codafish ><> GmbH
CEO: Andreas Wroblewski, Timo Müller
Am Altenfeldsdeich 56
25371 Seestermühe
Germany
Phone: +1 888 926323
E-Mail: hello@codafish.net
Website: http://codafish.net/en
Chapter III of the EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects (e.g. visitors to this website, customers, suppliers, subcontractors, business partners or applicants), which we explain below with regard to the processing of personal data (the explanatory texts can be opened by clicking on the gray buttons). The rights apply to all so-called "data subjects" (the GDPR refers to identified or identifiable natural persons, see explanation above, i.e. visitors to the website, customers, etc.). These rights therefore apply to all data protection information provided below.
This requirement concerns in particular information on the following details of data processing:
We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.
If the processing is no longer necessary and one of the following conditions is met:
Provided that one of the following conditions is met:
If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).
If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
You have the right to withdraw your consent to the processing of personal data at any time.
The following information applies to data processing on our website in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.
We process personal data in accordance with the provisions of the GDPR, depending on the type and purpose of processing, as follows
| Authorization | Requirement of the GDPR |
| Consent | Art. 6 para. 1 lit. a |
| Fulfillment of a contract | Art. 6 para. 1 lit. b |
| Implementation of pre-contractual measures | Art. 6 para. 1 lit. b |
| Fulfillment of legal obligations | Art. 6 para. 1 lit. c |
| Protection of vital interests | Art. 6 para. 1 lit. d |
| Safeguarding our legitimate interest | Art. 6 para. 1 lit. f |
Our legitimate interest as defined in Article 6(1)(f) GDPR is based on the performance of our business activities to maintain our operational capability and to ensure the employment of our employees.
Once the purpose of storage no longer applies, the retention periods are generally at least six or ten years. Data is generally deleted immediately in accordance with our deletion concept, provided that this does not conflict with a retention obligation, necessity for contract fulfillment or a legitimate interest.
We only store your personal data for the period required to fulfill the specified purpose. Once the purpose no longer applies and any retention periods have expired, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.
As soon as you visit our website, our web server collects some general data and technical information - as shown in the following table:
Data collected | Purpose of the survey |
|---|---|
| Browser types and versions used | Correct display of page content |
| Operating system used, visitor origin (referrer, e.g. Google), subpages clicked on | Optimization of our website content and advertising |
| Date and time of access to the website as well as the visitor\'s IP address and internet service provider | Ensuring the permanent functionality of our IT systems (for the operation of the website) and preventing misuse |
Other data and information for security purposes in the event of attacks | Provision of relevant information for law enforcement authorities in the event of a cyber attack |
Under certain circumstances (e.g. due to legal or contractual regulations), you are obliged to provide us with your personal data. Examples of such processing are as follows:
Nature or purpose of the processing | Necessity |
|---|---|
| Conclusion of a purchase contract (e.g. your address) | Fulfillment of the contractual obligation (e.g. delivery of the goods to your address) |
| In the employee context (e.g. transmission of data to the tax office) | Compliance with legal requirements (e.g. tax regulations) |
This website uses tools from companies (1) based in so-called unsafe third countries and/or (2) tools from US companies that are not certified under the EU-US Data Privacy Framework (DPF). Information on the tools used can be found in the text of the data protection information.
(1) If personal data of our website visitors is transferred to third countries that are insecure under data protection law, no level of data protection comparable to that in the EU can be guaranteed there.
(2) A transfer of personal data to the USA is permitted if the recipient of this data is certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees.
If necessary, in deviation from or in addition to the above general information, you will find below details on the individual data processing on our website.
We host this website on our own server. When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.
These are:
- IP address of the website visitor\'s end device,
- device used,
- host name of the accessing computer Operating system of the visitor,
- browser type and version,
- name of the retrieved file,
- time of the server request,
- amount of data and
- information as to whether the retrieval of the data was successful.
