Privacy Policy
When using this website and other external online offers, such as our social media offer on LinkedIn or Xing, your personal data will be processed by us, as the person responsible for data processing. With this privacy policy we inform you, as the person concerned whose personal data we process (data subject), about the type, scope, purpose and duration of the processing of your personal data. You will receive information about which data is processed, what purposes we pursue, what legal obligations we have to fulfil and what rights you are entitled to.
In accordance with Art. 4 No. 1 of the EU Data Protection Regulation (DS-GVO), personal data is all information relating to an identified or identifiable natural person.
I. Name and address of the person responsible
The person responsible in terms of the Basic Data Protection Regulation (DS-GVO) and other international and national data protection regulations is
cloudworx GmbH
Rupert-Mayer-Straße 44, Building 64.07a
81379 Munich
Phone: +49 800 25 68 396
info@cloudworx.agency
Commercial register: HRB 238863 Register court: Munich
Represented by the managing director: Timo Müller
II. Name and address of the data protection officer
We are not obliged to appoint a data protection officer. If you have any questions regarding data protection, please contact us:
Timo Müller
Phone: +49 800 25 68 396
e-mail: privacy@cloudworx.agency
III. Rights of the data subject
If your personal data is processed by us, you are entitled to the following rights of data subjects according to DSGVO.
-
Right to information
You may request confirmation from the person responsible as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from the data controller about the following:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific details cannot be provided, criteria for determining the duration of storage;
- any available information on the origin of the data, if the personal data has not been collected from you as the data subject.
- the existence of automated decision making in individual cases including profiling in accordance with Art. 22 DSGVO and meaningful information on the underlying logic and its effects
In addition, you have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.
-
Right of correction
You have the right to ask the data controller for correction and/or completion if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.
-
Right to limit processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
- if you dispute the accuracy of the personal data concerning you, for a period of time which allows the controller to verify the accuracy of the personal data;
- if the processing is unlawful and you object to the deletion of the personal data and instead demand the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of the processing, but you need it for the purpose of asserting, exercising or defending legal claims; or
- if you have lodged an objection to the processing in accordance with Art. 21 Par. 1 DSGVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
-
Right to delete
a. Duty of cancellation
You may demand that the person responsible for the data concerning you be immediately deleted, and the person responsible is obliged to delete such data immediately if one of the following reasons applies:
- the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
- you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 Par. 1 DSGVO and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Par. 2 DSGVO.
- (The personal data concerning you have been processed unlawfully.
- The deletion of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you have been collected in relation to information society services offered, in accordance with art. 8 paragraph 1 of the DPA.
b. Information to third parties
If the data controller has made public the personal data concerning you and is obliged to delete them in accordance with Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
c. Exceptions
The right of cancellation does not exist insofar as the processing is necessary
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the field of public health pursuant to Article 9 paragraph 2 letters h and i and Article 9 paragraph 3 DPA;
- for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
-
Right to information
If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the data controller.
-
Right to transfer data
You have the right to have the personal data concerning you, which you have provided to the person in charge, provided in a structured, common and machine-readable format. You have the right to have this data communicated to another controller without hindrance by the controller to whom the personal data has been made available, provided that the processing is based on consent pursuant to Article 6 paragraph 1 letter a DPA or Article 9 paragraph 2 letter a, or on a contract pursuant to Article 6 paragraph 1 letter b, and that the processing is carried out using automated procedures.
When exercising this right to transfer data, you also have the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.
The rights and freedoms of other persons must not be affected by the right to data transferability.
The right of transferability shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
-
Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out pursuant to Art. 6, paragraph 1, letter e or f of the DPA. This also applies to profiling based on these provisions.
The data controller will then no longer process the personal data concerning you, unless he can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. In this case we will immediately stop processing. It is not necessary to indicate a special situation. If you wish to exercise your right of objection, simply send an e-mail to: privacy@cloudworx.agency.
-
Right to revoke the declaration of consent under data protection law.
You have the right to revoke your given consent to the processing of personal data at any time vis-à-vis the person responsible. As a result, we may no longer continue to process the data based on this consent in the future. Revocation of the consent does not affect the legality of the processing that took place on the basis of the consent until revocation.
-
Automated decision in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing - including profiling - that has legal effect on you or significantly affects you in a similar manner.
You do not have this right if the decision
a. is necessary for the conclusion or fulfillment of a contract between you and the person responsible,
b. is authorised by Union or national legislation to which the person responsible is subject and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
c. with your express consent.However, these decisions may not be based on special categories of personal data in accordance with Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
With regard to the cases mentioned under a and c, the person in charge shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, which shall include at least the right to obtain the intervention of a person on the part of the person in charge, to present his or her own point of view and to contest the decision.
