dasistweb Privacy Statement

1. Introduction and general information

Thank you for your interest in our website and our company. The protection of your personal data is very important to us. Below, we shall inform you about the collection of personal data when using our website and during further interaction with us. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. We will also inform you of the rights to which you are entitled.

1.1. Responsible party as defined by the GDPR

dasistweb GmbH
Bergfeldstraße 11
D-83607 Holzkirchen
Germany
[email protected]

1.2. Contact details of the Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
Germany
E-Mail: [email protected]

When contacting the Data Protection Officer, please state the company to which your request relates. Please do not include sensitive information, such as a copy of your ID.

2. Processing of your data when you visit our website

2.1. Web Hosting

This website is hosted by an external service provider (host). This website is hosted in Germany. Personal data collected on this website is stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, metadata and communication data, website access and other data generated via a website.

We have concluded an order processing agreement with the provider in accordance with the provisions of Art. 28 GDPR, in which we oblige them to protect the data of our customers and not to pass it on to third parties.

2.2. Server log files

If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6(1)(1)(f) GDPR):

  • (1) browser types and versions used,
  • (2) the operating system used by the accessing system,
  • (3) the website from which an accessing system accesses our website (so-called referrer),
  • (4) the sub-websites which are accessed via an accessing system on our website,
  • (5) the date and time of access to the website,
  • (6) an Internet Protocol (IP) address,
  • (7) the Internet service provider of the accessing system; and
  • (8) other similar data and information used to avert dangers in the event of attacks on our information technology systems.

The collection of this general data is not used by the controller to draw conclusions about the data subject, but is needed in order to:

  • (1) deliver the contents of our website correctly,
  • (2) optimise the content of our website and the advertising for it,
  • (3) ensure the long-term operability of our information technology systems and the technology of our website, and
  • (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.

We collect the listed data in order to ensure a smooth connection to the website and to enable convenient use of our website by users. The log file is also used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6(1) point f GDPR.

For technical security reasons, in particular to protect against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After 30 days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a connection to the individual user.

In anonymised form, the data may also be used for statistical purposes. This data, together with other personal data of the user, is not stored, compared with other databases or passed on to third parties at any time.

2.3.Cookies

Our website uses cookies. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or an automatic solution is implemented by your web browser.

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are technically necessary are processed on the basis of Art. 6(1) point f GDPR. We have a legitimate interest in the storage of cookies for the technically correct and optimised provision of our services. Other cookies are only used with your consent on the basis of Art. 6(1) point a GDPR. Consent can be withdrawn at any time in the future. The legal basis may also arise from Art. 6(1) point b GDPR if the processing is necessary for the fulfilment of a contract to which the data subject is a party or for the implementation of pre-contractual measures which take place at the request of the data subject.

If cookies are used for analysis purposes, we will inform you of this separately within the framework of this Privacy Statement and obtain your consent.

You can configure your browser so that you can:

  • be informed about the setting of cookies,
  • only allow cookies in individual cases
  • exclude the acceptance of cookies in certain cases or in general
  • activate the automatic deletion of cookies when closing the browser

The cookie settings can be managed for the respective browsers using the following links:

You can also individually manage cookies from many companies and functions used for advertising. For this purpose, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers offer a so-called "Do Not Track" function. If this function is enabled, the browser in question will tell advertising networks, websites and applications that you do not want to be “tracked” for advertising based on behaviour and the like.

Depending on the provider of your browser, you can find information and instructions on how to edit this function at the following links:

In addition, you can also prevent the loading of so-called scripts by default. NoScript allows you to run JavaScripts, Java and other plug-ins only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that disabling cookies may limit the functionality of our website.

2.3.1. Changing cookie settings

You can revoke or change your cookie settings at any time. To do this, access the cookie settings again via our integrated settings. You can find this at any time at the bottom right of the website.

2.3.2. Individual service providers

Google Analytics

Our website uses Google Analytics, an Internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to generate reports on website activity. Google will also use this information to provide the website operator with further services associated with the use of the website and the Internet. The IP address sent by your browser as part of Google Analytics is not combined with other Google data. Processing is carried out in accordance with Art. 6(1) point a GDPR on the basis of your consent. We only use Google Analytics with IP anonymisation enabled. This means that Google only processes your IP address in abbreviated form.

