Privacy Policy

When you use this website and other external online services, such as our social media services on LinkedIn or Xing, your personal data is processed by us, as the data controller. With this data protection declaration, we are informing you, as the data subject whose personal data we process, about the type, scope, purpose and duration of the processing of your personal data. You will receive information about which data is processed, what our purposes are, what legal obligations we have to fulfil and what rights you are entitled to.

According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other international and national data protection provisions is:

cloudworx GmbH
Rupert-Mayer-Straße 44, Building 64.07a
81379 Munich
Telephone: +49 800 25 68 396
info@cloudworx.agency
cloudworx.agency
Commercial register: HRB 238863 Registry court: Munich
Represented by the managing director: Timo Müller

II. Name and address of the data protection officer

We are not obliged to appoint a data protection officer. If you have any questions about data protection, please contact:

Timo Müller
Telephone: +49 800 25 68 396
Email: privacy@cloudworx.agency

III. Rights of the data subject

If we process your personal data, you have the following rights as a data subject under the GDPR.

  1. Right of access

    You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If this is the case, you can request the following information from the controller:

    • the purposes for which the personal data is processed;

  • the categories of personal data that are processed;

  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

  • the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;

    • for all available information about the source of the data, if the personal data was not collected from you as the data subject.
    • the existence of automated decision-making in individual cases, including profiling, in accordance with Art. 22 GDPR and meaningful information about the underlying logic and its effects

    In addition, you have the right to request information about whether your personal data is transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

  1. Right to rectification

    You have the right to request that the data controller corrects and/or completes any of your personal data processed by the data controller if it is incorrect or incomplete. The data controller must carry out the correction without undue delay.

  2. Right to restriction of processing

    You have the right to request that the processing of your personal data be restricted under the following conditions:

if you dispute the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
  • you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

  1. Right to erasure

a. Erasure obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

  • You withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.

    • You object to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21(2) of the GDPR.
    • (The personal data concerning you has been processed unlawfully.
    • The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
    • The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

    b. Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c. Exceptions

The right to erasure does not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.
  1. **Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to request the data controller to be informed about these recipients.

  1. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means.

When exercising this right to data portability, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The rights and freedoms of other persons must not be adversely affected by the right to data portability.

The right to portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. Right to object

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will then no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising. In this case, we will stop the processing immediately. It is not necessary to specify a particular situation. If you wish to exercise your right to object, simply send an e-mail to: privacy@cloudworx.agency.

  1. Right to revoke the declaration of consent under data protection law

    You have the right to revoke your consent to the processing of personal data at any time by notifying the controller. As a result, we will no longer be allowed to continue the data processing based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

  2. Automated decision-making in individual cases, including profiling

    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

    You do not have this right if the decision

    a. is necessary for entering into, or performance of, a contract between you and the data controller;
    b. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
    c. is based on your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) a or g GDPR applies and appropriate measures have been taken to protect rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in points (a) and (c), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

  1. Right to lodge a complaint with a supervisory authority

    You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you have the right to lodge a complaint in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority responsible for the controller is:

    Bavarian Data Protection Authority
    Promenade 27
    91522 Ansbach
    Tel.: 0981 / 53 1300
    E-Mail: poststelle@lda.bayern.de

IV. General information on the processing of personal data

  1. Scope of the processing of personal data

    The controller processes personal data of data subjects to the extent necessary to provide this website and other external online offers, as well as for the use of our content and services. Personal data is processed only with the consent of the data subject. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted or required by law.

  2. Legal basis for the processing of personal data

    The legal basis for the processing of personal data is Art. 6 (1) sentence 1 lit. a GDPR if the processing is carried out on the basis of the consent of the data subject.

    The legal basis for the processing of personal data is Art. 6 (1) 1 lit. b GDPR if the processing is carried out for the performance of a contract to which the data subject is party. The legal basis also applies to processing that is necessary to carry out pre-contractual measures.

The legal basis for the processing of personal data is Art. 6 (1) (1) (c) GDPR if the processing is necessary to fulfil a legal obligation.

The legal basis for the processing of personal data is Art. 6 (1) (1) (d) GDPR if the vital interests of the data subject or another natural person require processing.

The legal basis for the processing of personal data is Art. 6 (1) sentence 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of the controller or a third party and the interests, fundamental rights and freedoms of the data subject do not override the interests of the controller.

  1. Data erasure and storage duration

    The personal data of the data subject will be deleted or blocked as soon as the purpose for which it was collected or otherwise processed no longer applies. Processing may be continued if it is necessary to fulfil a legal obligation to which the controller is subject under Union or national law, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, the processing can be continued if it is necessary for the assertion, exercise or defence of legal claims.

