Data Privacy Policy

The protection of personal data is an important concern for osapiens Holding GmbH (hereinafter referred to as „osapiens“, “us”, “our” or “we”). Your personal data as website user (hereinafter referred to as “you” and “your”) is processed in compliance with the applicable data protection provisions, in particular the General Data Protection Regulation (GDPR).

Pursuant to Art. 4 no. 1 GDPR, personal data means any information relating to an identified or identifiable natural person that you provide to us (hereinafter referred to as “data“).

With this data privacy policy, we inform you about the type, scope, and purposes of the data processing and how this data is handled. In addition, you will learn about the rights you have regarding the processing of your data.

 

Responsible person (Controller) and data protection officer

Responsible for the processing of your data is:

osapiens Holding GmbH

Julius-Hatry-Straße 1

68163 Mannheim

 

We have appointed a data protection officer:

c/o TÜV SÜD Akademie GmbH

Westendstraße 160

80339 München

 

Our data protection officer will be happy to answer any questions you may have on data protection issues. You can reach our data protection officer at

• our above-mentioned business address with the addition of “Datenschutz” or
• by e-mail at dataprotection@osapiens.com.

 

External Hosting

This website is hosted by in the infrastructure of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (hereinafter referred to as “AWS” or “Hoster”) in Frankfurt, Germany. The data collected on this website is stored on the server of this hoster. This may especially be IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website. Furthermore, AWS stores cookies or other recognition technologies that are required for the depiction of the website, for the provision of certain website functions and to guarantee its security (necessary cookies).

The Hoster is assigned for the purpose of the contract fulfilment towards our potential and existing customers/website visitors (Art. 6 (1) lit. b) GDPR) and in the interest of a secure, fast, and efficient performance of our website by professional provider (Art. 6 (1) lit. f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1) lit a) GDPR and Section 25 (1) of the Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetzes-TTDSG), insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Our Hoster will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding processing of these data.

To ensure processing of the data in compliance with data protection regulations, we have concluded a data processing agreement with our Host Provider.

 

Collection and storage of data as well as type and purpose of their use

Website visit

Each time you access our website, your browser automatically transmits data that is stored in the server’s log files. These are the following data (“log files data“):

• Browser type and browser version;
• Name und URL of the accessed file;
• Date and time of the server request;
• Report about successful access (HTTPS response code);
• Operating system in use;
• Referrer URL;
• Websites that are accessed by the user’s system via our website;
• Internet service provider of the user and
• IP-address (anonymized) and the requesting provider.

We analyse log files data anonymously to continuously improve the website, to adapt the website to the interests of our users and to improve errors more quickly. These purposes are also our legitimate interest in data processing according to Art. 6 (1) lit. f) GDPR.

In non-anonymised form, log files data is used exclusively to identify malfunctions and to ensure system security, including the detection and tracking of unauthorized access attempts and fraud. These log files data are stored for 7 days and then deleted. Log files data whose further retention is required for evidence purposes is excluded from deletion until final clarification of the respective incident and may be passed on to investigating authorities in individual cases.

 

Registration

In order to use specific functionalities of this website you need to register as a member of the platform. While registering as a member you will have to enter your first and last name, a username, your e-mail address and a password.

We use the information provided during registration to create and manage your user account on the platform. Your contact information is further used to communicate with you regarding your account, updates to our services and any important notifications related to your interactions with our platform. Furthermore, we may use the provided data for the purpose of managing our platform and its content and ensuring that the use of the platform complies with our platform rules as well as applicable laws.

The processing of the data is based on your consent according to Art. 6 (1) lit. a) GDPR as requested during registration, insofar as it is related to the creation and management of your user account; the consent can be revoked at any time. In all other cases, the processing is based on our legitimate interest in the effective management and compliance of our platform (Art. 6 (1) letter f) GDPR.

 

Contact form

If you send us requests via contact form, we store your contact data for processing of your request as well as for the case of follow-up questions. While using the contact form you must submit first and last name as well as a valid email address in order to allocate a person behind the request and in order to be able to answer it. Additional information like industry, job title, phone number, solution of interest with regards to our services and any additional message can be provided optionally. If you do not wish to provide the data we have requested, we may not be able to provide the information and/or services you request or perform certain tasks for which your data is requested.

The processing of this data is based on Art. 6 (1) lit. b) GDPR, insofar as that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6 (1) letter f) GDPR) or on your consent according to Art. 6 (1) lit. a) GDPR, if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. when the processing of your request is completed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

 

Requests by email, telephone or fax

If you contact us by email, telephone or fax, your request including all therefrom resulting data will be stored and processed by us for the purpose of treating your request. We do not share this data without your consent.

