Privacy policy - crossadvise

Privacy Policy of crossvertise GmbH

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within the scope of our services as well as within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Crossvertise GmbH
Königinstr. 59
80539 Munich
Germany
Email: info@crossvertise.com
Managing Directors: Thomas Masek, Maximilian Balbach

External Data Protection Officer of Crossvertise GmbH:
Attorney Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Cologne

Tel.: +49 221 222183-0
Email: mail@kinast.eu
Website: www.kinast.eu

Link to the imprint: https://crossadvise.com/impressum

Types of Data Processed

– Inventory data (e.g., personal master data, names, or addresses).
– Contact data (e.g., email, telephone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of Data Subjects

Visitors and users of the online offering (hereinafter, we refer to the data subjects collectively as “users”).

Purpose of Processing

– Provision of the online offering, its functions, and content.
– Responding to contact requests and communication with users.
– Security measures.
– Reach measurement/marketing.

Terminology Used

“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

“Pseudonymization” refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The “controller” is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The “processor” is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Relevant Legal Bases

In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. For users from the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the EEA, the following applies, unless the legal basis is specifically mentioned in the privacy policy:

The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR;

The legal basis for processing for the performance of our services and carrying out contractual measures as well as responding to inquiries is Art. 6(1)(b) GDPR;

The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR;

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.

The legal basis for the necessary processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.

The legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR.

Processing of data for purposes other than those for which they were collected shall be determined in accordance with the provisions of Art. 6(4) GDPR.

Processing of special categories of data (in accordance with Art. 9(1) GDPR) shall be determined in accordance with the provisions of Art. 9(2) GDPR.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the related access, input, transfer, securing availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, data deletion, and response to data threats. Additionally, we consider the protection of personal data in the development, or selection, of hardware, software, and procedures, according to the principle of data protection through technology design and through data protection-friendly default settings.

Collaboration with Processors, Joint Controllers, and Third Parties

If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers, or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we disclose, transmit, or otherwise grant access to data to other companies in our group, this is done for administrative purposes as a legitimate interest and beyond that, on a basis consistent with legal requirements.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to other persons or companies, it only happens if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to express consent or legally required transfer, we process or allow the data to be processed only in third countries with a recognized level of data protection, which includes the U.S. processors certified under the “Privacy Shield” or based on specific guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission Information Page).

Rights of Data Subjects

You have the right to request confirmation of whether relevant data is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.

In accordance with the legal requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

Under the provisions of the law, you have the right to request that relevant data be deleted without delay, or alternatively, to request a restriction on the processing of the data under the provisions of the law.

You have the right to receive the data concerning you that you have provided to us in accordance with the legal requirements and to request its transmission to other controllers.

You also have the right, under the legal provisions, to lodge a complaint with a supervisory authority.

Right to Withdraw Consent

You have the right to revoke granted consents with effect for the future.

Right to Object

You may object to the future processing of data concerning you at any time in accordance with the legal requirements. The objection may particularly be directed against processing for direct marketing purposes. To express an objection to data processing, please notify us via email at datenschutz@crossvertise.com.

Cookies and Right to Object to Direct Advertising

“Cookies” are small files that are stored on users’ devices. Various data can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. In such a cookie, for example, the contents of a shopping cart in an online store or a login status can be stored. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, the login status can be stored if users revisit the site after several days. Likewise, user interests can be stored in such a cookie, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the responsible party operating the online offering (otherwise, if it is only their cookies, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and clarify this within our privacy policy.

If we ask users for consent to the use of cookies (e.g., as part of a cookie consent), the legal basis for this processing is Art. 6(1)(a) GDPR. Otherwise, the personal cookies of users are processed on the basis of our legitimate interests in accordance with the following explanations in this privacy policy (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR).

If users do not want cookies to be stored on their device, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offering.

A general objection to the use of cookies used for online marketing and tracking purposes can be declared via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

Deletion of Data

The data we process will be deleted or restricted in processing in accordance with the legal requirements. Unless explicitly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose, and the deletion does not conflict with any statutory retention obligations.

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. In this case, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing we perform make this necessary. We will inform you as soon as the changes require your participation (e.g., consent) or other individual notification.

Business-related Processing

In addition, we process
– Contract data (e.g., subject of the contract, duration, customer category).
– Payment data (e.g., bank details, payment history)
from our customers, prospects, and business partners for the purpose of providing contractual services, customer service and care, marketing, advertising, and market research.

