on the basis of GOOGLE ANALYTICS’s tracking service in order to constantly optimise our website and make it more readily available. When you use our website, data such as your IP address and your user activities are transferred to servers operated by Google Ireland Limited.

By activating IP anonymization within the GOOGLE ANALYTICS tracking code of this website, your IP address will be anonymized by GOOGLE ANALYTICS before transmission. This website uses a GOOGLE ANALYTICS tracking code, which has been extended by the operator gat._anonymizeIp(); to allow only an anonymized collection of IP addresses (so-called IP masking).

  • Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (consent), either in the context of registration with Google (opening a Google account and acceptance of the data protection information implemented there) or, if you have not registered with Google, by explicit consent.

  • Purpose of data processing

On our behalf, Google will use this information to evaluate your visit to this website, to compile reports on website activity and to provide us with other services relating to the use of the website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other data of GOOGLE ANALYTICS.

  • Duration of storage

According to Google, they will store the data relevant for the provision of web tracking as long as it is necessary to fulfil the web service. Data is collected and stored anonymously. If there is a personal reference, the data will be deleted immediately, unless they are subject to legal storage obligations. In any case, the deletion will take place after expiry of the storage obligation.

  • Possibility to withdraw consent

If you have given us express permission to process your personal data (art. 6(1)(a) GDPR or art. 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the withdrawal is not affected by this.

You can also prevent Google from collecting the data generated by the Google cookie and relating to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en). Google’s security and privacy policy can be found at https://policies.google.com/privacy?hl=en.

  1. Integration of external web services and processing of data outside the EU

On our website we use active JavaScript content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit to our website. In this case, it may be possible that they process data outside the EU. You can prevent this by installing a JavaScript blocker such as the browser plug-in ‘NoScript’ (www.noscript.net or www.ghostery.com)  or by deactivating Java Script in your browser. This may result in functional restrictions on Internet pages that you visit. We use the following external web services:

 

6.1 Google Services

We use the following web services by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: GOOGLE IRELAND): GStatic, Google APIs, Google, Gravatar.These services are loaded integrated in our website. We use the data to ensure the complete functionality of our website. In this context, your browser may transmit personal data to GOOGLE IRELAND. The legal basis for the data processing is art. 6(1)(f) GDPR. The legitimate interest is an error-free functioning of the website. The data is erased as soon as the purpose for its collection has been fulfilled. You can find additional information on the handling of the transferred data in the data privacy statement of Google: https://policies.google.com/privacy.

 

6.2 W.org

We use the Service WordPress by the company Automattic Inc., 60 29th Street #343, San Francisco, California 94110, USA (hereinafter: WORDPRESS):

This service is integrated in our website. We use the data to ensure the complete functionality of our website. In this context, your browser may transmit personal data to WORDPRESS. The legal basis for the data processing is art. 6(1)(f) GDPR. The legitimate interest is an error-free functioning of the website. The data is erased as soon as the purpose for its collection has been fulfilled. You can find additional information on the handling of the transferred data in the data privacy statement of WORDPRESS: https://automattic.com/de/privacy/. WORDPRESS has registered itself under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC).

 

6.3 Mapbox.com

We use the Service Mapbox.com by the company , Mapbox, Inc., 740 15th Street NW, 5th Floor, Washington, District of Columbia 20005, USA (hereinafter: MAPBOX):

This service is integrated in our website. We use the data to ensure the complete functionality of our website. In this context, your browser may transmit personal data to MAPBOX. The legal basis for the data processing is art. 6(1)(f) GDPR. The legitimate interest is an error-free functioning of the website. The data is erased as soon as the purpose for its collection has been fulfilled. You can find additional information on the handling of the transferred data in the data privacy statement of MAPBOX: https://www.mapbox.com/privacy/#[TPPaaiaw. MAPBOX has registered itself under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/participant?id=a2zt0000000CbWQAA0).

  1. Information concerning the use of cookies

  • Scope of the processing of personal data

On various pages, we and the web services integrate and use cookies to enable certain functions of our website. The so-called ‘cookies’ are small text files that your browser can store on your accessing device. These text files contain a characteristic string of characters that uniquely identify the browser when you return to our site. The process of storing a cookie file is also called ‘setting a cookie’. Details are given in the table below.

  • Legal basis for the processing of personal data

Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in maintaining the full functionality of our website, increasing its usability and enabling a more individual approach to our customers. We can only identify individual website visitors with the help of cookie technology if the website visitor has previously provided us with corresponding personal data on the basis of a separate consent.

  • Purpose of data processing

The cookies are set by our website in order to maintain the full functionality of our website and to improve usability. Cookie technology also enables us to recognise individual visitors by means of pseudonyms, e.g. an individual, random ID, so that we are able to offer more individual services. Details are given in the table below.