The terms of use of Google Analytics and information on data protection can be accessed via the following links: http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

You can prevent the storage of cookies by adjusting the settings of your browser software accordingly. However, please note that in this case you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin, which is available at https://tools.google.com/dlpage/gaoptout?hl=de.

Google Ads

We use Google Ads on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). We use Google Ads for marketing and optimisation purposes, in particular to place advertisements that are relevant and of interest to you.

If you have provided us with your consent in accordance with Art. 6(1) point 1 lit. a GDPR, we can use Google Ads to draw attention to our attractive offers with the help of advertising materials on external websites. This allows us to determine how successful individual advertising measures are.

These advertising materials are delivered by Google via so-called ad servers. We use ad server cookies, which can be used to measure certain parameters for measuring success, such as display of ads or clicks by users.

If you access our website via a Google ad, Google Ads stores a cookie on your PC. These cookies generally lose their validity after 30 days. They shall not be used to identify you personally. The following information is generally stored on this cookie as analysis values: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wants to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been forwarded to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers. We do not collect or process any personal data ourselves in the stated advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information.

Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives notification that you have accessed the corresponding part of our website or clicked on an advert from us. If you have a Google user account and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will find and save your IP address.

Further information on data use by Google, settings and objection options as well as data protection can be found on the following Google websites:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. Please note that in this case you may not be able to make full use of all the functions of our website. You can also prevent the storage of cookies by setting your web browser so that cookies from the domain "www.googleadservices.com" are blocked (https://www.google.de/settings/ads). Please note that this setting will be deleted when you delete your cookies. You can also deactivate interest-related adverts via the link http://optout.aboutads.info Please note that this setting will also be deleted if you delete your cookies.

Google Ads Remarketing

Our website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

If you have provided us with your consent, this function enables the advertising target groups created with Google Ads Remarketing to be linked to the cross-device functions of Google AdWords and Google DoubleClick. The legal basis is your consent pursuant to Art. 6(1) point 1 lit. a GDPR. In this way, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one terminal (e.g. mobile phone) can also be displayed on another of your terminals (e.g. Tablet or PC).

If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalised advertising messages can be displayed on any device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by opting out of personalised advertising in your Google Account by following this link: https://adssettings.google.com/

Further information and the privacy statement can be found in Google's privacy statement at https://www.google.com/policies/technologies/ads/

Google Tag Manager

This website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means: No cookies are used and only the IP address of the user is transmitted to Google for connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a de-activation has occurred at the domain or cookie level, this remains for all tracking tags that are implemented with Google Tag Manager.

We use Google Tag Manager on the basis of our legitimate interest from Art. 6(1) point f GDPR. Our legitimate interest here is to enable the technical integration of other website tools.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The purpose of reCAPTCHA is to check whether data entry on our website (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information, e.g.

  • IP-Address
  • Time spent by the visitor on the website
  • Mouse movements made by the user

The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from abusive automated spying and from unwanted automated mailings (spam).

We do not store any personal data from the use of reCAPTCHA. Generally, personal data of the person concerned will be deleted, or blocked, as soon as the purpose of the storage no longer applies.

Further information on Google reCAPTCHA as well as Google's privacy policy can be found under the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/v3beta.html.

Google Fonts

We use Google Fonts for optimisation purposes, in particular to improve the use of our website and to make its design more user-friendly. The processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent. This consent can be revoked at any time with effect for the future.

Further information on data protection can be found in Google's data protection declaration: http://www.google.de/intl/de/policies/privacy. Further information on Google Fonts can be found at https://fonts.google.com/.

Google Maps

Our homepage uses the online map service provider Google Maps via an interface. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to save your IP address.

Google uses cookies to collect information about user behaviour. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
For more information on the handling of user data, please refer to Google's privacy policy: https://www.google.de/intl/de/policies/privacy/ Opt-out: https://www.google.com/settings/ads/.

YouTube

On our website, we integrate videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data is your granted consent for this purpose in accordance with Art. 6 (1) lit. a GDPR.

If the playback of embedded YouTube videos is started through your consent, the provider "YouTube" uses cookies to collect information about user behaviour. According to YouTube, these cookies are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behaviour. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. Google stores this data as a usage profiles and uses it for the purposes of advertising, market research and/or designing its websites to meet user needs. Such an evaluation is carried out, in particular (also for users who are not logged in) for the display of need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.

Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy?hl=en&gl=en.

Appropriate guarantees for Google services when transferring data to the USA

We have concluded a data processing agreement with the service provider in which we oblige them to protect the data of our customers and not to pass it on to third parties.

As personal data is transferred to the USA, further protection mechanisms are required to ensure the level of data protection in the GDPR. In order to ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46(2) c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this also cannot be ensured by this contractual extension, we will endeavour to obtain additional provisions and commitments from the recipient in the USA.

CloudFlare

Our website uses the services of Cloudflare Inc. (USA) to securely encrypt data transfer over the Internet (SSL), to improve global website performance via the Cloudflare Content Delivery Network (CDN), and to improve security and protect against hacker attacks via the Cloudflare Web Application Firewall (WAF). Cloudflare may use its own cookies to provide these services.

In general, Cloudflare only forwards data that is controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received corresponding instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS protocol data, and performance data for websites derived from browser activity. Log data, for example, helps Cloudflare to detect new threats. In this way, Cloudflare can guarantee a high level of security protection for our website.

For security reasons, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie is strictly necessary for the Cloudflare security features and cannot be disabled. In general, Cloudflare stores user-level data for domains in Free, Pro and Business versions for less than 24 hours. Cloudflare only stores data logs for as long as is necessary, and in most cases this data is deleted again within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent protocols to improve the overall performance of Cloudflare Resolver and detect any security risks. You can find out exactly which permanent protocols are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/ All data collected by Cloudflare (temporary or permanent) has all personal data removed. All permanent logs are also anonymised by Cloudflare.

You can also completely prevent the collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or integrating a script blocker in your browser. As personal data is transferred to the USA, further protection mechanisms are required to ensure the level of data protection in the GDPR. In order to ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46(2) c GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this also cannot be ensured by this contractual extension, we will endeavour to obtain additional provisions and commitments from the recipient in the USA. We have entered into an order processing contract with Cloudflare. More detailed information on data protection and Cloudflare can be found at: https://www.cloudflare.com/de-de/gdpr/introduction/

Hotjar

Our website uses the Hotjar web analytics service from Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe).

This tool can be used to track movements on the websites where Hotjar is used (so-called heat maps). For example, it can be seen how far users are scrolling and which buttons users click how often. Furthermore, it is also possible to collect feedback directly from the users of the website using the tool. Above all, Hotjar services can improve the functionality of the Hotjar-based website by making it more user-friendly, more valuable and easier for end users to use.

When using this tool, we pay particular attention to the protection of your personal data. In this way we can only track which buttons are clicked, the mouse’s movements, how far it scrolls, the device’s screen size, device type and browser information, geographical location (country only) and the preferred language to display our website. Areas of the websites in which your personal data or that of third parties is displayed are automatically hidden by Hotjar and are therefore not traceable at any time. IP addresses are only stored and processed in anonymised form in order to prevent them from being directly linked to individuals. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data transmitted by your browser as part of web page requests. These could be cookies or your IP address, for example. In these exceptional cases, this processing is carried out in accordance with Art. 6(1) point a GDPR on the basis of your consent for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.

Hotjar stores customer data in the European Union. In a few cases, customer data may be accessed from the US or other countries whose data protection laws differ from the data protection laws in your place of residence, or other data (e.g. email) may be transferred to such countries. Hotjar has taken appropriate safeguards that require your personal data to remain protected and requires that third party service providers and partners of Hotjar also take appropriate safeguards.

Hotjar offers every user the option of using a “Do Not Track Header” to prevent the use of the Hotjar tool, so that no data about the visit to the respective website is recorded. This is a setting that supports all standard browsers in current versions. For this purpose, your browser sends a request to Hotjar with the note to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the “Do Not Track Header” for each of these browsers/computers separately.

When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by visiting our opt-out page https://www.hotjar.com/legal/compliance/opt-out and clicking Disable Hotjar.

