I. Responsible persons and Data Protection Officer
Responsible party within the scope of the General Data Protection Regulation (DS-GVO) is:
Our data protection officer may also be contacted at the above address and e-mail address.
II. What personal data do we process, for what purposes and on what legal basis?
We receive personal data from you when you visit our website, sign up for newsletters and the like, order one or more of our products and/or visit our social media sites.
1. Visiting our website
a. Access data/device information
When you visit our website, certain data is automatically transmitted to us. This includes:
- your IP address,
- your device ID,
- date and time of access,
- time zone,
- the amount of data transferred/completeness of the data exchange/crash of the website,
- your operating system and the version of your operating system.
We need this data to technically enable the operation of the website and to make the website available to you, and to ensure the security of the website, i.e. to prevent and eliminate misuse and malfunctions. The access/device data does not generally allow us to identify you as an individual. If it does, we do not use it to identify you as an individual. We do not store access/device data for longer than is necessary for the stated purpose, at most for six months.
The legal basis for this data processing is Art. 6 para. 1 lit. f DS-GVO: The processing is necessary to protect our legitimate interest in ensuring the functionality, fault-free operation as well as the security of our website.
c. Newsletters and Mailings
As a website visitor, you can register for topic-related newsletters and mailings or request certain documents from us (e.g. white papers). This requires, for example, your name and email address. We use this data to get in touch with you as a visitor to our website.
The legal basis here is your consent in accordance with Art. 6 para. 1 UAbs. 1 letter a DSGVO. You can revoke your consent to receive newsletters, mailings or downloads at any time, for example by sending a message to email@example.com or by clicking the unsubscribe link in the footer of an email. After your revocation, your contact details will be deleted immediately.
2. Ordering our products
When you order a product from us, we only ask you for as much information as we absolutely need to fulfil your order or for billing purposes. In most cases, the information is limited to your e-mail address and the data on the payment medium you have selected. In individual cases, it may be necessary for us to ask you for additional data about your company or to ask you for your name.
a. Order, order processing and contractual relationship
When you create a user to order one of our products, we ask you to enter your personal data. We require this data for the conclusion of our contract. We store the contract data for the duration of the contractual relationship, as we need it for the fulfilment of the contract. If you terminate your contract, we will store your personal data for a longer period of time if there are any objections or claims that have not yet been clarified. We also store your data for longer if there are legal obligations to retain it. In this case, we restrict the processing of the personal data to compliance with the statutory retention obligations and do not process your personal data for any further purposes. Modifications to this data can be made at any time via your customer access.
We process the following data: Salutation, name, e-mail address, telephone number, company name, address, product contracts and product usage data (for billing purposes), payment data, tax number (“contract data”).
The legal basis for the processing is the necessity for the initiation and execution of the contract pursuant to Art. 6 para. 1 subpara. b DSGVO.
In addition, we analyse the usage data for our products anonymously for the further development of our products and for planning our capacities. We have a legitimate interest (Art. 6 para. 1 UAbs. 1 letter f DS-GVO) in analysing product usage data in order to improve our products and services.
We store the contract data for the duration of the contractual relationship, as we need it for the fulfilment of the contract. If you terminate your contract, we will store your personal data for a longer period of time if there are objections and claims that have yet to be clarified. In addition, we also store your data for longer if there are legal obligations to keep records, for example in accordance with § 257 of the German Commercial Code (HGB) or § 147 of the German Tax Code (AO). In this case, we restrict the processing of the personal data to compliance with the statutory retention obligations and no longer process your personal data for any other purposes. Personal data will be deleted 10 years after the end of the calendar year following the termination of the contract. You can have our data protection officer make changes to this data at any time.
b. Newsletter and product advertising
To ensure that you can take full advantage of all product benefits, we will inform you from time to time by e-mail about useful and complementary product solutions or interesting new products, unless you have objected to the use of your personal data for these purposes. The legal basis is our legitimate interest (Art. 6 para. 1 UAbs. 1 lit. f DS-GVO) in informing our customers about our services. You can object to the use of your personal data for the above-mentioned purposes at any time, either via your customer account, via e-mail to firstname.lastname@example.org or via the unsubscribe link in our e-mails. At the latest with the termination of your contract, we will no longer use your data for the above-mentioned purposes.