This data is not merged with other data sources.
The legal basis for the processing of this data is our legitimate interest (Art. 6 para. 1 f GDPR) in the technically error-free presentation and optimization of this website. If the website is accessed in order to enter into contractual negotiations with us or to conclude a contract, Art. 6 para. 1 b GDPR serves as a further legal basis.
Cookies are either only stored for the duration of a session (session cookies) and then deleted at the end of your visit or permanently (permanent cookies) on your end device until you delete these permanent cookies yourself or they are automatically deleted by your web browser.
Cookies are set either by us (first-party cookies) or by third parties (third-party cookies) to integrate certain services within websites (e.g. cookies to process shopping basket functions, etc.).
Cookies have various functions. Some cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or for advertising purposes.
Cookies that are technically necessary to carry out the electronic communication process or to provide essential contributions to the functioning of the website (e.g. cookies for the shopping cart function) or to optimize the website (e.g. cookies for counting the web audience) are not used. cookies for counting the web audience), the website operator has a legitimate interest in the error-free and optimized provision of its service (Art. 6 para. 1 lit. f GDPR).
Insofar as cookies and comparable recognition technologies are used to evaluate user behavior or for advertising purposes, the processing is based on the consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) of the website visitor. This consent can be revoked at any time. We use a consent banner on our website for this required consent. Cookies and comparable recognition technologies are only set by our website after you have given your consent. If you reject the setting of cookies or comparable recognition technologies via the consent banner, our website will not use these technologies.
Please note that your browser can be set to inform you about the setting of cookies. Deactivating cookies may result in the functionality of this website being restricted in individual cases.
The cookies and other services integrated into this website are described in the text of the following data protection information.
Your preferences for cookies and other services on this website can be changed at any time by clicking on the button at the bottom left of the website (Adjust cookie settings).
| Purpose of the processing | Hosting the website |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR) |
| Recipient, if applicable (in case of forwarding) | Automattic Inc; 60 29th Street #343, San Francisco, CA 94110, United States of America |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | United States of America |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, log files, page view, interaction data |
| Change of purpose, if applicable | none |
| Data protection information of the addin | https://wordpress.org/about/privacy/ |
| Purpose of the processing | Optimization, website security, improving the service, reducing bandwidth usage |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR) |
| Recipient, if applicable (in case of forwarding) | Cloudflare Inc. 101 Townsend St., San Francisco, CA 94107, United States of America We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | United States of America The data transfer is based on the standard contractual clauses of the EU Commission. Cloudflare, Inc. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Necessity due to safety standards |
| Consequences of non-compliance (failure to provide the required data) | Gff. not all functions of the website are accessible without barriers. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, system configuration information, name of the website, date and time of the request, name and URL of the file retrieved, amount of data transferred, status information, device operating system, referrer URL, requesting provider, device type, time of the server request |
| Change of purpose, if applicable | none |
| Purpose of processing | Code error detection |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use of Sentry is in the interest of the error-free functioning of your own website, otherwise consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient (if applicable) | Functional Software Inc. dba Sentry 45 Fremont Street 8th Floor San Francisco CA 94105 United States of America security@sentry.io https://sentry.io/privacy/ We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Functional Software Inc. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | Data are deleted as soon as they are no longer needed for the processing purposes. See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | User agent, usage data, device information, IP address, error data |
| Change of purpose, if applicable | none |
| Order processing agreement (AVV) or data processing addendum (DPA) | https://sentry.io/legal/dpa/3.0.0/ |
| Purpose of the processing | Simplified management of analysis tools through centralized control and management of the collected analysis mechanisms |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject themselves. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | which pages and functions are accessed or clicked on during the website visit (click behavior), IP address assigned by the Internet service provider (ISP) in anonymized form, previously visited website (referrer), subpages visited, time spent on the website, frequency of visit, date, access location, time of visit |
| Opt-Out | See also under Cookies |