Customer Account and Order Processing on the Crossvertise Platform

We process the data of our customers within the scope of order processing on our booking platform to enable them to select and book the desired advertising media, products, and services, as well as to facilitate their payment and execution or delivery.

The data processed includes login data (username and password), inventory data, communication data, contract data, data on advertising campaigns and creatives, payment data, and the individuals affected by the processing include our customers, prospects, and other business partners. Processing is carried out for the purpose of fulfilling contractual services within the scope of operating a booking platform, billing, delivery, and customer service. We use session or permanent cookies for storing the login status, assigning a user account, shopping cart, and user preferences (e.g., language).

Processing is carried out to fulfill our services and carry out contractual measures (e.g., processing orders) and as far as it is legally required (e.g., legally required archiving of business transactions for commercial and tax purposes). The required information for the establishment and fulfillment of the contract is marked as such. We disclose the data to third parties only within the framework of service provision, payment, or legal permissions and obligations, as well as if this is done on the basis of our legitimate interests, which we inform you about in this privacy policy (e.g., to legal and tax advisors, financial institutions, shipping companies, and authorities).

Users must create a user account to place an order, where they can particularly view their orders. The required mandatory information is communicated to users during registration. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted regarding the user account unless their retention is necessary for the fulfillment of ongoing orders, for commercial or tax reasons. In the case of a deletion, the information in the customer account will be archived if there is a legal obligation to do so or legitimate interests exist (e.g., in the case of legal disputes). It is the user’s responsibility to save their data before the contract ends.

During registration and subsequent logins as well as when using our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests (protection against misuse and other unauthorized use). This data is not generally shared with third parties, except where necessary to pursue our legal claims as a legitimate interest, or where there is a legal obligation to do so.

The data is deleted after the expiry of statutory warranty and other contractual rights or obligations (e.g., payment claims or performance obligations from contracts with customers), whereby the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiration. IP addresses are stored for no longer than 7 days.

Agency Services

We process the data of our customers in the course of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.

We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text input, photographs, videos), contract data (e.g., contract subject, duration), payment data (e.g., bank details, payment history), usage, and metadata (e.g., in the context of evaluating and measuring the success of marketing measures). Special categories of personal data are processed only if they are part of a commissioned processing. The data subjects include our customers, prospects, as well as their customers, users, website visitors, or employees, and third parties. The purpose of the processing is the provision of contractual services, billing, and our customer service. The legal basis for the processing arises from our legitimate interest, Art. 6 para. 1 lit. f GDPR (economic operation, analysis, statistics, optimization, security measures). We process data necessary for the establishment and fulfillment of the contractual services and point out the necessity of their provision. Disclosure to external parties occurs only if it is necessary within the scope of an order. When processing the data provided to us as part of an order, we act in accordance with the instructions of the clients and the legal requirements of order processing in accordance with Art. 28 GDPR and process the data for no other purposes than those specified in the order.

We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiration (6 years, in accordance with § 257 para. 1 of the German Commercial Code (HGB), 10 years, in accordance with § 147 para. 1 of the German Fiscal Code (AO)). In the case of data disclosed to us as part of an order by the client, we delete the data according to the instructions in the order.

Agency Services

We process the data of our customers as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.

In this context, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text inputs, photographs, videos), contract data (e.g., contract subject, duration), payment data (e.g., bank details, payment history), usage and metadata (e.g., in the context of evaluating and measuring the success of marketing measures). We generally do not process special categories of personal data unless these are part of a commissioned processing. The data subjects include our customers, prospects as well as their customers, users, website visitors, or employees, and third parties. The purpose of processing is the provision of contractual services, billing, and our customer service. The legal basis for processing arises from our legitimate interest, Art. 6 para. 1 lit. f GDPR (economic operation, analysis, statistics, optimization, security measures). We process data necessary for the establishment and fulfillment of contractual services and point out the necessity of their provision. Disclosure to external parties occurs only if it is necessary within the scope of an order. When processing the data provided to us as part of an order, we act in accordance with the instructions of the clients and the legal requirements of order processing under Art. 28 GDPR and do not process the data for any other purposes than those specified in the order.