  • Duration of storage

Our cookies are stored in your browser until they are deleted or, in the case of a session cookie, until the session has expired. Details are given in the table below:

Cookie-Name Server Purpose Legal Basis Storage Duration Type
_ga .roamsys.com

Google-Analytics

Used to distinguish users.

consent 2 years https
_gid .roamsys.com Google-Analytics

Used to distinguish users.

consent 1 day https
_gat .roamsys.com Google-Analytics

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.

consent 1 minute https
  • Possibility to object, withdraw consent and demand deletion

You can adjust your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on the acceptance of cookies on a case-by-case basis or accept cookies in principle. Cookies can be used for various purposes, e.g. to recognise that your accessing device has already been connected to our website (permanent cookies) or to save recently viewed offers (session cookies). If you have given us express permission to process your personal data (art. 6(1)(a) GDPR or art. 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.

  1. Data security and data protection, communication by e-mail

Your personal data is protected by technical and organizational measures during collection, storage and processing such that they are not accessible to third parties. In case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so that we recommend encrypted communication or mail for information with a high confidentiality requirement.

  1. Right to access and correct data – deletion of data – limitation of processing -withdrawal of consents – right to object

9.1 Right of access

You have the right to request confirmation as to whether we process your personal data. If this is the case, you have a right of access and information specified in art. 15(1) GDPR, provided that the rights and freedoms of other persons are not infringed (art. 15(1) GDPR). We will also be happy to provide you with a copy of the data.

 

9.2 Right to correction

Pursuant to art. 16 GDPR, you have the right to have incorrectly stored personal data (such as address, name, etc.) corrected by us at any time.

 

9.3 Right to erasure

Pursuant to art. 17(1) GDPR, you have the right to demand that we delete the personal data collected about you in the following cases:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • the processing is based according to point (a) of art. 6(1), or point (a) of art. 9(2) GDPR, and there is no other legal ground for the processing
  • you have objected to the processing pursuant to art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to art. 21(2) GDPR
  • the personal data have been unlawfully processed
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
  • the personal data have been collected in relation to the offer of information society services referred to in art. 8 (1) GDPR

Pursuant to art. 17(3) GDPR, the right does not exist insofar as the processing is necessary for the exercise of the right to freedom of expression and information. Moreover, it does not exist if it has been collected on the basis of a legal obligation, or if the data serve the assertion, exercise or defence of legal claims.

 

9.4 Right to limitation of processing

According to art. 18(1) GDPR you have the right in individual cases to demand the restriction of the processing of your personal data.

This is the case if

  • the accuracy of the personal data is disputed
  • the processing is unlawful
  • the data are no longer required for the processing purpose but are used for the assertion, exercise or defence of legal claims
  • an objection has been filed against the processing pursuant to art. 21(1) GDPR and it is still unclear which interests predominate.

9.5 Right to withdraw consent

If you have given us express permission to process your personal data (art. 6(1)(a) GDPR or art. 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.

 

9.6 Right to object to data processing

Pursuant to art. 21 GDPR, you may at any time object to the processing of your personal data if such processing is carried out on the basis of art. 6(1)(f) GDPR e.g. where the processing is carried out on the basis of the legitimate interests.

 

9.7 How can I obtain my rights?

You can obtain your rights, if you inform us:

 

ROAMSYS S.A.
13, Fausermillen
6689 Mertert Luxembourg

E-Mail: info@roamsys.com
Fax: +352 26740 540

  1. Data Portability

You have the right to receive the personal data that you have transmitted to us in a structured, common and machine-readable format and transfer it to another data controller provided that:

  • the processing is based on consent pursuant to art. 6(1)(a) GDPR or a contract pursuant art. 6(1)(b) GDPR ; and
  • the processing is carried out by automated means.

You can also request your personal data to be directly transferred to another controller, insofar as this is technically feasible. The exercise of this right shall not adversely affect the rights and freedoms of others.

  1. Right to lodge a complaint to the national data protection authority – Commission Nationale pour la Protection des Données (CNPD) – or any other competent supervisory authority

If you suspect that your data is being illegally processed on our site, you can take legal actions in order bring the problem to a judicial clarification. This option does not interfere with any other legal option you might have.

Regardless of this, you have the option of contacting the CNPD or any other competent supervisory authority. You have the right to lodge a complaint to the competent supervisory authority in the EU Member State of your place of residence, workplace and/or place of alleged infringement, i.e. you can choose the supervisory authority to which you will be lodging a complaint in the above places. The supervisory authority to which the complaint was submitted will then inform you of the status and results of your complaint, including the possibility of a judicial remedy under art. 78 GDPR.