V. Provision of the website and creation of log files

  1. Description and scope of the processing of personal data

    Each time this website is used, the server of the person responsible automatically collects data and information from the browser of the accessing end device.

    The following data is collected:

  • Information about the browser type and version used

  • The operating system of the terminal device

  • The internet service provider of the terminal device

  • The IP address of the terminal device

  • Date and time of access

  • Websites from which the user's terminal device accesses our website

  • Websites accessed by the user's system via our website

    The data is stored in so-called log files of our system. This data is not stored together with other personal data of the user.

  1. Legal basis for the processing of personal data

    The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. f DSGVO.

  2. Purpose of the processing of personal data

    The temporary storage of the IP address of the requesting end device by the system is technically necessary to enable the connection between the user's end device and the controller's server and to ensure that the website is delivered to the end device. Furthermore, the controller processes the IP address for technical and administrative purposes when establishing the connection in order to be able to guarantee the stability of the connection, to ensure the security and functionality of the online offers and to be able to investigate any illegal attacks.

Storage in log files is done to ensure the functionality of the website. The controller does not draw any direct conclusions about your identity from the processing of the IP address and the information in the log files. An evaluation of the data for marketing purposes does not take place in this context.

The legal basis for the processing of the IP address and the information in the log files is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest of the controller is the secure and trouble-free provision of our website.

  1. Data erasure and storage duration

    The personal data of the data subject will be deleted or blocked as soon as the purpose for which it was collected or otherwise processed no longer applies. When processing data to provide the website, this is the case when the respective session has ended. When processing data in log files, this is the case after 30 days at the latest.

  2. **Right of objection and removal

    The processing of the IP address for the provision of the website and the processing of the data in log files is absolutely necessary for the operation of the website. Therefore, there is no right of objection for the user.

VI. Use of cookies and tracking pixels

  1. Description and scope of the processing of personal data

    We use cookies and tracking pixels on our website to statistically record the use of our website and to be able to evaluate it for optimisation.

    a. Cookies

    Cookies are small text files that your internet browser creates and stores on your device (e.g. laptop, tablet...) when you visit our website. A cookie contains a characteristic string of characters that enables a unique identification of the terminal device when you visit our website again. Cookies do not cause any damage to your terminal device, they do not contain any viruses, Trojans or other malware. The use of cookies does not mean that we immediately obtain knowledge of your identity.

    b. Tracking pixel

A tracking pixel, or pixel-code, is a small 1x1 pixel graphic (GIF file) that can be accessed when you visit our website or open our newsletter. Tracking pixels do not cause any damage to your end device, they do not contain any viruses, Trojans or other malware.

The loaded or unloaded pixel is used to check whether a user has visited the page or not. The pixels send your IP address, the referrer URL of the visited website or the opened newsletter, the time at which the pixel was viewed, the browser used, and previously set cookie information to a web server. The data enables the controller to carry out statistical evaluations, the results of which are used to optimise the website and offers. Most browsers automatically accept pixels. You can use appropriate tools or browser add-ons to prevent the use of pixels on the controller's pages.

  1. Legal basis for the processing of personal data

The legal basis for the processing of personal data is Art. 6 (1) sentence 1 point (f) GDPR.

  1. Purpose of the processing of personal data

The purpose of the use of technically necessary cookies is to enable the use of our website in the first place and to make it more convenient for you. The controller uses so-called session cookies to recognise that you have already visited individual pages on the website. Some website functions cannot be used without the use of cookies. These functions require that the end device's internet browser be recognised even after a page change.

Cookies that are used to statistically record the use of our website and to evaluate it for the purpose of optimising our offer make it possible to automatically recognise that you have already visited this website when you visit it again.

  1. Data erasure and storage duration

    Session cookies are automatically deleted after leaving the website. Cookies and tracking pixels that analyse the use of the website are automatically deleted after the specified storage period.

  2. Objection and removal options

    a. Cookies

Cookies are stored on the user's computer and transmitted by it to the data controller's web server. Most internet browsers automatically accept cookies. However, you can configure your internet browser to disable or restrict the transmission of cookies or to display a message before a new cookie is created. You can delete cookies that have already been stored at any time. The deletion can also be carried out automatically. This means that you as a user have full control over the use of cookies. If cookies are disabled for this website, it is possible that not all of the website's functions can be used to their full extent.

b. Tracking pixel

Most browsers automatically accept pixels. However, you can configure your internet browser or use appropriate tools or browser add-ons to prevent the use of tracking pixels.

