Privacy policy
Status: October 2023
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the associated website(s), function(s), and content, as well as external online presences, such as our social media profiles. Regarding the terminology used, such as "personal data" or "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Table of Contents: Name and address of the responsible party, contact for the data protection officer, information obligations, general information on data processing, provision of the website and creation of log files, use of cookies, use of the contact form, rights of the affected person
1. Name and address of the responsible party
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Convidera GmbH
Stolbergerstrasse 90D
50933 Cologne
Germany
Tel.: +49(221) 993 185 00
Email: info@convidera.de
Website: convidera.com
2. Name and address of the Data Protection Officer
If you have any questions about the handling of your personal data or wish to exercise your data subject rights, you can contact our Data Protection Officer at:
Email: datenschutz@convidera.com
Phone number and address see above
3. Information obligations
a) Types of processed data
We process the following types of data on our website: inventory data, contact data, content data, usage data, meta-/communication data. No special categories of data (Art. 9 para. 1 GDPR) are processed.
b) Categories of persons affected by the processing
The following groups of persons are affected by the processing: customers, prospects, visitors, and users of the online offering
c) Purpose of processing
The data is processed for the following purposes: providing the online offering, its content and functions, rendering contractual services, service and customer care, answering contact inquiries, communication with users, security measures, marketing, advertising, and market research
d) Changes and updates to the privacy policy
Please regularly review the content of our privacy policy. We adjust the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as an action on your part (e.g., consent) or other individual notification becomes necessary due to the changes.
e) Security Measures
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, considering the state of technology, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk. These measures include, in particular, securing the confidentiality, integrity, and availability of data through control of physical access to the data, as well as input, transfer, access, availability, and separation of the data. Additionally, we have set up procedures to ensure the exercise of data subjects' rights, the deletion of data, and a response to data breaches. Furthermore, we consider the protection of personal data as early as the development or selection of hardware, software, and procedures, according to the principle of data protection by design and by default (Art. 25 GDPR). Security measures include, in particular, the encrypted transmission of data between your browser and our server.
f) Cooperation with Data Processors and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (data processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is required under Art. 6 para. 1 lit. b GDPR for contract fulfillment), you have given your consent, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “processing agreement,” this is done based on Art. 28 GDPR.
g) Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure, or transfer of data to third parties, this only occurs if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of an EU-equivalent level of data protection or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
4. General Information on Data Processing
a) Scope of Processing Personal Data
We only process personal data of our users to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users occurs regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons, and the processing of the data is permitted by legal provisions.
b) Legal Basis for Processing Personal Data
If we obtain consent from the data subject for processing personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
If processing personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
c) Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue beyond this if required by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also occurs if a storage period prescribed by the aforementioned standards expires, unless it is necessary to continue storing the data for contract conclusion or fulfillment.
5. Provision of the Website and Creation of Log Files
a) Description and Scope of Data Processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device in the form of a session cookie. The following data is collected:
Information about the browser type and version used
The user's operating system
The user's Internet service provider
The user's IP address
Date and time of access
Websites from which the user's system accessed our website
Websites accessed by the user's system through our website
The data is stored anonymously in the log files of our system in the event of a system error, solely to reproduce the error. There is no storage of personal data. If no errors occur during the session, no data is saved.
b) Legal Basis for Data Processing
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.
c) Purpose of Processing
The temporary storage (session) of the IP address by the system is necessary to deliver the website to the user's computer. The IP address must remain stored for the duration of the session to maintain the website's functionality. The data is also used to optimize the website and ensure the security of our information technology systems. There is no analysis of the data for marketing purposes. This purpose also reflects our legitimate interest in data processing under Art. 6 para. 1 lit. f GDPR.
d) Storage Duration
The data is deleted as soon as it is no longer necessary for the purpose of its collection. If data is collected to provide the website, it is deleted when the session ends.
e) Objection and Removal Possibility
The collection of data for providing the website and the storage of data in log files is necessary for operating the website. Thus, the user has no option to object.
6. Use of Cookies
a) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified the next time the website is accessed.
We use cookies to make our website user-friendly and secure. Some elements of our website require the identifying browser to be recognized even after a page change.
Additionally, we use cookies on our website that allow for the anonymized analysis of users' surfing behavior, among other things.
