Data protection explanation
Status: 01.08.2024
With the following privacy policy, we would like to explain to you what types of your personal data (hereinafter also referred to as “data”) we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”). The terms used are not gender-specific.
Table of contents
1. Responsible person, data protection officer
The controller in accordance with Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is
Plancraft GmbH
Flora-Neumann-Strasse 6
20357 Hamburg
Contact details of the data protection officer:
Proliance GmbH
www.datenschutzexperte.de
Leopoldstraße 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
When contacting the data protection officer, please name the company to which your request relates. Please refrain from including sensitive information, such as a copy of an identity document, with your request.
2. Data processing when operating the website
2.1. web hosting
This website is hosted by an external service provider (host). Personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, website accesses and other data generated via a website. We collect the listed data to ensure a smooth connection to the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to make the website available to you. The legal basis for processing the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded an order processing contract with the provider in accordance with Article 28 GDPR, in which we oblige him to protect our customers' data and not to pass it on to third parties.
2.1.1. Webflow
To create and host our website, we use the services of Webflow, Inc. 398 11th Street, 2nd Floor, San Francisco, CA 94103, United States, one.
Description of data processing and purpose
Webflow is a tool for building and hosting websites. We use the services to make our website available to you. Personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, website accesses, log files and other data generated via a website. Webflow also stores cookies or other recognition technologies that are necessary to display the page, to provide website functions and to ensure security (technically necessary cookies). We use Webflow for the purpose of creating and providing our website.
Legal basis of data processing
Insofar as we use cookies and similar technologies as part of the integration of the service or insofar as data is stored on your device or read from there, this is done in accordance with Section 25 (2) TDDDG. Subsequent data processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest lies in technically improving our website and making our website available efficiently.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
Webflow, Inc. 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.
In principle, we have no influence on further data processing by the third-party provider. You can find more information about Webflow's handling of personal data at https://webflow.com/legal/privacy and under https://webflow.com/legal/eu-privacy-policy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework. Webflow, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal. In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.1.2. Amazon CloudFront (in conjunction with Webflow)
We use Amazon CloudFront to deliver our website. CloudFront is a service that Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. Amazon CloudFront is integrated by our hosting provider Webflow. The provider mentioned above is the authorized EU representative of Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226, United States.
Description of data processing and purpose
Amazon CloudFront allows us to quickly deliver data to make our website available in the best possible way. Amazon CloudFront is a content delivery network (CDN) powered by Amazon Web Services. The CDN uses proxy servers worldwide, which enable companies to deliver content such as web videos or other large media quickly and securely. To do this, proxy servers store the files locally and thus improve the access speed when downloading. In practice, this means that companies can offer data-rich content on their websites that users can access without long waiting times. In order to make our website available via CloudFront, your personal data is transmitted to Amazon Web Services. The processed data includes in particular: your IP address, the website accessed, the referrer URL, the browser used, the operating system used. We use Amazon CloudFront to make our website available in the best possible way and without long loading times.
In order to make our website available via CloudFront, your personal data is transmitted to Amazon Web Services. The processed data includes in particular:
- your IP address,
- the web page accessed,
- the referrer URL,
- the browser used,
- the operating system used.
We use Amazon CloudFront to make our website available in the best possible way and without long loading times.
Legal basis of data processing
Insofar as we use cookies and similar technologies as part of the integration of the service or insofar as data is stored on your device or read from there, this is done in accordance with Section 25 (2) TDDDG. Subsequent data processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest lies in technically improving our website and making our website available efficiently.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg,
- Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226, USA.
In principle, we have no influence on further data processing by the third-party provider. For more information about how AWS handles personal data, please visit https://d1.awsstatic.com/legal/privacypolicy/AWS%20Privacy%20Notice%20-%202024-01-01_DE.pdf.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework. Amazon Web Services, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal. In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.2. Usage data and server log files
Description of data processing and purpose
When you visit our website, it is technically necessary that data is transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:
- date and time of the request
- name of the requested file
- page from which the file was requested
- Access status
- Web browser and operating system used
- (Full) IP address of the requesting computer
- Amount of data transferred
We collect the listed data to ensure a smooth connection to the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to make the website available to you. The log files are used to evaluate system security and stability as well as for administrative purposes.
Legal basis of data processing
The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Article 6 (1) (f) GDPR.
Storage period
For reasons of technical security, in particular to prevent attempts to attack our web server, we store this data for a short time. After 7 at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a connection to the individual user. In addition, the data may be processed anonymously for statistical purposes. This data is stored together with the user's other personal data, compared with other databases or passed on to third parties at no time.
2.3. Data processing related to cookies and similar services
2.3.1. Access to and storage of information in terminal equipment
By using our website, information (e.g. IP address) or information (e.g. cookies) can be accessed on your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR. In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) (1), Section 2 (2) TDDDG. Subsequent data processing may be carried out on the basis of Art. 6 (1) (f) GDPR. In cases where such a process serves other purposes (e.g. designing our website in line with your needs), this is carried out on the basis of Section 25 (1) TDDDG only with your consent in accordance with Article 6 (1) (a) GDPR. The consent can be withdrawn at any time in the future. The requirements of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data. Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.
2.3.2. Cookies and similar technologies
2.3.2.1. general information
On this website, we use services that use cookies and similar technologies to store data in the browser of your device and read out data that has already been saved. Cookies, your browser's local storage, pixels and so-called tags may be used for this purpose. Cookies are small text files that can be stored and read on your device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored for a specific period of time beyond the individual session. In addition to cookies, we may use your browser's local storage to store and read data there. We may also include pixels in our websites. Pixels are small individualized image files that are loaded when pages are loaded and can be used to track user activity. Finally, we may use tags (tags) on our websites. Tags are small HTML or Java Script code fragments or tags that enable website analysis or user tracking services to differentiate or identify users and track certain user activities. Further information on the cookies and similar techniques we use can be found below in the descriptions of the categories of cookies and in our consent management platform”Consentmanager“, which is displayed when you visit our website. You can”Consentmanager“via the cookie icon or link”Privacy settings“Go back to the bottom left of the website and change your settings. Please note that our websites may not be displayed correctly without the use of certain cookies and similar techniques and some functions may no longer be technically available.
2.3.2.2. Features category
Services in this category may use cookies and similar technologies to store and read information on your device. We use them
- to enable the website to be displayed and to provide its basic functions, in particular page navigation and access to secure areas,
- to enable consents to be submitted and withdrawn,
- to protect our forms from abusive registrations,
- to protect our website from cyber attacks and attempts at fraud, and
In some cases, the cookies and similar technologies used only contain information about specific settings and are not personally identifiable. We do not use them for the purpose of tracking your interactions, for measurement and statistical evaluation or for advertising purposes. The use of the services and corresponding cookies and similar technologies in this category is based on Section 25 (2) No. 1, No. 2 TDDDG. Subsequent data processing is carried out on the basis of Art. 6 (1) (f) GDPR.
2.3.2.3. Settings category
Services in this category may use cookies and similar technologies to store and read information on your device. We use them
- to make our websites appealing to you,
- to allow third-party content to be loaded, and
- to provide you with certain settings and other features of the website.
The use of the services and corresponding cookies and similar technologies in this category is based on your consent in accordance with Section 25 (1) TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.
2.3.2.4. Measurement Category
Services in this category may use cookies and similar technologies to store and read information on your device. We use them
- to be able to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and use of our websites,
- to design our websites in line with needs and adapt them to user interactions, and
- to monitor the technical functionality of our website and to enable bug fixes.
For this purpose, individual pseudonymous identifiers (recognition features) consisting of numbers and letters are regularly stored in cookies on your device when you visit our website and read out again when you visit our website again. By using pseudonyms, users can be individually differentiated and recognized. However, the natural person behind a pseudonym cannot regularly be identified directly, in particular by name, without further, additional data. Other technologies may also be used regularly to read recognition features from your device, such as in the case of so-called browser or device fingerprinting, in which data from the properties of the browser you use (e.g. type and version of the browser) and its configuration (e.g. preferred language), characteristics of your terminal device (e.g. manufacturer and model of your mobile phone, operating system) or the hardware you use (e.g. screen resolution) are used to make you different User pseudonymous recognizable. The use of the services and corresponding cookies and similar technologies in this category is based on your consent in accordance with Section 25 (1) TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.
2.3.2.5. Category Marketing
Services in this category may use cookies and similar technologies to store and read information on your device. We use them
- to be able to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and use of our websites,
- to be able to track your interactions with advertisements placed by us on other websites via third-party providers across various devices and websites (so-called conversion tracking),
- to be able to track and evaluate your interactions with our website and then to make them the basis for targeted advertising campaigns in advertising networks aimed at you or a specific target group to which you belong (so-called retargeting and remarketing),
- to improve the effectiveness of our advertising measures and to manage our advertising campaigns.
For this purpose, individual pseudonymous identifiers (recognition features) consisting of numbers and letters are regularly stored in cookies when you visit another website or when you visit ours on your device and read out again when you visit this or a new website again.
Other technologies may also be used regularly to read recognition features from your device, such as in the case of so-called browser or device fingerprinting, in which data from the properties of the browser you use (e.g. type and version of the browser) and its configuration (e.g. preferred language) or characteristics of your device (e.g. manufacturer and model of your mobile phone, operating system) or the hardware you use (e.g. screen resolution) are used as different users To recognize pseudonymously. If necessary, the processed pseudonymous recognition features may also be combined with other data by us or the providers of the services used. For example, services used by us and their providers can also exchange and compare recognition features (ID) with each other in order to combine the characteristics in the event of a match (matching) and assign them to the same pseudonymous user (so-called ID matching/ID syncing). This enables website visitors to be recognized and addressed in advertising across devices, platforms and advertising networks. If you identify yourself with your real data such as name or email address or enter your own user data on our websites or log in to social networks or online services from third parties that also provide us with appropriate tracking and advertising services, pseudonymous recognition features can also be linked to your real data or user data. On In this way, we or the providers of the services can create and evaluate comprehensive pseudonymous or non-pseudonymous user profiles in order to then use them for targeted advertising based on your interests. The use of the services and corresponding cookies and similar technologies in this category is based on your consent in accordance with § 25 para. 1 TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.
2.4. Consent management via consent management platform consentmanager
On our websites, we use the consent management platform “consentmanager” from consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden, one that we use to manage your consent to the use of cookies and similar technologies.
Description of data processing and purpose
We use the service to manage your consent to the use of cookies and similar technologies as well as to subsequent data processing.
If you provide consent via our consent banner, the service processes the following data:
- IP address of the Internet connection used to access the website
- language of the browser used
- URL of the accessed website
- Data on the country from which the website was accessed
- Data from cookies to test whether the browser supports cookies
- Data from cookies to count website visitors
- Consent status data from cookies
- Status of consent to purposes/categories
- Status of consent to individual services
- When the consent level was last displayed
This data is logged on the provider's servers. As part of data processing, cookies are used to save your consent status on your device, read it again when you access the page again and compare it.
In this way, we are able to check your consent status on all subsequent and future visits to our websites and, in accordance with your decision to use cookies and other technologies, to activate or deactivate them when you visit the page again.
The purpose and our legitimate interest are to use cookies and similar technologies on our websites in accordance with data protection regulations and to enable you to easily withdraw your declarations of consent.
Legal basis of data processing
Insofar as we use cookies and similar technologies as part of the integration of the service or insofar as data is stored on your device or read from there, this is done in accordance with Section 25 (2) TDDDG. Subsequent data processing is carried out on the basis of Art. 6 (1) (f) GDPR.
transceivers
When using the platform, the data collected via our websites is transmitted to the following recipients:
consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden.
Storage period
By integrating the service on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 12 months. There is no further storage of the data processed by the service and made available to us in our own systems.
2.5. Google Tag Manager
We include the service on our websites”Google Tag Manager“The Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, United States, In the European Union (EU) and in the European Economic Area (EEA), the service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, offered.
Description of data processing and purpose
”Google Tag Manager“is a tag management system (TMS) that allows us to integrate and manage further website content in JavaScript or HTML code.
In particular, so-called tags can be integrated and managed on our website. Tags are small code fragments or tags (web beacons, tracking pixels, or similar tags) that website analysis or user tracking services allow users to differentiate or identify users. The analysis of website visits or user tracking is not carried out by the”Google Tag Manager“, but through the services used for these purposes, such as”Google Analytics“or other third-party solutions. Rather, the”Google Tag Manager“just the integration and management of the tags required for analysis and tracking on our websites.