VII. Contact form and email contact

  1. Description and scope of personal data processing

If you use a contact form on this website or send an email to the controller, the data you provide will automatically be processed by the controller in order to respond to your request. When using the contact form, the date, time and time of sending the message are stored in addition to the contents of the form. Before sending the message, your consent will be obtained and you will be asked to confirm that you have understood and accepted the data protection declaration. When you contact us by email, your personal data will also be stored. The data will be processed exclusively for the purpose of dealing with your enquiry. It will not be passed on to third parties.

  1. Legal basis for the processing of personal data

    The legal basis for the processing of personal data with your consent is Art. 6 para. 1 sentence 1 lit. b DSGVO.
    The legal basis for the processing of personal data when communicating by email is Art. 6 (1) 1 lit. f GDPR.

    If the processing of personal data serves the purpose of concluding a contract by email or via a form, Art. 6 (1) 1 lit. b GDPR is the legal basis.

  2. Purpose of processing personal data

The purpose of processing personal data collected via the contact form or by email is to process the sender's request. The additional personal data collected is used to prevent the misuse of forms and to ensure the information security of the controller's systems. The legal basis for processing the information is Art. 6 (1) (1) (f) GDPR.

  1. Data erasure and storage duration

    The personal data of the data subject will be deleted as soon as the purpose for which it was collected or otherwise processed no longer applies. For personal data from the contact form and/or sent by email, this is the case when the respective communication with the user has ended. The communication is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

  2. Right to object and right to erasure

    The user can revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, communication cannot be continued.
    All personal data stored in the course of establishing contact will be deleted in this case.

VIII. Use of Salesforce CRM

  1. Description and scope of personal data processing

    The controller uses the customer relationship management system (CRM system) of the provider Salesforce (Salesforce). Salesforce.com is a service provided by Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. The controller uses Salesforce to process enquiries from website users, customers and prospects more quickly and efficiently. Salesforce uses this data only for the technical processing of the enquiries and does not pass it on to third parties. To use Salesforce, you must at least provide a correct email address. Pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect additional data (name, address).

Information on data protection at Salesforce can be found in the Salesforce data protection declaration: https://www.salesforce.com/de/company/privacy/.

Salesforce is certified under the EU-U.S. Privacy Shield for the transfer of personal data to the United States. You can find more information about the Privacy Shield here: https://www.privacyshield.gov/. You can view Salesforce's certification here: https://www.privacyshield.gov/list.

  1. Legal basis for the processing of personal data

    The legal basis for the processing of personal data in connection with the use of the Salesforce CRM system is Art. 6 (1) (1) (f) GDPR.

  2. Purpose of processing personal data

    The purpose of using Salesforce is to maintain relationships with customers and prospects quickly and efficiently, as well as to respond to relevant inquiries.

  3. Data erasure and storage period

    We delete CRM data when it is no longer required. We review the necessity every two years. In addition, the statutory archiving obligations apply.

  4. Right to object and right to erasure

    If you do not agree with the processing of your data in the Salesforce systems, we offer you alternative contact options. You can reach us by email, telephone, fax or post.

IX. Use of "Campaign Monitor"

  1. Description and scope of personal data processing

    The controller uses the e-mail marketing system of the provider Campaign Monitor (Campaign Monitor) for e-mail marketing. Campaign Monitor is a service of Campaign Monitor Pty Ltd, Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia. The controller uses Campaign Monitor to process requests from website users, customers and prospects faster and more efficiently, as well as to send newsletters. The e-mail addresses and other data entered during registration are stored by Campaign Monitor on servers in the United States, Australia and Germany. Campaign Monitor offers extensive analysis options for how e-mails are opened and read. These analyses are group-related and are not used by the processor for the individual evaluation of newsletter recipients. According to its own statements, Campaign Monitor can use this data in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch or for statistical purposes to determine which countries the email recipients come from. However, Campaign Monitor does not use our email recipients' data to write to them itself or pass them on to third parties.

    Campaign Monitor has undertaken to comply with the provisions of the GDPR. You can find information on data protection at Campaign Monitor in the Campaign Monitor privacy policy: http://www.campaignmonitor.com/privacy/.

  2. Legal basis for the processing of personal data

The legal basis for the processing of personal data in connection with the use of the email marketing software Campaign Monitor is the recipient's consent to the sending of emails in accordance with Article 6 (1) (a) of the GDPR.

The legal basis for the performance of statistical evaluations and analyses, as well as the recording of consent and registration, is the legitimate interest of the controller in accordance with Article 6(1)(f) GDPR.

  1. Purpose of processing personal data

The purpose of using Campaign Monitor is to answer enquiries from customers and interested parties in a user-friendly, economical and secure manner, as well as to maintain relationships with customers and interested parties quickly and efficiently by sending newsletters.

  1. Data deletion and storage duration

We delete email recipient data if it is no longer required. We review the necessity of this every two years. In addition, the statutory archiving obligations apply.