| Data protection officer of the provider | https://support.google.com/policies/contact/general_privacy_form |
| Privacy policy of the provider | https://policies.google.com/privacy?hl=en |
| Purpose of the processing | Uniform representation of the fonts |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | Unknown duration See General time limits for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, access time, access date |
| Change of purpose, if applicable | none |
| Opt-Out | Use a browser that does not support Google Fonts See also under Cookies |
| Data protection information of the addin | https://www.google.com/policies/privacy/ |
| Purpose of the processing | Creation of usage profiles to optimize the cost-benefit factor on the website |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject themselves. |
| If applicable, categories of personal data (if not collected directly from the data subject) | Which pages and functions are accessed or clicked on during the website visit (click behaviour), IP address assigned by the Internet service provider (ISP) in anonymized form, previously visited website (referrer), subpages visited, time spent on the website, frequency of visit, date, access location, time of visit, user agent. |
| Change of purpose, if applicable | none |
| Opt-Out | Installation of the browser plugin: https://tools.google.com/dlpage/gaoptout, see also under Cookies |
| Data protection officer of the provider | https://support.google.com/policies/contact/general_privacy_form |
| Privacy policy of the provider | https://policies.google.com/privacy?hl=en |
| Purpose of the processing | Provision of maps. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Google Ireland Limited, Google LLC, Alphabet Inc, United States of America |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, date and time of visit, location information, URL, usage data, search terms, geographic location, user agent |
| Change of purpose, if applicable | none |
| Data protection officer of the provider | https://support.google.com/policies/contact/general_privacy_form |
| Privacy policy of the provider | http://www.google.com/intl/de/policies/privacy/ |
| Purpose of the processing | Cloud computing |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use of AWS is in the interest of an appealing presentation of the online offer, otherwise consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Amazon Web Services EMEA SARL 38 Avenue John F. Kennedy, L-1855, Luxembourg. We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Amazon.com, Inc. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Applications accessed, authentication and security information, browser plugins, browser type, browser version, click path, content interaction information, cookie ID, cookie information, device information, device type, download errors, content downloaded from AWS, duration and number of concurrent streams and downloads, email address, full URL clickstream to, through and from the AWS website (including date and time), geographic location, interactions or communications with AWS, internet service provider, IP address, mouse movements, type of network connection, usage data, time zone |
| Change of purpose, if applicable | none |
| Purpose of the processing | Advertising, management of customer ratings, optimization |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Provenexpert; Operator: Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | Without the data, the described processing cannot take place. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also come from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | E-mail address, IP address, pages visited, referrer URL, customer rating |
| Change of purpose, if applicable | none |
| Purpose of the processing | Zoho CRM is a Customer Relationship Management (CRM) tool that allows you to manage customer relationships efficiently. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address; the surname, first name, company of the customer; if applicable, the surname and first name of the contact person if the customer is a partnership or corporation; address data; telephone number; e-mail address; other information such as helpdesk ticket, subscribed newsletters, stored customer files from or for the customer (e.g. requests to the system from the customer), notes. |
| Change of purpose, if applicable | none |
| Purpose of the processing | Zoho PageSense provides key website metrics, improves understanding of website visitors\' online behavior and offers ways to deliver personalized websites. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address (shortened) |
| Change of purpose, if applicable | none |
| Purpose of the processing | Tool for increasing sales and marketing activities by identifying visitors to the website and supporting the website operator in communicating with website visitors. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address (shortened) |
| Change of purpose, if applicable | none |
| Purpose of the processing | Tool to simplify marketing processes. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address |
| Change of purpose, if applicable | none |
| Purpose of the processing | Zoho Real User Monitoring is a method for measuring the end-user experience in application performance management. It provides insight into the user experience of a website or app by passively collecting and analyzing timing, error and dimensional information from end users in real time. Zoho Real User Monitoring helps the website operator understand how the website code affects page performance, user experience and other performance aspects. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address |
| Change of purpose, if applicable | none |