Further information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com

Hotjar Ltd.'s privacy statement can be found at: https://www.hotjar.com/privacy

2.4. Contact

If you send us a contact form or e-mail enquiries, your details from the enquiry form or your e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. When entering an e-mail address, first name and surname is required for contact details. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request pursuant to Art. 6(1) point f GDPR and, if applicable, Art. 6(1) point b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, unless there are statutory retention obligations to the contrary. In the case of Art. 6(1) point f GDPR, you may object to the processing of your personal data at any time.

2.5. Newsletter

If you would like to receive the newsletter offered on the website with regular information on our offers and products, we require your e-mail as mandatory information. Additional data may be provided in order to be able to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the double opt-in procedure to send out the newsletter. This means that we will not send you our newsletter by e-mail until you have expressly confirmed that you agree to receive newsletters. In the first step, you will receive an e-mail with a link to confirm that you, as the owner of the e-mail address in question, wish to receive newsletters in the future. By confirming this, you are giving us your consent in accordance with Art. 6(1) point a GDPR, that we may use your personal data for the purpose of sending the desired newsletter.

When registering for the newsletter, in addition to the e-mail address required for sending the newsletter, we also save the IP address you used to register for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later point in time

You can unsubscribe from the newsletter at any time by clicking on the link in each newsletter or by sending an e-mail to the person responsible specified above. Once you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.

2.6. Submission of applications

When you apply to us via our contact form or by e-mail, we collect personal data. This includes, in particular, your contact details (such as first name and surname, telephone number and e-mail address of the user) as well as other data you provide on your career (e. (e.g. CV, qualifications, grades and professional experience) and you (e. (e.g. letters, personal interests). This may also include special categories of personal data (e.g. information on severe disability). Your personal data is generally collected directly from you as part of the application process and encrypted during the electronic transmission. The primary legal basis for this is Art. 6(1) b GDPR in In conjunction with Section 26 (1) Federal Data Protection Act. In addition, consents may be granted in accordance with Art. 6(1) point a, 7 GDPR in conjunction with Section 26 (2) of the German Federal Data Protection Act (BDSG) as a permission requirement under data protection law. If the processing of your data is based on consent, you have the right to withdraw consent at any time with effect for the future.

Within our company, only the persons and positions (e.g. HR) have access to your personal data that is absolutely necessary for the execution of the application process or for the fulfilment of our legal obligations. Your applications may forwarded to the responsible person in charge for review. Under no circumstances will your personal data be passed on to third parties without authorisation.

Your data for an application for a specific job advertisement will be stored and processed by us throughout the ongoing application process. After completion of the application process (e.g. in the form of an approval or rejection), the application process, including all personal data, is deleted from the system no later than six months after the end of the application process. The data of selected applicants is stored securely for up to 2 years, provided that the applicants give their consent in accordance with Art. 6(1) point 1 lit. a GDPR. You can withdraw your consent at any time with future effect. For this purpose, an informal e-mail to the contact details of the controller listed above is sufficient. In the event of a commitment, your application documents will be included in the personnel file.

3. Data protection information for customers, interested parties and other contractual partners

3.1. Purposes and legal bases of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), insofar as these are necessary for the establishment, implementation and fulfilment of a contract as well as for the implementation of pre-contractual measures. Insofar as personal data is required to initiate or implement a contractual relationship or in the context of implementing pre-contractual measures, processing pursuant to Art. 6(1) point b GDPR is legal.

If you give explicit consent to the processing of personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising by e-mail), the lawfulness of this processing is based on your consent pursuant to Art. 6(1) point a GDPR. Any consent granted can be revoked at any time with effect for the future (see Section 9 of this data protection information).

Where necessary and permitted by law, we process your data beyond the actual purposes of the contract in order to fulfil legal obligations pursuant to Art. 6(1) point c GDPR. In addition, processing may take place to safeguard the legitimate interests of us or of third parties and to defend and assert legal claims in accordance with Art. 6(1) point f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

3.2. Categories of personal data

We only process data that is related to the establishment of a contract or to the pre-contractual measures. This may be general data about you or your company’s persons (name, address, contact details, etc.) and, if applicable, other data that you provide to us as part of the conclusion of the contract.

3.3. Sources of data

We process personal data that we receive from you in the context of making contact or establishing a contractual relationship or in the context of pre-contractual measures that you provide via our contact form.

3.4. Recipients of the data

We only pass on your personal data within our company to those areas and persons who need this data in order to fulfil the contractual and legal obligations or to implement our legitimate interest.