Since the”Google Tag Manager“provided by Google and when the page is accessed from whose servers are reloaded, the technical usage data required to access the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered. The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR. Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In principle, we have no influence on further data processing by the third-party provider. You can find more information about Google's handling of personal data at https://policies.google.com/privacy?hl=de.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework. Google LLC is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal. In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the service on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.
2.6. Google Analytics
We include the service on our websites”Google Analytics“The Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, United States, In the European Union (EU) and in the European Economic Area (EEA), the service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, offered.
Description of data processing and purpose
“Google Analytics” creates user profiles based on pseudonyms (recognition features from cookie and device ID and other data about the device used or the so-called browser fingerprint) and usage data (e.g. name and address of the website content requested by your browser, referral links, description of the web browser and operating system used and the IP address of the requesting terminal device). In the same way will
- demographic data (such as continent, country, region, city, age, gender and interests of users)
- data about your interactions with search engines or other websites,
- data about your interactions with our websites (sub-pages viewed, data at the time of the visit, button clicks, scroll depth, reading depth, as well as the use of filters, search functions, forms and other input and login options,
- Data about products and services you viewed on our websites, as well as data about your interactions with social media networks
In this way, Google is able to pseudonymously recognize website visitors and the devices they use, count them as such and assign them to specific demographic target groups, interest groups or customer segments. Visitors who have their own user account on Google platforms can be provided by google are also identified as visitors to our websites across devices. Data is collected and processed on our websites using cookies and JavaScript code, which is loaded when the page is accessed and executed in the browser of your device. With the help of this JavaScript code, cookies can then be stored on your device and various information can be read from your device and from cookies stored there. Details of the cookies and similar techniques used can be found above under “Data processing in connection with cookies and similar techniques” and about the information you provide via our consent management platform.”Consentmanager“be able to retrieve.
Created from processed information google Statistics summarized for us, from which we can see what users of our websites are interested in, how many users have interacted with our websites and in what way. We only receive summarized statistics (aggregated data) from which we, as users of Google advertising services, cannot draw any conclusions about individual persons.
We then use these findings to launch target-group-oriented online advertising measures and marketing campaigns in advertising networks, in particular in Google advertising services.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the services, the data collected via our websites is transmitted to the following recipients:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Google's handling of personal data at https://policies.google.com/privacy?hl=de.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Google LLC is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.7. Google advertising services and features: Google Ads, Google Ads Conversion Tracking, Google Marketing Platform (formerly Google DoubleClick), Google Adsense, Google Ads Remarketing
On our websites, we integrate Google advertising services and functions of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, United States, one.
In the European Union (EU) and in the European Economic Area (EEA), the services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, offered.
Description of data processing and purpose
We use Google marketing services and features such as Google Ads, that Google Ads conversion tracking, That Google Ads Retargeting And the Google marketing platformto be able to place and control target group-oriented advertisements for our products and services via Google's advertising network and to be able to measure how successful these ads are.
Data is collected and processed on our websites using cookies and JavaScript code, which is loaded when the page is accessed and executed in the browser of your device. With the help of this JavaScript code, cookies can then be stored on your device and various information can be read from your device and from cookies stored there. Details of the cookies and similar techniques used can be found above under “Data processing in connection with cookies and similar techniques” and about the information you provide via our consent management platform.”Consentmanager“be able to retrieve.
In this way, Google is able to recognize website visitors and the devices they use pseudonymously. Visitors who have their own user account on Google platforms can be provided by google are also identified as visitors to our websites across devices. If you click on an ad placed on our behalf via Google, the website or app of other providers will set cookies for conversion tracking. These are read out again when you visit our site. Data from the original website or app is processed to determine which search terms (keywords) you may have entered in a search engine, which advertisement or groups of advertisements you clicked on, and which of our online marketing campaigns the ad was assigned to. We then collect data on our websites about how you used our website and how you interacted with the website content, e.g. which sub-pages were accessed, which content was clicked on or retrieved, or which forms or dialogs you used. The conversion of an advertisement into a specific action taken by a website visitor on a website is known as a conversion. When using” at the same timeGoogle Analytics“With the data collected about this, we can evaluate your actions on our websites even more precisely. Created from processed information google for us as part of”Google Ads conversion tracking“in”Google Ads“and in the”Google marketing platform“Summarized statistics from which we can see how many users responded to our ads and how. We only receive summarized statistics (aggregated data) from which we, as users of Google advertising services, cannot draw any conclusions about individual persons.
Based on the statistics, we can optimize the effectiveness of our online advertising and control our advertising strategy via Google advertising services.
that Google Ads Remarketing It then enables us to display interest-based and target group-related advertisements when you continue to use the Internet or app based on websites and content that you have visited on our website, as well as on how you have used them and what actions (conversions) you have taken on our websites.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the services, the data collected via our websites is transmitted to the following recipients:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Google's handling of personal data at https://policies.google.com/privacy?hl=de.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes
There is no further storage of the data processed by the service and made available to us in our own systems.
2.8. Meta Pixel and other Meta Marketing Services and Features: Meta Conversion Tracking, Meta Custom Audiences, Meta Retargeting, Meta Ads Ad Manager
On our websites, we include the”Meta Pixel“The Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States, one.
In the European Union (EU) and in the European Economic Area (EEA), the service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, offered.
Description of data processing and purposeWe use that Meta Pixel and other meta marketing services and features such as Meta Custom Audiences, That meta conversion tracking, That Meta Retargeting and the Meta Ads ad managerto provide targeted advertisements for our products and services on Meta social media platforms facebook and instagram to be able to place and control and to be able to measure how successful these advertisements are. Data collection and processing on our website is carried out via the”Meta Pixel”. This is a JavaScript code that is loaded when the page is accessed and executed in the browser of your device. With the help of this JavaScript code, cookies can then be stored on your device and various information can be read from your device and from cookies stored there. In this way, we are able to pseudonymously recognize website visitors and the devices they use. Visitors who have their own user account on the Meta social media platforms can be provided by meta are also identified as visitors to our websites across devices. In addition, this enables us “Meta Pixel” Track and evaluate your interests based on the websites you visit and on the basis of your interactions with our websites.
To the information available about the”Meta Pixel“Read out include in particular
- Information that is contained in the so-called HTTP header when you access a website in the browser of your device, in particular usage data such as IP address, information about the web browser used, the location of the page, the files retrieved, the referral link, which indicates from which page you came to ours,
- characteristics of the device you use when you visit our websites,
- Cookies that may already exist in the browser of your device and have been set by Meta services, e.g. marketing cookies “_fbp” and “fr”,
- Button click data, i.e. data about which buttons on the websites were clicked on by visitors, the labels of these buttons and all pages that were visited as a result of button clicks, this includes, for example, clicking on buttons in web forms for product inquiries or demonstrations, downloading documents or booking appointments.
Created from this information meta for us as part of”Meta conversion tracking“in”Meta Ads ad manager“Statistics from which we can see how many users in which way on our Meta social media platforms responded to advertisements placed. The conversion of an advertisement into an action taken by the website visitor is known as a conversion. Based on these statistics, we can optimize the effectiveness of our advertising and manage our advertising strategy.
In addition, we use the”Meta Pixel“Information collected on our websites in order to”Meta Ads ad manager“So-called”Meta Custom Audiences“(user-defined target groups) and for this target group-oriented advertising on the Meta social media platform to switch. For example, we can place advertisements on the platforms for website visitors who had already been interested in our products, services or promotions within a certain period of time and had visited our websites. This type of targeted advertising is known as retargeting.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland,
. Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States.
In principle, we have no influence on further data processing by the third-party provider.
For more information on how the provider handles personal data, please visit https://de-de.facebook.com/privacy/policy/.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Die Meta Platforms, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.9. LinkedIn advertising services and features: LinkedIn Ads & Analytics, LinkedIn Conversion Tracking and Retargeting (Insight Tag), LinkedIn Ads & Analytics
On our websites, we integrate LinkedIn advertising services and features The LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA, one.
In the European Union (EU) and the European Economic Area (EEA),”LinkedIn conversion tracking“as a service from LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland, offered.
Description of data processing and purpose
If one of us tells you about linkedin If the ad is displayed on other websites or you click on them, these other websites save them on the basis of your consent given there”LinkedIn conversion tracking” Cookie with a pseudonym assigned to us on your device.
If you then visit our websites within the storage period of this cookie, this cookie and your usage data are processed using a pixel and JavaScript code (so-called”LinkedIn Insight Day”) read out on our websites. The following data is processed in the process:
- the name and address of the requested content,
- the date and time of the query,
- the description of the web browser and operating system used, including information on the language used,
- the referrer address, which indicates from which websites you came to our website, the IP address of the requesting computer,
- Your interactions with our websites (e.g. content and events clicked on, filling out forms, frequency of response).
- IP addresses of website visitors are determined by linkedin abbreviated so that a personal reference can no longer be established.
As far as website visitors are also members of linkedin , the user ID is also processed. Members' IP addresses are not truncated, but hashed for cross-device tracking. In addition to the user ID, demographic data, such as job title, company and branch of the member, are also processed.
In this way, you can linkedin find out that you were shown an advertisement placed by us or that you clicked on it and then visited our websites and, if applicable, how you subsequently used our websites.
The conversion of an advertisement into an action taken by the website visitor is known as a conversion. Created from this information”LinkedIn Ads & Analytics” For us, statistics from which we can see how many users have responded to our advertisements and how.
Based on these statistics, we can optimize the effectiveness of our advertising and manage our advertising strategy. In particular, it enables us LinkedIn Ads Based on this data, target groups for the”LinkedIn Retargeting” to create (target group-oriented advertising) and use it via linkedin address advertisements.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland,
- LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA.
In principle, we have no influence on further data processing by the third-party provider.
Further information on the handling of personal data by linkedin can be found at https://www.linkedin.com/legal/privacy-policy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.The LinkedIn Corporation is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to and stored by the above-mentioned recipients. IP addresses of website visitors are determined by linkedin abbreviated so that a personal reference can no longer be established. With LinkedIn members IP addresses are not truncated, but hashed to enable cross-device tracking. Members' direct IDs are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is then deleted within 90 days. There is no further storage of the data processed by the service and made available to us in our own systems.
2.10. Microsoft Advertising (Bing Ads)
Microsoft Advertising (Bing Ads)“The Microsoft Corporation, One Microsoft Way, Redmond WA 94043, United States, one.
In the European Union (EU) and in the European Economic Area (EEA), the service is operated by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, offered.
Description of data processing and purpose
We use the service on our websites to be able to measure how successful our Microsoft Advertising (Bing Ads) are placed advertisements. To do this, we track how website visitors deal with the advertisements and their subsequent use of our websites. It is tracking the conversion of an advertisement into an action taken by the website visitor (conversion tracking), with the aim of managing and optimizing our online marketing measures. If one of us tells you about”Microsoft Advertising (Bing Ads)“If the ad is displayed on other websites or you click on them, these other websites store a tracking cookie with a pseudonym assigned to us on your device based on your consent. If you then visit our websites within the storage period of this cookie, this cookie will be read. In addition, when you visit our websites, other pseudonymous cookies are stored on your device in order to track your page views and interactions with our websites. In this way, you can microsoft Find out for us that you were shown an advertisement placed by us, whether you clicked on it and then visited our websites, and how you may have subsequently used our websites. When using Microsoft Advertising (Bing Ads) In particular, the following types of data are collected and processed:
Website visit data
- IP address
- Timestamp
- Time zone
Data from the device used to access the website
- Hardware characteristics of the device
- Operating system information
- Information about the web browser used
- Language settings of the device
- Pseudonymous recognition feature of the terminal device
Ad displayed data
- Data about the website on which the ad was displayed
- The website visitor clicks on the ad
Data on the usage behavior of our websites
- web pages viewed
- Duration and number of visits
- mouse movements
- Click path
- Successful implementation of defined target action by the website visitor (conversion)
Created from this information microsoft For us, statistics from which we can see how many users have responded to our advertisements and how. Based on these statistics, we can optimize the effectiveness of our advertising campaigns and manage our advertising strategy.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
- Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.
In principle, we have no influence on further data processing by the third-party provider.
For more information on how the provider handles personal data, please visit https://privacy.microsoft.com/de-de/privacystatement.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Die Microsoft Corporation is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes.
There is no further storage of the data processed by the service and made available to us in our own systems.