The processing of these data is based on Art. 6 (1) lit. b) GDPR, as far as your request is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) lit. f) GDPR) or on your consent according to Art. 6 (1) lit. a) GDPR, if this has been requested; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after completion of your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

 

Newsletter, downloads/webinars and demos

To register for the newsletter, the data requested in the registration process, such as the title, name and email address are collected. The registration for the newsletter is recorded. After registration, you will receive a message to the specified email address in which you are asked to confirm the registration (“double opt-in”). We further record whether you have opened the email and which newsletter issues you have read, when and how often. If you subscribe our newsletter, we will send information about our offers on a regular basis.

To download certain free documents (e.g. white papers), register for free webinars or request free demos, it is necessary to provide the name and email address of the interested party. Additional details and information, such as industry, job title, telephone number, interest in our services and additional messages can be provided optionally. By downloading, registering or requesting, you provide your consent to collect your data in order to send you personalised information on specific topics in the form of newsletters tailored to your specific interests. We use Hubspot CRM (see below for more details) for our marketing activities.The double opt-in procedure also applies here.

The data collected by us when you register for the newsletter will be used exclusively for advertising purpose. The legal basis for sending the newsletter is your consent according to Art. 6 (1) lit. a) in conjunction with. Art. 7 GDPR and Section 7 (2) no. 3 Law on Unfair Competition (Gesetz gegen den unlauteren Wettbewerb-UWG). Legal basis for the recording of the login registration is our legitimate interest (Art. 6 (1) lit. f) GDPR).

You can revoke the given consent to store the data, the email address and their use for sending the newsletter at any time, for example via the “unsubscribe from all communication” link in the newsletter. The legality of the data processing already carried out remains unaffected until your revocation. The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter. After unsubscribing from the newsletter or after expiry of the purpose, your data will be deleted from the newsletter distribution list.

After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider (Hubspot CRM as described below) in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest according to Art. 6 (1) lit. f) GDPR). The storage in the blacklist is not limited in time. You can object the storage if your interests outweigh our legitimate interest.

We store the registration data as long as they are needed for sending the newsletter. We store the login registration data as long as there is an interest in proving the initially granted consent.

 

Cookies

On our website we use so-called “cookies”. Cookies are small text files and do not cause any damage on your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete it yourself or it is automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our website (third party-cookies). These enable us or you to use certain services of the third-party company.

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function). Other cookies are used to evaluate user behavior or show advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f) GDPR, unless another legal basis is specified. The website provider has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies concerned is based exclusively on this consent (Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG); the consent can be revoked at any time.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the scope of this data protection policy and, if necessary, request your consent.

You can set your browser in such a way that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or generally, or to exclude the cookies completely. Excluding cookies may limit the functionality of the website.

Please refer to the user menu of your web browser or the website of your browser’s manufacturer for information on how to set your browser program appropriately. Regularly, in the menu bar of your web browser, the help function will show you how to be informed about the setting of cookies, or you can reject new cookies and also delete cookies already received.

We inform you in advance about the use of cookies with a corresponding notice via a cookie banner.

Consent with Cookiebot

Our website uses consent technology from Cookiebot to obtain your consent to the storage of certain cookies on your end device or for the use of certain technologies and to document this in a data protection-compliant manner. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).

When you enter our website, a connection is established with the Cookiebot servers to obtain your consent and provide you with other explanations regarding the use of cookies. Cookiebot will then store a cookie in your browser to identify the consent you have given or its revocation. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie itself or the purpose for which the data is stored no longer applies. Mandatory legal storage obligations remain unaffected. Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) lit. c) GDPR.

We have concluded a data processing agreement for the use of the above-mentioned service with Cookiebot.

 

Recipients of data

In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of data to these external parties. We only disclose data to external parties if this is required as part of the fulfillment of a contract (Art. 6 (1) lit. b) GDPR, if we are legally obligated to do so (e.g., disclosure of data to tax authorities) based on Art. 6 (1) lit. c) GDPR, if we have a legitimate interest in the disclosure pursuant to Art. 6 (1) lit. f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose your data based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

 

Data transfer to third countries that are not secure under data protection law and the transfer to US companies that are not certified based on EU-US Data Privacy Framework (DPF)

We use, among other technologies, tools from companies located in third-party countries (outside of EU or EEA) that are not safe under data protection law, as well as US tools whose providers are not certified under the DPF. If these tools are enabled, your data may be transferred to and processed in these countries. We would like you to note that no level of data protection comparable to that in the EU can be guaranteed in third countries that are insecure in terms of data protection law.

We would like to point out that the US, as a secure third-party country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permitted if the recipient is certified under the DPF or has appropriate additional assurances. Information on transfers to third-party countries, including the data recipients, can be found in this Data Privacy Policy.

 

Integration of third-party services and contents

Google Services

In the following we describe the use of data using services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The responsible service provider in the EU is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter referred to as “Google”).

We use services, where Google acts either as data processor or as joint controller together with us based on the respective agreements. So far as data is processed in the US, we point out that this is carried out based on the standard contractual clauses (SCC) of the EU Commission. Please find details here: https://support.google.com/publisherpolicies/answer/10437486?hl=en, https://business.safety.google/adsprocessorterms/ and https://business.safety.google/adscontrollerterms/.

 

Furthermore, Google LLC is certified in accordance with the DPF. For more information, please contact follow the link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

For more information about Google’s use of data, settings, and opportunities to raise objections, please refer to Google’s privacy declaration (https://policies.google.com/privacy?hl=en-US).

 

Google Tag Manager

We use the Google Tag Manager. The service provider is Google.

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) company in the US.

The Google Tag Manager is used based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

 

Google Analytics

We use functions of the web analysis service Google Analytics. The service provider of this service is Google.

Google Analytics enables the website provider to analyze the behavior patterns of the website visitors. To that end, the website provider receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting).

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be anonymized by Google within member states of the EU or EEA.

The use of this analysis tool is based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in analysing user behaviour to optimize both its web offer and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG; the consent can be revoked at any time.

The data sent by us and linked to cookies are automatically deleted after 2 months. The deletion of data whose retention period has been reached takes place automatically once a month. I you visit our website again within the period of 2 months, the retention period will be prolonged for another 2 months.

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Google Analytics Terms of Service at: https://marketingplatform.google.com/about/analytics/terms/us/.

 

Google Ads

We use Google Ads. Google Ads is an online promotional program of Google.

Google Ads enables us to display ads (cookie will be set) in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website provider, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

By way of the integration of Google Ads, Google receives the information that you viewed the relevant part of our website or clicked any of our ads. Due to the applied marketing tools, your browser automatically establishes a direct connection with the server of Google. We have no influence on the scope and the further use of the data processed by Google by applying this tool. Therefore, we inform you in accordance with our knowledge: if you are registered with one of the service tools offered by Google, Google can allocate the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and store your IP address.

The use of these services occurs based on your consent pursuant to Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG. You may revoke your consent at any time.

You may prevent participation in this tracking process in several ways a) by a corresponding setting of your browser, particularly, the disabling of cookies means that you will not receive ads from third-party providers, b) by installing the plug-in provided by Google via the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign “About Ads”, via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in the browsers Firefox, Explorer or Google Chrome via the link http://www.google.com/settings/ads/plugin, e) by setting the respective cookies. We would like to inform you that in this case you may not be able to use all the functions of this website to their full extent.

 

Other Services

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereafter referred to as “Hubspot”).

Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts, to communicate with you and to plan and execute marketing activities in line with your interests.

Hubspot CRM enables us to capture, sort and analyze customer interactions via email, social media, or phone across multiple channels. The data collected in this way can be evaluated and used for communication with the potential customer or marketing measures (e.g., newsletter mailings). Hubspot CRM also enables us to collect and analyze the user behavior of our contacts on our website.

The use of Hubspot is based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in the most efficient customer management and customer communication. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

We have concluded a data processing agreement for the use of the above-mentioned service with Hubspot. The data transmission to the US is based on the SCC clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield and https://eur-lex.europa.eu/eli/dec_impl/2021/914.

Furthermore, the Hubspot is certified in accordance with the DPF. For more information, please follow the link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TN8pAAG&status=Active.

For more details, please refer to Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.

 

 

Our Social networks in detail

YouTube

Our website embeds videos (from our YouTube channel) of the website YouTube. The Service provider is Google.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out because of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 (1) lit. f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

 

LinkedIn, LinkedIn Insight Tag and LinkedIn Ads

We have a profile on LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).

Furthermore, we use the LinkedIn Insight Tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyze the key occupational data (e.g., career level, company size, country, location, industry, job title) of our website users to help us better target our site to the relevant audience. We can also use Insight Tag to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). Insight Tag also features a retargeting function that allows us to display targeted advertising (LinkedIn Ads) to visitors to our website outside of the website. This will be done for marketing and optimisation purposes, in particular to analyse the use and to continuously improve individual functions and the user experience. According to LinkedIn, no identification of the advertising addressee takes place.

 

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data will then be deleted within 180 days (https://www.linkedin.com/help/linkedin/answer/a1445756/linkedin-marketing-solutions-und-die-datenschutz-grundverordnung-dsgvo-?lang=de).

The data collected by LinkedIn cannot be assigned by us as a website provider to specific individuals. LinkedIn may store the data collected from website visitors on its servers in the US and use it for its own purposes. For details, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

If your approval (consent) has been obtained the use of the abovementioned service shall occur based on Art. 6 (1) lit. a) GDPR and Section 25 TTDSG. Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur based on Art. 6 (1) lit. f) GDPR; the website provider has a legitimate interest in effective advertising promotions that include the utilization of social media.

We have concluded a Joint Controller Addendum for the use of the above-mentioned service. The data transmission to the US is based on the SCC of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Furthermore we have concluded a LinkedIn Ads Agreement for the use of LinkedIn Ads https://de.linkedin.com/legal/sas-terms?.

The agreements with LinkedIn, including those concerning joint responsibility, mainly indicate that information requests and the enforcement of further rights of the data subject should most appropriately be carried out directly via LinkedIn. As the provider of the social network LinkedIn, LinkedIn solely has the direct means of access and the information required to be able to process your requests. LinkedIn can additionally take any required measures directly and provide information. If you nevertheless require our support, please feel free to contact us at any time.

You can object to LinkedIn’s analysis of user behavior and targeted advertising as well as prevent the installation of cookies in the settings of your web browser at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. In addition, LinkedIn members can control the use of their data for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.

 

 

Storage period

Unless specifically stated, we only store data for as long as is necessary to fulfil the purposes for which it was collected. In several cases, it is required to store data to cope with law, for example tax or commercial law. In these cases, we will only continue to store the data for these legal purposes but will not process it in any other way and will delete it after the legal retention period has expired.

 

Data security

We make every effort to ensure the security of your data within the scope of the applicable data protection laws and technical possibilities.

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website provider, this website uses the SSL (Secure Socket Layer) coding system. We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. Complete protection of the data against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

Furthermore, we do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out.

 

Your rights (rights of data subjects)

You have extensive rights with regard to the processing of your data.

Right to information: You have the right to information about the data stored by us, in particular, for what purpose the processing is carried out and how long the data is stored (Art. 15 GDPR). This right is limited by the exceptions of Section 34 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), according to which the right to information does not apply in particular if the data is stored only due to legal retention requirements or for data security and data protection control, the provision of information would require a disproportionate effort and a misappropriation of the data processing is prevented by appropriate technical and organisational measures.

Right to rectify inaccurate data: You have the right to request the rectification of your data without delay if it should be inaccurate (Art. 16 GDPR).

Right to erasure: You have the right to request the erasure (Art. 17 GDPR) of your data. These conditions exist in particular if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have revoked a consent without the data processing may not be continued on another legal basis, d) you successfully object to the data processing, or e) the obligation to delete your data based on the law of the EU or an EU member state, to which we are subject, exists. This right is subject to the restrictions set out in Section 35 BDSG, according to which the right to erasure may be waived, in particular if, in the case of non-automated data processing, there is a disproportionate effort for erasure and your interest in erasure is to be regarded as low.

Right to restriction of processing: You have the right to request restriction of the processing of your data (Art. 18 GDPR). This right exists in particular if a) the accuracy of the data is disputed, b) you request restricted processing instead of erasure under the conditions of a legitimate request for erasure, c) the data is no longer necessary for the purposes pursued by us, but you need the data to assert, exercise or defend legal claims or d) the success of an objection is still disputed.

Right to data portability: You have the right to obtain your data that were provided to us in a structured, common, machine-readable format (Art. 20 GDPR), if the data has not already been deleted.

Right to object: You have the right to object to the processing of your data at any time on grounds relating to your particular situation (Art. 21 GDPR). We will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights, and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

According to Art. 7 (3) GDPR, you have the right to revoke your consent at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of the previous consent. The only consequence of the revocation is that we may no longer continue the data processing based on this consent for the future. However, please note that we may not be able to provide certain services or additional services if we are not able to process the data required for this purpose.

Right in relation to automated decision making: You have the right (Art. 22 GDPR) not to be subject to automated decision making, including profiling, that has legal consequences or similar significant effects for you. We generally do not use automated decision making or profiling. However, if you have been subjected to automated decision-making and do not agree with the outcome, you may contact us in the ways set out below and ask us to review the decision.

Right to complain to the supervisory authority: You have the possibility to contact the above-mentioned data protection officer (if appointed) or a data protection supervisory authority if you believe that the processing of your data violates the GDPR.