1. controller responsible for data processing and contact details

Responsible bodies within the meaning of data protection law:

dataglobalgroup.com

dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
+49 (0)7131 1226 500
datenschutz@dataglobal.com

windream.com

dataglobal Bochum GmbH
Wasserstraße 219
44799 Bochum
+49 (0) 234 9734 0
info@windream.com

---

dataglobalgroup.com

dataglobal Heilbronn GmbH
Im Zukunftspark 10
74076 Heilbronn
+49 (0)7131 1226 500
info@dataglobal.com

---

vysoft.eu

dataglobal München GmbH & Co. KG
Bavariafilmplatz 7
82031 Grünwald
+49 (0) 89 700 744 070
info@vysoft.eu

---

eleven.com

eleven cyber security GmbH
Friedrichstrasse 171
10117 Berlin
+49 (0)30 520056 0
info@eleven.de

Contact details of our data protection officer:
If you have any questions about data protection, the processing of your data and your rights, please contact:

Data Protection Officer of dataglobal Group GmbH
HEC Harald Eul Consulting GmbH
Datenschutz + Datensicherheit
Auf der Höhe 34
50321 Brühl
E-Mail: datenschutz@dataglobal.com

Contact details of our information security officer:
E-mail: isb@dataglobal.com

2. purposes and legal basis on which we process your data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. as part of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you can see on our website www.dataglobalgroup.com.

2.1 Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)

The processing of personal data takes place for the execution of our contracts with you and the execution of your orders as well as for the execution of measures and activities in the context of pre-contractual relationships, e.g. with interested parties. In particular, the processing serves to provide services in accordance with your orders and wishes and includes the services, measures and activities necessary for this. This essentially includes contract-related communication with you, the corresponding billing and associated payment transactions, credit checks, the verifiability of transactions, orders and other agreements as well as for quality control through corresponding documentation, goodwill procedures, measures for the control and optimization of business processes as well as for the fulfillment of general duties of care, control and monitoring by affiliated companies (e.g. parent company); statistical evaluations, data processing and the processing of personal data. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of legal claims and defense in legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and plant security, safeguarding and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, preventing and investigating criminal offenses; monitoring by supervisory bodies or control authorities (e.g. auditing).

2.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)

Beyond the actual fulfillment of the contract or preliminary contract, we may process your data if it is necessary to protect our legitimate interests or those of third parties, in particular for the following purposes:

• advertising or market and opinion research, provided you have not objected to the use of your data;
• obtaining information and exchanging data with credit agencies, insofar as this goes beyond our economic risk;
• the testing and optimization of demand analysis procedures;
• the further development of services and products as well as existing systems and processes;
• the disclosure of personal data in the context of due diligence during company sale negotiations;
• for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
• the enrichment of our data, e.g. by using or researching publicly available data;
• statistical evaluations or market analysis;
• of benchmarking;
• the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship;
• limited storage of the data if deletion is not possible or only possible with disproportionate effort due to the special type of storage;
• the development of scoring systems or automated decision-making processes;
• the prevention and investigation of criminal offenses, unless exclusively for the fulfillment of legal requirements;
• the anonymization of personal data;
• building and plant security (e.g. through access controls and video surveillance), insofar as this goes beyond the general duty of care;
• internal and external investigations, security checks;
• internal fraud or abuse prevention in connection with the fulfillment of a contract and pre-contractual measures, unless exclusively for the fulfillment of legal requirements;
• the possible monitoring or recording of telephone conversations for quality control and training purposes;
• the receipt and maintenance of certifications of a private or official nature;
• securing and exercising domiciliary rights through appropriate measures such as video surveillance to protect our customers and employees and to secure evidence in the event of criminal offenses and to prevent them.

2.3 Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)

Your personal data may also be processed for certain purposes (e.g. use of your e-mail address for marketing purposes) on the basis of your consent. As a rule, you can withdraw this at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. You will be informed separately about the purposes and consequences of withdrawing or not granting consent in the corresponding text of the consent.