2.11. Reddit ads and Reddit conversion tracking (pixels)
On our websites, we include the “visitor action pixel” (Reddit Conversion Tracking) of Reddit, Inc. 548 Market St. #16093, Scan Francisco, California 94104, United States, one.
In the European Union (EU) and in the European Economic Area (EEA), the services are provided by Reddit Netherlands B.V., Euro Business Center, Keizersgracht 62, 1015CS Amsterdam The Netherlands, offered.
Description of data processing and purpose
The services of the above-mentioned provider enable us to segment visitor groups, retarget and determine and optimize our conversion rate. By statistically evaluating user behavior, we want to improve our offer and make it more interesting for users. With your consent, Reddit Conversion Tracking stores and processes information about your user behavior on our websites and uses cookies for this purpose, which are stored locally on your device if you have reached our website via a Reddit ad. We use Reddit Conversion Tracking for marketing and optimization purposes, in particular to analyze the use of our website and to be able to improve individual functions and offers as well as the user experience.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Reddit Netherlands B.V., Euro Business Center, Keizersgracht 62, 1015CS Amsterdam The Netherlands,
- Reddit, Inc. 548 Market St. #16093, Scan Francisco, Calfiornia 94104, United States.In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Reddit's handling of personal data at https://www.reddit.com/de-de/policies/privacy-policy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Reddit, Inc. is not certified under the EU-U.S. Data Privacy Framework. If your data is transferred to third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal. In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes.
There is no further storage of the data processed by the service and made available to us in our own systems.
2.12. TikTok Pixel
On our websites, we include TikTok pixels that Beijing Bytedance Technology Ltd., 48 Zhichun Lu Jia, Haidian Qu, Beijing, China, one.
In the European Union (EU) and in the European Economic Area (EEA), the services are provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland offered.
Description of data processing and purpose
The services provided by the above provider enable us to track your interactions through our ads on TikTok and your subsequent interactions on our website.
With the help of the TikTok pixel, TikTok is on the one hand able to identify you as a visitor to our online offering as a target group for displaying ads (so-called “TikTok ads”). Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to TikTok users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in specific topics or products, which are determined on the basis of the websites visited), which we transmit to TikTok (so-called “custom audiences”). With the help of the TikTok pixel, we also want to ensure that our TikTok ads match users' potential interest.
With the help of the TikTok pixel, we can further understand the effectiveness of TikTok ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a TikTok ad (so-called “conversion”). Personal data such as the IP address and other information such as device ID, device type and operating system can also be transferred to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account. TikTok uses this data to display targeted and personalized advertising to its users and to create interest-based user profiles. Data is collected and processed on our websites using cookies and JavaScript code, which is loaded when the page is accessed and executed in the browser of your device. With the help of this JavaScript code, cookies can then be stored on your device and various information can be read from your device and from cookies stored there. Details of the cookies and similar techniques used can be found above under “Data processing in connection with cookies and similar techniques” and about the information you provide via our consent management platform.”Consentmanager“be able to retrieve.
From the processed information, TikTok creates summarized statistics for us, from which we can see what users of our websites are interested in, how many users have interacted with our websites and in what way. TikTok only provides us with summarized statistics (aggregated data) from which we, as users of Google advertising services, cannot draw any conclusions about individual persons.
We then use these findings to launch target group-oriented advertising measures and marketing campaigns via TikTok.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent in accordance with Article 6 (1) (a) GDPR, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
- Beijing Bytedance Technology Ltd., 48 Zhichun Lu Jia, Haidian Qu, Beijing, China
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Google's handling of personal data at https://www.tiktok.com/legal/page/eea/privacy-policy/de.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in China.
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes.
There is no further storage of the data processed by the service and made available to us in our own systems.
2.13. Adition
On our websites, we include the advertising service Adition of Virtual Minds GmbH, Ellen-Gottlieb-Strasse 16, 79106 Freiburg im Breisgau, Germany, one.
Description of data processing and purpose
Adition enables us to integrate target group-specific display advertising. To do this, Adition stores a third-party cookie in your browser or uses similar technologies (SDKs, pixels, etc.) to recognize your device when you visit other digital content, which also includes Adition. In this way, we can display target group-specific or user-oriented advertising to you.
In doing so, the service processes, in particular, the following data:
- Information about your Internet connection: The service provider collects information about which provider you use, how fast your connection is, or how high the latency is.
- Information about your browser: The service provider collects information about which browser you use, its version, the language set in the browser, and information about how your browser handles cookies.
- Information about your device: The service provider collects information about the operating system used, language settings, the brand of your device, device identification numbers, advertising identifiers from mobile operating system manufacturers (IDFA or AAID) and the device's IP address.
- Information about the website/app that you visit: The content of the website/app, type and type of website, domain of the website or name of the app, technical information about the website including referrer URL (i.e. the URL of the website from which you were referred to a website) and the date and time of access.
- Information about your behavior on websites: This includes information about the content you've viewed, how long you've viewed it, and which apps you've used.
- Information about advertising media: The service provider collects information about which advertising media you have been shown, whether you clicked on them or visited the advertiser's website or downloaded their app.
- Information about your decisions: The service provider collects information about whether you have been informed of processing operations or whether you have agreed to them. In addition, whether you have objected partially or completely to the processing and/or whether you would like your cookie not to be used in the future.
- Location information: If you view digital content or advertising on a mobile device, the service provider can collect your exact location if you have activated the corresponding feature on your mobile phone. Regardless of whether you use a mobile device or a stationary device, the service provider can find out your approximate location or postal code district.
We use Adition for marketing purposes, in particular to conduct our display advertising.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Virtual Minds GmbH, Ellen-Gottlieb-Strasse 16, 79106 Freiburg im Breisgau, Germany.
In principle, we have no influence on further data processing by the third-party provider.
Further information on the handling of personal data by Virtual Minds GmbH can be found at https://www.Adition .com/privacy-platform/.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.14. Taboola
On our websites, we include services for conversion measurements of Taboola, Inc., 16 Madison Square West, 7th floor, New York, NY 10010, United States, one.
In the European Union (EU) and in the European Economic Area (EEA), the services are provided by Taboola Europe Limited, Aldgate House, 2nd Floor, 33 Aldgate High Street, London EC3N 1DL, UK offered.
Description of data processing and purpose
Taboola enables us to optimize advertising campaigns and place targeted advertisements and is used by us to measure conversion. For this purpose, the service provider collects user information using cookies and other technologies.
In particular, the following data may be collected and processed by the service provider:
- Information about the device
- information about the browser used,
- IP address,
- information about the pages viewed,
- referrer URL
- user agent,
- language
- date and time of the call and time zone
- Information about events (e.g. system crashes)
- information on visitor behavior,
- general location information (e.g. city and country).
We use Taboola for marketing purposes, in particular to optimize our advertising campaigns and to be able to place targeted advertisements.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Taboola, Inc., 16 Madison Square West, 7th floor, New York, NY 10010, United States,
- Taboola Europe Limited, Aldgate House, 2nd Floor, 33 Aldgate High Street, London EC3N 1DL, UK
In principle, we have no influence on further data processing by the third-party provider.
For more information on how Taboola handles personal data, please visit https://www.taboola.com/de/policies/datenschutzerklaerung.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework. Taboola, Inc. is not certified under the EU-U.S. Data Privacy Framework. There is therefore no adequacy decision for the transfer to a third country. If your data is transferred to third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transmitting your data to the third country, standard data protection clauses of the European Commission have been concluded with the service provider in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.15. Elfsight
We include Elfsight's Google Reviews Widget on our websites. Elfsight is offered by SP Iusupov A.A., 0015, Yerevan, Paronyana str., 19/3, 201, Armenia.
Description of data processing and purpose
Elfsight Google Reviews allows us to obtain Google reviews about our services directly from Google and display them on our website. The integrated widget from the provider named above accesses information on your device. The processed data includes your IP address, your operating system and the type of browser you use. We use Elfsight for marketing purposes to inform visitors to our website about the evaluation of our services on Google.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- SP Iusupov A.A., 0015, Yerevan, Paronyana str., 19/3, 201, Armenia
In principle, we have no influence on further data processing by the third-party provider.
For more information about Elfsight's handling of personal data, please visit https://elfsight.com/privacy-policy/
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in Armenia.
There is no adequacy decision by the EU Commission for data transfers to Armenia in accordance with Article 45 (1) GDPR. If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.16. Mixpanel
On our websites, we integrate Mixpanel, an analysis tool from Mixpanel, Inc., One Front Street, Floor 28, San Francisco, CA 94111, United States, one.
Description of data processing and purpose
Mixpanel allows us to collect data about how you use our website. For this purpose, Mixpanel stores a permanent cookie on your device, which logs your usage. The data collected is analyzed by the above-mentioned provider and transmitted to us. This allows us to gain insights into the use of our services in order to optimize them. In particular, the following data is processed by the above-mentioned provider as part of the analysis:
- Location data (city, region, country, time zone)
- Browser type and browser version
- The URL visited and the referrer URL
- UTM parameters
- User interactions with our websites, software, and apps
The collected data is used to create custom reports and to measure user engagement. We use Mixpanel for marketing purposes.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Mixpanel, Inc., One Front Street, Floor 28, San Francisco, CA 94111, USA.
In principle, we have no influence on further data processing by the third-party provider.
Further information on the handling of personal data by the provider can be found at https://mixpanel.com/legal/privacy-policy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Mixpanel, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. The data processed by the service and made available to us will be stored for as long as is necessary to achieve the stated purposes.
2.17. HubSpot prospect data and marketing platform
We include the service on our websites”HubSpot“The HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, United States of America, one.
In the European Union (EU) and in the European Economic Area (EEA), the service of HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland, offered.
Description of data processing and purpose
The platform enables us
- the management of prospective and customer data,
- managing the booking of appointments and events via forms and calendar integrations,
- answering your inquiries via our chat function,
- documenting conversation processes as part of our customer communication
- creating and providing a knowledge database with answers to frequently asked questions,
- the analysis and evaluation of interactions with our websites,
- the creation, analysis and evaluation of interactions with our social media profiles as well as to contact and process communication via social media,
- the implementation and analysis of email marketing campaigns,
- the implementation, analysis and evaluation of satisfaction surveys as well as the preparation, enrichment and evaluation of profiles of potential interested parties,
with the aim of managing our customers and prospects, communicating with them efficiently, attracting new prospects for our products and services, targeting acquired prospects and existing customers for advertising purposes and being able to optimize our marketing strategy, in particular in online and e-mail marketing, through evaluations and analyses.
Cookies and similar technologies, in particular JavaScript, are also used to store and read data on your device. Details of the cookies and similar techniques used can be found above under “Access to and storage of information in terminal devices” and “Cookies and similar technologies” as well as in our cookie policy, which you can access via our consent management platform.”Consentmanager“can call. Some content from HubSpot is integrated via the usemessages.com domain.
We use “HubSpot” to manage prospect and customer data.
For this purpose, we process personal data provided by you via forms and the chat on our websites (title, first name, last name, contact details such as e-mail address and telephone number and, if applicable, data about your company), information about which of our products you are interested in and other information that you provide to us voluntarily. In addition, we also use the platform to manage our customer contacts, including the aforementioned data of our customer contacts.
We use “HubSpot” to manage the booking of appointments and events via forms and calendar integrations.
In doing so, we process personal data that you provide to us as part of booking an appointment or event (e.g. title, first name, last name, e-mail address, contact details, if applicable data about your company and information about the desired date or event). We use this data to manage your bookings, coordinate appointments and plan events. HubSpot also allows us to send you reminders and relevant information about your bookings. In this way, we ensure that your appointment and event bookings are processed smoothly and efficiently.
We use “HubSpot” to communicate with you on our website via our chat function and to answer your inquiries.
As part of answering your request, we process personal data provided by you (title, first name, last name, contact details such as email address and telephone number and, if applicable, data about your company), information about which of our products you are interested in and other information that you provide to us voluntarily.
We use “HubSpot” to document conversation processes
In doing so, we process personal data that you provide to us as part of our communication (e.g. title, first name, last name, email address, contact details and the content of the calls made). This data is used to document, track and analyze conversation processes. This allows us to improve the quality of our communication, ensure that no important information is lost, and optimize our customer service. The recorded conversation processes help us to better respond to your needs and concerns and to ensure consistent and personalized support.