-
Right to appeal to a supervisory authority
You have the right to complain to a supervisory authority, and without prejudice to any other administrative or judicial remedy, the right to complain, in particular in the Member State of your habitual residence, place of work or place of suspected infringement, if you consider that the processing of personal data concerning you is in breach of the DPA. The supervisory authority responsible for the data controller is:
Bavarian State Office for Data Protection Supervision
Promenade 27
91522 Ansbach
Phone: 0981 / 53 1300
E-Mail: poststelle@lda.bayern.de
IV. General information on the processing of personal data
-
scope of the processing of personal data
The responsible person processes personal data of persons concerned, as far as this is necessary for the provision of this website and other external online offers, as well as for the use of our contents and services. As a matter of principle, personal data is only processed with the consent of the person concerned. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted or required by law.
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data is Art. 6 Par. 1 S.1 letter a DSGVO, if the processing is based on the consent of the data subject.
The legal basis for the processing of personal data is Art. 6 Paragraph 1 S.1 lit. b DSGVO, if the processing is carried out for the performance of a contract to which one party is the data subject. The legal basis also applies to processing necessary for the performance of pre-contractual measures.
The legal basis for the processing of personal data is Art. 6 para. 1 S.1 lit. c DSGVO, if the processing is necessary for the fulfilment of a legal obligation.
The legal basis for the processing of personal data is Art. 6 Paragraph 1 S.1 lit. d DSGVO, if vital interests of the data subject or of another natural person make the processing necessary.
The legal basis for the processing of personal data is Art. 6 Paragraph 1 S.1 lit. f DSGVO if the processing is necessary to safeguard the legitimate interests of the controller or of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the interests of the controller.
-
Data Deletion and Storage Period
The personal data of the person concerned is deleted or blocked as soon as the purpose for which it was collected or otherwise processed ceases to apply. Processing may be continued if necessary in order to comply with a legal obligation to which the controller is subject under Union or national law or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, the processing may be continued if it is necessary for the purpose of pursuing, exercising or defending legal claims.
V. Provision of the website and creation of log files
-
Description and scope of the processing of personal data
Whenever this website is used, the server of the person responsible automatically collects data and information from the browser of the calling end device.
The following data is collected:
- Information about the browser type and the version used
- The operating system of the end device
- The Internet service provider of the end device
- The IP address of the terminal device
- date and time of access
- web pages from which the user's terminal device reaches our website
- websites that are called up by the user's system via our website
The data is stored in so-called log files of our system. This data is not stored together with other personal data of the user.
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. f DSGVO.
-
purpose of the processing of personal data
The temporary storage of the IP address of the requesting terminal device by the system is technically necessary in order to enable the establishment of a connection between the user's terminal device and the server of the responsible party and to ensure the delivery of the website to the terminal device. Furthermore, the person responsible processes the IP address for technical and administrative purposes when establishing the connection, in order to be able to guarantee the stability of the connection, to ensure the security and functionality of the online offers and to be able to follow up any illegal attacks.
The storage in log files is done to ensure the functionality of the website. The responsible person does not draw any direct conclusions about your identity from the processing of the IP address and the information in the log files. An evaluation of the data for marketing purposes does not take place in this context.
The legal basis for the processing of the IP address and the information of the log files is Art. 6 para. 1 p. 1 lit. f DSGVO. The legitimate interest of the person responsible is the secure and trouble-free provision of our website.
-
Data deletion and storage period
The personal data of the person concerned is deleted or blocked as soon as the purpose for which it was collected or otherwise processed ceases to apply. This is the case when processing the data for the provision of the website, when the respective session has ended. When processing the data in log files, this is the case after 30 days at the latest.
-
possibility of objection and removal
The processing of the IP address to provide the website and the processing of the data in log files is mandatory for the operation of the website. For this reason, the user has no possibility to object.
VI. Use of cookies and tracking pixels
-
Description and scope of the processing of personal data
On our website, we use so-called cookies and tracking pixels in order to statistically record the use of our website and to be able to evaluate it for optimization purposes.
a. Cookies
Cookies are small text files that your internet browser creates and stores on your end device (e.g. laptop, tablet... ) when you visit our website. A cookie contains a characteristic string of characters that allows the terminal device to be uniquely identified when you revisit our website. Cookies do not cause any damage to your end device, they do not contain viruses, Trojans or other malware. The use of cookies does not mean that we obtain immediate information about your identity.
b. Tracking Pixel
A tracking pixel, or counting pixel, is a small 1x1 pixel graphic (GIF file) that can be called up when you visit our website or open our newsletter. Tracking pixels do not cause any damage on your end device, they do not contain viruses, trojans or other malware.