With your consent (Art. 6 para. 1 UAbs. 1 letter a DS-GVO), we will also contact you by telephone from time to time for the aforementioned purposes. You can revoke your consent at any time.
c. Customer information
We will send you important information on the function and use of your ordered products or added contract components by e-mail. Furthermore, we will inform you in the event of security-relevant updates or corresponding settings. The legal basis for this processing is the necessity for the execution of the contract, Art. 6 para. 1 UAbs. 1 letter b DS-GVO.
d. Customer service
The satisfaction of our customers is important to us, which is why you can contact our service department at any time by sending an email to email@example.com. To process your request, we first process your e-mail address to send you an automatic reply with a request to confirm your request via a link. If you do not confirm your request, it will be automatically deleted. If you confirm your request, you will be asked to log in to your user account and your request will be assigned accordingly. For the further processing of your request, we process your e-mail address, your user name, your contract data and the information you provide in your request. You may be asked for a telephone number so that we can call you back.
The legal basis for this processing is the fulfilment of our contract with you according to Art. 6 (1) UAbs. 1 letter b DS-GVO. We store the communication with you until the end of the contract term and beyond that only until open enquiries to us have been finally concluded or if and insofar as statutory retention obligations prescribe this.
III. Recipients of personal data
We use various third-party services and applications, such as cloud computing services or payment service providers. The third-party providers may receive your data, for example because they store it for us on their servers. The third party service providers will only process your data at our request and for the purposes we specify. The transfer of your data and the processing of your data by the third-party providers is carried out on the basis of order processing contracts pursuant to Art. 28 DS-GVO or on the basis of other contractual agreements existing between us and the third-party providers. If our service providers are located in countries outside the EU or EEA, we ensure that the level of data protection with regard to the personal data transferred is as high as in Germany or the EU, either on the basis of an adequacy decision of the European Commission (Art. 45 DS-GVO) or other appropriate guarantees (Art. 46 DS-GVO).
IV. Your rights
You have a number of rights with respect to the processing of your personal data by us. To exercise these rights or if you have any questions regarding the processing of your personal data, please contact us or our data protection officer using the contact details provided in section 1.
- Pursuant to Art. 15 DS-GVO, you have the right to request information about your personal data processed by us as well as a copy of this data.
- Insofar as the requirements of Art. 20 DS-GVO are given, you can request the data you have provided in a structured, common and machine-readable format and transfer it to another responsible party or, insofar as this is technically feasible, have it transferred by us (so-called “right to data portability”).
- Pursuant to Art. 16 DS-GVO, you have the right to request the rectification of inaccurate personal data relating to you and, considering the purposes of the data processing, the completion of incomplete data without undue delay.
- Under the conditions of Art. 17 DS-GVO, you have the right to have your personal data deleted. Please note that we cannot delete your data in certain cases, namely if we still need your data for an active contract or if legal retention periods or conflicting interests prevent deletion. In this case, however, we will immediately lock the data stored by us for any other purpose.
- Under the conditions of Article 18 DS-GVO, you can request the restriction of the processing of your personal data, namely in the following cases:
- You have denied the accuracy of data and we shall not use it further until the final verification.
- The processing is illegal, but you do not want to obtain deletion, but prefer to restrict the use of your data.
- We no longer need your data and would delete it, but you still require this data to assert, exercise or defend legal claims.
- You have objected to the processing of your data, but we are still reviewing your objection.
In the event of a restriction, we ensure that your personal data cannot be further processed or modified by us apart from its storage. In any case, you will be informed by us before the restriction is removed.
- You also have the right to object in accordance with Article 21 DS-GVO. If we process your personal data on the basis of Article 6(1)(f) DS-GVO, i.e. to protect our legitimate interests or the legitimate interests of a third party, and there are grounds arising from your particular situation, you may object to this processing. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object to the processing of your personal data for the purpose of direct marketing at any time without stating reasons, irrespective of the legal basis for this data processing and of the existence of special reasons.