The data collected from users in this way is anonymized/pseudonymized through technical measures as much as possible. Thus, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When visiting our website, users are informed about the use of cookies for analysis purposes through an info banner and are referred to this privacy policy. In this context, there is also a notice on how to prevent the storage of cookies in the browser settings.
Additionally, the user is informed upon visiting our website about the use of cookies for analysis purposes beyond what is necessary and is asked for consent to the processing of personal data used in this context. A reference to this privacy policy is also provided in this context.
The following data is stored or transmitted:
b) Legal Basis for Data Processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the user's consent, according to Article 6(1)(a) of the GDPR.
c) Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
We need cookies for the following applications:
Authentication
Prevention of Cross-Site Request Forgery (CSRF) attacks
Unique, anonymous identification for correct website delivery
The user data collected through technically necessary cookies is not used to create user profiles. The use of analysis cookies serves the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can continuously optimize our offerings.
We need analysis cookies for the following applications:
Contact forms
Newsletter
Our legitimate interest in the processing of personal data also lies in these purposes in accordance with Article 6(1)(f) of the GDPR.
d) Duration of Storage, Right to Object, and Removal Option
Cookies are stored on the user's computer and transmitted to our site from there. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
7. Use of the Contact Form
Confirmations and Information Emails via HubSpot
a) Description and Scope of Data Processing
Our website includes a contact form. If a user takes advantage of this option, the data entered into the input mask will be transmitted to us and stored. These data are:
First name
Last name
Email address
At the time of the request submission, the following data are also stored:
Date and time of the request
We use the shipping service provider HubSpot for sending registration confirmations and for the subsequent transmission of additional information. HubSpot is a software company based in the USA with a branch in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
In addition to the mandatory email addresses, this provider also stores the date of the last profile update and language information transmitted by the browser used. The USA is considered an insecure third country regarding the processing of personal data. However, personal data may still be transmitted to the USA if you provide explicit consent through the Consent Manager. The legal basis for this is Art. 49 Para. 1 lit. a GDPR.
More information about HubSpot's data protection policies
More information from HubSpot regarding the EU-data protection regulations
More information about the cookies used by HubSpot can be found here & here
By accepting the data protection notices and subsequently clicking on the "Submit" button, you agree to the transmission of your data entered into the input mask to HubSpot and the automated processes associated with it.
b) Legal Basis for Data Processing
The legal basis for the processing of data is the user's consent according to Article 6(1)(a) of the GDPR.
You can view the data protection regulations of the service provider here: More information about Hubspot's data protection policies. According to Article 28(3) sentence 1 of the GDPR, we have concluded a data processing agreement with the service provider.
c) Purpose of Data Processing
The processing of personal data from the input mask serves solely to handle/respond to your inquiry.
d) Duration of Storage
The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input mask of the registration form, this occurs when your request has been resolved.
The additional personal data collected during the submission process is deleted no later than seven days after submission.
e) Right to Object and Removal Option
The user has the right to withdraw their consent to the processing of personal data at any time.
If you wish to withdraw your consent to the processing/storage, please send an email to: datenschutz@convidera.de.
- Web Analysis by Google
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on activities within this online offer, and to provide us with further services related to the use of this online offer and internet usage. Pseudonymous usage profiles of the users may be created from the processed data.
Further information on data usage by Google, settings, and options for objection can be found on Google's websites: Google Privacy (“Data use by Google when you use websites or apps of our partners”), Google Ad Policy (“Data use for advertising purposes”), Google Ads Settings (“Manage the information that Google uses to show you ads”).
Web Analysis through Advertising Networks
a) Google Re/Marketing Services
We use the marketing and remarketing services (short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) based on our legitimate interests (i.e., interest in analysis, optimization, and the economic operation of our online offering in accordance with Art. 6(1)(f) GDPR).
The USA is considered a third country in relation to the processing of personal data. However, through your explicit consent via the Consent Manager, personal data may still be transmitted to the USA. The legal basis for this is Art. 49(1)(a) GDPR.
The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner, showing users only ads that potentially align with their interests. If a user, for example, is shown ads for products they have shown interest in on other websites, this is called "remarketing." To do this, when our website and other websites that use Google Marketing Services are accessed, Google immediately runs a code and (re)marketing tags (invisible graphics or code, also called "Web Beacons") are embedded in the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (similar technologies may also be used instead of cookies). Cookies can be set from various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com.
