1. General | Validity of the conditions
absence.io GmbH, Zielstattstrasse 19, 81379 Munich, Germany operates the web application absence.io. You can find further information about us in our legal notice (Impressum) at www.absence.io.
Your data is collected in line with the applicable statutory regulations. Detailed information on this subject is available at http://ec.europa.eu/justice/data-protection/.
2. Personal data
We use your personal data exclusively for the contractual performance of our services. If we offer a newsletter and you have subscribed to it, your data will also be stored for this purpose. Under no circumstances will we bring your personal data to the attention of third parties for advertising or marketing purposes, or pass it on to third parties for any other purposes unrelated to the fulfilment of our contractual obligations.
The following data is saved in the absence.io database for every registered user:
• Family name and first name
• E-mail address
• Password (as a hash)
Our employees are obligated to treat personal data confidentially. This data will only be passed on to third parties when this is necessary to fulfil our contractual duties. If we are required to pass on data to third parties for this reason, we will only do this provided that they undertake to protect your data by signing a contract with us to this effect.
The data will be transmitted exclusively over encrypted SSL connections.
Our server hosting is carried out by LimTec Information & Communication GmbH, a German server management provider located in Fürstenfeldbruck. This means that your data is subject to German and European data protection regulations and guaranteed a high level of protection. Cloud providers such as absence.io must guarantee the safety and inviolability of your data by law. Therefore, German data centers must be operated in Germany to enforce applicable law and protect the data from unapproved access.
LimTec operates its own colocation center in a German data center (in Unterschleissheim near Munich) and guarantees that the data is securely hosted on its laaS (Infrastructure as a Service) solution. Both the data center and the colocation center are monitored around the clock and have the below-mentioned security measures, amongst others, in place.
All maintenance work on the server is done exclusively via encrypted SSH connections or a VPN designated for this purpose. Additionally, no direct access to the server is possible in most cases. Backups are transmitted and stored outside the data center in encrypted form.
The passwords assigned are randomly generated and sufficiently long. Passwords of users with system monitoring rights are not saved in plain text. Passwords can only be reset or changed after the user has been authenticated.
Limited user access
Unless explicitly agreed, the client will not receive any SSH access to the server. Clients who apply for SSH access to a multi-client server must sign a written declaration in which they guarantee to use the SSH in a responsible manner. The user shell differs markedly from the administrator shell and only contains programs which are absolutely necessary for the user so as to minimize risk.
Protection against hacking
The network components and servers contain programs/components to detect hacking attempts, DOS or DDOS attacks, and to block the instigators before they can cause damage.
Monitoring in the case of anomalies
Server anomalies which can occur in connection with an attack are monitored via a central monitoring system and immediately reported to an employee.
Separate user accounts
Data and programs uploaded by a user cannot be read by other users or programs of other users unless this is explicitly approved by the user.
Access to premises
Access to the data center in Unterschleissheim is granted solely to employees and on-site personnel, or when accompanied by an employee. (This results in a highly restricted circle of users.)
• Restricted access to certain areas/rooms.
• Authentication and logging of the user at the terminal before they enter the premises.
• 24h monitoring by a security company (break-in, fire)
• Deployment of redundant mirrored servers for the purposes of load distribution or quicker return to service in the event of hardware damage
• Local data mirroring over raid systems
• USV facilities for smooth operation in the event of short-term power outages and voltage fluctuations
• Pre-warmed emergency diesel to bridge longer-term power outages
• Redundant connections (ring networks, use of several providers, additional peerings)
• Different fire protection measures
• Local and physical separation of backups, regular backup checks
• 24/7 monitoring of server availability and availability of essential services provided on the server
4. Log files
Every time a user accesses our pages and retrieves a file, data on this procedure is stored in a log solely for internal system-related and statistical purposes. The IP address is also stored to combat misuse. The following data set is stored with every access:
Your IP address (through which your computer can be clearly identified), the remote host (name and IP address of the computer which requests access to the page), the time of day, the status, the volume of data transmitted, the Internet page from which you accessed the requested page (referrer), as well as the product and version information of the browser used (user agent).
We do not link the page views and usages stored in the server log with individual people. A link will only be created when storing the IP address in the event that there is suspicion of misuse for the purposes of combating said misuse.
If you would like to receive our newsletter, we require an e-mail address from you as well as information which allows us to make sure that you are the owner of the specified e-mail address or that the owner agrees to receive the newsletter. Further data will not be collected. You may revoke your consent to the storage of the data, the e-mail address as well as its use for sending the newsletter at any time.
7. Information, deletion, blocking
You are entitled to free information about your stored personal data, its origin and recipients, and the purpose of the data processing; you are also entitled to correct, block or delete this data at any time. You can contact us at the address provided in our legal notice (Impressum) at any time in regard to this matter and for any other questions relating to the subject of personal data.
Most of the cookies that we use are session cookies. They are automatically deleted after you leave our website. Other cookies remain saved on your end device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.
You can configure your browser so that you are informed about the placement of cookies and only permit cookies in individual cases, exclude the acceptance of cookies in specific cases or in general, and automatically delete cookies upon closing your browser. When cookies are deactivated, the functionality of this website may be limited.
9. Contact form
When you send us enquiries via our contact form, we will store your details from this form, including the contact details you provide there, for the purpose of processing the enquiry and in the event that you have further questions. We will not pass on this data without your consent.
However, if IP anonymization is activated on this website, your IP address will firstly be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on web activity and to provide further services for the website operator related to use of the website and the Internet. The IP address transmitted by your browser in connection with Google Analytics will not be merged with other data from Google.
You can prevent cookies from being stored by setting your browser software accordingly; however, please note that if you do so, you may not be able to use all the functions of this website. You can also prevent Google from collecting the data generated by the cookie relating to your use of the website (incl. your IP address) and also processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
11. Right to information, right of revocation
You have the right to information about the data stored on your person, its origin and recipients as well the purpose of the storage. For information regarding the stored data, you can contact us at the following address: absence.io UG, Zielstattstrasse 19, 81379 Munich, Germany or by e-mail at firstname.lastname@example.org. If you have subscribed to our newsletter or consented to the processing or use of your data by us for the purposes of advertising or market/opinion research, you may revoke your consent to said use by e-mail at email@example.com at any time. With regard to the use of the data for the purpose of sending the newsletter, it is sufficient to unsubscribe from the newsletter.
Your absence.io team!