We use “HubSpot” to create and provide a knowledge base with answers to frequently asked questions
In doing so, we process personal data that you provide to us as part of using the knowledge database (e.g. information about your inquiries and the content accessed). We use this data to provide you with tailored and relevant answers, to analyse and improve the use of our knowledge database. This ensures that you have quick and efficient access to the information you need. The knowledge database helps us proactively answer recurring questions and optimize our customer service.
We use “HubSpot” to analyze and evaluate website visits.
We monitor and analyze the behavior of website visitors and their use of our websites. In this way, we are able to pseudonymously recognize returning visitors and count them as such. We process data on how a visitor arrived at our websites (e.g. via web search, direct page view, social media profiles, referrals from other websites and possibly via marketing emails or other advertising campaigns), how many visits took place, how long a stay lasted and how many individual pages were retrieved.
In addition, we also process other data about your interactions and behavior on our website (e.g. filling out forms, using our chat, downloading documents, playing media, etc.). We use this data to compile statistics to improve the attractiveness of our website, to optimize the effectiveness of our marketing measures and to manage our advertising strategy.
We use HubSpot to analyze and evaluate interactions with our social media profiles as well as to contact and communicate via the social media platform
We publish contributions and, if applicable, newsletters on our social media sites, such as LinkedIn, via HubSpot and analyze visitors' interactions (e.g. sharing or liking of posts, interaction of users with newsletters, for example to what extent the content was interacted with, in particular which links were clicked on and to what extent the newsletter was read or browsed over). We use this data to compile statistics to improve the attractiveness of our social media profiles, to optimize the effectiveness of our marketing measures and to manage our advertising strategy.
We also use “HubSpot” to prepare and carry out email marketing and, if necessary, for email tracking.
If you give us separate consent on our website, we will also use your email address to contact you via marketing emails and to be able to inform you about our products and services, current events, promotions and events as well as offers through direct marketing. If you also give us separate consent, you allow us to process data about whether you have received our marketing emails and you have opened them, which email client software you use, to what extent you have interacted with the content, in particular which links you have clicked on and to what extent you have read or browsed through our emails. We use this data to compile statistics to improve the attractiveness of our marketing emails, to optimize the effectiveness of our marketing measures and to manage our advertising strategy.
After your e-mail address has been submitted via a form or via the chat on our website, you will receive an email from us with a link in which we ask you to confirm your e-mail address and thus sign up to receive promotional emails. In this way, we want to ensure that only authorized persons sign up to receive our promotional emails.
We use “HubSpot” to conduct, analyze and evaluate satisfaction surveys
In doing so, we process personal data that you provide to us as part of the survey (e.g. title, first name, last name, email address, contact details, possibly data about your company and your answers to the survey questions). The data collected is used to measure customer satisfaction, to continuously improve our services and products, and to optimize our marketing measures. By analyzing the survey results, we can take targeted measures to increase customer satisfaction and better tailor our offerings to the needs of our customers.
We use “HubSpot” to create, enrich and evaluate interested party profiles
We combine the data processed using the platform in a personalized profile, where appropriate, enrich it with data from other sources, evaluate it in the profile using score values and carry out analyses to conclude which of our products and services, current events, promotions and events as well as offers you are interested in, which customer segment you can be assigned to and with what probability your interest in our products and services in concluding a contract would lead. For this purpose, we process the following data:
- about you (title, first name, last name, contact details such as e-mail address and telephone number and, if applicable, data about your company),
- about your use, interactions and behavior on our website (e.g. page views, filling out forms, using our chat, downloading documents, playing media, etc.),
- for your use of our marketing emails (receipt and opening, email client software used, click data, reading rate),
- about your interactions with our social media profiles.
In this way, we optimize our marketing measures and manage our advertising strategy so that we can address you as effectively as possible.
Legal basis for data processing
The legal basis for using the platform to manage prospect and customer data, to process and document our customer communication, to process bookings for appointments and events and to create and provide our knowledge database is Art. 6 (1) (f) GDPR. Our legitimate interest lies in effectively managing the data of potential prospects and customers and also using it for further data processing made possible by the platform.
If you are directly our contractual partner, we process your data as part of managing the booking of appointments and events and processing and documenting our customer communication, also on the basis of Art. 6 (1) (b) GDPR to fulfill our contract. The legal basis for integrating and using the platform on our websites to analyze and evaluate interactions with the website is your consent, provided that you do so via our consent management platform”Consentmanager“The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR. Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.The legal basis for analyzing and evaluating interactions with our social media presences is your consent in accordance with Art. 6 (1) (a) GDPR insofar as you have submitted this via the social media provider. Your consent is voluntary and can be freely withdrawn at any time with effect for the future. You can find out how to exercise your revocation in the privacy policy of the respective social media provider. In addition, you can exercise your right of objection with regard to the data processed exclusively by us by contacting the contact details provided above. The legal basis for contacting and processing communication via social media is your consent in accordance with Article 6 (1) (a) GDPR insofar as you have provided this via the social media provider. The legal basis for processing inquiries via our social media presence is Art. 6 (1) (f) GDPR and Art. 6 (1) (a) GDPR insofar as you provide us with information voluntarily in correspondence. Our legitimate interest is to be able to effectively answer your request via the social media channel. Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal with regard to the processing of data provided voluntarily in correspondence, please contact the contact details mentioned above. The legal basis for processing your data in the context of carrying out e-mail marketing and email tracking and the creation and evaluation of interested party profiles is also your consent, which, however, is obtained separately, e.g. as part of forms.Legal basis for processing your data for carrying out, analyzing and evaluating satisfaction surveys is Art. 6 (1) (f) GDPR. Our legitimate interest is to learn more about the use of our products and services by our customers and their satisfaction so that we can use these findings to further develop our products and services in line with customer needs. Cookies and similar technologies are also used here on the basis of Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR. Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your objection with regard to data processing in the context of email marketing and email tracking, please use the unsubscribe link in our marketing emails or please contact the contact details mentioned above. The legal basis for processing your data in the context of carrying out e-mail marketing and email tracking and the creation, enrichment and evaluation of interested party profiles is also your consent, which is obtained separately, e.g. as part of forms.A use of Cookies and similar Here too, technologies are based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR. Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your objection regarding the implementation of email marketing and email tracking as well as the creation, enrichment and evaluation of interested party profiles, please contact the contact details above.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland, +
- HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.
Further information on the handling of personal data by the service provider can be found at https://legal.hubspot.com/de/privacy-policy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework. Die HubSpot Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to file an appeal. To ensure an adequate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
Unless otherwise stated, we store your data to the extent necessary for as long as this is necessary to achieve the above purposes. We will then delete your data unless data processing, possibly also in other systems, is still permitted to achieve other purposes on the basis of another legal basis or is mandatory for us (e.g. in the event of legal storage or documentation obligations).
2.18. New Relic (in conjunction with Hubspot)
We integrate the service on our websites New Relic The New Relic Inc. 188 Spear Street, Suite 1000, San Francisco, California 94105, United States of America, one. The integration is carried out via the HubSpot services.
Description of data processing and purpose
New Relic allows us to identify and fix technical errors when integrating HubSpot on our website and associated infrastructure. In this context, log files and error reports may be created, which may also contain personal data.
Depending on the circumstances and type of technical error, in principle, all personal data collected when you use our website may be processed in this context. In particular, this includes
- technical information such as IP address and MAC address (device ID of your device in the network),
- information about your web browser (language, version, etc.)
- information about how you use our website (time of use, duration of activity, website from which you accessed our website, resource accessed on our website, etc.) and
- any other data that you actively provide when you visit the site (e.g. first and last name, email address).
Legal basis of data processing
Insofar as we use cookies and similar technologies as part of the integration of the service or insofar as data is stored on your device or read from there, this is done in accordance with Section 25 (2) TDDDG. Subsequent data processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest lies in being able to ensure the error-free functioning of our website.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- New Relic Inc., 188 Spear Street, Suite 1000, San Francisco, California 94105, United States of America.
In principle, we have no influence on further data processing by the third-party provider.
Further information on the handling of personal data by the provider can be found at https://newrelic.com/termsandconditions/privacy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Die New Relic Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.19. Optibase
On our websites, we integrate Optibase for A/B testing and split testing. The service provider is WOICE, razvoj digitalnih produktov, svetovanje and prodaja, d.o.o., ulica Škofa Maksimilijana Držečnika 6, 2000 Maribor, Slovenia, one.
Description of data processing and purpose
Optibase allows us to test different versions of our website to improve the user experience of our visitors. For this purpose, users are directed to a randomly selected version of our website when they visit our website. The various variants of our website may differ either smaller design elements or functions (A/B testing) or the overall structure of the website (split testing). Visitor interactions with our website are then evaluated to determine which variant performs better.
In order to be able to evaluate the performance of our website as part of A/B testing or split testing, anonymized data from you is transmitted to and processed by the above-mentioned service provider. The data collected includes in particular:
- browser type and browser version,
- screen resolution,
- operating system,
- Location data (country, city)
- referrer URL,
- IP address,
- timestamp,
- Conversion events.
We use Optibase.io for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- WOICE, razvoj digitalnih produktov, svetovanje and prodaja, d.o.o., ulica Škofa Maksimilijana Držečnika 6, 2000 Maribor, Slovenia.
In principle, we have no influence on further data processing by the third-party provider.
Further information on the handling of personal data by the provider can be found at following link.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.20. Hotjar
Our website uses the Hotjar web analysis service from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (“Hotjar”).
Description of data processing and purpose
Hotjar technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, etc.). This helps us to tailor our offer to feedback from our users. Hotjar works with cookies and other technologies to collect data about the behavior of our users and about their devices, in particular the IP address of the device (only collected and stored in anonymized form during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. When using this tool, we pay particular attention to protecting your personal data. In this way, we can only understand which buttons are clicked, how far the mouse is scrolled, the screen size of the device, device type and browser information, geographical location (country only) and the preferred language to display our website. Areas of the websites on which personal data about you or third parties is displayed are automatically hidden by Hotjar and are therefore not comprehensible at any time.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered. The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR. Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe.
Storage period
By integrating the services, data is transmitted to the above-mentioned recipients and stored there for a maximum period of 365 days. There is no further storage of the data processed by the service and made available to us in our own systems.
2.21. Survicate
On our website and app, we integrate survey tools from Survicate S.A., Zamiany 8 LU2 Street, 02 — 786 Warsaw, Poland one.
Description of data processing and purpose
Survicate enables us to create and evaluate visitor surveys on the website and in the app. The information you provide as part of the survey is usually anonymized and forwarded to the above-mentioned service provider.
We use Survicate for optimization purposes, in particular to tailor and improve our offering based on customer feedback.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Survicate S.A., Zamiany 8 LU2 Street, 02 — 786 Warsaw, Poland.
In principle, we have no influence on further data processing by the third-party provider.
Further information on the handling of personal data by the provider can be found at https://assets.survicate.com/docs/Privacy-Policy.pdf.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.22. Google Fonts
On our websites, we include web fonts Google Fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, United States, one.
In the European Union (EU) and in the European Economic Area (EEA), the services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, offered.
Description of data processing and purpose
Google Fonts allows us to use web fonts. For this purpose, when you access our website, the required Google fonts are loaded from your web browser into your browser cache. This is necessary so that your browser can also display a visually improved presentation of our texts. If your browser does not support this feature, a standard font is used by your computer to display it. Da Google Fonts provided by Google and when the page is retrieved from whose servers are reloaded, the technical usage data required to access the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.
We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered. The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Google's handling of personal data at https://policies.google.com/privacy?hl=de.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Google LLC is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the service on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. ”
2.23. YouTube and YouTube images
On our websites, we integrate videos via YouTube on a social media platform of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, United States, one.
In the European Union (EU) and in the European Economic Area (EEA), the service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, offered.
Description of data processing and purpose
Since embedded videos when pages are accessed from the social media platform servers”youtube“When reloaded, the technical usage data required to access the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.
We have integrated the service on our websites in “no cookie mode” in order to prevent the setting and reading of cookies to collect information about user behavior, link to user profiles, create video statistics, improve usability and prevent abusive actions by the provider. However, in order to prevent such cookies from being set and read out, a cookie itself is stored in the memory of your device in “No Cookie Mode”.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the services, the data collected via our websites is transmitted to the following recipients:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Google's handling of personal data at https://policies.google.com/privacy?hl=de.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Google LLC is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.24. Vimeo
On our websites, we include videos via Vimeo, a video platform from Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, United States.