Based on the loaded or unloaded pixel, it can be checked whether a user has visited the site or not. The pixels send your IP address, the referrer URL of the visited website or opened newsletter, the time the pixel was viewed, the browser used, as well as previously set cookie information to a web server. The data enables the person responsible to carry out statistical evaluations, the results of which are used to optimize the website and the offers. Most browsers accept pixels automatically. You can use appropriate tools or browser add-ons to prevent the use of pixels on the pages of the responsible person.
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. f DSGVO.
-
purpose of the processing of personal data
The purpose of the use of technically necessary cookies is to enable the use of our website in the first place or to make it more pleasant for you. So-called session cookies are used by the person responsible to recognize that you have already visited individual pages of the website. Some functions of the website cannot be used without the use of cookies. For these functions it is necessary that the Internet browser of the terminal device is recognized even after a page change.
Cookies, which are used to record the use of our website statistically and to evaluate it for the purpose of optimising our offer, make it possible to automatically recognise that you have already visited this website when you visit it again.
-
Data deletion and storage period
Session cookies are automatically deleted after leaving the website. Cookies, and tracking pixels that analyze the use of the website, are automatically deleted after the specified storage period.
-
Consistency and removal option
a. Cookies
Cookies are stored on the user's computer and transmitted by the user to the web server of the person responsible. Most Internet browsers automatically accept cookies. However, you can configure your Internet browser to deactivate or limit the transmission of cookies or to display a message before a new cookie is created. You can delete cookies that have already been stored at any time. The deletion can also be done automatically. Therefore you as a user also have full control over the use of cookies. If cookies are deactivated for this website, it is possible that not all functions of the website can be used to their full extent.
b. Tracking-Pixel
Most browsers automatically accept pixels. However, you can configure your Internet browser or use appropriate tools or browser add-ons to prevent the use of tracking pixels.
VII. Contact form and email contact
-
Description and scope of the processing of personal data
If you use a contact form on this website or send an e-mail to the person responsible, the data you provide will be automatically processed by the person responsible in order to be able to deal with your request. When using the contact form, the date, time and the time of sending the message will be saved in addition to the contents of the form. Before sending the message, your consent will be obtained and confirmation that you have understood and accepted the privacy policy. If you contact us by e-mail, your personal data will also be stored. The data will only be processed to be able to deal with your request. It will not be passed on to third parties.
-
Legal basis for the processing of personal data
Legal basis for the processing of personal data with your consent is Art. 6 para. 1 p. 1 lit. b DSGVO.
The legal basis for the processing of personal data when communicating by e-mail is Art. 6 Para. 1 S.1 lit. f DSGVO.If the processing of personal data serves the purpose of concluding a contract by e-mail or using a form, the legal basis is Art. 6 para. 1, sentence 1, lit. b DSGVO.
-
purpose of the processing of personal data
The purpose of processing the personal data collected via contact form or e-mail is to process the sender's request. The additionally collected personal data serves to prevent the misuse of forms and to ensure the information security of the systems of the responsible person. The legal basis for the processing of the information is Art. 6 para. 1 p. 1 lit. f DSGVO.
-
Data deletion and storage period
The personal data of the person concerned are deleted as soon as the purpose for which they were collected or otherwise processed ceases to apply. For the personal data from the contact form and/or those sent by e-mail, this is the case when the respective communication with the user has ended. The communication is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
-
possibility of objection and removal
The user can revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the communication cannot be continued.
All personal data stored in the course of contact will be deleted in this case.
VIII. Use of Salesforce CRM
-
Description and scope of the processing of personal data
The responsible person uses the customer relationship management system (CRM system) of the provider Salesforce (Salesforce). Salescorce.com is a service of the provider Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. The responsible person uses Salesforce to process inquiries from users of the website, as well as from customers and interested parties, faster and more efficiently. Salesforce uses these data only for the technical processing of the inquiries and does not pass them on to third parties. In order to use Salesforce, at least the specification of a correct e-mail address is required. A pseudonymous use is possible. In the course of processing service requests it may be necessary to collect additional data (name, address).
Information on data protection at Salesforce can be found in the Salesforce privacy policy: https://www.salesforce.com/de/company/privacy/.