  1. **Right to object and right to erasure

    If you do not agree to the processing of your data in Campaign Monitor's systems, you can revoke your consent at any time. We offer you alternative contact options. You can reach us by email, telephone, fax or post.

X. Application by post, application form and application by email contact

  1. Description and scope of personal data processing

During the application process, the controller processes the personal data of applicants (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) to the extent necessary to make a decision regarding the establishment of an employment relationship. The processing may be carried out by physical or electronic means. In particular, electronic processing takes place when an applicant submits their application documents to the data controller by electronic means, for example by email or via an online application form.

If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of implementing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract, if the applicant rejects a job offer, withdraws his application, revokes his consent or requests the controller to delete his data, the application documents will be automatically deleted two months after notification of the decision to discontinue, provided that no other legitimate interests of the controller conflict with such deletion. Another legitimate interest in this sense, for example, is a duty of proof in proceedings under the General Equal Treatment Act (GETA).

  1. Purpose of processing personal data

    The purpose of the processing is to decide whether to establish an employment relationship. The legal basis for the processing of personal data is § 26 para. 1 BDSG under German law, Art. 6 para. 1 lit. b GDPR. If the controller processes the data on the basis of consent that has been granted, the legal basis for this is Section 26 (2) of the German Federal Data Protection Act (BDSG) under German law, Art. 6 (1) (a) GDPR. Consent can be withdrawn at any time. In certain cases, the controller processes personal data on the basis of a legitimate interest. The legal basis for the processing of personal data is then Art. 6 (1) (b) GDPR.

  2. Data erasure and storage duration

If the controller is unable to make a job offer, the applicant rejects a job offer, withdraws his application, revokes his consent or requests the controller to delete his data, the application documents, including any physical application documents, will be deleted a maximum of six months after completion of the application process, provided that no other legitimate interests of the controller for the processing of the data conflict with such deletion. Another legitimate interest in this sense is, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).

  1. Objection and removal options

    The applicant can revoke his consent to the processing of personal data at any time. If the user contacts the person responsible by email, he can object to the storage of his personal data at any time. In such a case, the application process cannot be continued.

XI. Use of our company profile on LinkedIn

  1. Description and scope of personal data processing

    The controller uses the platform of LinkedIn, Wilton Place, Dublin 2, Ireland, for the company's presence. On our company page, we provide information and offer LinkedIn users the opportunity to communicate and interact with us. If you perform an action on our company page on LinkedIn, it is possible that your personal data will be made public. Information on the processing of your personal data by LinkedIn and on data protection at LinkedIn can be found in LinkedIn's privacy policy, which you can access here: https://privacy.linkedin.com/de-de

  2. Legal basis for the processing of personal data

    The legal basis for the processing of personal data in connection with the use of our company presence on LinkedIn is Art. 6 (1) sentence 1 lit. f GDPR.

  3. Purpose of the processing of personal data

    The purpose of the company presence on LinkedIn is to inform LinkedIn users about the products and services of the controller. In doing so, each user is free to publish personal data through activities.

  4. Data erasure and storage duration

    The controller stores the activities and personal data published via LinkedIn until consent is withdrawn. In addition, the controller complies with the statutory retention periods.

  5. Right to object and right to erasure

    You can object to the processing of your personal data by the controller in the context of using the company's presence on LinkedIn at any time and assert your rights as a data subject.

    LinkedIn offers the option of managing the settings for the processing of personal data by LinkedIn at https://www.linkedin.com/psettings/.

XII. Use of our company profile on Xing

  1. Description and scope of the processing of personal data

    The controller uses the platform of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany, for its company presence. We provide information on our company presence and offer Xing users the opportunity to communicate and interact with us. If you carry out an action on our company presence on Xing, it is possible that your personal data will be made public. Information on the processing of your personal data by Xing and on data protection at Xing can be found in Xing's data protection policy, which you can access here: https://privacy.xing.com/de

  2. Legal basis for the processing of personal data

    The legal basis for the processing of personal data in connection with the use of our company presence on Xing is Art. 6 (1) sentence 1 lit. f GDPR.

  3. Purpose of processing personal data

    The purpose of the company's presence on Xing is to inform Xing users about the products and services of the data controller. In doing so, each user is free to publish personal data through their activities.

  4. Data erasure and storage duration

    The controller stores the activities and personal data published via Xing until consent is withdrawn. In addition, the controller complies with the statutory retention periods.

  5. Right to object and to erasure

    You can object to the processing of your personal data by the controller in the context of the use of the company's presence on Xing at any time and assert your rights as a data subject.

    Xing SE provides information about the processing of personal data by Xing SE at https://privacy.xing.com/de/datenschutzerklaerung.