| Purpose of the processing | Google AdSense is an advertising network from the technology company Google. We use it to make advertising space available on our website. An algorithm shows our website visitors suitable advertising on our website. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Google LLC, Google Ireland Limited, Alphabet Inc. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | Data is deleted as soon as it is no longer required for the processing purposes. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, mouse movements, clicks, impression, information as to whether an advertisement has already appeared in your browser at an earlier time. |
| Change of purpose, if applicable | none |
| Purpose of the processing | This is a service for conversion tracking and retargeting. |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use is in the interest of the widest possible visibility in social media, otherwise consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | LinkedIn Ireland Unlimited Company; Wilton Place, Dublin 2, Ireland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Device information, IP address, referrer URL, timestamp, browser information, user agent |
| Change of purpose, if applicable | none |
| Opt-Out | https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com |
| Data protection officer of the provider | https://www.linkedin.com/help/linkedin/ask/TSO-DPO |
| Privacy policy of the provider | https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com |
| Purpose of the processing | Placement of advertisements in search engines and networks |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone: +353 (0) 1 295 3826 |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Microsoft Corporation is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | A conversion cookie is stored on the visitor\'s PC, which remains valid for 30 days.See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject themselves. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | |
| Opt-Out | |
| Data protection information of the addin | https://privacy.microsoft.com/de-de/privacystatement |
| Purpose of the processing | Detection of code errors |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use of ClickCease is in the interest of preventing click fraud, otherwise consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | CHEQ AI Technologies Ltd, 23 Yehuda Halevi St. 6513601 Tel Aviv - Jaffa, Israel. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | Data is deleted as soon as it is no longer required for the purposes for which it was processed. See General time limits for data erasure |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, browser type/browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request |
| Change of purpose, if applicable | none |
| Data processing agreement (DPA) or data processing addendum (DPA) | https://sentry.io/legal/dpa/3.0.0/ |
| Purpose of the processing | Our website uses the visitor action pixel from Meta (formerly Facebook) to measure conversions. The behavior of website visitors can be tracked after they have been redirected to the provider\'s website by clicking on a Facebook ad. In this way, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and optimized for future advertising measures. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG). If personal data is collected on our website using this tool and forwarded to Facebook, we are jointly responsible for this data processing with Meta Platforms Ireland Ltd (Art. 26 GDPR). We expressly point out that this joint responsibility is limited exclusively to the collection of data and the transfer to Facebook. The further processing of personal data by Facebook is the responsibility of Facebook. You can find the wording of the agreement on joint processing here: https://www.facebook.com/legal/controller_addendum. |
| Recipient, if applicable (in case of forwarding) | Meta Platforms Ireland Limited, Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Meta Platforms is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | If applicable, Facebook account information, device information, interactions with the embed, IP address, referrer URL, user agent |
| Change of purpose, if applicable | none |
| Data protection officer of the provider | https://www.facebook.com/help/contact/540977946302970 |
| Privacy policy of the provider | https://www.facebook.com/privacy/explanation/ |
| Purpose of the processing | We use the WhatsApp Business instant messaging service to communicate with our customers and other third parties. |
| Legal basis | Our legitimate interest (Art. 6 para. 1 lit. f GDPR) in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners. |
| Recipient, if applicable (in case of forwarding) | WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. WhatsApp is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | We store the communication content exchanged with us on WhatsApp Business until our respective communication partners ask us to delete it, revoke their consent to storage or the purpose for data storage no longer applies (e.g. after processing an inquiry). Mandatory statutory provisions - in particular retention periods - remain unaffected. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Communication takes place via end-to-end encryption (also known as peer-to-peer encryption). This prevents WhatsApp or other third parties from gaining access to the communication content. However, the service provider receives access to metadata that is created in the course of the communication process (e.g. sender, recipient of the message and time the message was sent). |
| Change of purpose, if applicable | none |
| Privacy policy of the provider |