External Payment Service Providers

We use external payment service providers, through whose platforms users and we can carry out payment transactions. These payment service providers may include the following, each with a link to their privacy policy:

Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full),

Klarna (https://www.klarna.com/de/datenschutz/),

Paymill (https://www.paymill.com/de/datenschutz/),

Visa (https://www.visa.de/datenschutz),

Mastercard (https://www.mastercard.de/de-de/datenschutz.html),

American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html).

We use external payment service providers based on our legitimate interests under Art. 6 para. 1 lit. f GDPR to offer our users effective and secure payment options.

The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, total, and recipient-related information. The information is required to complete the transactions. The entered data is processed only by the payment service providers and stored with them. This means we do not receive any account or credit card-related information but only information confirming or denying the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit reporting agencies. This transmission aims to check identity and creditworthiness. For this, we refer to the terms and conditions and privacy policies of the payment service providers.

For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers apply, which are available on the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information, and other data subject rights.

Administration, Financial Accounting, Office Organization, Contact Management

We process data in the context of administrative tasks as well as the organization of our business, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The legal bases for processing are Art. 6 para. 1 lit. c GDPR, Art. 6 para. 1 lit. f GDPR. The data subjects include customers, prospects, business partners, and website visitors. The purpose and our interest in processing lie in administration, financial accounting, office organization, and archiving of data, tasks that serve to maintain our business activities, perform our duties, and provide our services. The deletion of data concerning contractual services and communication corresponds to the details provided in these processing activities.

We disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, we store information about suppliers, event organizers, and other business partners based on our business interests, e.g., for later contact. These predominantly company-related data are stored permanently.

Business Analyses and Market Research

To run our business economically, recognize market trends, and understand the wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata based on Art. 6 para. 1 lit. f GDPR, whereby the data subjects include contractual partners, prospects, customers, visitors, and users of our online offering.

The analyses are conducted for the purpose of business evaluations, marketing, and market research. In doing so, we may take into account the profiles of registered users with details, e.g., on their use of services. The analyses serve to increase user-friendliness, optimize our offerings, and ensure business efficiency. The analyses are solely for our use and are not disclosed externally unless they are anonymous analyses with aggregated values.

If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the users, otherwise, two years after the conclusion of the contract. In all other respects, the overall business analyses and general trend determinations are prepared anonymously wherever possible.

Microsoft Cloud Services

We use the cloud and cloud software services provided by Microsoft (so-called Software as a Service, e.g., Microsoft Office) for the following purposes: document storage and management, calendar management, email sending, spreadsheets and presentations, exchange of documents, content, and information with specific recipients, or publication of websites, forms, or other content and information, as well as chats and participation in audio and video conferences.

In this context, the personal data of users are processed insofar as these are part of the documents and content processed within the described services or are part of communication processes. This may include, for example, master data and contact data of users, data on transactions, contracts, other processes, and their content. Microsoft also processes usage data and metadata, which are used by Microsoft for security purposes and service optimization.

When using publicly accessible documents, websites, or other content, Microsoft may store cookies on the users’ computers for purposes of web analysis or to remember user settings.

We use Microsoft Cloud Services based on our legitimate interests under Art. 6 para. 1 lit. f GDPR in efficient and secure administrative and collaboration processes. Furthermore, processing is carried out based on EU Standard Contractual Clauses with Microsoft.

Further information can be found in Microsoft’s privacy policy (https://privacy.microsoft.com/en-us/privacystatement) and the security information regarding Microsoft Cloud Services (https://www.microsoft.com/en-us/trustcenter). You may object to the processing of your data in the Microsoft Cloud in accordance with legal requirements. Otherwise, the deletion of data within Microsoft Cloud Services is determined by the remaining processing processes in which the data is processed (e.g., deletion of data no longer required for contractual purposes or storage required for tax purposes).

Microsoft Cloud Services are offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. If data is processed in the USA, we refer to Microsoft’s certification under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

Privacy Notices in the Application Process

We process applicant data only for the purpose and within the scope of the application process in accordance with legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations within the application process in the sense of Art. 6 para. 1 lit. b GDPR. Art. 6 para. 1 lit. c GDPR applies if the processing of data is necessary for us, for example, in the context of legal procedures (in Germany, § 26 BDSG also applies).

The application process requires that applicants provide us with their applicant data. The necessary applicant data are marked if we offer an online form; otherwise, they result from the job descriptions and generally include details about the person, postal and contact addresses, and the documents belonging to the application, such as cover letters, CVs, and certificates. In addition, applicants may voluntarily provide us with additional information.