Your personal data is processed on our behalf on the basis of data processing agreements pursuant to Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. In this case, the categories of recipients are SaaS – providers of customer management systems and invoice management systems.

Otherwise, data will only be passed on to recipients outside the company insofar as legal provisions permit or require this, if the transfer is necessary for the processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information. Under these conditions, recipients of personal data, such as:

  • External accountant
  • Public bodies and institutions (e.g. public prosecutor’s office, Police, supervisory authorities, tax office) in the event of a legal or official obligation
  • Recipients to whom the transfer is directly required for the establishment or performance of the contract, such as banks, hosts, Dropbox

3.5. Transfer to a third country

Transfer to a third country is not intended.

3.6. Duration of storage

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and processing of a contract.

In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The retention and documentation periods stipulated therein are two to ten years.

Finally, the storage period also depends on the statutory limitation periods, which according to Sections 195 et seqq. of the German Civil Code (BGB) can generally be three years, but in certain cases up to thirty years.

3.7. Your rights

You can find detailed information on your rights under point ... of this Privacy Statement.

4. Social media presence

Below you will find information on how we handle your data collected through your use of our social media sites on social networks and platforms. Your data is processed in accordance with the statutory regulations.

4.1. Facebook fan page

4.1.1. Responsible body

In the event that the data transmitted to us by you is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing within the meaning of the GDPR, in addition to us or in our place. For this purpose, we have concluded an agreement with Facebook in accordance with Art. 26 GDPR on joint responsibility for the processing of data (Controller Addendum). This agreement defines the data processing operations for which we or Facebook are responsible when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

Since personal data is transferred by Facebook Ltd. to the USA, including to Facebook Inc., further protection mechanisms are required to ensure the level of data protection of the GDPR. For this purpose, the provider shall set out standard data protection clauses in accordance with Art. 46(2) c GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.

If you would like to exercise your rights as a visitor to the website (information, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection or withdrawal), you can contact Facebook or us.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads oder http://www.youronlinechoices.com

For further details, please refer to Facebook’s privacy statement:
https://www.facebook.com/about/privacy/

4.1.2. Facebook’s Data Protection Officer

To contact the Facebook Data Protection Officer, you can use the online contact form provided by Facebook at the following link: https://www.facebook.com/help/contact/540977946302970.

4.1.3. Data processing for statistical purposes by means of page insights

Facebook provides so-called page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This is aggregated data that provides information on how people interact with our site. Site Insights may be based on personal data collected in connection with a visit or interaction of individuals to or with our site and in connection with content provided. Please be aware of which personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles are created from user behaviour and the resulting interests of the user. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies, which are stored on your end device. In addition, the user profiles may also store data that is independent of the devices used by the users; in particular, if the users are members of the respective platforms and are logged into them. The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the optimised presentation of the offer, the effective information and communication with customers and interested parties as well as the targeted placement of advertising. Please note that we have no influence on data collection and further processing by Facebook. As a result, we cannot provide information on the extent to which, where and for how long Facebook stores the data. Furthermore, we cannot make any statements about the extent to which Facebook fulfils existing deletion obligations, which evaluations and links are made with the data by Facebook and to whom the data is passed on by Facebook. If you would like to avoid Facebook processing your personal data, please contact us by other means.

4.2. Other social media providers

4.2.1. Responsible body

If your personal data is processed by a provider listed below, this controller is responsible for data processing within the meaning of the GDPR. For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only these parties have access to the data collected from you. If you still need help, please do not hesitate to contact us.

We have online presences on the social media platforms of the following providers:

  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
  • Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
  • YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany
  • Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA

4.2.2. Data Protection Officer

You can find information on contacting the data protection officer of the other social media providers here:

4.3. General information on social media platforms

4.3.1. Responsible body

The controller for data processing within the meaning of the GDPR is the authority named at the beginning of this Privacy Statement, insofar as we process data transmitted by you via one of the social media platforms.

4.3.2. Our Data Protection Officer

If you have any concerns about data processing carried out by us as the controller, you can contact our Data Protection Officer using the contact details provided at the beginning of this Privacy Statement.