Description of data processing and purpose
Vimeo allows us to integrate videos on our websites. Since embedded videos are reloaded from the servers of the “Vimeo” video platform when the page is accessed, the usage data technically required to access the page is also transmitted. In this respect, Vimeo.com, Inc. also receives your IP address, which is technically required to retrieve the content. If necessary, cookies and similar technologies may be used as part of the integration of the service, or the service may store data on your device or read from there.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or the “Privacy Settings” link at the bottom left of the website to call up “consentmanager” again and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, United States.
In principle, we have no influence on further data processing by the third-party provider.
For more information on how Vimeo handles personal data, please visit https://vimeo.com/privacy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Vimeo.com, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.25. jsDelivr (in conjunction with Vimeo)
On our websites, we integrate the Content Delivery Network (CDN) jsDelivr of Volentino JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet EN4 9EB, England, one.
Description of data processing and purpose
jsDelivr enables us to integrate videos on our website via Vimeo in a data-saving way. For this purpose, only the cover photo of the video and the play button are initially loaded via the Content Delivery Network. The actual video file is then only retrieved when the play button is pressed. This reduces loading times to give you a smoother or data-efficient presentation of our website. A content delivery network (CDN) is a network of servers that are spread across different locations. When retrieved by you, the next server is selected in order to provide you with the data as quickly as possible. When the service is integrated, a connection is established to the service provider's servers. In particular, the following data can be processed:
- time and date of the call (timestamp),
- IP address,
- browser type and browser version,
- referrer URL,
- Unique device ID and other diagnostic data.
We use jsDelivr for optimization purposes, in particular to improve the performance of our website and make our website available to you smoothly and quickly.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or the “Privacy Settings” link at the bottom left of the website to call up “consentmanager” again and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Volentino JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet EN4 9EB, England.
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about how jsDelivr handles personal data at https://www.jsdelivr.com/terms/privacy-policy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the United Kingdom.
For data transfers to the UK, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. There is no further storage of the data processed by the service and made available to us in our own systems.
2.26. RevenueHero
Auf unseren Webseiten binden wir den Dienst „RevenueHero“ der RevenueHero Inc, 2093 Philadelphia Pike #8778 Claymont, DE 19703, USA ein.
Beschreibung der Datenverarbeitung und des Zwecks
Die Plattform ermöglicht uns die Verwaltung der Buchung von Terminen von Produktvorstellungen für Interessenten über Formulare und Kalenderintegrationen. Hierbei werden Cookies gesetzt und wir verarbeiten personenbezogene Daten, die Sie uns im Rahmen der Termin- oder Veranstaltungsbuchung zur Verfügung stellen (z.B. Anrede, Vorname, Nachname, E-Mail-Adresse, Kontaktdaten, gegebenenfalls Daten zu Ihrem Unternehmen sowie Informationen zur gewünschten Terminzeit oder Veranstaltung). Diese Daten verwenden wir, um Sie den richtigen Ansprechpartnern zuzuordnen und Termine zu koordinieren. Darüber hinaus ermöglicht uns RevenueHero, Ihnen Erinnerungen und relevante Informationen zu Ihren Buchungen zukommen zu lassen. Auf diese Weise stellen wir sicher, dass Ihre Terminbuchungen reibungslos und effizient abgewickelt werden.
Rechtsgrundlage der Datenverarbeitung
Rechtsgrundlage der Nutzung des Dienstes zur Abwicklung von Buchungen für Termine ist Art. 6 Abs. 1 S. 1 lit. f DSGVO. Unser berechtigtes Interesse liegt darin, die Verwaltung der Daten potenzieller Interessenten und Kunden effektiv zu gestalten.
Empfänger
Im Rahmen der Nutzung des Dienstes werden die über unsere Webseiten erhobenen Daten an nachfolgende Empfänger übermittelt:
RevenueHero Inc, 2093 Philadephia Pike #8778 Claymont, DE 19703, USA
Auf eine weitere Datenverarbeitung durch den Drittanbieter haben wir grundsätzlich keinen Einfluss. Weitere Informationen zum Umgang mit personenbezogenen Daten durch den Anbieter finden Sie unter https://www.revenuehero.io/privacy-policy.
Datenverarbeitung in Drittstaaten
Die Verarbeitung Ihrer Daten kann beim Einsatz des Dienstes auch in Staaten außerhalb der Europäischen Union (EU) und des Europäischen Wirtschaftsraums (EWR) in Drittstaaten, insbesondere in den USA, erfolgen.
Speicherdauer
Durch die Einbindung der Dienste auf unseren Webseiten werden Daten an die oben genannten Empfänger übermittelt und dort so lange gespeichert, wie dies für die Erreichung der genannten Zwecke erforderlich ist. Eine darüberhinausgehende Speicherung der vom Dienst verarbeiteten und uns zur Verfügung gestellten Daten findet so lange statt, wie dies für die Erreichung der genannten Zwecke erforderlich ist.
3rd Data protection information for customers and other contract or business partners as well as interested parties
3.1. Establishment, execution, fulfillment of contracts and the implementation of pre-contractual measures
Description of data processing and purpose
We process your personal data insofar as this is necessary to establish, execute and fulfill a contract and to carry out pre-contractual measures. We only process data that is related to the establishment of the contract or the pre-contractual measures. This may include general data about you or people in your company (name, address, contact details, etc.) as well as any other data that you provide to us as part of the establishment of the contract.
Legal basis of data processing
Insofar as personal data is necessary to initiate or carry out a contractual relationship or as part of the implementation of pre-contractual measures, processing is lawful in accordance with Article 6 (1) (1) (b) GDPR.
sources
We process personal data that we receive from you as part of contacting us, establishing a contractual relationship or as part of pre-contractual measures, or that you provide via our [sources].
transceivers
Within our company, we only share your personal data with areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.
We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out in Section 3 of this Data Protection Information Sheet.
Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that personal data is processed in accordance with the provisions of the GDPR. In this case, the categories of recipients are providers of Internet service providers and providers of customer management systems and software.
Data will otherwise only be transferred and/or processed to recipients outside the company insofar as legal provisions permit or require the transfer of data for processing and thus to fulfill the contract or, at your request, to carry out pre-contractual measures, we have your consent or we are authorized to provide information. Under these conditions, recipients of personal data may include:
- External tax advisor
- Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax authorities) if there is a legal or official obligation,
- Recipients to whom transfer is immediately necessary to establish or fulfill the contract, such as company owners (cf. general terms and conditions),
- Other data recipients, insofar as you have given us your consent to transfer data.
Datenverarbeitung in Drittstaaten
Die Verarbeitung Ihrer Daten kann beim Einsatz des Dienstes auch in Staaten außerhalb der Europäischen Union (EU) und des Europäischen Wirtschaftsraums (EWR) in Drittstaaten, insbesondere in den USA, erfolgen.
Für Datenübermittlungen in die USA besteht ein Angemessenheitsbeschluss der EU-Kommission gem. Art. 45 Abs. 1 DSGVO in Bezug auf Unternehmen mit einer Zertifizierung nach dem EU-U.S. Data Privacy Framework.
Die Empfänger sind nach dem EU-U.S. Data Privacy Framework zertifiziert und verpflichten sich demnach auf die Einhaltung angemessener Datenschutzstandards, was unter folgendem Link mit eingesehen werden kann: Participant Search (dataprivacyframework.gov).
Bei einer Übermittlung Ihrer Daten in andere Drittstaaten, für die kein Angemessenheitsbeschluss existiert, besteht das Risiko, dass dortige Behörden auf Ihre Daten zu Sicherheits- und Überwachungszwecken zugreifen, ohne dass Sie hierüber informiert werden oder Rechtsmittel einlegen können.
Zur Absicherung eines angemessenen Datenschutzniveaus bei der Übermittlung Ihrer Daten in den Drittstaat werden Standarddatenschutzklauseln der Europäischen Kommission gemäß Art. 46 Abs. 2 lit. c DSGVO abgeschlossen. Sie verpflichten den Empfänger der Daten, diese entsprechend dem europäischen Schutzniveau zu verarbeiten. Soweit die Standartdatenschutzklauseln nicht ausreichen, um das Schutzniveau zu gewährleisten, werden zusätzliche technische, vertragliche bzw. organisatorische Maßnahmen zur Absicherung der Datenübermittlung ergriffen. Außerdem wird regelmäßig überprüft und bewertet, ob diese zusätzlichen Maßnahmen weiterhin ein hinreichendes Datenschutzniveau gewährleisten oder ob gegebenenfalls weitere ergänzende Maßnahmen ergriffen werden müssen.
Speicherdauer
Soweit erforderlich verarbeiten und speichern wir Ihre personenbezogenen Daten für die Dauer unserer Geschäftsbeziehung bzw. zur Erfüllung vertraglicher Zwecke. Dies umfasst u.a. auch die Anbahnung und die Abwicklung eines Vertrages.
Darüber hinaus unterliegen wir verschiedenen Aufbewahrungs- und Dokumentationspflichten, die sich unter anderem aus dem Handelsgesetzbuch (HGB) und der Abgabenordnung (AO) ergeben. Die dort vorgeschriebenen Fristen zur Aufbewahrung bzw. Dokumentation betragen zwei bis zehn Jahre.
Schließlich richtet sich die Speicherdauer auch nach den gesetzlichen Verjährungsfristen, die z. B. nach den §§ 195 ff. des Bürgerlichen Gesetzbuches (BGB) in der Regel drei Jahre, in gewissen Fällen aber auch bis zu dreißig Jahre betragen können.
Erforderlichkeit der Bereitstellung personenbezogener Daten
Die Bereitstellung personenbezogener Daten für die Entscheidung über einen Vertragsabschluss, die Vertragserfüllung oder zur Durchführung vorvertraglicher Maßnahmen erfolgt freiwillig. Wir können eine Entscheidung im Rahmen vertraglicher Maßnahmen jedoch nur treffen, sofern Sie solche personenbezogenen Daten angeben, die für den Vertragsschluss, die Vertragserfüllung bzw. vorvertragliche Maßnahmen erforderlich sind.
3.2. Datenverarbeitung zu Werbezwecken
Wir verarbeiten Ihre personenbezogenen Daten, um mit Ihnen postalisch, telefonisch und per E-Mail zum Zweck der Direktwerbung in Kontakt zu treten sowie um Interessentendaten auszuwerten, Marktforschung zu betreiben und Kundenzufriedenheitsumfragen durchzuführen.
3.2.1. Email advertising to business customers
Beschreibung der Datenverarbeitung und des Zwecks
Wir verarbeiten Ihre personenbezogenen Daten (Anrede, Vorname, Nachname, dienstliche Adresse und Telefonnummer) zum Zweck und in unserem berechtigten Interesse, Sie oder Ihr Unternehmen personalisiert per Post oder Telefon werblich anzusprechen und über unsere Produkte, Waren, Dienstleistungen und Angebote zu informieren.
Rechtsgrundlage der Datenverarbeitung
Rechtsgrundlage dieser Verarbeitung ist Art. 6 Abs. 1 S. 1 lit. f DSGVO. Da wir zur Erreichung des Zwecks ausschließlich solche personenbezogenen Daten verarbeiten, die im Zusammenhang mit Ihrer dienstlichen Tätigkeit stehen, sind überwiegende Interessen Ihrerseits, die unserem Interesse an der Datenverarbeitung entgegenstehen, nicht ersichtlich. Sie können der Datenverarbeitung jederzeit mit Wirkung für die Zukunft widersprechen. Um Ihr Widerspruchsrecht auszuüben, nutzen Sie bitte die oben genannten Kontaktdaten.
Empfänger
Im Rahmen der Datenverarbeitung werden Ihre Daten an nachfolgende Empfänger übermittelt:
- HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Irland, HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.
- Aircall SAS, 11-15 rue Saint-Georges, 75009 Paris, France.
Datenverarbeitung in Drittstaaten
Die Verarbeitung Ihrer Daten kann beim Einsatz des Dienstes auch in Staaten außerhalb der Europäischen Union (EU) und des Europäischen Wirtschaftsraums (EWR) in Drittstaaten, insbesondere in den USA, erfolgen.
Für Datenübermittlungen in die USA besteht ein Angemessenheitsbeschluss der EU-Kommission gem. Art. 45 Abs. 1 DSGVO in Bezug auf Unternehmen mit einer Zertifizierung nach dem EU-U.S. Data Privacy Framework.
Die oben genannten Empfänger sind nach dem EU-U.S. Data Privacy Framework zertifiziert und verpflichten sich demnach auf die Einhaltung angemessener Datenschutzstandards, was unter folgendem Link mit eingesehen werden kann: Participant Search (dataprivacyframework.gov).