If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily disclosed in the context of the application process, their processing will be additionally carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g., health data, such as disability status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application process, their processing will also be based on Art. 9 para. 2 lit. a GDPR (e.g., health data if required for professional practice).

If provided, applicants may submit their applications using an online form on our website. The data will be transmitted to us in encrypted form according to the state of the art.

Applicants may also send us their applications via email. However, we must point out that we cannot guarantee encrypted transmission of emails. Our mail servers offer transport encryption, but whether an encrypted transmission is established depends on the mail servers and providers used. We cannot, therefore, take responsibility for the transmission path of the application between the sender and the reception on our server and recommend using the online form or postal mail.

The data provided by applicants may be further processed by us for employment purposes if the application is successful. Otherwise, if the application for a job offer is unsuccessful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

The deletion will take place, subject to a justified revocation by the applicant, after a maximum of six months so that we can answer any follow-up questions about the application and meet our obligations under the Equal Treatment Act. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.

Talent Pool

As part of the application process, we offer applicants the opportunity to be included in our “Talent Pool” for a period of three years based on consent in the sense of Art. 6 para. 1 lit. a and Art. 7 GDPR.

The application documents in the Talent Pool will be processed solely in the context of future job advertisements and employee searches and will be destroyed at the latest after the period has expired. Applicants are informed that their consent to inclusion in the Talent Pool is voluntary, has no influence on the current application process, and that they can revoke this consent at any time for the future and object in the sense of Art. 21 GDPR.

Contacting Us

When contacting us (e.g., via contact form, email, telephone, or social media), the user’s information will be processed to handle the contact request and its processing in accordance with Art. 6 para. 1 lit. b (within the framework of contractual/pre-contractual relationships), Art. 6 para. 1 lit. f (other requests) GDPR. The user’s information may be stored in a Customer Relationship Management System (“CRM System”) or a similar inquiry organization.

We delete inquiries when they are no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

CRM System

We use a CRM system to process inquiries and orders from users faster and more efficiently (legitimate interest according to Art. 6 para. 1 lit. f GDPR). Within the CRM system, we collect information about communication with a user through different channels (emails, phone calls, messages on the Crossvertise platform, appointments, newsletters, letters, etc.). We also use data from prospects, platform users, and customers for direct marketing purposes.

Users can object to being contacted for direct marketing purposes at any time.

We delete data in the CRM system when the user deletes their customer account on the booking platform and when it is no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

We send email newsletters and other electronic notifications with promotional information (hereinafter “Newsletter”) only with the consent of the recipients or a legal permission. If the content of a newsletter is specifically described during registration, it is decisive for the users’ consent. Otherwise, our newsletters contain information about our services and about us.

When you register directly for our newsletter, registration takes place in a so-called double opt-in procedure. This means you will receive an email after registering in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s email addresses. If you register a user account on the booking platform, you will also be signed up for our newsletter as part of the permitted direct marketing and will initially receive some emails with background information and explanations on using our booking platform. Newsletter registrations are logged to be able to prove the registration according to legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your stored data with the shipping service provider are also logged.

Registration data: To register for the newsletter, it is sufficient if you provide your email address. We also ask you to optionally provide a name for personal contact in the newsletter.

The sending of the newsletter and the success measurement associated with it are based on the recipients’ consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or if consent is not required, based on our legitimate interests in direct marketing in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.

The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest is in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users and also allows us to provide proof of consent.

Cancellation/Revocation – You can cancel the receipt of our newsletter at any time, i.e., revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. We may save the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove a previously given consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the existence of a consent is confirmed at the same time.

Newsletter – Mailchimp

The newsletter is sent via the shipping service provider “MailChimp,” a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is used based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR and a data processing agreement in accordance with Art. 28 para. 3 sentence 1 GDPR.

The shipping service provider may use the data of the recipients in a pseudonymous form, i.e., without assignment to a user, to optimize or improve their own services, e.g., for technical optimization of the shipping and the presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties.

Hosting and Email Sending

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space, and database services, email dispatch, security services, and technical maintenance services we use for the purpose of operating this online offering.

In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta, and communication data from customers, interested parties, and visitors to this online offering based on our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).

Collection of Access Data and Logfiles

We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Logfile information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data that must be kept further for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

Azure Application Insights – Server Monitoring and Error Tracking

We use the monitoring and error tracking service Application Insights to oversee the operation of our online offering, ensure performance, identify and correct errors and issues. Application Insights is part of the Microsoft Azure Cloud Platform and is operated by Microsoft.