XIII. Use of YouTube

  1. General

    cloudworx GmbH, Hohenlindener Str. 1, 81677 Munich, is responsible for the content of the YouTube videos embedded on this website and this YouTube channel.

  2. Description and scope of the processing of personal data

    The controller uses the YouTube platform, a service provided by Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, to play videos.

For embedding YouTube videos on our website, we use the option provided by YouTube for what is known as advanced data protection mode. When you start the embedded video, a connection is established to the YouTube servers, which can trigger further data processing operations. According to information from Google, YouTube videos can be embedded with advanced data protection mode without cookies being set to capture user behaviour. Usage behaviour is therefore not monitored in order to personalise video playback. Instead, video recommendations are based on the video currently being played. Videos played in advanced privacy mode in an embedded player do not affect which videos are recommended to a user on YouTube.

When videos are accessed on our website or our YouTube channel, personal data is processed by YouTube as the data controller, e.g. through the use of cookies. Processing may also take place for users of our pages or our YouTube channel if these users are not logged in or registered with YouTube. Information about data collection and further processing by YouTube can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Google's transfer of personal data to the United States is certified under the EU-U.S. Privacy Shield. Further information about the Privacy Shield can be found here: https://www.privacyshield.gov/. You can view Google's certification here: https://www.privacyshield.gov/list.

  1. Legal basis for the processing of personal data

    The legal basis for the processing of personal data in connection with the use of the web analysis service Google Analytics is Art. 6 (1) (1) (f) GDPR.

  2. Purpose of the processing of personal data

    The purpose of using videos on our website and on our YouTube channel is to inform users of our website and users of YouTube about the products and services of the data controller.

  3. Data erasure and storage duration

    The cookies on our website have a maximum lifespan of 90 days. We have no information about the deletion and storage duration of cookies on YouTube.

  4. Objection and removal options

    You can permanently object to the use and storage of "conversion cookies" or the comparable technology used instead of cookies and cross-device remarketing/targeting by deactivating the option for personalised advertising in your Google account: https://adssettings.google.com/authenticated?hl=de.

Information on data protection at Google can be found in the Google Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de.

XIV. Use of web analysis and advertising tools – Google Analytics

  1. Description and scope of personal data processing

The controller uses the web analysis service Google Analytics (with anonymisation function), a service provided by Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymisation on this website, your IP address will be truncated by Google within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the whole IP address be first transferred to a Google server in the USA and truncated there. On behalf of the controller, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Google is certified under the EU-U.S. Privacy Shield for the transfer of personal data to the United States. You can find more information about the Privacy Shield here: https://www.privacyshield.gov/. You can view Google's certification here: https://www.privacyshield.gov/list.

  1. Legal basis for the processing of personal data

    The legal basis for the processing of personal data in connection with the use of the web analysis service Google Analytics is Art. 6 (1) (1) (f) GDPR.

  2. Purpose of the processing of personal data

    The purpose of using Google Analytics is to analyse the use of the controller's website and to be able to regularly improve it. The statistics obtained enable the controller to address its target groups better and to make the website more interesting for users.

  3. Data deletion and storage duration

    The user data collected by the controller via cookies is automatically deleted after 26 months.

  4. Right to object and opt out

    You can object to the collection and processing of your data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

    Information on data protection at Google can be found in the Google data protection declaration: https://policies.google.com/privacy?hl=de&gl=de

XV. Use of tools for web analysis and advertising – Google (re)marketing services

  1. Description and scope of the processing of personal data

The controller uses the marketing and remarketing services (Google Marketing Services) of the provider Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 on its website.
Google Marketing Services allow the controller to better target ads for its website in order to show users only ads that potentially match their interests. For example, if a user is shown ads for products in which he has shown an interest on other websites, this is referred to as "remarketing". For these purposes, when the data controller's website and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content they have shown an interest in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit duration and other information about the use of the online offer. The user's IP address is also recorded. In the context of Google Analytics, we would like to point out that the IP address is shortened within member states of the European Union or in other states that are party to the Agreement on the European Economic Area and only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address is not merged with the user's personal data within other Google services. Google may also combine the above information with information from other sources. If the user then visits other websites, they may be shown ads tailored to their interests.

User data is processed pseudonymously as part of Google Marketing Services. Google does not store and process, for example, the names or email addresses of users, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. This means that, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the United States.

The Google marketing services used by the controller also include the online advertising programme "Google AdWords". In the case of Google AdWords, each AdWords customer receives an individual "conversion cookie". Cookies cannot therefore be tracked via the websites of AdWords customers. The information collected by cookies is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are informed of the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive any information that could be used to personally identify users.