Bei einer Übermittlung Ihrer Daten in andere Drittstaaten, für die kein Angemessenheitsbeschluss existiert, besteht das Risiko, dass dortige Behörden auf Ihre Daten zu Sicherheits- und Überwachungszwecken zugreifen, ohne dass Sie hierüber informiert werden oder Rechtsmittel einlegen können.
Zur Absicherung eines angemessenen Datenschutzniveaus bei der Übermittlung Ihrer Daten in den Drittstaat werden Standarddatenschutzklauseln der Europäischen Kommission gemäß Art. 46 Abs. 2 lit. c DSGVO abgeschlossen. Sie verpflichten den Empfänger der Daten, diese entsprechend dem europäischen Schutzniveau zu verarbeiten. Soweit die Standartdatenschutzklauseln nicht ausreichen, um das Schutzniveau zu gewährleisten, werden zusätzliche technische, vertragliche bzw. organisatorische Maßnahmen zur Absicherung der Datenübermittlung ergriffen. Außerdem wird regelmäßig überprüft und bewertet, ob diese zusätzlichen Maßnahmen weiterhin ein hinreichendes Datenschutzniveau gewährleisten oder ob gegebenenfalls weitere ergänzende Maßnahmen ergriffen werden müssen.
Speicherdauer
Wir speichern Ihre Daten, solange dies für die Erreichung des vorgenannten Zwecks erforderlich ist bzw. solange Sie der Datenverarbeitung nicht widersprochen haben. Anschließend löschen wir Ihre Daten, es sei denn eine Datenverarbeitung, ist weiterhin auf Grundlage einer anderen Rechtsgrundlage zulässig oder für uns verpflichtend (z.B. im Fall des Bestehens gesetzlicher Aufbewahrungspflichten).
3.2.2. E-Mailwerbung gegenüber Geschäftskunden
3.2.2.1. Bestandskundenwerbung
Beschreibung der Datenverarbeitung und des Zwecks
Wir verarbeiten Ihre personenbezogenen Daten (Anrede, Vorname, Nachname, dienstliche E-Mail-Adresse), die wir im Zusammenhang mit einem Vertragsabschluss erhalten, zum Zweck und in unserem berechtigten Interesse, Ihnen oder Ihrem Unternehmen personalisiert als Bestandskunden Direktwerbung zu ähnlichen Produkten, Waren und Dienstleistungen zuzusenden, die mit dem vorhergehenden Vertragsabschluss in Zusammenhang stehen.
Rechtsgrundlage der Datenverarbeitung
Rechtsgrundlage dieser Verarbeitung ist Art. 6 Abs. 1 S. 1 lit. f DSGVO. Da wir sowohl die Vorgaben der Ausnahmeregelung des § 7 Abs. 3 UWG einhalten, als auch zur Erreichung des Zwecks ausschließlich solche personenbezogenen Daten verarbeiten, die im Zusammenhang mit Ihrer dienstlichen Tätigkeit stehen, sind überwiegende Interessen Ihrerseits, die unserem Interesse an der Datenverarbeitung entgegenstehen, nicht ersichtlich, soweit Sie der Verarbeitung noch nicht widersprochen haben.Sie können der Datenverarbeitung jederzeit mit Wirkung für die Zukunft widersprechen, ohne dass hierfür andere als die Übermittlungskosten nach den Basistarifen entstehen. Um Ihr Widerspruchsrecht auszuüben, nutzen Sie bitte den Abmeldelink in unseren werblichen E-Mails oder wenden Sie sich bitte an die oben genannten Kontaktdaten.
Empfänger
Im Rahmen der Datenverarbeitung werden Ihre Daten an nachfolgende Empfänger übermittelt:
- HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Irland;
- HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.
Datenverarbeitung in Drittstaaten
Die Verarbeitung Ihrer Daten kann beim Einsatz des Dienstes auch in Staaten außerhalb der Europäischen Union (EU) und des Europäischen Wirtschaftsraums (EWR) in Drittstaaten, insbesondere in den USA, erfolgen.
Für Datenübermittlungen in die USA besteht ein Angemessenheitsbeschluss der EU-Kommission gem. Art. 45 Abs. 1 DSGVO in Bezug auf Unternehmen mit einer Zertifizierung nach dem EU-U.S. Data Privacy Framework.
Die HubSpot Inc. ist nach dem EU-U.S. Data Privacy Framework zertifiziert und verpflichtet sich demnach auf die Einhaltung angemessener Datenschutzstandards, was unter folgendem Link mit eingesehen werden kann: Participant Search (dataprivacyframework.gov).
Bei einer Übermittlung Ihrer Daten in andere Drittstaaten, für die kein Angemessenheitsbeschluss existiert, besteht das Risiko, dass dortige Behörden auf Ihre Daten zu Sicherheits- und Überwachungszwecken zugreifen, ohne dass Sie hierüber informiert werden oder Rechtsmittel einlegen können.
Zur Absicherung eines angemessenen Datenschutzniveaus bei der Übermittlung Ihrer Daten in den Drittstaat werden Standarddatenschutzklauseln der Europäischen Kommission gemäß Art. 46 Abs. 2 lit. c DSGVO abgeschlossen. Sie verpflichten den Empfänger der Daten, diese entsprechend dem europäischen Schutzniveau zu verarbeiten. Soweit die Standartdatenschutzklauseln nicht ausreichen, um das Schutzniveau zu gewährleisten, werden zusätzliche technische, vertragliche bzw. organisatorische Maßnahmen zur Absicherung der Datenübermittlung ergriffen. Außerdem wird regelmäßig überprüft und bewertet, ob diese zusätzlichen Maßnahmen weiterhin ein hinreichendes Datenschutzniveau gewährleisten oder ob gegebenenfalls weitere ergänzende Maßnahmen ergriffen werden müssen.
Speicherdauer
Wir speichern Ihre Daten, solange dies für die Erreichung des vorgenannten Zwecks erforderlich ist bzw. solange Sie der Datenverarbeitung nicht widersprochen haben. Anschließend löschen wir Ihre Daten, es sei denn eine Datenverarbeitung, ist weiterhin auf Grundlage einer anderen Rechtsgrundlage zulässig oder für uns verpflichtend (z.B. im Fall des Bestehens gesetzlicher Aufbewahrungspflichten).
3.2.2.2. Consent to receive promotional emails and newsletters, newsletter tracking
Description of data processing and purpose
In addition, we process your personal data (title, first name, last name, official e-mail address) for the purpose of personally addressing you or your company via e-mail or via our e-mail newsletter and to inform you about our products, goods, services and offers only if you have given us your express consent to do so separately. If you give us your consent, you also allow us to process data about whether you have received our marketing emails and you have opened them, to what extent you have interacted with the content, in particular which links you have clicked on and to what extent you have read or browsed through our emails (newsletter tracking).
Legal basis of data processing
The legal basis for this processing is your consent in accordance with Article 6 (1) (a) GDPR. Your consent is voluntary and can be withdrawn at any time with effect for the future. Withdrawing your consent does not void the lawfulness of the data processing that has taken place up to that point. To exercise your right of withdrawal, please use the unsubscribe link in our promotional emails or in the newsletter or please contact us using the contact details above.
transceivers
As part of data processing, your data will be transmitted to the following recipients:
- HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland,
- HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Die HubSpot Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
We store your data as long as this is necessary to achieve the above purpose or as long as you have not objected to data processing. We will then delete your data, unless data processing continues to be permitted on the basis of another legal basis or is mandatory for us (e.g. if there are legal storage obligations).
4th Data protection information for applicants
4.1. Data processing in the application process
Description of data processing and purpose
We process your personal data to the extent necessary to decide whether to establish an employment relationship with us. We only process data that is related to your application. This may include general information about you (name, address, contact details, etc.), information about your professional qualification and education, information about continuing vocational training and, if applicable, other data that you provide to us in connection with your application. If there is an employment relationship between you and us, we may further process the personal data already received from you for employment purposes, insofar as this is necessary to carry out or terminate the employment relationship or to exercise or fulfill the rights and obligations of representing the interests of employees arising from a law or a collective agreement, a company or service agreement (collective agreement).
Legal basis of data processing
The legal basis is Article 88 GDPR in conjunction with Section 26 (1) BDSG and Art. 6 (1) (b) GDPR for employment purposes, if this is necessary for the decision to establish an employment relationship.
If you give us express consent to process personal data for specific purposes, this processing is lawful on the basis of your consent in accordance with Section 26 (2) BDSG, Art. 6 (1) (a) GDPR. Any consent given can be withdrawn at any time with effect for the future. The legal basis for further processing for the purpose of carrying out or terminating the employment relationship is Article 88 GDPR in conjunction with Section 26 (1) BDSG and Art. 6 (1) (b) GDPR.
spring
We process personal data that we receive from you when you contact us or apply via the upload function of our career portal, by post or email, or that you submit to us via job portals and professional networks selected by you.
transceivers
Within our company, we only share your personal data with areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.
We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out in this data protection information.
Your personal data may be processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that personal data is processed in accordance with the provisions of the GDPR. In this case, the categories of recipients are providers of Internet service providers and providers of applicant management systems and software.
As part of data processing, your data will be transmitted in particular to the following recipients:
- Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany.
- JOIN Solutions AG, Eichenstrasse 2, 8808 Pfäffikon, Schweiz.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, the transfer is necessary to fulfill legal obligations, or we have your consent.
Data processing in third countries
A transfer to a third country is not intended.
Storage period
We store your personal data as long as it is necessary to decide on your application. Your personal data or application documents will be deleted no later than six months after completion of the application process (e.g. notification of the rejection decision), unless longer storage is required or permitted by law. In addition, we only store your personal data to the extent required by law or in a specific case to assert, exercise or defend legal claims for the duration of a legal dispute.
If you have agreed to store your personal data for a longer period of time, we will store it in accordance with your declaration of consent.
If there is an employment, training or internship relationship following the application process, your data, as far as necessary and permitted, will initially continue to be stored and then transferred to the personnel file.
You may receive an invitation to join our talent pool following the application process. This allows us to continue to consider you when selecting suitable vacancies in the future. If we have received your consent, we will store your application data in our talent pool in accordance with your consent or, if applicable, future consents.
Necessity of providing personal data
The provision of your personal data as part of application processes is voluntary. However, we can only make a decision to establish an employment relationship or establish an employment relationship with you only if you provide such personal data that is necessary to complete the application. Data is not backed up in our own systems.
4.2. Processing of applicant data on our websites
4.2.1. Personio
On our websites, we integrate the personnel and applicant management software Personio from Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany, one.
Description of data processing and purpose
Personio enables us to store and manage incoming applicant data. If you send us your application data via the application form on our website, the data entered in the input mask will be sent to Personio and stored. Personio does not automatically process data. Processing only takes place when using our application form. As part of your application, the service provider may process the following data in particular:
- name, first name,
- telephone number,
- place of residence/address,
- email address,
- Salary expectation and start date
- curriculum vitae,
- certificates,
- cover letter,
- More uploaded attachments.
We only use Personio to process your application.
Legal basis of data processing
Insofar as we use cookies and similar technologies as part of the integration of the service or insofar as data is stored on your device or read from there, this is done in accordance with Section 25 (2) TDDDG. Subsequent data processing is carried out for the purpose of initiating a contract or initiating an employment relationship at the request of the persons concerned on the basis of Article 6 (1) (b) GDPR and Section 26 (1) BDSG.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.
For more information on how Personio handles personal data, please visit https://www.personio.de/datenschutzerklaerung/.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of six months after completion of the application process. If, in individual cases, the data processed by the service and made available to us is stored in our own systems, the data will also be stored for a maximum of six months after completion of the application process.
4.2.2. Join
On our websites, we integrate Join's multiposting service as an interface to our job ads. The provider of Join is JOIN Solutions AG, Eichenstrasse 2, 8808 Pfäffikon, Switzerland.
The EU representative of the provider named above is Fux:Legal, Krausnickstraße 10, 10115 Berlin, Germany.
Description of data processing and purpose
Join allows us to publish our job ads on multiple job portals at the same time and link these job ads to our career page. If you apply to us via a job portal, Join will provide us with information about which job portal referred you to our career page. In doing so, the following data is collected and processed from you:
- the IP address of the device used,
- the device used,
- the date and time of access,
- the referrer URL,
- the browser used and
- the name of your Internet service provider.
