1. BASIC INFORMATION ON DATA PROCESSING AND LEGAL BASIS

1.1. This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content connected to it (hereinafter jointly referred to as “online offer” or “website”). We are thus fulfilling our information obligations in accordance with Articles 12, 13 and 14 of the German Data Protection Regulation (DSGVO) and Sections 32, 33 and 55 of the German Federal Data Protection Act (BDSG). The data protection declaration applies irrespective of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.

1.2. For the terms used, such as “personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1.3. The personal data of users processed within the scope of this online offer includes usage data (e.g. the web pages visited on our online offer, interest in our services) and content data (e.g. entries in the contact form, i.e. name, telephone number and e-mail address as well as company name).

1.4. The term “user” includes all categories of persons affected by the data processing. They include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as “user”, are to be understood as gender-neutral.

1.5.

We only process users’ personal data in compliance with the relevant data protection regulations. This means that the users’ data is only processed if a legal permission exists.

This means, in particular, if the data processing is necessary or legally required for the provision of our contractual services (e.g. processing of orders) as well as online services, or if the users have given their consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 (1) lit. f.) of the German Data Protection Act (DSGVO)). DSGVO, in particular in measuring reach, creating profiles for advertising and marketing purposes and collecting access data and using the services of third-party providers.

1.6. We would like to point out that the legal basis for the consents is Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for the processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing to fulfil our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to protect our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.

2. SAFETY PRECAUTIONS

2.1. We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

3. DISCLOSURE OF DATA TO THIRD PARTIES AND THIRD PARTY PROVIDERS

3.1. Data is only passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b. DSGVO is necessary for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO in the economic and effective operation of our business.

3.2. Where we use subcontractors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.

3.3. If content, tools or other means from other providers (hereinafter collectively referred to as “third party providers”) are used within the scope of this data protection declaration and their registered office is located in a third country, it is to be assumed that data is transferred to the countries in which the third party providers are based. Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, user consent or otherwise legal permission.

4. SOCIAL MEDIA

4.1. We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there.

4.2. We would like to point out that user data may be processed outside the European Union. This may result in risks for the users, because it could, for example, make it more difficult to enforce the rights of the users. With regard to US providers certified under the Privacy Shield, we point out that they thereby undertake to comply with the data protection standards of the EU.

4.3. Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

4.4. The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If users are asked by the respective providers for consent to data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.

4.5. For a detailed description of the respective processing and the options to object (opt-out), we refer to the information of the providers linked below.

4.6. In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Privacy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland)
Datenschutzerklärung/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung

5. CONTACT

5.1. When contacting us (via contact form or email), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b. DSGVO and stored in the content management system of our website in case follow-up questions arise.

6. COLLECTION OF ACCESS DATA AND LOG FILES

6.1. We or our technical service provider collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on the website where this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

6.2. Log file information is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of one year and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

6.3. We only use the log data for statistical evaluations for the purpose of the operation, security and optimisation of the online offer. However, we reserve the right to subsequently check the log data if there is a justified suspicion of unlawful use due to concrete indications.

7. COOKIES AND REACH MEASUREMENT

7.1. Cookies are pieces of information that are transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.

Cookies are small files that enable specific information related to the device to be stored on the user’s access device (PC, tablet, smartphone, etc.). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they are used to collect statistical data on website use and to be able to analyse it for the purpose of improving the website. Users can influence the use of cookies.

7.2. Among other things, we also use “session cookies”, which are only stored for the duration of the current visit to our online presence. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and close the browser.

7.3. Users are informed about the use of cookies in the context of pseudonymous reach measurement within the scope of this data protection declaration.

7.4. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

7.5. You can object to the use of cookies used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org) and additionally the US website of the Digital Advertising Alliance (http://www.aboutads.info/choices) or the European website of the European Interactive Digital Advertising Alliance (http://www.youronlinechoices.com/uk/your-ad-choices).

8. GOOGLE ANALYTICS

8.1. We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 9.9.2008 (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Article 6 (1) f. DSGVO) Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

8.2. Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law.(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

8.3. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles of the users can be created from the processed data.

8.4. We use Google Analytics to display the ads served through within advertising services of Google and its partners only to users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called “remarketing”, or “Google Analytics Audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interest of users and do not have a harassing effect.

8.5. We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

8.6. The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

8.7. You can find out more information about Google’s use of data, settings and objection options on Google’s websites: https://policies.google.com/privacy/partners?hl=de (“Data use by Google when you use our partners’ websites or apps”) https://policies.google.com/technologies/ads (“Technologies and principles/advertising”), https://adssettings.google.com/?hl=d (“Advertising settings”).

9. GOOGLE REMARKETING / GOOGLE ADWORDS / GOOGLE TAG MANAGER

9.1. We use the marketing and remarketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Park Park, Mountain View, CA 9.0. DSGVO) the marketing and remarketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

9.2. Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

9.3. Google’s marketing services allow us to target ads for and on our website to show users only ads that potentially match their interests. If, for example, a user is shown ads for products in which he or she has shown interest on other websites, this is referred to as “remarketing”.
For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer.
Google may also combine the above information with information from other sources. If the user subsequently visits other websites, he or she can be shown ads tailored to his or her interests.

9.4. User data is processed pseudonymously within the scope of Google marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

9.5. The Google marketing services we use include the online advertising programme “Google AdWords“. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. This is an evaluation of previously defined actions that a user has performed on the website. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page marked with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

9.6. Another Google marketing service we use is the “Google Tag Manager“, with the help of which Google analysis and marketing services can be integrated into our website (i.e. Google Analytics and Google AdWords).

9.7. For more information on Google’s use of data for marketing purposes, please visit the overview page: https://policies.google.com/technologies/ads?hl=de. Google’s privacy policy is available at https://policies.google.com/privacy?hl=de.

9.8. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/?hl=d

10. CleanTalk Anti-Spam Tool

10.1. In order to protect this website from the transmission of automated and non-human messages, the contact and registration forms of this website use the security program “Anti-Spam by CleanTalk”. This use is based on our legitimate interests within the meaning of Art. 6 (1) f) of the German Data Protection Regulation (GDPR).

10.2. The provider CleanTalk Inc can be reached at the following address: CleanTalk Inc Address 711 S Carson street, suite 4, Carson City, NV, 89701, USA.

10.3. For security reasons and to protect against spam, your data such as message text, IP addresses, email addresses or domain names are sent to a cloud server of the provider Clean Talk Inc. Please do not use our contact form if you do not want to do so.

10. 4. Further information on the use and application of data including data protection information can be found on the CleanTalk page: https://cleantalk.org/publicoffer#privacy.

11. USER RIGHTS

11.1. Users have the right, upon request and free of charge, to obtain information about the personal data we have stored about them.

11.2. In addition, users have the right to rectification of inaccurate data, restriction of processing and erasure of their personal data, where applicable, to exercise their rights to data portability and, in the event of a presumption of unlawful data processing, to lodge a complaint with the competent supervisory authority.

11.3. Likewise, users can revoke consent, in principle with effect for the future.

12. DELETION OF DATA

12.1. The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion is not contrary to any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.

12.2. In accordance with legal requirements, storage is for 6 years pursuant to § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

13. RIGHT OF OBJECTION

Users may object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against the processing for purposes of direct advertising.

14. CHANGES TO THE DATA PROTECTION DECLARATION

14.1. We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

14.2. Users are requested to inform themselves regularly about the content of the privacy policy.

This data protection declaration was created by the data protection officer of Digital Control GmbH & Co. KG on the basis of a sample template by lawyer Dr Thomas Schwenke. https://drschwenke.de/.

Duesseldorf, July 2018