Logo : Pulsed Light Logo : Pulsed Light

Privacy policy

1) General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, so-called personal data, when using our website is an important concern for us.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address. Data that cannot be linked to your person, for example through anonymisation, is not personal data. The processing of personal data (e.g. collection, storage, retrieval, consultation, use, transmission, erasure or destruction) in accordance with Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.

Here you will find information on how we handle your personal data when you visit our website. In order to provide the functions and services of our website, it is necessary for us to collect personal data about you. We also explain the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.
This privacy policy only applies to this website. It does not apply to other third-party websites to which we merely refer via a hyperlink. We cannot accept any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please refer directly to these websites for information on how these companies handle your personal data.
We provide separate data protection information for project applications and application enquiries, which is also available on our website under the contact link.
Below you will find the contact details of the controller and the data protection officer.

2) Responsible body

Responsible for the processing of personal data on this website is (see imprint):

Pulsed Light Technologies GmbH
Lagerhofstraße 4
04103 Leipzig

Management:
Dr. Antonia Schmalz
Katrin Hug
E-Mail: info@pulsed-light.org

3) Collection of general data and information

a) Type and scope of data processing

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

  • the browser types and versions used;
  • the operating system used by the accessing system
  • the website from which an accessing system reaches our website (so-called referrer)
  • the sub-websites which are accessed via an accessing system on our website
  • the date and time of access to the website
  • an internet protocol address (IP address);
  • the Internet service provider of the accessing system;
  • other similar data and information used for security purposes in the event of attacks on our information technology systems.

b) Purpose and legal basis

In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:

  • Art. 6 para. 1 sentence 1 lit. a GDPR (“consent”): If the data subject has voluntarily, in an informed and unambiguous manner, by means of a statement or other unambiguous affirmative act, indicated that they consent to the processing of their personal data for one or more specific purposes;
  • Art. 6 para. 1 sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Art. 6 para. 1 sentence 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);
  • Art. 6 para. 1 sentence 1 lit. d GDPR: If processing is necessary in order to protect the vital interests of the data subject or another natural person;
  • Art. 6 para. 1 sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
  • Art. 6 para. 1 sentence 1 lit. f GDPR (“Legitimate interests”): If the processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject (in particular where the data subject is a minor).

Furthermore, the storage of information in the terminal equipment of you as the end user and access to information that is already stored in your terminal equipment will only take place after you have given your consent in accordance with Section 25 (1) TTDSG, unless this is dispensable in accordance with Section 25 (2) TTDSG.
For the processing operations we carry out, we indicate the applicable legal basis in each case below. Processing can also be based on several legal bases.

c) Storage period

Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on our servers in Germany, subject to any disclosure in accordance with the provisions in No. 7.
However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the controller (e.g. Section 257 HGB, Section 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

4) Data protection transfer to third parties

As with any large company, we also use external domestic and foreign service providers to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). These service providers only act in accordance with our instructions and are contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.

5) Data transfer to a third country

If we process data in a third country (i.e. outside the European Union (EU)) or the European Economic Area (EEA) or if this is done in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. The European Commission certifies that some third countries have data protection standards comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. With regard to the individual services, we will inform you at the appropriate point (see no. 6) about the requirements for data transfer to third countries. Please contact our data protection officer (see no. 3) if you would like more information on this.

6) Cookies

The Internet pages of the Pulsed Light Technologies GmbH use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID. Through the use of cookies, we can provide you with more user-friendly services on our website that would not be possible without the setting of cookies.
As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of a website that uses cookies do not have to re-enter their access data each time they visit the website because this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the items that customers have placed in the virtual shopping basket via a cookie.
You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your Internet browser or other software programmes. This is possible in all common Internet browsers. If you deactivate the setting of cookies, you may not be able to use all functions of our website to their full extent.

7) Your rights

You have the right at any time,

  • in accordance with Art. 15 GDPR, to request information about the personal data processed concerning you. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of the data if it was not collected by the controller, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • pursuant to Art. 16 GDPR, to demand the rectification of inaccurate personal data or the completion of incomplete personal data stored by the controller without undue delay;
  • pursuant to Art. 17 GDPR, to demand the erasure of stored personal data, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and the controller no longer needs the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive the personal data you have provided in a structured, commonly used and machine-readable format or to request its transmission to another controller;
  • pursuant to Art. 21 GDPR to object to the processing if the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the fulfilment of a contract with you. If it is not an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing; to exercise the right of objection, simply send an e-mail to info@pulsed-light.org
  • in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us (including before the GDPR came into force, i.e. before 25 May 2018) – i.e. your voluntary, informed and unequivocal consent, made clear by a declaration or other unambiguous confirmatory act, that you consent to the processing of the personal data concerned for one or more specific purposes – at any time, if you have given such consent. The consequence of this is that we may no longer continue the data processing based on this consent in the future and
  • pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.