In principle, the revocation of consent is only effective for the future. Processing that took place before consent was withdrawn is not affected and remains lawful.

2.4 Purposes for compliance with legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Like everyone involved in business, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but may also include regulatory or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and crimes that endanger assets, comparisons with European and international anti-terror lists, the fulfillment of control and reporting obligations under tax law and the archiving of data for data protection and data security purposes as well as audits by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.

3. the categories of data processed by us, insofar as we do not receive data directly from you, and their origin

Insofar as this is necessary for the provision of our services, we process personal data legitimately received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, population registers, debtor directories, land registers, press, Internet and other media) and are permitted to process.

Relevant personal data categories can be in particular

• Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
• Contact details (address, e-mail address, telephone number and similar data)
• Address data (registration data and comparable data)
• Customer history
• Data about your use of the telemedia offered by us (e.g. time of accessing our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)
• Video data

4. recipients or categories of recipients of your data

Within our company, those internal departments or organizational units receive your data that need it to fulfil our contractual and legal obligations or as part of the processing and implementation of our legitimate interest. Your data will only be passed on to external parties

• in connection with the execution of the contract;
• for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or disclose data or the disclosure of data is in the public interest (see section 2.4);
• insofar as external service providers process data on our behalf as processors or function providers (e.g. external data centers, support/maintenance of EDP/IT applications, archiving,
• Document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing companies or companies for data disposal, courier services, logistics);
• on the basis of our legitimate interest or the legitimate interest of the third party for the purposes specified in section 2.2 (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, group companies and bodies and supervisory authorities);
• if you have given us your consent to transfer your data to third parties.

We will not pass on your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards as we do. In all other cases, the recipients may only use the data for the purposes for which it was transmitted to them.

5. duration of the storage of your data

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified therein are up to ten years after the end of the business relationship or the pre-contractual legal relationship.

Furthermore, special statutory provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data is no longer required for the fulfillment of contractual or legal obligations and rights, it is regularly deleted, unless its – temporary – further processing is necessary to fulfill the purposes listed in section 2.2 for an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organizational measures.

6. processing of your data in a third country or by an international organization

Data is transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. reporting obligations under tax law), if it is in our or a third party’s legitimate interest or if you have given us your consent.

Your data may also be processed in a third country in connection with the involvement of service providers as part of order processing. If there is no decision by the EU Commission on an adequate level of data protection for the country in question or for specific sectors in a third country, there is a risk of access by the authorities without there being adequate legal remedies against this. In this context, appropriate contracts (such as EU standard contracts) and additional measures can be used as a basis for the transfer. Information on the suitable or appropriate guarantees and on the possibility of obtaining a copy from you can be obtained on request from the company data protection officer.

7 Your data protection rights

Under certain conditions, you can assert your data protection rights against us

• You have the right to receive information from us about your data stored by us in accordance with the rules of Art. 15 GDPR (possibly with restrictions according to § 34 BDSG).
• At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
• If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g. legal storage obligations or the restrictions according to § 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not conflict with this.
• Taking into account the requirements of Art. 18 GDPR, you can request us to restrict the processing of your data.
• Furthermore, you can object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop processing your data. However, this right to object only applies if there are very special circumstances relating to your personal situation, whereby our company’s rights may conflict with your right to object.
• You also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit it to a third party in accordance with the requirements of Art. 20 GDPR.
• In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (see section 2.3).
• You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection officer first.
• If possible, your requests to exercise your rights should be sent in writing to the address given above or directly to our data protection officer.

8. scope of your obligations to provide us with your data

You only need to provide the data that is required for the establishment and execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also relate to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.

Information about your right to object Art. 21 GDPR

1. 1. You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 f GDPR (data processing on the basis of a balancing of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

2. 2. We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct advertising. We will observe this objection for the future.

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made informally and should preferably be addressed to

dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn

marketing@dataglobal.com

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on general data protection, please refer to Part 1 above.

Data collection on this website

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

You can contact us at any time if you have further questions on the subject of data protection.

Analysis tools and tools from third-party providers

When you visit this website, your surfing behavior may be statistically evaluated. This is mainly done with so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TDDDG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Data acquisition

Cookies

Our Internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

2. use of third-party tools

In order to offer you an optimal website, we use third-party providers. We use the following services, which may also process personal data:

2.1 Google

The operator of all Google services mentioned here is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

2.1.1 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail

Further information on the Tag Manager can be found at: www.google.com/intl/de/tagmanager/use-policy.html

2.1.2 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail

The Google Analytics service is only used pseudonymously on our website. The collected IP addresses are shortened and thus anonymized.

Google Analytics collects the following data:

• IP address (anonymized)
• Usage data
• Click path
• Browser information
• Device information
• JavaScript support
• Visited pages
• Referrer URL
• Downloads
• Location information
• Date and time of the visit

The personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.

Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

2.1.3 Google Audiences

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Further information and the data protection provisions can be found in Google’s privacy policy at: policies.google.com/technologies/ads.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Target group formation with customer matching

Among other things, we use Google Ads Remarketing customer matching to create target groups. Here, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

2.1.4 Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworksand https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

You can adjust your Google Ads settings here https://myadcenter.google.com/controls

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail

2.1.5 Google Signals

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

2.1.6 YouTube

We use the “YouTube” service to embed videos in the site. The operator of the software required for this is Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When you click on the video, your IP address is transmitted to YouTube, which tells YouTube that you have watched the video. If you are logged in to YouTube, this information will also be assigned to your user account. This can be prevented by logging out of YouTube before watching the video.

Accordingly, the following data may be collected and processed via YouTube:

• IP address
• Referrer URL
• Device information
• Viewed videos

The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not want YouTube to collect and process the data shown, you can refuse your consent in the cookie banner or revoke it at any time with effect for the future.

The personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.

Further information about data protection at YouTube can be found in their privacy policy at: policies.google.com/privacy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail

2.1.7. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

2.2 HubSpot

We use the HubSpot service for various purposes on this website. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information and the content of our website is stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimize our marketing measures.

Mehr Informationen zu den Datenschutzbestimmungen von HubSpot https://legal.hubspot.com/privacy-policy?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188

Mehr Informationen von HubSpot hinsichtlich der EU-Datenschutzbestimmungen https://legal.hubspot.com/security?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188

Mehr Informationen zu den von HubSpot verwendeten Cookies finden Sie hier https://knowledge.hubspot.com/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
und hier https://knowledge.hubspot.com/privacy-and-consent/hubspot-cookie-security-and-privacy?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188

As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:

• Geographical position
• Browser type
• Navigation information
• Reference URL
• Performance data
• Information about how often the application is used
• Mobile apps data
• Login information for the HubSpot subscription service
• Files that are displayed on site
• Domain names
• Pages viewed
• Aggregated use
• Version of the operating system
• Internet service provider
• IP address
• Device identification
• Duration of the visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version

In addition, we also use Hubspot to provide contact forms. Further information on this can be found in section 2.4 of this privacy policy.
The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not want HubSpot to collect and process the data shown, you can refuse your consent in the cookie banner or revoke it at any time with effect for the future. To do so, please use the button above under “Cookies”.
The personal data is stored for as long as it is required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active

2.3 LinkedIn Insight Tag

This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that we can use to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis
If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 TDDDG. Consent can be revoked at any time. If consent has not been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective advertising measures, including social media.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag
Object to the analysis of user behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

2.4 Forms

We use the HubSpot service to make the following online forms available. For this purpose, we forward your data to HubSpot, which processes the data exclusively on our behalf. See privacy policy for “HubSpot”.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active

2.5 Newsletter

3. social media