This file records which websites the user visits, what content they are interested in, and which offers they clicked on, along with technical information about the browser and operating system, referring websites, visit time, and other details on the use of the online offering. The user's IP address is also recorded, but within Google Analytics, it is processed in a shortened form, ensuring that the IP address is anonymized in EU member states or other contracting states of the European Economic Area before transmission to the USA. In exceptional cases, the full IP address may be transmitted to a server in the USA and then shortened there.
The IP address is not merged with other Google data. The aforementioned information may also be linked by Google with information from other sources. If the user then visits other websites, tailored ads may be shown to them based on their interests. The user's data is processed pseudonymously within the scope of Google Marketing Services. This means that Google does not store and process, for example, the name or email address of the user but rather processes the data relevant to the cookie within pseudonymous user profiles.
From Google's perspective, the ads are not managed and displayed for a specifically identified person but for the cookie holder, regardless of who this cookie holder is. This does not apply if the user has explicitly permitted Google to process the data without pseudonymization. The information collected about the user by Google Marketing Services is transmitted to and stored on Google's servers in the USA.
Among the Google Marketing Services we use is the online advertising program “Google AdWords.” In the case of Google AdWords, each AdWords customer receives a different “conversion cookie.” Cookies cannot therefore be tracked via the websites of AdWords customers. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.
We also use the service “Google Optimizer.” Google Optimizer allows us to track how various changes to a website (e.g., changes to input fields, designs, etc.) impact the website as part of so-called “A/B testing.” For these testing purposes, cookies are stored on the devices of users, and only pseudonymous data of the users is processed.
We may also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services on our website.
For more information on Google’s data use for marketing purposes, please visit the overview and Google's privacy policy.
If you wish to object to interest-based advertising via Google Marketing Services, you can use the settings and opt-out options.
10. Rights of the Data Subject
a) Right to Information
You can request confirmation from the controller as to whether personal data concerning you is being processed.
If such processing is taking place, you can request information from the controller about the following:
the purposes for which the personal data is processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed; the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period; the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; all available information about the source of the data, if the personal data is not collected from the data subject; the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR, and—at least in those cases—meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
b) Right to Rectification
You have the right to request the rectification and/or completion of your personal data from the controller, if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
c) Right to Restriction of Processing
Under the following conditions, you can request the restriction of the processing of personal data concerning you: if you contest the accuracy of the personal data for a period that enables the controller to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data; if the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims; or if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, this data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been limited under the above conditions, you will be informed by the controller before the restriction is lifted.
d) Right to Erasure
1) Obligation to Erase
You can demand from the controller that personal data concerning you be erased without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies: The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed. You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR. The personal data concerning you was unlawfully processed. The erasure of the personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject. The personal data concerning you was collected in relation to services offered by an information society in accordance with Art. 8(1) GDPR.
2) Information to Third Parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, this personal data.
3) Exceptions
The right to erasure does not exist to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR; for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, in so far as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the purposes of that processing; or for the establishment, exercise, or defense of legal claims.
e) Right to Notification
If you have exercised the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification, erasure, or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
f) Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
h) Right to Withdraw Data Protection Consent
You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
i) Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or the performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
In these cases, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
j) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Status: October 2023
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the associated website(s), function(s), and content, as well as external online presences, such as our social media profiles. Regarding the terminology used, such as "personal data" or "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Table of Contents: Name and address of the responsible party, contact for the data protection officer, information obligations, general information on data processing, provision of the website and creation of log files, use of cookies, use of the contact form, rights of the affected person
1. Name and address of the responsible party
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Convidera GmbH
Stolbergerstrasse 90D
50933 Cologne
Germany
Tel.: +49(221) 993 185 00
Email: info@convidera.de
Website: convidera.com
2. Name and address of the Data Protection Officer
If you have any questions about the handling of your personal data or wish to exercise your data subject rights, you can contact our Data Protection Officer at:
Email: datenschutz@convidera.com
Phone number and address see above
3. Information obligations
a) Types of processed data
We process the following types of data on our website: inventory data, contact data, content data, usage data, meta-/communication data. No special categories of data (Art. 9 para. 1 GDPR) are processed.