| Purpose of the processing | Offer service (chat/video service), offer support, answer inquiries, service optimization |
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR), if we contact potential or existing contractual partners via the video service or offer certain services. Our legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use of the video service serves to simplify and speed up the process of contacting us or our company. Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG), if this has been requested. |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation Pvt. Ltd, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision of the data is mandatory on the basis of the underlying contract. |
| Consequences of non-compliance (failure to provide the required data) | The provision of the data is mandatory on the basis of the underlying contract. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Last name, first name, date of birth, telephone number, e-mail address, language preference, user ID, password, profile picture, session schedule, configuration data, session metadata, function usage data, performance data, service logs, billing information, location, IP address, browser type, referrer URL, operating system, date/time stamp |
| Change of purpose, if applicable | none |
| Purpose of the processing | Offer service (video service), offer support, answer inquiries, service optimization |
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR), if we contact potential or existing contractual partners via the video service or offer certain services. Our legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use of the video service serves to simplify and speed up the process of contacting us or our company. Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG), if this has been requested. |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation Pvt. Ltd, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision of the data is mandatory on the basis of the underlying contract. |
| Consequences of non-compliance (failure to provide the required data) | The provision of the data is mandatory on the basis of the underlying contract. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Last name, first name, e-mail address, IP address, session schedule, configuration data, session metadata, function usage data, performance data, browser type, referrer URL, operating system, date/time stamp |
| Change of purpose, if applicable | none |
| Purpose of the processing | We use online video conferencing tools, among other things, to communicate with our prospective or existing customers. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone: +353 (0) 1 295 3826 |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Microsoft Corporation is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | A conversion cookie is stored on the visitor\'s PC, which remains valid for 30 days.See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| Existence of automated decision-making, if applicable | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject themselves. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection |
| Data protection information of the addin | https://privacy.microsoft.com/de-de/privacystatement |
| Purpose of the processing | Making it easier for the website visitor to contact you by requesting a callback or leaving a voice message |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | CallPage sp. z o.o., Warsaw (00-511), ul. Nowogrodzka 31, Poland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | Without the data, it may not be possible to contact you. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, user agent, timestamp, telephone number if applicable, e-mail address if applicable,Message, desired time of callback if applicable |
| Change of purpose, if applicable | none |
| Data protection information of the addin | https://www.callpage.io/privacy-policy |
| Data protection officer of the add-in | Kinga Tesko; gdpr@callpage.io |
| Purpose of the processing | On our website, you have the option of making appointments with us using the Zoho Bookings tool. To book an appointment, enter the data requested by us and your preferred date in the form provided. We use the data you enter to plan, carry out and, if necessary, follow up the appointment. The appointment data is stored for us on the Zoho servers. |
| Legal basis | Our legitimate interest (Art. 6 para. 1 lit. a GDPR) and, where requested, your consent (Art. 6 para. 1 lit. a GDPR) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| Existence of automated decision-making, if applicable | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also come from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, surname, first name, e-mail address, appointment request, if applicable, indication of a reason/subject of conversation etc. or another comment |
| Change of purpose, if applicable | none |
| Purpose of the processing | Auth0 is an Identity-as-a-Service (IDaaS) platform that supports authentication and authorization processes on this website and ensures compliance with security standards. Auth0 enables the integration of authentication methods such as social logins, single sign-on (SSO) and multi-factor authentication (MFA). |
| Legal basis | Our legitimate interest (Art. 6 para. 1 lit. f GDPR) and, where requested, your consent (Art. 6 para. 1 lit. a GDPR) |
| Recipient, if applicable (in case of forwarding) | Okta Inc., 100 First Street, 6th Floor, San Francisco, CA 94105, USA. We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, e-mail address, login data |
| Change of purpose, if applicable | none |
| Privacy policy of the provider | https://www.okta.com/privacy-policy/ |
| Purpose of the processing of general data |