3. Right to appeal
You also have the right to lodge a complaint with a designated supervisory authority (Art. 77 (1) DS-GVO). The following supervisory authority is responsible for us:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
4. Modification of the data protection provisions
|Recipient/Tool||Description||Data concerned||Tool used for||Recipient country|
|Stripe||Payment service provider||Payment data||Payments||https://stripe.com/de/privacy|
|Google/Google Analytics||Website performance, |
Website visitor analysis
|Connection data, device data, user data, location data, action data||Website analysis||The data may be processed in any country where Google has an establishment, including countries outside the EU/EEA. In addition, Google may use sub-processors in countries outside the EU/EEA. For data transfers to countries outside the EU/EEA, Google provides appropriate safeguards in accordance with Article 46 DS-GVO, in particular the European Commission’s standard contractual clauses. More information on this can be found in Google’s “Cloud Data Processing Addendum (Customers)” at https://cloud.google.com/terms/data-processing-addendum|
|Google/Google Tag Manager||Visitor behaviour and performance measurement||Connection data, device data, user data, location data, action data||Website analysis||The data may be processed in any country where Google has an establishment, including countries outside the EU/EEA. In addition, Google may use sub-processors in countries outside the EU/EEA. For data transfers to countries outside the EU/EEA, Google provides appropriate safeguards in accordance with Article 46 DS-GVO, in particular the European Commission’s standard contractual clauses. More information on this can be found in Google’s “Cloud Data Processing Addendum (Customers)” at https://cloud.google.com/terms/data-processing-addendum|
|Microsoft/Bing Ads||Search engine advertising from Microsoft, website analysis||Connection data, device data, user data, location data, action data||This cookie is used for advertising, website analytics and other operations.||Microsoft Ireland Operations, Ltd. Attn: Data Privacy One Microsoft Place South County Business Park Leopardstown Dublin 18, D18 P521, Ireland|
|gridscale/Mautic||Newsletters, new customer acquisition, marketing, identifying visitors across visits and devices||Connection data, device data, user data, location data, contact data||Subscriber Management/Content Optimizer||On-Prem, own servers in Germany|
|Facebook-Fanpage||• Profile picture with your page likes|
• Viewing a page, post, video, message or other content associated with a page
• Interaction with a post
• Follow or unfollow a page
• Like or unlike a page or post
• Recommending a page in a post or comment
• Comment, share or respond to a page’s post (including how you respond)
• Hide a Page’s post or report it as spam
• Hovering over a link to a page or the name or profile picture of a page to see a preview of the page content
• Clicking on the website, phone number, directions button or other button on a page
• Having a page’s event on the screen, responding to an event, including how to respond, clicking on a link for event tickets
• Starting a Messenger communication with the site
• Viewing or clicking on items in the site shop
• Information about the action, the person performing the action and the browser/app used for the action, such as the following: Date and time of the action. Country/city (estimated from the IP address or imported from the user profile for logged-in users). Language code (from the browser http header and/or language setting). Age/gender group (from the user profile, only for logged in users). Previously visited website (from the browser’s http header). Whether the action was performed from a computer or a mobile device (from the user agent of the browser or the app attributes). FB user ID (only for logged in users).
|Company and service presentation as well as communication with customers and interested parties by means of a Facebook fan page||Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland|
|• New customer acquisition|
• Visitor identification/analysis
|Activity data and information that becomes public||• New customer acquisition|
• Visitor identification/analysis
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
|Recruitee/Recruitee||Candidate Management System||• Contact details, including names|
• E-mail communication
• Address details
• Professional history
• Letter of motivation and other documents submitted for an application
• Information about candidates collected through integrations between the Services and third party services at the request of the subscriber or end-user
• Notes about candidates
• Assessments of candidates
• and other personal data of candidates processed as part of the Services. For the sake of clarity, personal data relating to candidates and data of other data subjects at the same time are considered to be processed on behalf of the subscriber (e.g. email from a user to a candidate).
|Candidate Management System||Recruitee Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, Niederlande|