b) Categories of persons affected by the processing
The following groups of persons are affected by the processing: customers, prospects, visitors, and users of the online offering
c) Purpose of processing
The data is processed for the following purposes: providing the online offering, its content and functions, rendering contractual services, service and customer care, answering contact inquiries, communication with users, security measures, marketing, advertising, and market research
d) Changes and updates to the privacy policy
Please regularly review the content of our privacy policy. We adjust the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as an action on your part (e.g., consent) or other individual notification becomes necessary due to the changes.
e) Security Measures
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, considering the state of technology, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk. These measures include, in particular, securing the confidentiality, integrity, and availability of data through control of physical access to the data, as well as input, transfer, access, availability, and separation of the data. Additionally, we have set up procedures to ensure the exercise of data subjects' rights, the deletion of data, and a response to data breaches. Furthermore, we consider the protection of personal data as early as the development or selection of hardware, software, and procedures, according to the principle of data protection by design and by default (Art. 25 GDPR). Security measures include, in particular, the encrypted transmission of data between your browser and our server.
f) Cooperation with Data Processors and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (data processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is required under Art. 6 para. 1 lit. b GDPR for contract fulfillment), you have given your consent, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “processing agreement,” this is done based on Art. 28 GDPR.
g) Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure, or transfer of data to third parties, this only occurs if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of an EU-equivalent level of data protection or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
4. General Information on Data Processing
a) Scope of Processing Personal Data
We only process personal data of our users to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users occurs regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons, and the processing of the data is permitted by legal provisions.
b) Legal Basis for Processing Personal Data
If we obtain consent from the data subject for processing personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
If processing personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
c) Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue beyond this if required by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also occurs if a storage period prescribed by the aforementioned standards expires, unless it is necessary to continue storing the data for contract conclusion or fulfillment.
5. Provision of the Website and Creation of Log Files
a) Description and Scope of Data Processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device in the form of a session cookie. The following data is collected:
Information about the browser type and version used
The user's operating system
The user's Internet service provider
The user's IP address
Date and time of access
Websites from which the user's system accessed our website
Websites accessed by the user's system through our website
The data is stored anonymously in the log files of our system in the event of a system error, solely to reproduce the error. There is no storage of personal data. If no errors occur during the session, no data is saved.
b) Legal Basis for Data Processing
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.
c) Purpose of Processing
The temporary storage (session) of the IP address by the system is necessary to deliver the website to the user's computer. The IP address must remain stored for the duration of the session to maintain the website's functionality. The data is also used to optimize the website and ensure the security of our information technology systems. There is no analysis of the data for marketing purposes. This purpose also reflects our legitimate interest in data processing under Art. 6 para. 1 lit. f GDPR.
d) Storage Duration
The data is deleted as soon as it is no longer necessary for the purpose of its collection. If data is collected to provide the website, it is deleted when the session ends.
e) Objection and Removal Possibility
The collection of data for providing the website and the storage of data in log files is necessary for operating the website. Thus, the user has no option to object.
6. Use of Cookies
a) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified the next time the website is accessed.
We use cookies to make our website user-friendly and secure. Some elements of our website require the identifying browser to be recognized even after a page change.
Additionally, we use cookies on our website that allow for the anonymized analysis of users' surfing behavior, among other things.
The data collected from users in this way is anonymized/pseudonymized through technical measures as much as possible. Thus, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When visiting our website, users are informed about the use of cookies for analysis purposes through an info banner and are referred to this privacy policy. In this context, there is also a notice on how to prevent the storage of cookies in the browser settings.
Additionally, the user is informed upon visiting our website about the use of cookies for analysis purposes beyond what is necessary and is asked for consent to the processing of personal data used in this context. A reference to this privacy policy is also provided in this context.
The following data is stored or transmitted:
b) Legal Basis for Data Processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the user's consent, according to Article 6(1)(a) of the GDPR.
c) Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
We need cookies for the following applications:
Authentication
Prevention of Cross-Site Request Forgery (CSRF) attacks
Unique, anonymous identification for correct website delivery
The user data collected through technically necessary cookies is not used to create user profiles. The use of analysis cookies serves the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can continuously optimize our offerings.