Further information on the use of data for advertising purposes by Google can be found on this overview page: https://policies.google.com/technologies/ads.

Google is certified under the EU-U.S. Privacy Shield for the transfer of personal data to the United States and thus offers a guarantee of compliance with European data protection law. You can find more information about the Privacy Shield here: https://www.privacyshield.gov/. You can view Google's certification here: https://www.privacyshield.gov/list.

  1. Legal basis for the processing of personal data

The aggregation of the collected data in a user's Google account is based solely on the consent that the user has given to Google, which can be revoked at any time (Art. 6 para. 1 lit. a DSGVO). For processing that is not merged into the user's Google Account (e.g., because the user does not have a Google Account or has objected to the merge), the collection of data is based on Art. 6 (1) (f) GDPR. The legitimate interest arises from the fact that the controller has an interest in the anonymised analysis of website visitors for advertising purposes.

  1. Purpose of processing personal data

    The purpose of using Google Analytics Remarketing is the controller's legitimate interest in analysing user behaviour in order to optimise its website and advertising. The statistics obtained enable the controller to address its target groups more effectively and to make the website more interesting for users.

  2. Data erasure and storage duration

Cookies have a lifespan of a maximum of 90 days.

  1. Objection and removal options

    You can permanently object to the use and storage of "conversion cookies" or the comparable technology used instead of cookies and cross-device remarketing/targeting by deactivating the option for personalised advertising in your Google account: https://adssettings.google.com/authenticated?hl=de.

Information on data protection at Google can be found in the Google Data Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de.

XVI. Use of web analysis and advertising tools – Facebook, Custom Audiences and Facebook marketing services

  1. Description and scope of personal data processing

    The controller uses the so-called "Facebook pixel" and other marketing services of the social network Facebook, which is operated by the provider Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on its website.

    With the help of the Facebook pixel, Facebook can determine visitors to the controller's online offering as a target group for the display of ads (so-called "Facebook ads"). The controller uses the Facebook pixel to display the Facebook ads placed by it only to Facebook users who have also shown an interest in its online offering or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that the controller has transmitted to Facebook (so-called "custom audiences"). With the help of Facebook pixels, the data controller can ensure that its Facebook ads match the potential interest of users and are not perceived as annoying. With the help of the Facebook pixel, the controller can also track the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to the website after clicking on a Facebook ad (a so-called "conversion").

    The Facebook pixel is integrated directly by Facebook when our websites are accessed and can store a so-called cookie on your device. If you then log in to Facebook or visit Facebook while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous to the person responsible, so it does not provide us with any information about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook for its own market research and advertising purposes. If the data controller transmits data to Facebook for matching purposes, this data is encrypted locally in your browser and only then transmitted to Facebook via a secure https connection. This is done only for the purpose of matching it with the data that is also encrypted by Facebook.

Furthermore, when using Facebook pixels, the controller uses the additional function "extended matching", whereby data for creating target groups ("Custom Audiences" or "Look Alike Audiences") is transmitted to Facebook in encrypted form. Further information and details on how the advanced matching works can be found in the Facebook Business help section: https://www.facebook.com/business/help/611774685654668.
Furthermore, the controller uses the "Custom Audiences from File" process offered by Facebook. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used to determine the recipients of the data controller's Facebook ads. The data controller would like to ensure that the ads are only displayed to users who are interested in the data controller's information and services.

Facebook is certified under the EU-U.S. Privacy Shield for the transfer of personal data to the United States and thus offers a guarantee of compliance with European data protection law. Further information about the Privacy Shield can be found here: https://www.privacyshield.gov/. Facebook's certification can be viewed here: https://www.privacyshield.gov/list.

  1. Legal basis for the processing of personal data

    The use of Facebook Pixel and the storage of "conversion cookies" is based on Art. 6 para. 1 lit. f DSGVO. The controller has a legitimate interest in analysing website visitors and optimising its advertising.

  2. Purpose of the processing of personal data

The purpose of using Facebook Marketing services is the controller's legitimate interest in analysing, optimising and efficiently operating its online services and its interest in optimising its advertising.

  1. Data erasure and storage duration

    The cookies have a maximum lifespan of 90 days.

  2. Objection and removal options

    You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To control what types of ads you see on and off Facebook, as well as on websites and apps used outside of Facebook, you can customise your ad settings here: https://www.facebook.com/help/109378269482053?helpref=hc_global_nav.

Information on data protection at Facebook can be found in the Facebook Data Policy https://www.facebook.com/policy.php

Further information and details on how the Facebook pixel works can be found in the Facebook Business help section: https://www.facebook.com/business/help/651294705016616.