We use Join to reach as large a group of applicants as possible and in this way reach suitable candidates for our advertised positions.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- JOIN Solutions AG, Eichenstrasse 2, 8808 Pfäffikon SZ (Schwyz), Switzerland.
In principle, we have no influence on further data processing by the third-party provider.
For more information about how Join handles personal data, see https://join.com/de/datenschutz.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in Switzerland.
For data transfers to Switzerland, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR.
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services, data is transmitted to the above-mentioned recipients and stored there for the duration of the application process, a maximum of 6 months after the rejection has been sent. The data processed by the service and made available to us will be stored for as long as is necessary to achieve the stated purposes.
5. Plancraft software and app privacy information
5.1. Plancraft software and app
Data processing as part of order processing
Our software and app are made available to independent users as part of order processing. Insofar as they use our software and app to process data from their customers, their project partners and their employees, as your service provider, we are a contract processor subject to strict instructions. The person responsible for data processing is the entrepreneur or the company that uses our software. A contract for order processing in accordance with Article 28 GDPR has been concluded between us and the person responsible for the provision and operation of the software and the app.
As a data subject, to obtain information about the processing of your data, the contact details of the person responsible and the contact details of the data controller's data protection officer, please contact the body responsible for using our software and app.
Description of data processing and purpose
Plancraft is business software for handling project-related commercial processes. This includes sales, consulting, employee management, billing and other operational processes. Data is collected, processed and used to achieve the stated purposes.
Users regularly process and use personal data of the following groups of people in our software, insofar as this is necessary to fulfill the stated purpose:
- Customer/interested party data (e.g. address data, contract data, offer data)
- Personal data to manage employees, temporary workers and external employees
- data from business partners (e.g. address data, contract data)
- Data from suppliers (e.g. address data, contract data, functional data)
- Data from cooperation and distribution partners (e.g. address data, contract data)
The types of data regularly processed in the software include:
- access data to the software or app (e-mail address and encrypted password or, alternatively, telephone number and identification code via SMS),
- IP address from which the software or app was accessed,
- data from the devices used,
- names and address details of customers, clients, suppliers, cooperation and distribution partners and other parties involved,
- company size and business,
- Documents (offers, order confirmations, cost estimates, delivery notes, invoices, credit notes) including corresponding pseudonyms (offer, order, cost estimate, delivery note, invoice, credit note or project numbers)
- Personal data in files that are stored by the user in cloud storage (files and documents of all types, e.g. videos, photos and PDF documents)
- Meta and content data from in-app chat and chat history
- Project duration data and employee deployment data
- Project and working time data
- Accounting data (customer number, tax number, chart of accounts)
- Bank details (IBAN, BIC, account holder)
- Data on unit labor costs and surcharges (labor, materials, subcontractor services, equipment, miscellaneous)
- Data on payment reminders and reminders
- Personal data in logos and on mailers or letterheads
legal bases
It is the responsibility of the person responsible to ensure appropriate legal bases for data processing. For more information, please contact the person responsible for using our software and app. With regard to the purposes of processing, the types of data processed and the groups of data subjects, the following legal bases in particular may be considered:
- the initiation or execution of a contract in accordance with Article 6 (1) (b) GDPR
- the legitimate interest of the person responsible or of a third party in accordance with Article 6 (1) (f) GDPR
- consent from the data subject in accordance with Article 6 (1) (a) GDPR
In principle, when processing employee data,
- Implementation of the employment relationship in accordance with Section 26 (1) BDSG
- Employee consent in accordance with Section 26 (2) BDSG
transceivers
As part of order processing, data is transmitted to the following recipients (sub-processors), depending on the scope of use of the software or app:
- DanGlit GmbH, Game 1, 83134 Prutting
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Mailgun Technologies Inc., 535 Mission St., 4th Floor, San Francisco, CA 94105, United States
- Neon Inc., Orange Street 209, 19801 Wilmington, United States
- OpenAI Inc., 18th St. 3180, 94110, San Francisco, USA (Sentry) Functional Software, Inc., 45 Fremont St., 8th Floor, San Francisco, CA 94105, USA
- Stripe Payments Europe, Ltd., c/o A&L Goodbody, Ifsc, North Wall Quay Dublin 1, Dublin, Ireland.
- Stripe, Inc. 354 Oyster Point Blvd. South, San Francisco, CA 94080, United States
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Google LLC, Neon Inc. and Stripe Inc. are certified according to the EU-U.S. Data Privacy Framework and are therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal. In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
Your data will be stored by the responsible user of our software for as long as is necessary to achieve the purposes pursued by him or as long as you have not objected to data processing.
5.2. Use of external services and third-party content to provide the Plancraft software and app by Plancraft GmbH as contract processor
We have integrated the following external services and third-party content into our software and app.
5.2.1. Sentry
To provide our application, we use the service Sentry The Functional Software, Inc., 45 Fremont St., 8th Floor, San Francisco, CA 94105, USA.
Description of data processing and purpose
Sentry enables us to ensure the technical stability of our software and app, identify errors in our application that have led to a malfunction or crash, and fix them.
As part of the services mentioned above, the above-mentioned provider uses cookies and similar technologies to collect technical data such as browser data or device data and the retrieving IP address as well as data on how you use our software and app in pseudonymized form. This data is then evaluated for your use in order to identify the source of the error and thus give us the opportunity to correct the error.
Legal basis of data processing
It is the responsibility of the person responsible to ensure appropriate legal bases for data processing. For more information, please contact the person responsible for using our software and app. With regard to the purposes of processing, the types of data processed and the groups of data subjects, the following legal bases in particular may be considered:
- the technical requirement in accordance with Section 25 (2) No. 1 TDDDG or the requirement to provide the service at the request of the end user in accordance with Section 25 (2) No. 1 TDDDG,
- the initiation or execution of a contract in accordance with Article 6 (1) (b) GDPR
- the legitimate interest of the person responsible or of a third party in accordance with Article 6 (1) (f) GDPR
- consent from the data subject in accordance with Article 6 (1) (a) GDPR
In principle, when processing employee data,
- Implementation of the employment relationship in accordance with Section 26 (1) BDSG
- Employee consent in accordance with Section 26 (2) BDSG
transceivers
When using the service, the data collected is transmitted to the following recipients:
- Functional Software, Inc., 45 Fremont St., 8th Floor, San Francisco, CA 94105, United States
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Google's handling of personal data at https://sentry.io/privacy/.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Die Sentry.io (Functional Software Inc.) is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services, data is transmitted to the above-mentioned recipients and stored there for a period of 90 days. The data processed by the service and made available to us will be stored for as long as is necessary to achieve the stated purposes.
5.2.2. Firebase
To provide our application, we use Google Firebase components of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, United States.
In the European Union (EU) and in the European Economic Area (EEA), the services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, offered.
Description of data processing and purpose
Firebase enables us to manage customer and user data by providing a real-time database. For this purpose, a connection to the service provider's servers is established. Firebase uses IP addresses and user agents to activate the profiler tool, which helps us understand usage trends and platform failures.
In addition, it enables us Firebase authenticating our users and managing end user accounts. Used for this Firebase User agent strings and IP addresses to provide additional security and prevent misuse during login and authentication. In particular, the following data is processed by the above-mentioned provider as part of the services mentioned:
- IP address,
- user agent,
- passwords,
- email address,
- Telephone number.
We use Firebase to enable you to use our application and its functionality.
Legal basis of data processing
It is the responsibility of the person responsible to ensure appropriate legal bases for data processing. For more information, please contact the person responsible for using our software and app. With regard to the purposes of processing, the types of data processed and the groups of data subjects, the following legal bases in particular may be considered:
- the technical requirement in accordance with Section 25 (2) No. 1 TDDDG or the requirement to provide the service at the request of the end user in accordance with Section 25 (2) No. 1 TDDDG,
- the initiation or execution of a contract in accordance with Article 6 (1) (b) GDPR
- the legitimate interest of the person responsible or of a third party in accordance with Article 6 (1) (f) GDPR
- consent from the data subject in accordance with Article 6 (1) (a) GDPR
In principle, when processing employee data,
- Implementation of the employment relationship in accordance with Section 26 (1) BDSG
- Employee consent in accordance with Section 26 (2) BDSG
transceivers
When using the service, the data collected is transmitted to the following recipients:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In principle, we have no influence on further data processing by the third-party provider.
You can find more information about Google's handling of personal data at https://policies.google.com/privacy?hl=de.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Google LLC is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. Further storage of the data processed by the service and made available to us takes place for as long as is necessary to achieve the stated purposes.
5.3. Use of external services and third-party content to provide the Plancraft software and app by Plancraft GmbH as the responsible person
5.3.1. cello
As responsible persons, we integrate the Cello referral program in our software Powerplay GmbH, Sumpfmeisenweg 3A, 81249 Munich, Germany, one.
Description of data processing and purpose
cello allows us to integrate a referral program (“Friends Recruit Friends”) into our software. Our existing customers can have an individualized link generated, which they can then forward to their friends. New customers can then register for our services via the invitation link. Here, data is processed by the above-mentioned service provider. In particular, the following data can be processed by the above-mentioned service provider:
- name,
- place of residence (country),
- email address,
- IP address,
- device information,
- information about the browser,
- User ID and company ID.
We use Cello for marketing purposes, in particular to generate new customers through the “Friends Recruit Friends” program.
Legal basis of data processing
The legal basis for the integration and use of the service is your consent, provided that you do so via our consent management platform”Consentmanager“surrendered.
The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.
Your consent is voluntary and can be freely withdrawn at any time with effect for the future. To exercise your withdrawal, please use the cookie icon or link”Privacy settings“at the bottom left of the web page to”Consentmanager“revisit and change your settings.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Powerplay GmbH, Sumpfmeisenweg 3A, 81249 Munich, Germany.In principle, we have no influence on further data processing by the third-party provider.
For more information about Cello's handling of personal data, please visit https://cello.so/privacy-policy/.
Storage period
By integrating the services, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. The data processed by the service and made available to us will be stored for as long as is necessary to achieve the stated purposes.
5.3.2. Stripe
On our websites, we integrate the online payment service Stripe of Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, United States, In the European Union (EU) and in the European Economic Area (EEA), the services are provided by Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland, offered.
Description of data processing and purpose
Stripe enables us to process cashless payment transactions via our website and is required so that users can subscribe to and pay for our software and app. Stripe is an online payment service that website operators can use to make cashless payments for goods and services online. In order to use the payment system, users must enter their bank details — usually in the form of their credit card details or current account details.
With every transaction that is made via Stripe, the user's payment data is processed by the service provider. The processed data is...
- the first and last name,
- the address,
- the email address,
- IP address,
- the telephone number,
- the credit card number,
- the account coverage, turnover and the credit line of an overdraft facility.
We use Stripe to process payment transactions in order to be able to conclude contracts with our customers for the provision of our services.
Legal basis of data processing
The legal basis for integrating and using the service is contract fulfillment in order to make our application available to you after your registration or contract initiation during the registration process. The use of cookies and similar technologies is based on Section 25 (2) No. 2 TDDDG. Subsequent data processing is carried out in accordance with Article 6 (1) (b) GDPR or in accordance with Article 6 (1) (f) GDPR, insofar as you register as an employee of a customer. Our legitimate interest is to fulfill the contract with your employer.
transceivers
When using the service, the data collected via our websites is transmitted to the following recipients:
- Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland, Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
In principle, we have no influence on further data processing by the third-party provider. You can find more information about Stripe's handling of personal data at https://stripe.com/de/privacy.
Data processing in third countries
When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework. Stripe, In. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Storage period
By integrating the services, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. The data processed by the service and made available to us will be stored for as long as is necessary to achieve the stated purposes.
6. Privacy information for social media profiles
The following is information about how we handle your data that is collected through your use of our social media profiles on social networks and platforms.
6.1. social media profiles
We maintain profiles, appearances, pages or fan pages on the following social media platforms:
Facebook: https://www.facebook.com/plancraftgmbh
LinkedIn: https://de.linkedin.com/company/plancraft-gmbh
YouTube: https://www.youtube.com/channel/UCcadHJ4OovMpWn7Nzpfs3UA
TikTok: https://www.tiktok.com/@plancraft
Reddit: https://www.reddit.com/user/plancraft
Vimeo: https://vimeo.com/user216172816
6.2. Different responsibilities and roles
Depending on how the platform operators and we as site operators are involved in the processing of your personal data, the respective responsibility or role differs. So we can either be responsible together with the platform operator or the platform operator is solely responsible.