| ||||||||
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR) | ||||||||
| Recipient, if applicable (in case of forwarding) | Parcel service provider, logistics service provider, payment service provider | ||||||||
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. | ||||||||
| If known: Duration of data storage | See General deadlines for data deletion | ||||||||
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data (in the mandatory fields) must be provided as part of the underlying contract. | ||||||||
| Consequences of non-compliance (failure to provide the required data) | It is not possible to create a customer account in this case. | ||||||||
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. | ||||||||
| If applicable, origin of the data (if not collected directly from the data subject) | The data originates from the person concerned. | ||||||||
| Where applicable, categories of personal data (if not collected directly from the data subject) | The data originates from the person concerned. | ||||||||
| Change of purpose, if applicable | none |
| Purpose of the processing | Processing the payment of purchases made on this website |
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR) |
| Recipient, if applicable (in case of forwarding) | 1) PayPal PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") 2) Stripe Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe") 3) GoCardless GoCardless SAS, 7 rue de Madrid, 75008. Paris, France (hereinafter "GoCardless") |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | to 1) PayPal The data transfer to third countries outside the European Union, e.g. the USA, is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal\'s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. to 2) Stripe The data transfer to third countries outside the European Union, e.g. the USA, is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and here: https://stripe.com/de/guides/general-data-protection-regulation. Further details can be found in Stripe\'s privacy policy: https://stripe.com/de/privacy. to 3) GoCardless On June 28, 2021, the European Commission adopted the adequacy decisions for the transfer of personal data to the United Kingdom under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED). With the recognition of the adequate level of data protection, data transfers from the EEA to the United Kingdom, within the scope of the decisions, do not require any special authorization. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data (in the mandatory fields) must be provided as part of the underlying contract. |
| Consequences of non-compliance (failure to provide the required data) | It is not possible to create a customer account in this case. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data originates from the person concerned. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Name, payment amount, bank account details, credit card number |
| Change of purpose, if applicable | none |
| Purpose of the processing | Processing and, if necessary, answering the request of the form sender |
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR), if your request serves to clarify a contractual relationship. Our legitimate interest (Art. 6 para. 1 lit. f GDPR) for all other inquiries, as we are interested in a quick response to your inquiry. |
| Recipient, if applicable (in case of forwarding) | The data will not be passed on to third parties and/or to a third country. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | There is no obligation. |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data originates from the person concerned. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | In this context, we do not use automated decision-making. |
| Change of purpose, if applicable | none |
In accordance with legal requirements, you will find our telephone number and e-mail address on our website. If you select these contact options, we will automatically store data in order to process your inquiries or contact you. We will not pass this data on to third parties without your consent.
If you contact us by telephone or via our e-mail address for pre-contractual or contractual purposes, the processing of personal data by us is based on the legal basis of Art. 6 para. 1 b GDPR. For all other contact from you, the processing of personal data by us is based on our legitimate interest in accordance with Art. 6 para. f GDPR.
The following information explains how we process your data, which you have provided to us for the purpose of implementing the pre-contractual relationship or the contract with you, as part of the customer relationship, and what rights you have in connection with this data processing.
Purposes of processing and legal basis
Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed contractual service. The contractual documents (which may include offers, forms, declarations of consent and other information/documents provided to you) contain further details and additions to the processing purposes.
Consent (Art. 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data, the respective consent is the legal basis for the processing specified therein. You can revoke your consent at any time with effect for the future.
Fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
We process your personal data for the execution of our contracts with you, i.e. in particular within the framework of our consulting contract. In addition, your personal data is processed to carry out measures and activities in the context of pre-contractual relationships.
Fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)
We process your personal data if this is necessary to fulfil legal obligations (e.g. commercial and tax laws).