XVII. Use of Adobe Fonts

  1. Description and scope of personal data processing

    We use Adobe Fonts for the visual design of our website. Adobe Fonts is a service provided by Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; hereinafter "Adobe"), which grants us access to a font library. To integrate the fonts we use, your browser must establish a connection to an Adobe server in the United States and download the font required for our website. This informs Adobe that our website has been accessed from your IP address.

Further information about Adobe Fonts can be found in Adobe's privacy policy, which you can access here: https://www.adobe.com/de/privacy/policy.html

Adobe is certified under the EU-U.S. Privacy Shield for the transfer of personal data to the United States. Further information about the Privacy Shield can be found here: https://www.privacyshield.gov/. You can view Adobe's certification here: https://www.privacyshield.gov/list.

  1. Legal basis for the processing of personal data

    The legal basis for the processing is Art. 6 (1) (1) (f) GDPR. The legitimate interest lies in a visually appealing and error-free functioning of the website.

  2. Purpose of the processing of personal data

The purpose of using Adobe Fonts is to enable the user's browser to display the texts of the website in an optimised way. If the user's browser does not support an optimised display, a standard font of the user's computer will be displayed.

  1. Data erasure and storage duration

The controller has no information about the storage duration of the data transferred to Adobe.

  1. Right to object and opt out

    You can configure your browser so that fonts are not loaded from Adobe servers. If the user's browser does not support the use of Adobe fonts or you prevent access to the Adobe servers, the text on our website will be displayed in the system's default font.

XVIII. Use of the Hotjar tool for web analysis purposes

  1. Description and extent of the processing of personal data

    This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

    Hotjar is a tool for analysing your user behaviour on this website. Hotjar's technology helps us to better understand our users' experiences (e.g. how much time users spend on which pages, which links they choose to click, what users do and don't like, etc.) and this helps us to build our service with user feedback. With Hotjar, we can, among other things, record your mouse and scroll movements and clicks. Hotjar can also determine how long you remained with the mouse pointer in a certain place. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are preferred by the website visitor.

    Furthermore, we can determine how long you stayed on a page and when you left it.

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function is used to improve the website operator's web offerings.

  1. Legal basis for the processing of personal data

Hotjar and the storage of Hotjar cookies are based on Art. 6 para. 1 lit. f DSGVO. As the website operator, we have a legitimate interest in analysing user behaviour in order to optimise our website. Since the corresponding consent has been requested (consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) point a GDPR; consent can be revoked at any time.

  1. Data erasure and storage duration

    The controller has no information about the storage duration of the data transmitted to Google.

  2. Right to object and opt out

Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offer more user-friendly, effective and secure. In particular, these cookies can be used to determine whether this website has been visited with a specific device or whether the Hotjar functions have been disabled for the browser in question. Hotjar cookies remain on your device until you delete them.

You can adjust the settings on your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies in certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

If you wish to disable Hotjar's data collection, please click on the following link and follow the instructions provided there: https://www.hotjar.com/legal/policies/do-not-track/
Please note that Hotjar must be disabled separately for each browser or for each end device.

For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

XIX. Use of Google Tag Manager

  1. Description and scope of personal data processing

    The controller uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager allows website tags from Google and other providers to be managed and integrated into our online presence. With the help of Google Tag Manager, small code elements, so-called tags, are placed on websites. Tags are used by Google Analytics, among other things, to measure visitor behaviour, optimise online advertising and test and optimise the alignment of the website. The Google Tag Manager itself does not set any cookies, only tags, and does not collect any personal data. When the Google Tag Manager is executed, the user's IP address is transmitted to Google. Further information about the Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google's privacy policy: https://policies.google.com/privacy?hl=de

  2. Legal basis for the processing of personal data

    The legal basis for the processing of users' personal data is the user's consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO and the legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f. DSGVO.

  3. Purpose of the processing of personal data

The purpose of using Google Tag Manager is to analyse and regularly improve the use of the controller's website with the help of Google Analytics. The statistics obtained enable the controller to address its target groups better and to make the website more interesting for users.

  1. **Right to object and right to erasure

    The Google Tag Manager triggers other tags that may in turn collect data. The Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with the Google Tag Manager. Further information can be found here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

XX. Use of Google Workspace

  1. Description and scope of personal data processing

The controller uses the Google Workspace provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043. Google Workspace is software that is accessible via the internet and runs on Google's servers (cloud service, software as a service). When using Google Workspace, personal data may be processed and stored on Google's servers if it is part of the communication with us or from us. This data may include, in particular, master data and contact data of users, data on processes, other processes and the content of communication. Google also processes usage data and metadata to ensure the security of and to optimise the service. Further information on data protection and the security of processing at Google Workspace can be found here: https://cloud.google.com/product-terms.