Data processing takes place in a data center within the European Union. Additionally, a data protection agreement has been concluded with Microsoft based on the EU Commission’s standard contractual clauses.

Application Insights processes aggregated performance data, such as performance, load, and similar technical values, which provide information about the stability and potential anomalies of our online offering. In the event of errors and anomalies, individual user requests are pseudonymously recorded to identify and fix problem sources. Pseudonymous means, in this case, that the users’ IP addresses are completely masked (replaced with 0.0.0.0). The aggregated data is deleted after 90 days, and pseudonymized raw data is also deleted after 90 days.

We use Application Insights based on our legitimate interests in the security, error-free nature, and optimization of our online offering per Art. 6 para. 1 lit. f DSGVO.

Further information on the processing of personal data with Application Insights can be found here:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-security

Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags through an interface (and thus integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of users. Regarding the processing of users’ personal data, please refer to the following information on Google services. Usage policy: https://www.google.com/intl/de/tagmanager/use-policy.html

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offering by users is generally transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide us with other services related to the use of this online offering and the Internet. Pseudonymous user profiles of users can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened before being transmitted to a Google server, making it impossible to identify the user.

We use Google Analytics as “Universal Analytics” with a user ID if you are registered with a user account and have consented to the analysis. “User-ID” is a Google Analytics procedure in which user analysis is carried out based on a pseudonymous user ID, thus creating a pseudonymous profile of the user with information from the use of different devices (so-called “Cross-Device Tracking”).

The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offering by Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:
http://tools.google.com/dlpage/gaoptout?hl=en.

If we ask users for their consent (e.g., in the context of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a DSGVO. Otherwise, the personal data of users is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f DSGVO).

Where data is processed in the USA, we point out that Google is certified under the Privacy Shield Agreement and thus guarantees to comply with European data protection law
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Further information on data usage by Google, settings, and opt-out options can be found in Google’s privacy policy
(https://policies.google.com/privacy) and in the settings for the display of advertisements by Google
(https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymized after 26 months.

**Target Audience Creation with Google Analytics:**

We use Google Analytics to display the ads placed within Google’s advertising services and its partners only to those users who have also shown interest in our online offering or who exhibit certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Google (so-called “Remarketing” or “Google Analytics Audiences”). With the help of the Remarketing Audiences, we also want to ensure that our ads correspond to the potential interests of the users.

If we ask users for their consent (e.g., in the context of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a DSGVO. Otherwise, the personal data of users will be processed based on our legitimate interests in direct marketing (Art. 6 para. 1 lit. f DSGVO).

Analysis and Optimization Service Hotjar

We use Hotjar, an analysis software provided by Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta (“Hotjar”). With the information obtained through Hotjar, we can analyze and improve the use of our online offering.

Data of the users of our online offering is stored and evaluated solely for this purpose. We use Hotjar to analyze our online offering, not individual users. Therefore, user data is pseudonymized and processed within the European Union based on the data processing agreement provided by Hotjar. User inputs, such as in forms or keystrokes, are not processed, meaning they are neither stored by Hotjar nor transmitted to Hotjar (unless these inputs are visibly intended for evaluation purposes, such as in feedback forms).

For the purposes mentioned above, Hotjar stores cookies with a pseudonymous identification number on users’ devices and evaluates them. The cookies used by Hotjar have different “lifespans”; some remain valid for up to 365 days, while others are only valid during the current visit.

The processed user data includes:

– **Device and metadata:** IP address of the device (collected and stored in anonymized format), screen/display resolution, device type (unique device identifiers), operating system, and browser type, referring URL and domain;

– **Geographical location:** (country only);

– **Usage data and log data:** Date and time of access to the online offering, preferred language, user interactions such as mouse events (movements, position, and clicks), keystrokes, visited websites, and interactions with their content and features;

– **Content data:** Inputs in surveys and feedback forms.

If we ask users for their consent (e.g., within the framework of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a DSGVO. Otherwise, the personal data of the users is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f DSGVO).

Users can prevent the collection of data by Hotjar by using the Do-Not-Track settings of their browser or by clicking on the following link and following the instructions provided there:
https://www.hotjar.com/legal/compliance/opt-out.

Hotjar’s Privacy Policy: https://www.hotjar.com/legal/policies/privacy.
Cookie Policy: https://www.hotjar.com/legal/policies/cookie-information.