For the transfer of personal data to the USA, Salesforce is certified according to the EU-U.S. Privacy Shield. More information about the Privacy Shield can be found at https://www.privacyshield.gov/. Salesforce certification can be viewed here: https://www.privacyshield.gov/list.
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data in connection with the use of the CRM system Salesforce is Art.6 par.1 p.1 lit.f DSGVO.
-
purpose of the processing of personal data
The purpose of using Salesforce is to quickly and efficiently maintain relationships with customers and prospects, and to respond to relevant inquiries.
-
Data deletion and storage period
We delete CRM data when it is no longer needed. We review the necessity every two years. In addition, the statutory archiving obligations apply.
-
Consistency and removal option
If you do not agree with the processing of your data in Salesforce's systems, we will offer you alternative ways to contact us. You can contact us by e-mail, phone, fax or mail.
IX. Use of "Campaign Monitor
-
Description and scope of the processing of personal data
The person responsible uses the e-mail marketing system of the provider Campaign Monitor (Campaign Monitor) for e-mail marketing. Campaign Monitor is a service provided by Campaign Monitor Pty Ltd, Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia. The responsible party uses Campaign Monitor to process inquiries from users of the website, as well as from customers and interested parties, more quickly and efficiently, and to send out newsletters. Campaign Monitor stores the e-mail addresses and other data entered during registration on servers in the USA, Australia and Germany. Campaign Monitor offers extensive analysis options on how e-mails are opened and read. These analyses are group-related and are not used by the processor for individual evaluation of the newsletter recipients. According to its own statements, Campaign Monitor may use this data in a pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. for technical optimization of mailing or for statistical purposes to determine from which countries the e-mail recipients come. However, Campaign Monitor does not use the data of our e-mail recipients to contact them itself or to pass it on to third parties.
Campaign Monitor has undertaken to comply with the provisions of the DSGVO. For information about Campaign Monitor's privacy policy, please refer to Campaign Monitor's Privacy Policy: http://www.campaignmonitor.com/privacy/.
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data in connection with the use of the Campaign Monitor e-mail marketing software is, for the sending of e-mails, the consent of the recipient in accordance with Art. 6 para. 1 sentence 1 letter a of the DPA.
Legal basis for the performance of the statistical evaluations and analyses, as well as the recording of the consent and registration is the legitimate interest of the person responsible according to Art. 6 para. 1 lit. f DSGVO.
-
purpose of processing personal data
The purpose of using Campaign Monitor is to provide user-friendly, economical and secure responses to customer and prospect inquiries, and to maintain relationships with customers and prospects quickly and efficiently by sending out newsletters.
-
Data deletion and storage period
We delete the data of recipients of e-mails if they are no longer required. We review the necessity every two years. In addition, the statutory archiving obligations apply.
-
Consistency and removal option
If you do not agree with the processing of your data in Campaign Monitor's systems, you can withdraw your consent at any time. We offer you alternative ways to contact us. You can contact us by e-mail, telephone, fax or mail.
X. Application by mail, application form and application by email contact
-
Description and scope of the processing of personal data
In the course of the application procedure, the responsible person processes the personal data of applicants (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The processing may be carried out by physical or electronic means. In particular, electronic processing is carried out when an applicant submits his or her application documents to the controller by electronic means, for example by e-mail or via an online application form.
If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of carrying out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded by the controller, if the applicant refuses a job offer, withdraws his application, revokes his consent or requests the controller to delete his data, the application documents shall be automatically deleted two months after the notification of the decision to discontinue the employment, unless deletion is contrary to any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).
-
purpose of the processing of personal data
The purpose of the processing is to decide on the establishment of an employment relationship. The legal basis for the processing of personal data is § 26 para. 1 BDSG under German law, Art. 6 para. 1 lit. b DSGVO. If the person responsible processes the data on the basis of a granted consent, the legal basis for this is § 26 para. 2 BDSG under German law, Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. In certain cases, the responsible person processes personal data on the basis of the legitimate interest. The legal basis for the processing of personal data is then Art. 6 para. 1 lit. b DSGVO.
-
Data deletion and storage period
If the data controller is unable to make a job offer, the applicant refuses a job offer, withdraws his application, revokes his consent or requests the data controller to delete his data, the application documents, including any physical application documents that may be available, will be deleted at the latest six months after the end of the application procedure, provided that deletion does not conflict with any other legitimate interests of the data controller. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).
-
possibility of objection and removal
The applicant can revoke his or her consent to the processing of personal data at any time. If the user contacts the person responsible by e-mail, he/she can object to the storage of his/her personal data at any time. In such a case, the application process cannot be continued.