6.3. Joint responsibility with platform operators
6.3.1. Joint Responsibilities
There is a joint responsibility between us and the following platform operators:
Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4, 5, 6, Dublin 2, Ireland
As site operators, we are jointly responsible for processing your personal data in connection with your visit to the website, profile, page or fan page on the platforms together with the providers of the respective platform if the platform operators provide aggregate information about visitors to our profiles, appearances, pages or fan pages (e.g. so-called “insights” or “analytics”). In the case of joint responsibility, we have concluded agreements with the platform operators in accordance with Article 26 GDPR on joint responsibility for processing your personal data (e.g. Page Controller Addendum or Joint Controller Addendum).
This agreement determines which data processing processes we or the respective platform operator are responsible for. You can view these agreements under the following links:
Joint Responsibility Agreements
Facebook: https://www.facebook.com/legal/terms/page_controller_addendum
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
Further information on data processing by platform operators can be found in their privacy policies:
Facebook: https://de-de.facebook.com/privacy/policy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
6.3.2. Contacts with the platform operators' data protection officers
You can contact the data protection officers of the platform operators here:
Facebook: To contact Facebook's data protection officer, you can use the online contact form provided by Facebook at the following link: https://www.facebook.com/help/contact/540977946302970.
LinkedIn: To contact LinkedIn's data protection officer, you can use the contact form under the link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
6.3.3. Data processing under joint responsibility
6.3.3.1. Access to and storage of information in terminals
When you access our profiles on the above-mentioned platforms, cookies and similar technologies are used on your device by the platform operator to store or read data from your device. This access or storage may involve further processing of personal data within the meaning of the GDPR. In cases where such access to information or such storage of information is absolutely necessary to provide the services without technical errors, this is done on the basis of Section 25 (1) (1) (2) TDDDG. Subsequent data processing may be carried out on the basis of Article 6 (1) (f) GDPR. In cases where such a process serves other purposes (e.g. designing our website in line with requirements), this is carried out on the basis of Section 25 (1) TDDDG only with your consent in accordance with Article 6 (1) (a) GDPR. The consent can be withdrawn at any time in the future. The requirements of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data. Further information on the use of cookies and similar technology and their legal bases can be found in the respective privacy policy of the platform operator. Links to the respective privacy policies can be found above. If you have any further questions, please contact the operator of the respective social media platform directly.
6.3.3.2. Data processing for advertising and market research purposes
As a rule, personal data on our social media profile is processed primarily for market research and advertising purposes by the platform operator. Insofar as the data collection also takes place directly on our social media profile, we participate in the platform operator's data processing and are therefore jointly responsible with the platform operator. Data processing uses cookies and similar technologies that enable the platform operator to recognize you when you visit a social media profile. In addition, members of the social media platform are comprehensively evaluated by the platform operator (clicks, comments and likes) and the information you provide to the platform operator, such as your master data, profile picture or name, is processed. In particular, demographic information (age, gender, country, industry, profession, etc.) can also be processed from your own member profile. User profiles can be created using the collected data. These are then used by the platform operator to place advertisements within and outside the platform that presumably match your interests. Although we do not have direct access to the data processed by the platform operator, we also benefit from this data processing by placing appropriate advertisements within or outside the platforms based on the target groups identified by the platform operator. The legal basis for processing your personal data is your consent given to the platform operator in accordance with Article 6 (1) (a) GDPR. Please note that we have no influence on data collection and further processing under the responsibility of the platform operators. As a result, we are unable to provide any information about the extent, location and for how long the data is stored by the platform operator. For more information, please refer to the data protection information of the respective provider.
6.3.3.3. Data processing as part of “insights” or “analytics”
In addition, your data will be processed jointly responsibly in connection with so-called “Page Insights” or “Page Analytics”. “Page Insights” or “Page Analytics” are analysis functions provided by the platform operator, by means of which the master data processed by you, in particular demographic data and the data about your interactions with our profile, are collected jointly by the platform operator and us. The platform operator then analyses this data and uses it to create summarized (so-called aggregated data) for us, from which we can identify which demographic target group has visited our profile and how our profile was used by them.
In this respect, we also have no direct access to the data processed by the platform operator. These are only made available to us in aggregate form by the platform operator. This means that we cannot recognize individual visitors or recognize their interactions from the summarized data. We then use this aggregated data to tailor our social media profile to the target group and generally to optimize it for the aforementioned advertising purposes (increasing the reach and awareness of our profile and evaluating the success of marketing campaigns).
The legal basis for processing your personal data is your consent given to the platform operator in accordance with Article 6 (1) (a) GDPR. Please note that we have no influence on data collection and further processing under the responsibility of the platform operators. As a result, we are unable to provide any information about the extent, location and for how long the data is stored by the platform operator.
For more information, please refer to the data protection information of the respective provider.
6.3.3.4. Data processing based on consent
If you are asked by the respective platform operator for consent to the processing for a specific, common purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be withdrawn at any time with effect for the future.
6.3.3.5. Recipients and data transfer to third countries
If we pass on personal data to the operators of social media platforms, the latter are recipients of the data within the meaning of Art. 4 No. 9 GDPR.
Facebook:
- Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
- Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States
LinkedIn:
- LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland
- LinkedIn Corp., 1000 W. Maude Ave, Sunnyvale, CA 94085, USA
When you visit our social media profiles, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission in accordance with Article 45 (1) GDPR with regard to companies certified in accordance with the EU-U.S. Data Privacy Framework.
Meta Platforms, Inc.
Meta Platforms, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to compliance with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
LinkedIn Corp.
LinkedIn Corp. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).
If your data is transferred to other third countries for which there is no adequacy decision, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.
In order to ensure an appropriate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection. Insofar as the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to secure the transfer of data. In addition, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
6.3.4. Exercising your rights in case of joint responsibility
Your rights as a data subject
As a visitor to the site, if you wish to exercise your rights (information, correction, deletion, restriction, data portability, complaint with the supervisory authority, objection or revocation), you can contact both the platform operator and us.
Facebook: You can (also) restrict the visibility of your Facebook account to us via the Facebook settings. You can also adjust your advertising settings yourself in your platform account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
For more information on how to assert your rights, please see LinkedIn's privacy policy at the following link: https://www.facebook.com/about/privacy.
LinkedIn: You can (also) restrict the visibility of your LinkedIn account to us via LinkedIn settings. For more information on how to assert your rights, please see LinkedIn's privacy policy at the following link: https://www.linkedin.com/legal/privacy-policy
6.4. Responsibility of platform operators
If your personal data is processed by one of the operators of social media platforms listed below, this processing is carried out under the sole responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR.
YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
TikTok: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Reddit:Reddit Netherlands B.V., Euro Business Center, Keizersgracht 62, 1015CS Amsterdam, Netherlands
Vimeo: Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, United States
We have no influence on data processing by platform operators. For more information, please check the privacy policy of the respective platform operator:
YouTube: https://policies.google.com/privacy
Reddit:https://www.reddit.com/policies/privacy-policy
TikTok:https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en
In order to assert your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still need help, feel free to contact us at any time.
6.5. Our own responsibility
We are solely responsible for the following data processing via our social media profiles.
6.5.1. Data processing through the operation of the social media profile
When you visit or interact with our social media profile, we process personal data from you. This may be information that you actively provide (comments, likes and information that you have publicly provided, such as your profile picture or name). Depending on the provider and your settings on the provider's platform, we may also be informed who has accessed our profile within the platform.
The legal basis for processing personal data when operating our social media profile is Art. 6 (1) (f) GDPR.
The legitimate interest lies in advertising to visitors and in providing an effective means of communication and interaction with our company on the social media platform.
6.5.2. Data processing when you contact us
We ourselves collect personal data when you contact us, for example via a contact form or through a messenger function on the respective platform. Which data is collected depends on your information and the contact details you provide or approve. These are stored by us for the purpose of processing the request and in case of follow-up questions. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. Your data will be deleted after your request has been processed, provided that this does not conflict with any legal storage obligations. We expect final processing when it can be inferred from the circumstances that the matter in question has been finally clarified.
6.5.3. Data processing for contract processing
If your contact via a social network or other platform is aimed at concluding a contract for the delivery of goods or the provision of services with us, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the desired services. In this case, the legal basis for processing your data is Art. 6 (1) (b) GDPR. Your data will be deleted when it is no longer required to execute the contract or if it is clear that the pre-contractual measures do not result in a contract corresponding to the purpose of contacting you. Please note that even after the contract has been concluded, it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations.
6.5.4. Data processing based on consent
If you are asked by us to consent to the processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be withdrawn at any time with effect for the future.
7. Other data processing
7.1. Documentation of data protection compliance
Description of data processing and purpose
If you give us a declaration of consent, we process your personal data about the circumstances and time of submission (signature, e-mail address, telephone or fax number or IP address, if applicable) in order to be able to prove that you have consented to the relevant data processing within the scope of our accountability obligation under Article 5 (2) GDPR. Insofar as you exercise your data subject rights against us under the GDPR, we also process your personal data in order to be able to prove, within the scope of accountability in accordance with Article 5 (2) GDPR, that we have complied with the GDPR when processing your request.
Legal basis of data processing
Processing is carried out in each case on the basis of Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is to be able to document compliance with the requirements of the GDPR as part of our accountability obligation.
transceivers
In addition, we may forward your personal data in connection with your request to our external company data protection officer, who helps us comply with the requirements of the GDPR.
Storage period
We store your data as long as this is necessary to achieve the above purpose. We regularly store data relating to a given consent until 3 years have elapsed from the end of the year in which we last made use of it. Data that we process in connection with the implementation of data subject rights is regularly stored for a period of 3 years from the end of the year in which you exercised your data subject rights.
We will then delete your data, unless data processing, possibly also in other systems, is still permitted on the basis of another legal basis or is mandatory for us (e.g. in the event of legal storage obligations).
7.2. Fulfilment of other legal obligations
Data processing and purpose
We process personal data insofar as this is necessary to fulfill a legal obligation. The scope of the data to be processed results from the legal obligation that we must comply with.
Legal basis of data processing
In these cases, the legal basis for processing your data is Art. 6 (1) (c) GDPR in conjunction with the respective legal provision that imposes such an obligation on us. These may include standards from the Tax Code (AO), e.g. Section 147 AO, the Commercial Code (HGB), e.g. Section 257 HGB, or the Code of Criminal Procedure (StPO).
transceivers
If necessary, your data will be transferred to tax advisors, auditors, financial or investigative authorities, lawyers, experts or courts.
Storage period
We store your data to the extent necessary for as long as this is necessary to achieve the above purpose. The storage period results from the special legal regulations which oblige us to store or process data for up to a period of 10 years, with the specific start of the retention periods being determined by the respective special law. We will then delete your data unless data processing, possibly also in other systems, is still permitted on the basis of another legal basis.
7.3. Exercising or defending legal claims
Description of data processing and purpose
In addition, we process your data in individual cases for the purpose and in the interest of asserting legal claims, for example to enforce our claims based on unpaid invoices, provided that your data is relevant to a legal dispute.
In addition, we process your data in individual cases for the purpose and in the interest of defending legal claims that are raised against us, for example when asserting claims for material defects, provided that your data is relevant to a legal dispute.
Legal basis of data processing
The legal basis for processing your data is Article 6 (1) (f) GDPR.
transceivers
If necessary, your data will be transferred to tax advisors, auditors, financial or investigative authorities, lawyers, experts or courts.
Storage period
In individual cases, we store your data to the extent necessary for as long as this is necessary to achieve the above purpose. We will then delete your data, unless data processing, possibly also in other systems, is still permitted on the basis of another legal basis or is mandatory for us (e.g. in the event of legal storage obligations).
8. Your rights
In the following, you will find information on what data subject rights applicable data protection law grants you vis-à-vis the person responsible with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of their data, unless they have been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about ask for their details.
The right, in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us.
The right to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR.
The right, in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible.
The right to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office specified above or, if applicable, that of your usual place of residence or place of work.
The right to withdraw consent given in accordance with Article 7 (3) GDPR: You have the right to withdraw consent given to the processing of data at any time with effect for the future. In the event of withdrawal, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the withdrawal.
Right to object
If your personal data is processed by us on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as this is due to reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to state a particular situation.
If you would like to exercise your right of revocation or objection, simply send an e-mail to support@plancraft.de.
Information on the current version (AVV)
Last updated on: 29.02.2024 (Download AVV in the latest version)
Previous versions: