Datenschutzerklärung

Globex Security GmbH
Giessener Strasse 110
35415 Pohlheim, Deutschland

Geschäftsführer: Wladimir Schneider

Telefon: +49 173 9777337

E-Mail: info@globexsecurity.de

Web: www. globexsecurity.de

VAT ID No.: DE

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Types of processed data:

– Inventory data (e.g., names, addresses).
– Contact details (e.g., email, phone numbers).
– Content data (e.g., text inputs, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects:

Visitors and users of the online offer (hereinafter, we also collectively refer to the data subjects as „users“).

Purpose of processing:

– Provision of the online offer, its functions, and contents.
– Responding to contact inquiries and communicating with users.
– Security measures.
– Range measurement/marketing.

Terms used

„Personal data“ are all information relating to an identified or identifiable natural person (hereinafter referred to as the „data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

„Processing“ means any operation or set of operations performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

„Pseudonymization“ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

„Profiling“ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The „controller“ is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

„Processor“ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Relevant Legal Bases

In accordance with Art. 13 of the GDPR, we inform you about the legal bases of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and perform contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Security Measures

In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability, and their separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, data deletion, and response to data breaches. We also consider data protection already in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Cooperation with Processors and Third Parties

If, in the course of our processing, we disclose data to other individuals and companies (processors or third parties), transmit them to them, or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we engage third parties to process data on the basis of a so-called „data processing agreement,“ this is done on the basis of Art. 28 GDPR.

1. Data Collection on this Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the „Responsible Party“ section of this privacy policy.

How do we collect your data?

Your data is collected, in part, by you providing it to us. This may include data entered into a contact form, for example. Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily consists of technical data (such as internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For this and for other questions regarding data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When visiting this website, your surfing behavior may be statistically analyzed. This is primarily done with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

Commercial Register: Local Court / HRB
VAT ID No.: DE

Phone: +49 (0)
Email: info@xxxxxxxxxx.de

For details, please refer to the privacy policy: https://www.xxxxxxxx.de/

The use of

PROVIDER

is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing will be carried out solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, to the extent that consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data Processing

We have entered into a contract for data processing (DPA) for the use of the aforementioned service. This is a legally required contract that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the internet (e.g., communication by e-mail) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Responsible Party

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

The responsible party for data processing on this website is:

Globex Security GmbH

Managing Director: Wladimir Schneider

Germany

Phone: +49

Fax: +49

E-mail: info[at]globex-security.de

Storage Period

Unless a specific storage period is mentioned in this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after the cessation of these reasons.

General Notes on the Legal Bases for Data Processing on this Website

If you have consented to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data under Art. 9 para. 1 GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing also occurs based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing additionally occurs based on § 25 para. 1 TTDSG. Consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6 para. 1 lit. c GDPR. Data processing may also occur based on our legitimate interests under Art. 6 para. 1 lit. f GDPR. The relevant legal bases for each specific case are provided in the following paragraphs of this privacy policy.

Note on Data Transfer to Privacy-Insecure Third Countries and Transfer to US Companies not Certified under the EU-US Data Privacy Framework (DPF)

We use tools from companies located in privacy-insecure third countries and US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these states and processed there. We would like to inform you that in privacy-insecure third countries, a level of data protection comparable to the EU cannot be guaranteed.

We would like to note that the USA, as a safe third country, generally maintains a level of data protection comparable to the EU. Therefore, data transfer to the USA is permissible if the recipient is certified under the „EU-US Data Privacy Framework“ (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of Personal Data

In the course of our business activities, we collaborate with various external entities. In some cases, it is necessary to transfer personal data to these external entities. We only disclose personal data to external entities if it is necessary for contract fulfillment, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest under Art. 6 para. 1 lit. f GDPR in the disclosure, or if another legal basis permits the data transfer. When using processors, we only disclose personal data of our customers based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of data processing carried out prior to the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE RESPECTIVE LEGAL BASIS FOR PROCESSING IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right to Data Portability

You have the right to receive the personal data that we process based on your consent or in fulfillment of a contract, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller, where technically feasible.

Access, Rectification, and Erasure

You have the right, within the framework of applicable legal provisions, to obtain free-of-charge information about your stored personal data, their origin and recipients, the purpose of data processing, and, if applicable, a right to rectification or erasure of these data. For this purpose, as well as for any other questions regarding personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing applies in the following cases:

– If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination, you have the right to request the restriction of the processing of your personal data.
– If the processing of your personal data was/is unlawful, but you oppose deletion and instead request the restriction of data processing.
– If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
– If you have objected pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data may – apart from their storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Promotional Emails

The use of contact data published in the context of the imprint obligation for sending unsolicited advertising and informational materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called „cookies.“ Cookies are small data packets and do not cause any damage to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or automatic deletion by your web browser occurs. Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services). Cookies serve various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used for evaluating user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, for providing certain functions requested by you (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring web audiences) are stored based on Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and similar identification technologies has been requested, processing will be carried out exclusively based on this consent (Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases, to accept cookies for certain cases or to exclude them in general, as well as to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. You can find out which cookies and services are used on this website in this privacy policy.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
– Browser type and browser version
– Operating system used
– Referrer URL
– Hostname of the accessing computer
– Time of the server request

IP address

These data are not merged with other data sources. The collection of this data is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries directed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if this has been requested; consent can be revoked at any time.

The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiries by Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent. The processing of this data is based on Article 6(1)(b) of the GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries directed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if this has been requested; consent can be revoked at any time.

The data sent to us by you via contact inquiries will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

6. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered into the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, email address, and their use for sending the newsletter at any time, for example, via the „Unsubscribe“ link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and they will be deleted from the newsletter distribution list after you unsubscribe or the purpose for storage no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Data stored for other purposes by us remains unaffected by this. After you have been removed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in compliance with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

7. Plugins and Tools

Google Fonts (Local Hosting)

This site uses so-called Google Fonts provided by Google for the uniform presentation of fonts. The Google Fonts are installed locally. There is no connection to Google servers. For more information about Google Fonts, please visit: https://developers.google.com/fonts/faq and the Google Privacy Policy: https://policies.google.com/privacy?hl=en

Font Awesome (Local Hosting)

This site uses Font Awesome for the uniform display of fonts. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers. For more information about Font Awesome, please refer to the Font Awesome Privacy Policy: https://fontawesome.com/privacy

Google reCAPTCHA

We use „Google reCAPTCHA“ („reCAPTCHA“) on this website. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is used to check whether the data entered on this website (e.g., in a contact form) is being entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of website visit, mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. The storage and analysis of the data are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings against abusive automated spying and spam. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please see Google’s Privacy Policy and Terms of Service at the following links:
https://policies.google.com/privacy?hl=en and
https://policies.google.com/terms?hl=en

The company has been certified under the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the United States aimed at ensuring compliance with European data protection standards for data processing in the United States. Each company certified under the DPF undertakes to comply with these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter „Wordfence“). Wordfence is used to protect our website against unauthorized access or malicious cyber attacks. To achieve this, our website establishes a permanent connection to Wordfence servers so that Wordfence can synchronize its databases with the accesses made on our website and block them if necessary. The use of Wordfence is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective protection of its website against cyber attacks. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a data protection contract required by law, which ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Source: https://www.e-recht24.de

To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents, we use the Consent Tool „Complianz“.

Provider: Complianz B.V.
Kalmarweg 14-5
9723JG Groningen
Netherlands

Email: support@complianz.io
Phone number: +31502112779

You can find details on how it works at:

Imprint

and

Cookie policy

The legal basis for processing personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies and related consents.

Providing personal data is neither contractually required nor necessary for entering into a contract. You are not obligated to provide personal data. If you do not provide personal data, we cannot manage your consents.

Business-related Processing

In addition, we process:
– Contract data (e.g., subject matter of the contract, duration, customer category).
– Payment data (e.g., bank details, payment history)
from our customers, prospects, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.

Order Processing in the Online Shop and Customer Account

We process the data of our customers within the framework of the ordering process in our online shop to enable them to select and order the chosen products and services, as well as to make payment and deliver or execute them.