Furthermore, we may process your data for the fulfilment of tax control and reporting obligations, for the archiving of data for data protection and data security purposes and for audits by the tax office and other authorities. In addition, the disclosure of personal data may become necessary in the context of official or judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.
Legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)
We may also use your personal data on the basis of a balancing of interests to protect the legitimate interest of us or third parties. This is done, for example, for the purposes of advertising or market research if you have not objected to the use of your data, obtaining information and exchanging data with credit agencies if your order affects our risk-bearing capacity and the assertion of legal claims and defense in legal disputes.
We process basic data about our contractual partner and the contact persons and the existing business relationship with our contractual partner, which we refer to collectively as master data. This includes in particular all information that was provided to us when the business relationship was established or that we requested from our contractual partner or a contact person, such as personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data) and contact data (address, e-mail address, telephone number and comparable data) and those data that we have collected in connection with the establishment of the business relationship (such as in particular the details of the contract(s) concluded). of the contracts concluded).
We also process personal data that arises in the course of the business relationship, which may go beyond a mere change of master data and which we refer to as "historical data". This includes, in particular, information about the services you have accepted on the basis of the contracts concluded, information about the services we have provided on the basis of the contracts concluded, information that you or a contact person provide to us in the course of the business relationship - either actively or at our request - and personal data that we receive in any other way from you, a contact person or third parties in the course of our business relationship.
To the extent permitted by law, we also store personal data from third parties in addition to the master and historical data. This includes, for example, data on the economic situation of our contractual partners if this is necessary to assess economic risks - such as payment defaults.
We also process personal data from public sources (e.g. internet, media, press, commercial and association registers, population registers). If necessary for the provision of our services, we process personal data that we have lawfully obtained from third parties (e.g. address publishers, credit agencies).
We pass on your personal data within our company to those areas that require this data to fulfill contractual and legal obligations or to implement our legitimate interest.
In addition, processors employed by us (Art. 28 GDPR), service providers for supporting activities and other controllers within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centers, support/maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing/procurement, customer administration, letter stores, marketing, telephony, website management, tax consultancy, auditing services, credit institutions; public bodies and institutions in the event of a legal or official obligation under which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest; bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, credit agencies, credit agencies). to authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory authorities) and other bodies for which you have given us your consent to transfer your data.
Data processing outside the EU or the EEA does not take place.
Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are up to 10 years beyond the end of the business relationship or the pre-contractual legal relationship. Ultimately, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
We deal with you and your application request personally and do not use any automated decision-making processes and therefore no profiling in accordance with Article 22 GDPR.
The following information explains how we process your data, which you have provided to us for the purpose of implementing the pre-contractual relationship or the contract with you, as part of the business relationship, and what rights you have in connection with this data processing.
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed contractual service. Our contractual documents (and the offers, forms, declarations of consent and other information/documents exchanged) contain further details and additions to the processing purposes.
Consent (Art. 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data, the respective consent is the legal basis for the processing specified therein. You can revoke your consent at any time with effect for the future.
Fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
We process your personal data for the execution of contracts concluded with you. In addition, your personal data will be processed to carry out measures and activities in the context of pre-contractual relationships.
Fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)
We process your personal data if this is necessary to fulfil legal obligations (e.g. commercial and tax laws).
Furthermore, we may process your data for the fulfilment of control and reporting obligations under tax law, for the archiving of data for data protection and data security purposes and for audits by the tax office and other authorities. In addition, the disclosure of personal data may become necessary in the context of official or judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.
Legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)
We may also use your personal data on the basis of a balancing of interests to protect the legitimate interest of us or third parties. This is done, for example, for the purposes of asserting legal claims and defending ourselves in legal disputes, preventing and investigating criminal offenses; as well as managing and further developing our business activities, including risk management.