  1. Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is the user's consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, pre-contractual enquiries and the fulfilment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b. DSGVO as well as the legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f. DSGVO.

  1. Purpose of processing personal data

    The controller uses Google Workspace to organise its business activities. This includes, among other things, the following processing purposes: storage and management of documents in the cloud, management of appointments, contacts and calendars, sending and receiving e-mails, spreadsheets, presentations, sharing documents, content and information with specific recipients, publishing forms or other content and information, conducting chats and participating in audio and video conferences.

  2. Data erasure and storage duration

    Personal data are erased or blocked as soon as the purpose of storage no longer applies. Storage beyond this period is possible if this is provided for by European or national legislators in EU regulations, laws or other provisions to which we are subject. Blocking or deletion of the data also occurs when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

  3. Right to object and right to erasure

    You have the right to withdraw your consent to the processing of personal data and to object to the storage of your personal data at any time. In such a case, communication and the customer relationship may not be continued.

XXI. Use of Matomo (formerly Piwik)

  1. Description and scope of the processing of personal data

The controller uses the software "Matomo" (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo enables the anonymised analysis of user behaviour on the website. The following data is stored: the user's IP address, shortened by the last two bytes (anonymised); the page accessed and the time of access; the page from which the user accessed our website (referrer); which browser with which plugins, which operating system and which screen resolution are used; the time spent on the website; the pages that are accessed from the subpage visited. The data collected using Matomo is stored on our own servers. It is not passed on to third parties.

  1. Legal basis for processing personal data

    The legal basis for processing users' personal data is the legitimate interest according to Art. 6 para. 1 sentence 1 lit. f. DSGVO.

  2. Purpose of processing personal data

The controller requires the data in order to analyse the surfing behaviour of users and to obtain information about the use of the individual components of the website. This enables the controller to constantly optimise the website and its user-friendliness. These purposes constitute the legitimate interest in accordance with Art. 6 (1) point f GDPR. By anonymising the data, the controller takes into account the interests of users in the protection of personal data. The data is never used to personally identify the user of the website and is not merged with other data.

  1. Data deletion and storage duration

    The personal data is deleted after 12 months and summarised in monthly reports without personal reference.

  2. Objection and removal options

    You have the option at any time to revoke your consent to the processing of personal data and to object to the storage of your personal data. You can:
    a) activate the "Do-not-Track" setting in your browser. The Matomo system is configured to respect this setting.
    b) create an opt-out cookie with a single click below that is valid for two years. This will prevent Matomo from registering your further visits. Please note, however, that the opt-out cookie will be deleted if you delete all cookies.

XXII. Use of Friendly Captcha

  1. Description and scope of personal data processing

Our website uses the "Friendly Captcha" service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is a privacy-friendly protection solution that protects our website from automated programs and scripts (so-called "bots").
When using our forms, your browser receives an arithmetic task from Friendly Captcha. Your device solves this task and sends the result to our web server. We then check with Friendly Captcha via an interface to see if the task has been solved correctly.

  1. Legal basis for processing personal data

The use of Friendly Captcha is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, to protect our website from abusive access and spam.

  1. Purpose of processing personal data

Friendly Captcha attaches great importance to data protection and the data is used exclusively for checking against spam:
a) No HTTP cookies are used
b) No permanent storage of data in the browser
c) IP addresses are anonymised using one-way hashing
d) Data is not used to identify individuals or for marketing purposes

  1. Data deletion and storage duration

    No personal data is stored. The data collected is deleted immediately after the form is sent.

  2. Objection and removal option

    You have the option to prevent the actions you take here from being analysed by disabling Javascript. This will protect your privacy, but will also disable many of the website's features.

XXIII. Use of Leadinfo

  1. Description and scope of personal data processing

Our website uses the "Leadinfo" service provided by Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJsel, Netherlands. This service recognises visits to our website by companies on the basis of IP addresses and shows us publicly available information about them, such as company names or addresses. Further information can be found at leadinfo.com.

  1. Legal basis for the processing of personal data

We use Leadinfo on the basis of our legitimate interests in accordance with Article 6(1)(f) GDPR in order to qualify our leads.

  1. Purpose of the processing of personal data

Leadinfo attaches great importance to data protection and the data is used exclusively to check publicly available information:
a) No HTTP cookies are used
b) No persistent storage of data in the browser
c) Data is not used to identify individuals or for marketing purposes

  1. Data erasure and storage duration

No personal data is stored. The data collected is deleted immediately after the IP has been checked.

  1. Right to object and opt out

On this page: leadinfo.com/de/opt-out you have an opt-out option. If you opt out, your data will no longer be collected by Leadinfo.

XXIV. Details of the cookies used