4.4. General data processing on social media platforms

4.4.1. Data processing for market research and advertising

As a rule, personal data is processed on the company’s website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognise you when you visit a website. Usage profiles can be created using the collected data. These are used to place advertisements inside and outside the platform that presumably correspond with your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them.

4.4.2. Data processing when making contact

We collect personal data ourselves if, for example, you contact us via a contact form or a messenger service, such as Facebook Messenger. The data collected depends on your details and the contact details you provide or approve. These are stored by us for the purpose of processing the request and in the event of follow-up questions. Under no circumstances will we pass on the data to third parties without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request pursuant to Art. 6(1) point f GDPR and, if applicable, Art. 6(1) point b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, unless there are statutory retention obligations to the contrary. We assume processing to be concluded if it can be deduced from the circumstances that the matter in question has been finally clarified.

4.4.3. Data processing for contract processing

If your contact via a social network or other platform aims to conclude a contract for the supply of goods or services with us, we process your data for the fulfilment of the contract or for the implementation of pre-contractual measures or the provision of the desired services. In this case, the legal basis for the processing of your data is Art. 6(1) point b GDPR. Your data will be deleted if it is no longer required for the implementation of the contract or if it is established that the pre-contractual measures do not lead to a conclusion of the contract corresponding to the purpose of the contact. Please note, however, that it may also be necessary to store personal data of our contractual partners after conclusion of the contract in order to comply with contractual or legal obligations.

4.4.4. Data processing based on consent

If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis for processing is Art. 6(1) point a., Art. 7 GDPR. Assigned consent can be revoked at any time with effect for the future.

4.5. Data transfer and recipient

When visiting and using the platforms listed above, personal data may be transferred to the USA or other third countries outside the EU, which is why further protective mechanisms are required in such cases to ensure the level of data protection in accordance with the GDPR. Please refer to the list below for further information on whether and which suitable warranties the providers can provide.

We have no influence on the processing and handling of your personal data by the provider. We also do not have any information on this. For further information, please check the privacy statement of the respective provider and, if necessary, use the options for opt-out/personalisation with regard to data processing by the provider:

5. Other provisions

5.1. Data Security

In accordance with Article 32 GDPR, we take into account the current state of technology, implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, suitable technical and organisational measures to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

5.2. Duration of storage of personal data

The duration of storage of personal data is determined by the relevant statutory retention periods (e.g. commercial law and tax law). After the respective period has expired, the corresponding data is routinely deleted. If data is required for the fulfilment of the contract or for the initiation of the contract or if we have a legitimate interest in its continued storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right to withdraw or object.

5.3. Your rights

In the following, you will find information about the data subject rights that the applicable data protection law grants you with regard to the controller with regard to the processing of your personal data:

The right, according to Article 15 GDPR, to request information concerning your personal data that we have processed. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your information has been or will be disclosed, the planned storage duration, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of the data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on the details.

The right, according to Article 16 GDPR, to immediately request the correction of inaccurate data we have about you or the completion of your personal data stored by us.

The right, according to Article 17 GDPR, to request the deletion of your personal data stored with us, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

The right, according to Art. 18 GDPR, to request restriction of the processing of your personal data if the accuracy of the data is disputed by you or the processing is unlawful, but you reject deletion of the data and we no longer need it; you need the data for the establishment, exercise or defence of legal claims or you have filed an objection against the processing according to Art. 21 GDPR.

The right, according to Art. 20 GDPR, to request the personal information you have provided to us in a structured, standard and machine readable format or request the transmission of such to another controller.

The right, according to Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if necessary, your usual place of residence or workplace.

The right to withdraw consent granted pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, provided that further processing cannot be based on a legal basis for processing without consent. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent until withdrawal.

5.3.1. Right of objection

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6(1) point 1 lit. f GDPR, you have, in accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if this is for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to state a special situation.

If you would like to exercise your right of objection, please send an e-mail to [email protected]

5.4. Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data as is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

5.5. Automated decision making

There is no automated decision-making or profiling pursuant to Art. 22 GDPR.

5.6. Right of modification

We reserve the right to amend or update this Privacy Statement if necessary in compliance with the applicable data protection regulations. In this way we can adapt it to current legal requirements and take into account changes in our services, e.g. when introducing new services. The most recent version applies to your visit.

Status of this Privacy Statement 05/08/2021