XI. Use of our company profile at LinkedIn
-
Description and scope of the processing of personal data
The responsible person uses the platform of LinkedIn, Wilton Place, Dublin 2, Ireland, for the company presentation. On our company website we provide information and offer the users of LinkedIn the opportunity to communicate and interact with us. When you take an action on our LinkedIn corporate site, your personal information may be made public. For information about LinkedIn's processing of your personal information and LinkedIn's privacy policy, please refer to the LinkedIn Privacy Policy, which is available here: https://privacy.linkedin.com/de-de
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data in connection with the use of our company website on LinkedIn is Art.6 para.1 p.1 lit.f DSGVO.
-
purpose of the processing of personal data
The purpose of the LinkedIn corporate site is to inform LinkedIn users about products, services and services offered by the responsible party. Each user is free to publish personal data through activities.
-
Data deletion and storage period
The responsible person, stores the activities and personal data published via the LinkedIn until revocation. In addition, the responsible person complies with the statutory retention periods.
-
possibility of objection and removal
You may at any time object to the processing of your personal data that the person responsible collects in the course of using the LinkedIn corporate website and assert your rights as a data subject.
LinkedIn offers at https://www.linkedin.com/psettings/ the possibility to manage the settings for the processing of personal data by LinkedIn.
XII. Use of our company profile at Xing
-
Description and scope of the processing of personal data
The person responsible uses the platform of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany, for the company presentation. We provide information on our corporate website and offer Xing users the opportunity to communicate and interact with us. If you carry out an action on Xing on our company website, your personal data may be made public. Information on the processing of your personal data by Xing and on data protection at Xing can be found in the Xing privacy policy, which is available here: https://privacy.xing.com/de
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data in connection with the use of our company website on Xing is Art.6 para.1 p.1 lit.f DSGVO.
-
purpose of processing personal data
The purpose of the company's presence on Xing is to inform Xing users about products, services and services offered by the person responsible. Each user is free to publish personal data through activities.
-
Data deletion and storage period
The responsible person, stores the activities and personal data published via Xing until revocation. In addition, the responsible person complies with the statutory retention periods.
-
Objection and removal option
You can at any time object to the processing of your personal data recorded by the responsible person in the context of the use of the company website at Xing and assert your rights as a data subject.
Xing SE offers information on the processing of personal data by Xing SE at https://privacy.xing.com/de/datenschutzerklaerung.
XIII. Use of YouTube
-
General
The YouTube videos embedded on this website and this YouTube channel are the responsibility of cloudworx GmbH, Hohenlindener Str. 1, 81677 Munich, Germany.
-
Description and scope of the processing of personal data
The person responsible uses the YouTube platform, a service of the provider Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, for the reproduction of videos.
For embedding YouTube videos on our website we use the option of the so-called extended privacy mode provided by YouTube. When you start the embedded video, a connection to YouTube servers is established, which can be used to trigger further data processing operations. According to Google, YouTube videos can be embedded with the advanced privacy mode without the use of cookies to track usage behavior. This means that user behavior is not monitored in order to personalize video playback. Instead, video recommendations are based on the video currently playing. Videos played in an embedded player in enhanced privacy mode have no effect on which videos are recommended to a user on YouTube.
When calling up videos on our website or using our YouTube channel, YouTube as the responsible party processes personal data, e.g. by using cookies. Processing may also be carried out on users of our website or our YouTube channel if these users are not logged in or registered with YouTube. For information on data collection and further processing by YouTube, please refer to the YouTube privacy policy: https://policies.google.com/privacy?hl=de&gl=de
The transfer of personal data to the USA is certified by Google according to the EU-U.S. Privacy Shield. Further information about the Privacy Shield can be found here: https://www.privacyshield.gov/. You can view Google's certification here: https://www.privacyshield.gov/list.
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data in connection with the use of the web analysis service Google Analytics is Art.6 para.1 sentence 1 lit.f DSGVO.
-
purpose of the processing of personal data
The purpose of using videos on our website and on our YouTube channel is to inform the users of our website and the users of YouTube about products, services and services of the responsible person.
-
Data deletion and storage period
The cookies on our website have a maximum lifetime of 90 days. We have no information about the deletion and storage period of cookies on YouTube.
-
possibility of objection and removal
You can permanently opt-out of the use and storage of "conversion cookies", or similar technology used in place of cookies, and cross-device remarketing/targeting by deactivating the option for personalized advertising in your Google Account: https://adssettings.google.com/authenticated?hl=de.