Facebook Pixel, Custom Audiences, and Facebook Conversion

Within our online offering, we use the so-called “Facebook Pixel” from the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

With the help of the Facebook Pixel, Facebook can identify the visitors of our online offering as a target group for displaying ads (so-called “Facebook Ads”). We use the Facebook Pixel to display Facebook Ads only to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined by the websites they visit) that we transmit to Facebook (so-called “Custom Audiences”). We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of users and do not appear intrusive. Additionally, the Facebook Pixel allows us to track the effectiveness of Facebook ads for statistical and market research purposes by showing us whether users were redirected to our website after clicking on a Facebook ad (so-called “Conversion”).

The data processing by Facebook is carried out within the framework of Facebook’s data usage policy. General information on the display of Facebook Ads can be found in Facebook’s data usage policy: https://www.facebook.com/policy. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.

If we ask users for their consent (e.g., within the framework of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a DSGVO. Otherwise, the personal data of users is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f DSGVO).

Facebook is certified under the Privacy Shield agreement and thereby guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

You can object to the collection by the Facebook Pixel and the use of your data for displaying Facebook Ads. To adjust the types of ads displayed to you on Facebook, you can visit the page set up by Facebook and follow the instructions for settings on user-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.

You can also object to the use of cookies for reach measurement and advertising purposes through the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

LinkedIn Insight Tag for Analytics & LinkedIn Ads

With your consent, we use the conversion tracking technology and retargeting feature of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. This enables us to display personalized ads on LinkedIn to visitors of our website and generate anonymous reports on ad performance and website interactions. The LinkedIn Insight Tag is embedded on our site, establishing a connection to LinkedIn’s servers when you visit our website while logged into your LinkedIn account. As the website provider, we have no knowledge of the content of the transmitted data or how LinkedIn uses it. The data collected through the LinkedIn Insight Tag is encrypted. The cookie is stored in the LinkedIn member’s browser until it is deleted or expires (the expiration date is rolling, six months after the member’s browser last loaded the Insight Tag).

Data processing is based on your consent and therefore on the legal basis of Art. 6 para. 1 lit. a) DSGVO. You can object to the collection and use of your data for displaying LinkedIn Ads at any time or withdraw your consent (e.g., by adjusting your cookie settings on our site). LinkedIn members can block or delete LinkedIn Conversion Tracking or cookies under https://www.linkedin.com/psettings/advertising/ or deactivate demographic features. There is no separate opt-out option in LinkedIn settings for third-party impressions or click tracking for campaigns running on LinkedIn, as all underlying campaigns respect LinkedIn members’ settings. Non-members can also opt out of LinkedIn’s interest-based ads using the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For more information on data collection and usage, as well as options and rights to protect your privacy, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.

MaTelSo

We use the call tracking service MaTelSo GmbH, Heilbronner Str. 150, 70191 Stuttgart, Germany. With MaTelSo, we can use call tracking phone numbers on our website and in marketing materials to collect statistics on incoming calls to these numbers. Data such as the time, duration, frequency of calls, the caller’s phone number, and any inputs via the phone keypad are recorded, but conversation content is not recorded. Information about completed calls is also transmitted to Google Analytics in pseudonymized form (without the caller’s phone number) and stored as an event within a page visit. MaTelSo uses cookies to enable the recognition and association of a caller with a website visitor.

We use MaTelSo to improve our customer service and assess the success of marketing measures. Data processing is based on the processing contract we have concluded with MaTelSo.

If we ask users for their consent (e.g., within the framework of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a DSGVO. Otherwise, the personal data of users is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f DSGVO).

Integration of Third-Party Services and Content

Within our online offering, we use content or service offerings from third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f DSGVO) to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content perceive the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times, and other information regarding the use of our online offering, and may also be linked to such information from other sources.

We strive to integrate third-party content in such a way that as little data as possible is transmitted to the third-party provider, and the content is loaded only after an additional click, when possible. This leaves it up to the user to decide whether they want to load third-party content.

Vimeo

We may embed videos from the platform “Vimeo” provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy:
https://vimeo.com/privacy. We would like to point out that Vimeo may use Google Analytics and refer to the
Privacy Policy (https://policies.google.com/privacy) as well as opt-out options for Google Analytics
(http://tools.google.com/dlpage/gaoptout?hl=de) or Google settings for data usage for marketing purposes
(https://adssettings.google.com/).

