DE
EN
HomeFor start-upsFor software
service providerFor software service providersFor companies
About usWhy SSIThe teamMagazine/KnowledgeCase studies
Software ServicesSoftware SolutionsIndustriesTechnologies
Privacy policyLegal NoticeOffice Munich

Privacy policy

‍

Preamble

With the following privacy policy, we would like to explain to you what types of your personal data (hereinafter also referred to as “data” for short) we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

The terms used are not gender-specific.

As of August 20, 2024

Table of contents

  • Preamble
  • Person responsible
  • Overview of processing
  • Relevant legal bases
  • Safety measures
  • Transfer of personal data
  • International data transfers
  • General information on data storage and deletion
  • Rights of data subjects
  • Business services
  • Business processes and procedures
  • Provision of online services and web hosting
  • Use of cookies
  • Blogs and publication media
  • Contact and request management
  • Chatbots and chat features
  • Cloud services
  • Web analysis, monitoring and optimization
  • Online marketing
  • Presences on social networks (social media)
  • Management, organization and auxiliary tools
  • Amendment and update
  • Definitions of terms

Person responsible

SSI Software Services GmbH
Bernhard Schimunek
Telephone: +49 (89) 20 80 39 681
email: datenschutz@ssi-group.com

Leopoldstraße 8-10
80802 Munich

E-mail address: info-germany@ssi-group.com

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed

  • Inventory data
  • Employment data
  • Payment details
  • Contact details
  • Content data
  • Contract data
  • Usage data
  • Meta, communication and procedural data
  • Log data
  • Credit rating data

Categories of affected persons

  • Service recipient and client
  • Employees
  • Interested parties
  • Communication partner
  • User
  • Business and contract partners
  • Third people

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Safety measures
  • Range measurement
  • Tracking
  • Office and organizational procedures
  • Conversion measurement
  • Target group building
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • Profiles with user-related information
  • Provision of our online offering and user-friendliness
  • Assessment of creditworthiness and creditworthiness
  • Information technology infrastructure
  • Financial and payment management
  • Public relations
  • Sales promotion
  • Business processes and business procedures

Relevant legal bases

Relevant legal bases under the GDPR: The following is an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or place of residence. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures taken at the request of the data subject.
  • Legal obligation (Art. 6 (1) (c) GDPR) - Processing is necessary to fulfill a legal obligation to which the person responsible is subject.
  • Legitimate interests (Art. 6 (1) (f) GDPR) - processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act — BDSG). In particular, the BDSG contains special rules on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. In addition, state data protection laws of the individual federal states may apply.

Safety measures

In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, availability and separation of data relating to it. We have also set up procedures that ensure the exercise of data subject rights, the deletion of data and responses to the data being compromised. In addition, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through privacy-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): In order to protect user data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information that is transferred between the website or app and the user's browser (or between two servers), which protects the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and encrypted.

Transfer of personal data

As part of our processing of personal data, it may be transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. In addition, data transfers only take place if the level of data protection is otherwise ensured, in particular by standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), express consent or, in the case of contractual or legally required transfer (Art. 49 para. 1 GDPR). In addition, we will provide you with the principles of third-country transfers with the individual providers from the third country, with the adequacy decisions taking priority as the basis. Information on transfers to third countries and existing adequacy decisions can be found in the information offered by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA as part of the adequacy decision of 10.07.2023. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ Remove (in English). As part of the data protection policy, we will inform you which service providers we use are certified under the Data Privacy Framework.

General information on data storage and deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consent is withdrawn or there is no further legal basis for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. There are exceptions to this regulation when legal obligations or special interests require the data to be stored or archived for a longer period of time.

In particular, data that must be stored for commercial or tax reasons or whose storage is necessary to prosecute or protect the rights of other natural or legal persons must be archived accordingly.

Our privacy policy contains additional information on the storage and deletion of data that applies specifically to specific processing processes.

If there is more information about the storage period or deletion periods of a date, the longest period is always decisive.

If a period does not expressly start on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the deadline occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the deadline is the effective date of the termination or other termination of the legal relationship.

We process data that is no longer stored for the originally intended purpose, but due to legal requirements or other reasons, exclusively for the reasons that justify their storage.

Further information on processing processes, procedures and services:

  • Retention and deletion of data: The following general deadlines apply for storage and archiving under German law: some text
    • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet as well as the work instructions and other organizational documents, accounting documents and invoices required for their understanding (Section 147 para. 3 in conjunction with Paragraph 1 No. 1, 4 and 4a AO, Section 14b Paragraph 1 No. 1 No. 1 and 4 HGB).
    • 6 years - Other business documents: received commercial or business letters, reproductions of the sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g. hourly pay slips, operating statement sheets, calculation documents, price awards, but also payroll documents, insofar as they are not already accounting documents and cash strips (Section 147 (3) in conjunction with Paragraph 1 No. 2, 3, 5 AO, Section 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB).
    • 3 years - Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights and to process related inquiries, based on previous business experience and usual industry practices, is stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right of objection: For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
  • Right of withdrawal in case of consent: You have the right to withdraw your consent at any time.
  • Right to information: You have the right to request confirmation as to whether the relevant data is being processed and for information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
  • Right to delete and restrict processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with legal requirements.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.
  • Complaint to supervisory authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you believe that the processing of personal data relating to you is contrary to the GDPR.

Business services

We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships and related measures and with regard to communication with the contractual partners (or pre-contractual), for example to answer inquiries.

We use this information to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other performance problems. In addition, we use the data to protect our rights and for the purpose of administrative tasks associated with these obligations and corporate organization. In addition, we process the data on the basis of our legitimate interests both in proper and business management and in security measures to protect our contractual partners and our business operations from misuse, risk of their data, secrets, information and rights (e.g. to involve telecommunications, transport and other assistance services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent necessary for the above purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, as part of this privacy policy.

We will inform the contractual partners which data is required for the above purposes before or as part of data collection, e.g. in online forms, through special identification (e.g. colors) or symbols (e.g. asterisks, etc.), or personally.

We delete the data after expiry of legal warranty and comparable obligations, i.e. in principle after four years, unless the data is stored in a customer account, e.g. as long as it must be kept for archiving legal reasons (e.g. for tax purposes, usually ten years). We delete data that has been disclosed to us as part of an order by the contractual partner in accordance with the requirements and generally after the end of the order.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact details (e.g. postal and e-mail addresses or telephone numbers). Contract data (e.g. subject matter of contract, duration, customer category).
  • Affected persons: Service recipients and clients; interested parties. Business and contract partners.
  • Purposes of processing: Provision of contractual services and performance of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures. business processes and business procedures.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR); legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Brokerage and brokerage services: We process the data of our customers, clients and prospects (uniformly referred to as “customers”) in accordance with the underlying mandate of the customers. We may also process information about the characteristics and circumstances of persons or objects belonging to them, if this is part of the subject of our order. This may include, for example, information on personal circumstances, mobile or immobile property and the financial situation. If required for contract performance or by law or approved by customers or based on our legitimate interests, we disclose or transfer customer data as part of coverage inquiries, transactions and processing of contracts to providers of the brokered services/properties, insurers, reinsurers, brokerage pools, technical service providers, other service providers, such as For example, cooperating associations, financial service providers, credit institutions and investment companies as well as social security institutions, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin). In addition, subject to other agreements, we may engage subcontractors, such as sub-agents; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • IT services: We process the data of our customers and clients to enable them to plan, implement and support IT solutions and related services. The required information is marked as such in the context of the conclusion of an order, project or comparable contract and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations. Insofar as we obtain access to information from end customers, employees or other persons, we process it in accordance with legal and contractual requirements. Processing processes include project administration and documentation, which include all phases from the initial requirements analysis to the completion of the project. This includes creating and managing project timelines, budgets, and resource allocations. Data processing also supports change management, which documents and tracks changes in the project process to ensure compliance and transparency. Another process is customer relationship management (CRM), which includes recording and analyzing customer interactions and feedback in order to improve service quality and efficiently address individual customer needs. In addition, the processing process includes technical support and trouble shooting, which includes the recording and processing of support requests, troubleshooting and regular maintenance. Reporting and performance analysis are also carried out, which collect and evaluate performance indicators in order to evaluate and continuously optimize the effectiveness of the IT solutions provided. All of these processes are designed to ensure a high level of customer satisfaction and compliance with all relevant requirements; Legal bases: Contract performance and pre-contractual inquiries (Article 6 (1) (b) GDPR), legal obligation (Article 6 (1) (c) GDPR), legitimate interests (Article 6 (1) (f) GDPR).
  • Project and development services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) to enable them to select, purchase or commission the selected services or works as well as related activities as well as their payment and provision, execution or provision. The required information is marked as such in the context of the conclusion of an order, order or comparable contract and includes the information required for service provision and billing as well as contact information to to be able to make any consultations. Insofar as we obtain access to information from end customers, employees or other persons, we process this in accordance with legal and contractual requirements; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • Offering software and platform services: We process the data of our users, registered users and any test users (hereinafter uniformly referred to as “users”) in order to be able to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offer and to be able to further develop it. The required information is marked as such in the context of the conclusion of an order, order or comparable contract and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Business processes and procedures

Personal data of service recipients and clients — including customers, clients or, in special cases, clients, patients or business partners as well as other third parties — is processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payments, accounting and project management.

The collected data is used to fulfill contractual obligations and to make operational processes efficient. This includes processing business transactions, managing customer relationships, optimizing sales strategies, and ensuring internal billing and financial processes. In addition, the data supports the protection of the rights of the person responsible and promotes administrative tasks and the organization of the company.

Personal data may be passed on to third parties if this is necessary to fulfill the stated purposes or legal obligations. After expiry of legal retention periods or when the purpose of processing no longer applies, the data will be deleted. This also includes data that must be stored longer due to tax and legal documentation requirements.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact details (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or pictorial messages and contributions and the information relating to them, such as information on authorship or time of creation); contract data (e.g. contract subject, duration, customer category); protocol data (e.g. log files relating to logins or the retrieval of data, or Access times.); usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); credit data (e.g. credit score received, estimated failure probability, risk rating based on this, historical payment behavior); meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved). Employment data (information about employees and other persons in an employment relationship).
  • Affected persons: Service recipients and clients; interested parties; communication partners; business and contractual partners; third parties; users (e.g. website visitors, users of online services). Employees (e.g. employees, applicants, temporary workers and other employees).
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; office and organizational procedures; business processes and business procedures; communication; marketing; sales promotion; public relations; assessment of creditworthiness and creditworthiness; financial and payment management. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR); legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Legal obligation (Art. 6 (1) (c) GDPR).

Further information on processing processes, procedures and services:

  • Contact management and contact maintenance: procedures required as part of organizing, maintaining, and securing contact information (such as establishing and maintaining a central contact database, regular contact information updates, monitoring data integrity, implementing data protection measures, ensuring access controls, performing backups and restores of contact data, training employees to use contact management software effectively, regularly reviewing communication history, and adjusting contact strategies); Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
  • General payment transactions: procedures necessary for carrying out payment transactions, monitoring bank accounts and controlling cash flows (e.g. preparation and verification of transfers, processing direct debits, checking account statements, monitoring incoming and outgoing payments, chargeback management, account reconciliation, cash management); Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
  • Bookkeeping, Accounts Payable, Accounts Receivable: procedures required for recording, processing and controlling transactions in the area of accounts payable and receivable accounting (e.g. preparation and verification of incoming and outgoing invoices, monitoring and administration of outstanding items, carrying out payment transactions, processing dunning, account reconciliation in the context of receivables and liabilities, accounts payable and accounts receivable); Legal bases: Contract performance and pre-contractual inquiries (Article 6 (1) (b) GDPR), legal obligation (Article 6 (1) (c) GDPR), legitimate interests (Article 6 (1) (f) GDPR).
  • Financial accounting and taxes: procedures required for recording, managing and monitoring financially-relevant business transactions and for calculating, reporting and payment of taxes (e.g. account assignment and accounting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, processing of dunning, account reconciliation, tax advice, preparation and submission of tax returns, handling tax matters); Legal bases: Contract performance and pre-contractual inquiries (Article 6 (1) (b) GDPR), legal obligation (Article 6 (1) (c) GDPR), legitimate interests (Article 6 (1) (f) GDPR).
  • Sales: procedures necessary for planning, implementing and controlling measures to market and sell products or services (e.g. customer acquisition, quotation preparation and tracking, order processing, customer advice and support, sales promotion, product training, sales controlling and analysis, management of sales channels); Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
  • Marketing, advertising and sales promotion: processes required in the context of marketing, advertising and sales promotion (e.g. market analysis and target group determination, development of marketing strategies, planning and execution of advertising campaigns, design and production of promotional materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control); Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Public relations: procedures required in the context of public relations and public relations (e.g. development and implementation of communication strategies, planning and implementation of PR campaigns, preparation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media feedback, organization of press conferences and public events, crisis communication, creation of content for social media and corporate websites, management of corporate branding); Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Provision of online services and web hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transfer the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, involved persons); log data (e.g. log files relating to logins or retrieval of data or access times.). Content data (such as textual or pictorial messages and contributions and information relating to them, such as information on authorship or when they were created).
  • Affected persons: users (e.g. website visitors, users of online services). Business and contract partners.
  • Purposes of processing: Provision of our online offering and usability; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).); security measures; provision of contractual services and fulfilment of contractual obligations. Office and organizational procedures.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Provision of online services on rented storage space: To provide our online service, we use storage space, computing capacity and software, which we rent or otherwise obtain from an appropriate server provider (also known as a “web host”); Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used, on the one hand, for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the workload of the servers and their stability; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
  • Content delivery network: We use a “content delivery network” (CDN). A CDN is a service that allows content from an online offering, in particular large media files, such as graphics or program scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the Internet; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
  • 1&1 IONOS: services in the area of providing information technology infrastructure and related services (e.g. storage and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Strasse 57, 56410 Montabaur, Germany; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.ionos.de; Privacy statement: https://www.ionos.de/terms-gtc/terms-privacy. Order processing contract: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.
  • Webflow: creating, managing and hosting websites, online forms and other web elements; Service provider: Webflow, Inc., 398 11th St., Floor 2, 94103 San Francisco, United States; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://webflow.com; Privacy statement: https://webflow.com/legal/eu-privacy-policy; Order processing contract: https://webflow.com/legal/dpa. Basis for transfers to third countries: Data Privacy Framework (DPF).
  • jsDelivr: Content Delivery Network (CDN), which helps deliver media and files quickly and efficiently, especially under heavy load; Service provider: Prospectone, Królewska 65A/1, 30-081, Krakow, Poland; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.jsdelivr.com. Privacy statement: https://www.jsdelivr.com/terms/privacy-policy.

Use of cookies

Cookies are small text files or other memory notes that store information on end devices and read from them. For example, to save the login status in a user account, shopping cart content in an e-shop, the content accessed or functions used on an online offer. Cookies can also be used to address various concerns, such as the functionality, security and convenience of online offerings and to analyse visitor flows.

Information on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless this is not required by law. In particular, permission is not required if the storage and reading of information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e. our online offering) that they have expressly requested. The revocable consent is clearly communicated to them and contains information on the respective use of cookies.

Information on legal bases of data protection law: The data protection basis on which we process users' personal data using cookies depends on whether we ask them for consent. If users accept, the legal basis for using their data is their given consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in operating our online offering and improving its usability) or, if this is done as part of fulfilling our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We will explain the purposes for which we use cookies in the course of this privacy policy or as part of our consent and processing processes.

Storage period: With regard to storage time, the following types of cookies are differentiated:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).
  • Persistent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved and preferred content displayed directly when the user visits a website again. User data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage period can be up to two years.

General information on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also declare an objection to processing in accordance with legal requirements, including using the privacy settings of their browser.

  • Types of data processed: Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR). Consent (Art. 6 (1) (a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers mentioned as part of the consent management solution. This procedure is used to obtain, log, manage and withdraw consent, in particular with regard to the use of cookies and comparable technologies, which are used to store, read and process information on users' devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management process. Users also have the option to manage and withdraw their consent. The declarations of consent are stored in order to avoid a new request and to be able to provide proof of consent in accordance with legal requirements. The data is stored on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign consent to a specific user or their device. If there is no specific information about the providers of consent management services, the following general information applies: The period of storage of consent is up to two years. This creates a pseudonymous user identifier, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used; Legal bases: Consent (Art. 6 (1) (a) GDPR).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for reasons of security. In addition, we refer to the information on the processing of visitors to our publication medium within the framework of this data protection policy.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via an online form). Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Contact and request management

When contacting us (e.g. by post, contact form, e-mail, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to answer the contact requests and any requested measures.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and Process data (e.g. IP addresses, time information, identification numbers, persons involved). Contract data (e.g. subject matter of contract, duration, customer category).
  • Affected persons: Communication partner; service recipient and client; interested parties. Business and contract partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form); provision of our online offering and usability; provision of contractual services and fulfilment of contractual obligations; office and organizational procedures; marketing. Target group building.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Further information on processing processes, procedures and services:

  • contact form: When you contact us via our contact form, by e-mail or other means of communication, we process the personal data provided to us to answer and process the respective request. This usually includes information such as name, contact information and, if applicable, other information that is provided to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contacting and communicating; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
  • Pipedrive: Cloud-based software to organize and optimize our customer and partner relationships and to manage incoming emails and requests for information; Service provider: Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.pipedrive.com/de; Privacy statement: https://www.pipedrive.com/en/privacy. Order processing contract: https://www.pipedrive.com/en/terms-of-service#data-processing-contract.

Chatbots and chat features

We offer online chats and chatbot functions (collectively referred to as “chat services”) as a means of communication. A chat is an online conversation conducted with a certain amount of time. A chatbot is software that answers users' questions or informs them about messages. If you use our chat features, we may process your personal data.

If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We may also collect information about which users interact with our chat services and when. We also store the content of your conversations via the chat services and log registration and consent processes so that we can prove them in accordance with legal requirements.

We point out to users that the respective platform provider can find out that and when users communicate with our chat services and collect technical information about the user's device and, depending on the settings of their device, location information (so-called metadata) for the purpose of optimising the respective services and security purposes. The metadata of communication via chat services (i.e., information about who has communicated with whom) could also be used by the respective platform providers in accordance with their terms, to which we refer for further information, for marketing purposes or to display advertising tailored to users.

If users agree with a chatbot to activate information with regular messages, they have the option to unsubscribe from the information for the future at any time. The chatbot tells users how and with which terms they can unsubscribe from the messages. When you unsubscribe from chatbot messages, user data is deleted from the directory of message recipients.

We use the above information to operate our chat services, e.g. to address users personally, to answer their inquiries, to deliver any requested content and also to improve our chat services (e.g. to “teach” chatbots answers to frequently asked questions or to recognize unanswered inquiries).

Information on legal bases: We use the chat services on the basis of consent if we have previously obtained permission from users to process their data as part of our chat services (this applies to cases where users are asked for consent, e.g. so that a chatbot sends them messages regularly). If we use chat services to answer users' inquiries about our services or our company, this is done for contractual and pre-contractual communication. In addition, we use chat services on the basis of our legitimate interests in optimising chat services, their economic efficiency and increasing the positive user experience.

Withdrawal, objection and deletion: You can withdraw your consent or object to the processing of your data as part of our chat services at any time.

  • Types of data processed: contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); inventory data (e.g. full name, home address, contact information, customer number, etc.); contract data (e.g. subject matter of the contract, duration, customer category). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Affected persons: Communication partner; service recipient and client; interested parties. Business and contract partners.
  • Purposes of processing: Communication; provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; marketing. Target group building.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Consent (Art. 6 para. 1 p. a) GDPR); contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Pipedrive: Cloud-based software to organize and optimize our customer and partner relationships and to manage incoming emails and requests for information; Service provider: Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.pipedrive.com/de; Privacy statement: https://www.pipedrive.com/en/privacy. Order processing contract: https://www.pipedrive.com/en/terms-of-service#data-processing-contract.

cloud services

We use software services accessible via the Internet and run on their providers' servers (so-called “cloud services”, also known as “software as a service”) to store and manage content (such as document storage and management, exchange of documents, content and information with specific recipients, or publication of content and information).

Within this framework, personal data may be processed and stored on the providers' servers, insofar as this is part of communication processes with us or is otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data and contact details of users, data on processes, contracts, other processes and their content. Cloud service providers also process usage data and metadata, which are used by them for security purposes and service optimization.

If we use cloud services to provide forms or documents and content to other users or publicly accessible websites, the providers can store cookies on users' devices for web analysis purposes or to remember user settings (e.g. in the case of media control).

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as information on authorship or time of creation). Usage data (such as page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
  • Affected persons: Interested parties; communication partners. Business and contract partners.
  • Purposes of processing: Office and organizational procedures. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Dropbox: cloud storage service; Service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, United States; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.dropbox.com/de; Privacy statement: https://www.dropbox.com/privacy; Order processing contract: https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf. Basis for transfers to third countries: Data Privacy Framework (DPF).

Web analysis, monitoring and optimization

Web analysis (also known as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are used most frequently, or invite them to be reused. It is also possible for us to understand which areas require optimization.

In addition to web analysis, we can also use test methods to test and optimize different versions of our online offering or its components, for example.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information stored in a browser or in a terminal device and then read out. The information collected includes in particular websites visited and elements used there as well as technical information, such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data with us or with the providers of the services we use, it is also possible to process location data.

In addition, the IP addresses of users are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of web analysis, A/B testing and optimization, no clear user data (such as email addresses or names) is stored, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Information on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
‍

  • Types of data processed: Usage data (such as page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section. Storage of cookies of up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users' devices for a period of two years).
  • Safety measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).
    ‍

Further information on processing processes, procedures and services:

  • Google Analytics (server-side usage): We use Google Analytics to measure and analyze how users use our online services. Although user data is processed, it is not transmitted directly from the user's device to Google. In particular, the user's IP address is not transmitted to Google. Instead, the data is first transmitted to our server, where the users' data records are assigned to our internal user identification number. The subsequent transmission only takes place in this pseudonymized form from our server to Google. The identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed during one or more usage processes, which search terms they have used, have accessed them again or have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, and cookies can be used. Analytics provides higher-level geographic location data by collecting the following metadata using IP search: “city” (and the derived latitude and longitude of the city), “continent”, “country”, “region”, “subcontinent” (and the ID-based equivalents); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: consent (Article 6 (1) (1) (a) GDPR); Site: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy statement: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Basis for transfers to third countries: Data Privacy Framework (DPF). More information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Google Tag Manager (server-side usage): Google Tag Manager is an application with which we can manage so-called website tags via an interface and thus integrate other services into our online offering (see also further information in this privacy policy). The Tag Manager itself (which implements the tags) therefore stores neither user profiles nor cookies. The other services are integrated on the server side. This means that users' data is not transmitted directly from their device to the respective service or Google. In particular, the user's IP address is not transmitted to the other service. Instead, the data is first transmitted to our server, where the users' data records are assigned to our internal user identification number. The subsequent transfer of data from our server to the servers of the respective service providers only takes place in this pseudonymized form. The user identification number does not contain any unique data, such as names or email addresses; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: consent (Article 6 (1) (1) (a) GDPR); Site: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy statement: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Basis for transfers to third countries: Data Privacy Framework (DPF). More information: https://business.safety.google/adsservices/ (Types of processing and data processed).

online marketing

We process personal data for the purpose of online marketing, which may include, in particular, marketing advertising space or presenting advertising and other content (collectively referred to as “content”) based on users' potential interests and measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar procedures are used, by means of which the user information relevant to the presentation of the aforementioned content is stored. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

Users' IP addresses are also stored. However, we use available IP masking methods (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of the online marketing process, no clear user data (such as email addresses or names) is stored, but pseudonyms. This means that we as well as the providers of online marketing processes do not know the actual user identity, but only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or using similar methods. These cookies can later generally also be read on other websites that use the same online marketing process and analyzed for the purpose of presenting content, supplemented with further data and stored on the server of the online marketing process provider.

As an exception, it is possible to assign plain data to the profiles, especially if the users are members of a social network whose online marketing process we use and the network connects the user profiles with the above information. Please note that users can make additional agreements with providers, for example through consent as part of registration.

In principle, we only have access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us, for example. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

Information on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Information on withdrawal and objection: 

We refer to the privacy policies of the respective providers and the objection options provided to the providers (so-called “opt-out”). If no explicit opt-out option has been specified, it is possible, on the one hand, to switch off cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore recommend the following additional opt-out options, which are offered in summary for respective areas:

a) Europe: https://www.youronlinechoices.eu 

b) Canada: https://www.youradchoices.ca/choices 

c) USA: https://www.aboutads.info/choices 

d) Across territories: https://optout.aboutads.info

  • Types of data processed: Usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, involved persons); inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. For example, textual or pictorial messages and contributions and that they relevant information, such as information on authorship or time of preparation). Contract data (e.g. subject matter of contract, duration, customer category).
  • Affected persons: users (e.g. website visitors, users of online services); service recipients and clients; interested parties; communication partners. Business and contract partners.
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavioral profiling, use of cookies); target group formation; marketing; profiles with user-related information (creation of user profiles); conversion measurement (measurement of the effectiveness of marketing measures); provision of contractual services and fulfilment of contractual obligations; communication. Office and organizational procedures.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section. Storage of cookies of up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users' devices for a period of two years).
  • Safety measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Google Ads and conversion measurement: Online marketing processes for the purpose of placing content and ads within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. In addition, we measure the conversion of the ads, i.e. whether users have taken them as an opportunity to interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: consent (Art. 6 para. 1 p. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 p. f) GDPR); Site: https://marketingplatform.google.com; Privacy statement: https://policies.google.com/privacy; Basis for transfers to third countries: Data Privacy Framework (DPF); More information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
  • Pipedrive: Cloud-based software to organize and optimize our customer and partner relationships and to manage incoming emails and requests for information; Service provider: Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.pipedrive.com/de; Privacy statement: https://www.pipedrive.com/en/privacy. Order processing contract: https://www.pipedrive.com/en/terms-of-service#data-processing-contract.

Presences on social networks (social media)

We maintain online presences within social networks and process user data within this framework in order to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce user rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The latter may in turn be used, for example, to place advertisements within and outside the networks that presumably match the interests of users. Therefore, cookies are usually stored on users' computers, in which the usage behavior and interests of the users are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (in particular if they are members of the respective platforms and logged in there).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Even in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the latter have access to user data and can directly take appropriate measures and provide information. Should you still need help, you can contact us.

  • Types of data processed: Contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or pictorial messages and contributions and information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g. collecting feedback via online form). public relations.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Instagram: Social network, allows you to share photos and videos, comment on and favorite posts, send messages, subscribe to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.instagram.com; Privacy statement: https://privacycenter.instagram.com/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF).
  • Facebook pages: Profiles within the social network Facebook - Together with Meta Platforms Ireland Limited, we are responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content that users view or interact with, or the actions they take (see “Things done and provided by you and others” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As stated in the Facebook data policy under “How do we use this information?” Facebook also explains, collects and uses information to provide analytics services, so-called “page insights,” for site operators so that they obtain insights into how people interact with their pages and with the content associated with them. We have signed a special agreement with Facebook (“Page Insights Information,” https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must comply with and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). Users' rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about page insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of the data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.facebook.com; Privacy statement: https://www.facebook.com/privacy/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF).
  • LinkedIn: Social network - Together with LinkedIn Ireland Unlimited Company, we are responsible for collecting (but not further processing) visitor data that is created for the purpose of creating the “page insights” (statistics) of our LinkedIn profiles. This data includes information about the types of content that users view or interact with or the actions they take, as well as information about the devices used by users (such as IP addresses, operating system, browser type, language preferences, cookie data) and information from the users' profile, such as job function, country, industry, hierarchical level, company size, and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy We have signed a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum (the 'Addendum')” https://legal.linkedin.com/pages-joint-controller-addendum), which in particular regulates which security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to LinkedIn). Users' rights (in particular to information, deletion, objection and complaint with the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection of data by and transmission to Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of Ireland Unlimited Company, in particular the transmission of the data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://www.linkedin.com; Privacy statement: https://www.linkedin.com/legal/privacy-policy; Basis for transfers to third countries: Data Privacy Framework (DPF). Objection option (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Management, organization and auxiliary tools

We use services, platforms and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we comply with legal requirements.

Within this framework, personal data may be processed and stored on the servers of third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data on processes, contracts, other processes and their content.

If users are referred to the third-party providers or their software or platforms as part of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to comply with the privacy policies of the respective third-party providers.

  • Types of data processed: Content data (e.g. textual or visual messages and contributions and information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved). Contact details (such as postal and email addresses or telephone numbers).
  • Affected persons: communication partner. users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations. Office and organizational procedures.
  • Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

  • Calendly: online scheduling and appointment management; Service provider: Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, United States; Legal bases: legitimate interests (Art. 6 (1) (f) GDPR); Site: https://calendly.com/de; Privacy statement: https://calendly.com/privacy; Order processing contract: https://calendly.com/dpa. Basis for transfers to third countries: standard contractual clauses (https://calendly.com/dpa).

Amendment and update

We ask you to regularly check the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

Definitions of terms

This section provides an overview of the terms used in this privacy statement. Insofar as the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are primarily intended for understanding.

  • employees: Employees are people who are in an employment relationship, whether as employees, employees or in similar positions. An employment relationship is a legal relationship between an employer and an employee that is established by an employment contract or agreement. It includes the employer's obligation to pay compensation to the employee while the employee performs his work. The employment relationship comprises various phases, including the establishment in which the employment contract is concluded, the implementation in which the employee carries out his work activity, and termination when the employment relationship ends, whether through termination, termination agreement or otherwise. Employee data is all information that relates to these people and is in the context of their employment. This includes aspects such as personal identification data, identification numbers, salary and bank details, working hours, vacation entitlements, health data, and performance reviews.
  • Inventory data: Inventory data includes essential information that is necessary to identify and manage contract partners, user accounts, profiles and similar assignments. This data may include personal and demographic information such as names, contact information (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between people and services, facilities or systems by enabling unambiguous attribution and communication.
  • Content data: Content data includes information that is generated in the course of creating, editing, and publishing all types of content. This category of data can include text, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not only limited to the actual content, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates
  • contact details: Contact data is essential information that enables communication with people or organizations. They include telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
  • Conversion measurement: Conversion measurement (also known as “visit action evaluation”) is a method that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures are carried out and then retrieved again on the target website. For example, this allows us to understand whether the ads we placed on other websites were successful.
  • Meta, communication and process data: Meta, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta data, also known as data about data, includes information that describes the context, origin, and structure of other data. They can include information about the file size, creation date, author of a document, and change histories. Communication data records the exchange of information between users via various channels, such as email traffic, call logs, messages on social networks and chat histories, including the people involved, time stamps, and transmission channels. Procedural data describes the processes and operations within systems or organizations, including workflow documentation, logs of transactions and activities, and audit logs that are used to track and review operations.
  • Usage data: Usage data refers to information that records how users interact with digital products, services, or platforms. This data includes a wide range of information that shows how users use applications, which features they prefer, how long they spend on specific pages, and which paths they use to navigate through an application. Usage data may also include frequency of use, time stamps of activities, IP addresses, device information, and location data. They are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a decisive role in identifying trends, preferences and potential problem areas within digital offerings
  • Personal data: “Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, are the cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, comprises any type of automated processing of personal data, which consists of using this personal data to analyze, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.) (e.g. interests in specific content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes.
  • Log data: Log data is information about events or activities that have been logged on a system or network. This data typically includes information such as time stamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used to analyze system issues, monitor security, or generate performance reports.
  • Range measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offer and can include visitors' behavior or interests in certain information, such as the content of websites. With the help of reach analysis, operators of online offers can, for example, recognize at what time users visit their websites and what content they are interested in. This allows them, for example, to better adapt the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for audience analysis purposes to recognize returning visitors and thus obtain more detailed analyses of the use of an online offer.
  • Tracking: We speak of “tracking” when the behavior of users can be traced across several online offerings. As a rule, behavioral and interest information with regard to the online offers used is stored in cookies or on servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
  • responsible person: “Responsible person” is the natural or legal person, authority, agency or other body which, alone or together with others, decides on the purposes and means of processing personal data.
  • processing: “Processing” means any process carried out with or without the aid of automated procedures or any such series of processes in connection with personal data. The term is broad and covers virtually any handling of data, whether collection, evaluation, storage, transmission or deletion.
  • Contract data: Contract data is specific information that relates to the formalization of an agreement between two or more parties. They document the conditions under which services or products are provided, traded, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both the identification of the parties to the contract and the specific terms and conditions of the agreement. Contract data may include start and end dates of the contract, the type of services or products agreed upon, pricing agreements, payment terms, termination rights, renewal options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are decisive for clarifying rights and obligations, enforcing claims and resolving disputes.
  • Payment details: Payment data includes all information needed to process payment transactions between buyers and sellers. This data is crucial for e-commerce, online banking, and any other form of financial transaction. They include details such as credit card numbers, bank details, payment amounts, transaction details, verification numbers, and billing information. Payment data may also include information about payment status, chargebacks, authorizations, and fees.
  • Target group formation: Target group building (English “custom audiences”) is when target groups are determined for advertising purposes, e.g. displaying advertisements. For example, based on a user's interest in specific products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which he viewed the products. In turn, we speak of “lookalike audiences” (or similar target groups) when the content considered suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences.
Awards and Awards
SSI certificates
Your Success
is our Passion.
More SSI
StartupsSoftware service provider
Facebook
instagram
linkedin
For better readability, SSI texts are formulated in generic masculine form. Of course, the personal names used — unless otherwise stated — refer to all genders.
Privacy policyLegal NoticeOffice Munich
We are an independent company and part of the international SSI Group.
‍www.ssi-group.com

© 2024 SSI Software Services GmbH | All rights reserved
For better readability, SSI texts are formulated in generic masculine form. Of course, the personal names used — unless otherwise stated — refer to all genders.