The processed data includes inventory data, communication data, contract data, payment data, and the persons affected by the processing are our customers, prospects, and other business partners. The processing is carried out for the purpose of providing contractual services within the operation of an online shop, billing, delivery, and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

The processing is based on Art. 6 para. 1 lit. b (performance of order transactions) and c (legally required archiving) GDPR. The data marked as required is necessary for the establishment and fulfillment of the contract. We only disclose the data to third parties within the scope of delivery, payment, or within the framework of legal permissions and obligations to legal advisors and authorities. The data is processed in third countries only if it is necessary for the fulfillment of the contract (e.g., upon customer request for delivery or payment).

Users can optionally create a user account, where they can view their orders, among other things. During registration, users are informed about the required mandatory information. User accounts are not public and cannot be indexed by search engines. When users have terminated their user account, their data related to the user account will be deleted, subject to retention being necessary for commercial or tax reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account will remain until deletion with subsequent archiving in the event of a legal obligation. It is the users‘ responsibility to secure their data before the end of the contract upon termination.

As part of registration, re-registration, and use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests, as well as the users‘ interest in protection against misuse and other unauthorized use. These data are not generally passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.

Deletion occurs after the expiry of statutory warranty and comparable obligations; the necessity of data retention is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiry (end of commercial (6 years) and tax (10 years) retention obligation).

Contractual Services

We process the data of our contractual partners, interested parties, and other clients, customers, principals, clients, or contractual partners (collectively referred to as „contractual partners“) in accordance with Art. 6 para. 1 lit. b GDPR to provide them with our contractual or pre-contractual services. The data processed in this context, the nature, scope, and purpose and necessity of their processing, are determined by the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers), as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).

We generally do not process special categories of personal data unless they are part of a commissioned or contractually agreed processing.

We process data that are necessary for the establishment and fulfillment of contractual services and point out the necessity of their disclosure if this is not evident to the contractual partners. Disclosure to external persons or companies only takes place if it is necessary within the framework of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.

As part of the use of our online services, we can store the IP address and the time of the respective user action. Storage is based on our legitimate interests, as well as the interests of users in protecting against misuse and other unauthorized use. These data are generally not passed on to third parties, unless it is necessary to pursue our claims in accordance with Art. 6 para. 1 lit. f. GDPR or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c. GDPR.

The deletion of the data takes place when the data are no longer required for the fulfillment of contractual or legal duties of care and for handling any warranty and comparable obligations, whereby the necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

Administration, Financial Accounting, Office Organization, Contact Management

We process data within the framework of administrative tasks and organization of our business, financial accounting, and compliance with legal obligations, such as archiving. Here, we process the same data that we process within the scope of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. The processing concerns customers, interested parties, business partners, and website visitors. The purpose and our interest in processing lie in administration, financial accounting, office organization, archiving of data, i.e., tasks that serve to maintain our business activities, perform our tasks, and provide our services. The deletion of data in terms of contractual services and contractual communication corresponds to the specifications mentioned for these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, we store on the basis of our business interests, information about suppliers, organizers, and other business partners, e.g., for later contact. We generally store this predominantly company-related data permanently.

Business Analysis and Market Research

In order to operate our business economically, to recognize market trends, wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata based on Art. 6 para. 1 lit. f. GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors, and users of our online offer.

The analyses are carried out for the purpose of business evaluations, marketing, and market research. We can take into account the profiles of registered users with information, e.g., on the services they have used. The analyses serve us to increase user-friendliness, to optimize our offer and business efficiency. The analyses are for our own use and are not disclosed externally unless they are anonymous analyses with summarized values.

If these analyses or profiles are personal, they will be deleted or anonymized upon termination by the users, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend determinations are created anonymously where possible.

Data Protection Information in the Application Process

We only process applicant data for the purpose and within the scope of the application process in accordance with legal requirements. The processing of applicant data takes place to fulfill our (pre-)contractual obligations within the framework of the application process in accordance with Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR, if data processing, e.g., within the scope of legal procedures, becomes necessary for us (in Germany, additional legal basis: § 26 BDSG).

The application process requires applicants to provide us with their application data. The necessary applicant data, if we offer an online form, result from the job descriptions, otherwise they are indicated and essentially include personal details, postal and contact addresses, and the documents belonging to the application, such as cover letter, CV, and certificates. In addition, applicants can voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope outlined in this privacy policy.

If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g., health data, if these are necessary for the exercise of the profession). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g., health data, if these are necessary for the exercise of the profession).

If provided, applicants can submit their applications to us via an online form on our website. The data will be transmitted to us encrypted according to the state of the art.

Applicants can also send us their applications by email. However, please note that emails are generally not encrypted when sent and applicants must ensure encryption themselves. We cannot therefore assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or postal dispatch. Instead of applying via the online form and email, applicants still have the option of sending us the application by post.

The data provided by applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicant data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

Deletion takes place, subject to a justified revocation by the applicant, after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Registration Function

Users can create a user account. As part of the registration, the necessary mandatory information is communicated to the users and processed on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the user account. The processed data includes, in particular, login information (name, password, and an email address). The data entered during registration will be used for the purpose of using the user account and its purpose.

Users can be informed by email about information relevant to their user account, such as technical changes. If users have terminated their user account, their data related to the user account will be deleted, subject to a legal retention obligation. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all data stored by the user during the term of the contract.

As part of the use of our registration and login functions, as well as the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests, as well as the users‘ interest in protection against misuse and other unauthorized use. These data are generally not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c. GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.

Contact

When contacting us (e.g., via contact form, email, telephone, or via social media), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b. (within the framework of contractual/pre-contractual relationships), Art. 6 para. 1 lit. f. (other inquiries) GDPR. The user’s details may be stored in a Customer Relationship Management System („CRM System“) or similar request organization.

We delete inquiries if they are no longer necessary. We review the necessity every two years; Furthermore, the statutory archiving obligations apply.

Google Analytics

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analytics service provided by Google LLC („Google“). Google uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering, and to provide us with further services associated with the use of this online offering and the internet usage. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on data usage by Google, settings, and opt-out options, please see Google’s privacy policy (https://policies.google.com/technologies/ads) and Google’s ad settings (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymized after 14 months.

Google Universal Analytics

We use Google Analytics in the form of „Universal Analytics.“ „Universal Analytics“ refers to a Google Analytics feature that allows user analysis based on a pseudonymous user ID, creating a pseudonymous profile of the user with information from the use of various devices (so-called „cross-device tracking“).

Audience targeting with Google Analytics

We use Google Analytics to display ads within Google’s and its partners‘ advertising services only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interest in specific topics or products, determined based on visited websites), which we transmit to Google (so-called „remarketing,“ or „Google Analytics audiences“). With the help of remarketing audiences, we also aim to ensure that our ads correspond to the potential interests of users.

Google AdSense with personalized ads

We use the AdSense service to display ads on our website and to receive compensation for their display or other use. For these purposes, usage data, such as ad clicks and users‘ IP addresses, are processed, with the IP address being shortened by the last two digits. Therefore, the processing of users‘ data is pseudonymized.

We use AdSense with personalized ads. Google draws conclusions about the interests of users based on the websites visited or apps used by users and the user profiles created as a result.

Advertisers use this information to target their campaigns to these interests, which is beneficial for both users and advertisers alike. Ads are personalized for Google when captured or known data determine or influence ad selection. This includes, among other things: demographic targeting, interest category targeting, remarketing, and targeting on customer match lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.

Google AdWords and conversion tracking

We use the online marketing process Google „AdWords“ to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads within and outside our online offering more targeted to users, showing ads only to users that potentially match their interests. For example, if a user is shown ads for products they have shown interest in on other online offerings, this is referred to as „remarketing.“ For these purposes, when our and other websites where the Google advertising network is active are accessed, Google runs a code and incorporates so-called (re)marketing tags (invisible graphics or code, also known as „web beacons“) into the website. With their help, an individual cookie, i.e., a small file, is stored on the user’s device (instead of cookies, comparable technologies can also be used). This file records which websites the user visited, which content they are interested in, which offers the user clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and other information about the use of the online offering.

Furthermore, the user receives an individual „conversion cookie.“ The information collected with the help of the cookie is used by Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that personally identifies users.

The user’s data is processed pseudonymously within the framework of the Google advertising network. This means that Google does not store and process the names or email addresses of users, but processes the relevant data cookie-based within pseudonymous user profiles. From Google’s perspective, ads are not managed and displayed for a specifically identified person but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.

Source: Data protection generator.de by RA Dr. Thomas Schwenke