YouTube

We embed videos from the platform “YouTube” provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy:
https://www.google.com/policies/privacy/, Opt-Out:
https://adssettings.google.com/authenticated.

Google ReCaptcha

We use the function to detect bots, e.g., in online forms (“ReCaptcha”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy Policy: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

Google Maps

We embed maps from the service “Google Maps” provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include IP addresses and location data of users, which are not collected without their consent (typically done within the settings of their mobile devices). The data may be processed in the USA.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out:
https://adssettings.google.com/authenticated.

Fonts from fonts.com

We use external fonts from the provider fonts.com, a brand of Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. DSGVO). Due to the licensing terms for the fonts from the provider, we are required to allow the provider to count page views on our website. An impression tracking is used for this, where the IP address of the users is transmitted to the provider but is not stored or further processed. The provider captures our customer number and project number and the URL of the page from which the access occurred.

Log files with access numbers are recorded for 30 days and then deleted.

The provider’s privacy policy regarding web font tracking can be found here:
https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/.

Use of Content Delivery Networks (CDN)

We use so-called Content Delivery Networks (CDN) based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. DSGVO). CDNs are used to provide frequently used data from particularly fast and nearby servers, thereby reducing the loading times of our website. When loading data from CDN servers, the IP addresses of users are transmitted to the CDN providers. These are not stored or further processed. No other personal data is collected.

We use the following CDNs:

AzureEdge.net: Provided by Microsoft as part of the Microsoft Azure Cloud Platform. Processing takes place on completed EU standard contractual clauses.
Code.jquery.com, provided by StackPath LLC, 2021 McKinney Ave. Suite 1100, Dallas, TX 75201. Processing is based on the Privacy Shield agreement.

Use of Consentmanager

When we request your consent for the use of cookies, we use the Consentmanager software. It allows you to give consent for certain types of cookies and third-party tools and also restricts the use of cookies. Your consent or rejection is documented in accordance with the requirements of Article 7.1 of the GDPR.

The following information is stored in our Consentmanager account:

The user’s IP address in anonymized form (the last three digits are set to “0”).
Date and time of consent.
User’s browser.
The URL from which the consent was sent.
An anonymous, random, and encrypted key value.
The user’s consent status, serving as proof of consent.

The key and consent status are also stored in the user’s browser, so that the website can automatically read and respect the user’s consent on all subsequent page requests and future user sessions for up to 2 years. You can view and change your consent level at any time by using the “Manage Cookie Settings” function at the top of this page.

The legal basis for this processing is the fulfillment of our legal obligations under data protection law (Art. 6 para. 1 lit. c GDPR).

Use of Live Chat Function (Zendesk Chat)

We use Zendesk Chat (formerly Zopim), a live chat software provided by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, on our website.

With Zendesk Chat, the user is shown whether one of our employees is online to provide an immediate response. To enable this, all visitors to our site are recorded with their IP address, country of origin, browser, operating system, device, and the currently visited page. For logged-in users, the username and email address are also transmitted to facilitate effective communication within the context of order processing.

Zendesk Chat uses cookies. The information generated by the cookie about your use of our website (including your IP address) is transmitted to a Zendesk Chat server in the USA and stored there. Page visits and chats are logged and stored. You can prevent the installation of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all the functions of the website to their full extent.

Further information on data processing by Zendesk can be found in Zendesk’s privacy policy at
http://www.zendesk.com/company/privacy and on the EU Data Protection page:
https://www.zendesk.de/company/customers-partners/eu-data-protection/.
Zendesk is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law
https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active.

The legal basis for the processing of your data is our legitimate interest in providing effective communication channels (Art. 6 para. 1 lit. f GDPR). The processing of personal data from the input form is solely for the purpose of handling the contact.

Use of SalesViewer® Technology

This website uses the SalesViewer® technology of SalesViewer® GmbH to collect and store data for marketing, market research, and optimization purposes based on the legitimate interests of the website operator (Art. 6 para.1 lit.f GDPR).

A javascript-based code is used to collect company-related data and its corresponding usage. The data collected with this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.

The data stored within SalesViewer is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations that prevent its deletion.

Data collection and storage can be objected to at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out, to prevent the collection of data by SalesViewer® within this website in the future. An opt-out cookie will be placed on your device for this website. If you delete your cookies in this browser, you will need to click this link again.