We process basic data about our contractual partner and the contact persons and the existing business relationship with our contractual partner, which we refer to collectively as "master data". This includes in particular all information that was provided to us when the business relationship was established or that we requested from you as the contractual partner or a contact person, such as personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data) and contact data (address, e-mail address, telephone number and comparable data) and those data that we collected from you in connection with the establishment of the business relationship (such as in particular the details of the contracts concluded).
We also process personal data that arises in the course of the business relationship, which may go beyond a mere change in master data and which we refer to as "historical data". This includes, in particular, information on the activities of our business partner that we can obtain ourselves or through third parties from publicly accessible sources; information on the activities of our business partner that you or third parties who work with you have provided to us, possibly via a contact person; information on the activities of our business partner that you have provided to us via a contact person. information about the services provided or accepted on the basis of contracts already concluded; information provided to us by our contractual partner or a contact person in the course of the business relationship - either actively or at our request; personal data that we receive in any other way from our contractual partner, a contact person or third parties in the course of our business relationship.
To the extent permitted by law, we also store personal data from third parties in addition to the master and historical data. This includes, for example, data on the economic situation of our contractual partners if this is necessary to assess economic risks - such as payment defaults.
We also process personal data from public sources (e.g. internet, media, press, commercial and association registers, population registers). If necessary for the maintenance of our business relationship, we process personal data that we have lawfully obtained from third parties (e.g. address publishers, credit agencies).
We pass on your personal data within our company to those areas that require this data to fulfill contractual and legal obligations or to implement our legitimate interest.
In addition, processors employed by us (Art. 28 GDPR), service providers for supporting activities and other controllers within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centers, support/maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing/procurement, customer administration, letter stores, marketing, telephony, website management, tax consultancy, auditing services, credit institutions; public bodies and institutions in the event of a legal or official obligation under which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest; bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, credit agencies, credit agencies). to authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory authorities) and other bodies for which you have given us your consent to transfer your data.
Data processing outside the EU or the EEA does not take place.
Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are up to 10 years beyond the end of the business relationship or the pre-contractual legal relationship. Ultimately, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
We deal with you and your inquiries personally and do not use any automated decision-making processes and therefore no profiling in accordance with Article 22 GDPR.
You disclose personal data with your application. This data protection information explains in detail how we process your data and what rights you are entitled to in connection with this data processing.
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations.
We process personal data about you for the purpose of your application for an employment relationship, insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for the processing of your personal data in the application process is primarily Art. 6 para. 1 lit. b GDPR.
Furthermore, we may process personal data about you insofar as this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 lit. f GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
If an employment relationship arises between you and us, we will continue to process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the representation of employees\' interests arising from a law or a collective agreement, a works or service agreement (collective agreement).
We process data in connection with your application. This may be general personal data (such as name, address and contact details), information about your professional qualifications and schooling or information about further professional training or other information that you provide to us in connection with your application. We may also process job-related information that you have made publicly available, such as a profile on professional social media networks.
Your personal data will not be passed on to third parties as part of the application process. If an employment contract is concluded, the transfer of data to third parties is unavoidable, e.g. to fulfill legal requirements (payment of wage tax, social security contributions, etc.). Separate data protection information will then be provided for employees.
Data processing outside the EU or the EEA does not take place.
Your personal application data will generally be deleted automatically six months after completion of the application process. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.
If we are unable to offer you a current vacancy but, based on your profile, we believe that your application may be of interest for future vacancies, we will store your personal application data for twelve months, provided you expressly consent to such storage and use.
We deal with you and your application request personally and do not use any automated decision-making processes and therefore no profiling in accordance with Article 22 GDPR.
The rights as described at the beginning of the data protection information apply.
We use the WEBSITE-SCAN of the GDPR service to ensure that data protection information in connection with the services on our website is always up to date. We also use this service to keep the other data protection information on our website up to date.
We have concluded an order processing contract with the GDPR service in accordance with Art. 28 GDPR. The service is operated by Consultatio Inh. Kerstin Hofmann, Am Andreasberg 15, 99326 Stadtilm.