Information about Google's privacy policy can be found in the Google Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de.
XIV. Use of Tools for Web Analysis and Advertising - Google Analytics
-
Description and scope of the processing of personal data
The person responsible uses on his website the web analysis service Google Analytics (with anonymization function), a service of the provider Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google Analytics uses so-called "cookies", text files which are stored on your computer and which enable an analysis of the use of the website by you. For the same purpose, pseudonymous user profiles can be created and evaluated from this data. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the responsible person, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the internet.
The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
For the transmission of personal data to the USA, Google is certified according to the EU-U.S. Privacy Shield. Further information about the Privacy Shield can be found here: https://www.privacyshield.gov/. The certification of Google can be viewed here: https://www.privacyshield.gov/list.
-
Legal basis for the processing of personal data
The legal basis for the processing of personal data in connection with the use of the web analysis service Google Analytics is Art.6 para.1 sentence 1 lit.f DSGVO.
-
purpose of the processing of personal data
The purpose of using Google Analytics is to analyse the use of the website of the person responsible and to be able to improve it regularly. The statistics obtained enable the responsible person to better address his target groups and make the website more interesting for the users.
-
Data deletion and storage period
The user data collected by the person responsible via cookies is automatically deleted after 26 months.
-
Objection and removal option
You can object to the collection or processing of your data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
Information on data protection at Google can be found in the Google Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de.
XV. Use of tools for web analysis and advertising - Google (re-)marketing services
-
Description and scope of the processing of personal data
The responsible person uses on his website the marketing and remarketing services (Google Marketing Services) of the provider Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
The Google marketing services allow the responsible person to display advertisements for his website in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called "remarketing". For these purposes, when the website of the person responsible and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address is not merged with personal data of the user within other offers of Google. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, the ads tailored to his interests can be displayed.User data is processed pseudonymously as part of Google's marketing services. For example, Google does not store and process the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.
The Google marketing services used by the responsible person also include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives an individual "conversion cookie". Cookies can therefore not be tracked through the websites of AdWords customers. The information collected by the cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.
Further information on the use of data for advertising purposes by Google can be found on this overview page: https://policies.google.com/technologies/ads.
For the transfer of personal data to the USA, Google is certified according to the EU-U.S. Privacy Shield and thus offers a guarantee of compliance with European data protection law. Further information about the Privacy Shield can be found here: https://www.privacyshield.gov/. You can view Google's certification here: https://www.privacyshield.gov/list.
-
Legal basis for the processing of personal data
The aggregation of the data collected in a user's Google Account is based solely on the consent that the user has given to Google and can be revoked at any time (Art. 6 para. 1 lit. a DSGVO). In the case of processing that is not merged in the user's Google Account (e.g. because the user does not have a Google Account or has objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f DSGVO. The legitimate interest arises from the fact that the person responsible has an interest in the anonymized analysis of website visitors for advertising purposes.
-
purpose of the processing of personal data
The purpose of the use of Google Analytics Remarketing is the legitimate interest of the person responsible in the analysis of user behavior in order to optimize his web offer and advertising. By means of the statistics obtained, the responsible person can better address his target groups and make the website more interesting for the users.
-
Data deletion and storage period
The cookies have a maximum lifetime of 90 days.
-
possibility of objection and removal
You can permanently opt-out of the use and storage of "conversion cookies", or similar technology used in place of cookies, and cross-device remarketing/targeting by deactivating the option for personalized advertising in your Google Account: https://adssettings.google.com/authenticated?hl=de.
Information about Google's privacy policy can be found in the Google Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de.
XVI. Use of Web Analytics and Advertising Tools - Facebook, Custom Audiences and Facebook Marketing Services
-
Description and scope of the processing of personal data
The responsible person uses on his website the so-called "Facebook pixel" and other marketing services of the social network Facebook, which is operated by the provider Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With the help of the Facebook pixel, Facebook can determine the visitors of the responsible person's online offer as the target group for the display of ads (so-called "Facebook ads"). The responsible person uses the Facebook Pixel to display the Facebook Ads placed by him/her only to those Facebook users who have also shown an interest in his/her online offering or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that the responsible person has submitted to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, the responsible person can ensure that his or her Facebook Ads correspond to the potential interest of the users and do not appear to be annoying. With the help of the Facebook Pixel, he or she can also track the effectiveness of Facebook Ads for statistical and market research purposes by determining whether users were redirected to his or her website after clicking on a Facebook Ad (so-called "conversion").
The Facebook pixel is integrated directly by Facebook when you visit our websites and can store a so-called cookie on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous to the person responsible, and therefore does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook for its own market research and advertising purposes. If the person responsible should transmit data to Facebook for comparison purposes, this data is encrypted locally in your browser and only then transmitted to Facebook via a secure https connection. This is only done for the purpose of comparison with the data that is also encrypted by Facebook.
Furthermore, when using the Facebook pixel, the person responsible uses the additional function "extended comparison". Here, data for the formation of target groups ("Custom Audiences" or "Look Alike Audiences") is transmitted to Facebook in encrypted form. Further information and details on how the extended matching function works can be found in the help section of Facebook Business: https://www.facebook.com/business/help/611774685654668.
Furthermore, the person responsible uses the "Custom Audiences from File" procedure offered by Facebook. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used to determine recipients of the responsible person's Facebook ads. The responsible person wants to ensure that the ads are only displayed to users who are interested in the information and services of the responsible person.For the transfer of personal data to the USA, Facebook is certified according to the EU-U.S. Privacy Shield and thus offers a guarantee of compliance with European data protection law. Further information about the Privacy Shield can be found here: https://www.privacyshield.gov/. The certification of Facebook can be viewed here: https://www.privacyshield.gov/list.
-
Legal basis for the processing of personal data
The use of the Facebook pixel and the storage of "conversion cookies" is based on Art. 6 para. 1 lit. f DSGVO. The person responsible has a legitimate interest in the analysis of website visitors and in the optimization of his advertising.
-
purpose of processing personal data
The purpose of using the Facebook marketing services is the legitimate interest of the person responsible for the analysis, optimization and economic operation of his online offer and the interest in optimizing his advertising.
-
Data deletion and storage period
The cookies have a maximum lifetime of 90 days.
-
possibility of objection and removal
You may object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set up what types of ads are displayed to you within Facebook, as well as websites and apps used outside of Facebook, you can set your preferences for ads here: https://www.facebook.com/help/109378269482053?helpref=hc_global_nav.
Information about Facebook's privacy policy can be found in the Facebook Data Policy https://www.facebook.com/policy.php.
Further information and details on how the Facebook pixel works can be found in the help section of Facebook Business: https://www.facebook.com/business/help/651294705016616.
XVII. Use of Adobe Fonts
-
Description and scope of the processing of personal data.
We use Adobe Fonts for the visual design of our website. Adobe Fonts is a service provided by Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; hereinafter "Adobe"), which grants us access to a font library. To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. This provides Adobe with the information that our website has been accessed from your IP address.
Further information on Adobe Fonts can be found in Adobe's privacy policy, which you can access here: https://www.adobe.com/de/privacy/policy.html.
Adobe is certified under the EU-U.S. Privacy Shield for the transfer of personal data to the United States. You can access more information about the Privacy Shield here: https://www.privacyshield.gov/. You can view Adobe's certification here: https://www.privacyshield.gov/list.
-
Legal basis for processing personal data.
The legal basis for the processing is Art.6 para.1 p.1 lit.f DSGVO. The legitimate interest is to ensure that the website functions in a visually appealing and error-free manner.
-
Purpose of the processing of personal data.
The purpose of using Adobe Fonts is to enable the user's browser to display the texts of the website in an optimised manner. If the user's browser does not support optimised display, a standard font of the user's computer will be displayed.
-
Data deletion and storage period.
The data controller has no information about the storage period of the data transferred to Adobe.
-
Opposition and elimination options.
You can configure your browser so that no fonts are loaded from Adobe servers. If the user's browser does not support the use of Adobe fonts or you prevent access to the Adobe servers, the text on our website will be displayed in the system's default font.
XVIII. Use of the tool Hotjar for web analysis purposes
-
Description and scope of the processing of personal data.
This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool used to analyse your user behaviour on this website. Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike etc.) and helps us to tailor our services to our users' feedback. With Hotjar, we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you have stayed with the mouse pointer on a certain spot. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.
Furthermore, we can determine how long you stayed on a page and when you left it.
In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.
-
Legal basis for the processing of personal data.
The use of Hotjar and the storage of Hotjar cookies are based on Art. 6 para. 1 lit. f DSGVO. As the website operator, we have a legitimate interest in analysing user behaviour in order to optimise our website. Since a corresponding consent was requested (consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
-
Data deletion and storage period.
The data controller has no information about the storage period of the data transferred to Google.
-
Opposition and removal possibility.
Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offer more user-friendly, effective and secure. In particular, these cookies allow us to determine whether this website has been visited with a particular end device or whether the functions of Hotjar have been deactivated for the browser in question. Hotjar cookies remain on your terminal device until you delete them.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
If you would like to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/legal/policies/do-not-track/.
Please note that Hotjar must be deactivated separately for each browser or end device.For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy
XIX Use of Google Tag Manager
-
Description and scope of the processing of personal data.
The data controller uses the Google Tag Manager of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With the Google Tag Manager, website tags of the services of Google and other providers can be managed and integrated on our online presence. With the help of the Google Tag Manager, small code elements, so-called tags, are placed on websites. Tags are used by Google Analytics to measure visitor behaviour, optimise online advertising and test and optimise website targeting, among other things. The Google Tag Manager itself does not set cookies, but only tags and does not collect any personal data. When the Google Tag Manager is executed, the user's IP address is transmitted to Google. Further information on the Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
-
Legal basis for the processing of personal data.
The legal basis for the processing of users' personal data is the user's consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO and the legitimate interest pursuant to Art. 6 (1) p. 1 lit. f. DSGVO.
-
Purpose of the processing of personal data
The purpose of using Google Tag Manager is to be able to analyse and regularly improve the use of the website of the responsible party with the help of Google Analytics. The statistics obtained enable the controller to better address its target groups and make the website more interesting for users.
-
Possibility of objection and removal.
The Google Tag Manager triggers other tags, which in turn may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with the Google Tag Manager. Further information is available here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
XX. Use of Google Workspace
-
Description and scope of the processing of personal data.
The data controller uses Google Workspace of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043. Google Workspace is a software accessible via the Internet and executed on Google's servers (cloud service, software as a service. When using Google Workspace, personal data may be processed and stored on Google's servers to the extent that this is part of the communication with or from us. This data may include, in particular, master data and contact details of users, data on transactions, other processes and the content of communications. Google also processes usage data and metadata to ensure the security of and to optimise services. Further information on data protection and security of processing at Google Workspace can be found here: https://cloud.google.com/product-terms.
-
Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is the user's consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO, pre-contractual enquiries and the performance of contracts pursuant to Art. 6 para. 1 p. 1 lit. b. DSGVO as well as the legitimate interest according to Art. 6 para. 1 p. 1 lit. f. DSGVO.
-
Purpose of the processing of personal data
The controller uses Google Workspace for the organisation of its business activities. This includes, but is not limited to, the following processing purposes: storing and managing documents in the cloud, managing appointments, contacts and calendars, sending and receiving email, spreadsheets, presentations, exchanging documents, content and information with specific recipients, publishing forms or other content and information, conducting chats and participating in audio and video conferences.
-
Data deletion and storage period
The personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. 5.
-
Possibility of objection and removal
You have the possibility to revoke your consent to the processing of personal data at any time and can object to the storage of your personal data at any time. In such a case, communication and the customer relationship may not be able to continue.
XXI. Use of Matomo (formerly Piwik)
-
Description and scope of the processing of personal data
The data controller uses the software "Matomo" (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo enables the anonymised analysis of user behaviour on the website. The following data is stored: the user's IP address, shortened by the last two bytes (anonymised); the page accessed and the time of access; the page from which the user accessed our website (referrer); which browser with which plug-ins, which operating system and which screen resolution is used; the time spent on the website; the pages accessed from the sub-page accessed. The data collected with Matomo is stored on our own servers. It is not passed on to third parties.
-
Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is the legitimate interest according to Art. 6 para. 1 p. 1 lit. f. DSGVO.
-
Purpose of the processing of personal data
The data controller needs the data to analyse the surfing behaviour of the users and to obtain information about the use of the individual components of the website. This enables him to continuously optimise the website and its user-friendliness. These purposes constitute the legitimate interest according to Art. 6 Para. 1 lit. f DSGVO. By anonymising the data, the data controller takes into account the interest of users in the protection of personal data. The data will never be used to personally identify the user of the website and will not be merged with other data.
-
Data deletion and storage period
Personal data will be deleted after 12 months and aggregated into monthly reports with no personal reference.
-
Opposition and elimination possibility
You have the possibility to withdraw your consent to the processing of personal data at any time and can object to the storage of your personal data at any time. You can:
a) activate the "Do-not-Track" setting in your browser The Matomo system is configured to respect this setting.
b) create a so-called opt-out cookie with a mouse click below, which is valid for two years. The result is that Matomo will not register your further visits. Note, however, that the opt-out cookie will be deleted if you delete all cookies.
### XXII. Details on the cookies used