We need analysis cookies for the following applications:
Contact forms
Newsletter
Our legitimate interest in the processing of personal data also lies in these purposes in accordance with Article 6(1)(f) of the GDPR.
d) Duration of Storage, Right to Object, and Removal Option
Cookies are stored on the user's computer and transmitted to our site from there. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
7. Use of the Contact Form
Confirmations and Information Emails via HubSpot
a) Description and Scope of Data Processing
Our website includes a contact form. If a user takes advantage of this option, the data entered into the input mask will be transmitted to us and stored. These data are:
First name
Last name
Email address
At the time of the request submission, the following data are also stored:
Date and time of the request
We use the shipping service provider HubSpot for sending registration confirmations and for the subsequent transmission of additional information. HubSpot is a software company based in the USA with a branch in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
In addition to the mandatory email addresses, this provider also stores the date of the last profile update and language information transmitted by the browser used. The USA is considered an insecure third country regarding the processing of personal data. However, personal data may still be transmitted to the USA if you provide explicit consent through the Consent Manager. The legal basis for this is Art. 49 Para. 1 lit. a GDPR.
More information about HubSpot's data protection policies
More information from HubSpot regarding the EU-data protection regulations
More information about the cookies used by HubSpot can be found here & here
By accepting the data protection notices and subsequently clicking on the "Submit" button, you agree to the transmission of your data entered into the input mask to HubSpot and the automated processes associated with it.
b) Legal Basis for Data Processing
The legal basis for the processing of data is the user's consent according to Article 6(1)(a) of the GDPR.
You can view the data protection regulations of the service provider here: More information about Hubspot's data protection policies. According to Article 28(3) sentence 1 of the GDPR, we have concluded a data processing agreement with the service provider.
c) Purpose of Data Processing
The processing of personal data from the input mask serves solely to handle/respond to your inquiry.
d) Duration of Storage
The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input mask of the registration form, this occurs when your request has been resolved.
The additional personal data collected during the submission process is deleted no later than seven days after submission.
e) Right to Object and Removal Option
The user has the right to withdraw their consent to the processing of personal data at any time.
If you wish to withdraw your consent to the processing/storage, please send an email to: datenschutz@convidera.de.
- Web Analysis by Google
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on activities within this online offer, and to provide us with further services related to the use of this online offer and internet usage. Pseudonymous usage profiles of the users may be created from the processed data.
Further information on data usage by Google, settings, and options for objection can be found on Google's websites: Google Privacy (“Data use by Google when you use websites or apps of our partners”), Google Ad Policy (“Data use for advertising purposes”), Google Ads Settings (“Manage the information that Google uses to show you ads”).
Web Analysis through Advertising Networks
a) Google Re/Marketing Services
We use the marketing and remarketing services (short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) based on our legitimate interests (i.e., interest in analysis, optimization, and the economic operation of our online offering in accordance with Art. 6(1)(f) GDPR).
The USA is considered a third country in relation to the processing of personal data. However, through your explicit consent via the Consent Manager, personal data may still be transmitted to the USA. The legal basis for this is Art. 49(1)(a) GDPR.
The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner, showing users only ads that potentially align with their interests. If a user, for example, is shown ads for products they have shown interest in on other websites, this is called "remarketing." To do this, when our website and other websites that use Google Marketing Services are accessed, Google immediately runs a code and (re)marketing tags (invisible graphics or code, also called "Web Beacons") are embedded in the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (similar technologies may also be used instead of cookies). Cookies can be set from various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com.
This file records which websites the user visits, what content they are interested in, and which offers they clicked on, along with technical information about the browser and operating system, referring websites, visit time, and other details on the use of the online offering. The user's IP address is also recorded, but within Google Analytics, it is processed in a shortened form, ensuring that the IP address is anonymized in EU member states or other contracting states of the European Economic Area before transmission to the USA. In exceptional cases, the full IP address may be transmitted to a server in the USA and then shortened there.
The IP address is not merged with other Google data. The aforementioned information may also be linked by Google with information from other sources. If the user then visits other websites, tailored ads may be shown to them based on their interests. The user's data is processed pseudonymously within the scope of Google Marketing Services. This means that Google does not store and process, for example, the name or email address of the user but rather processes the data relevant to the cookie within pseudonymous user profiles.
From Google's perspective, the ads are not managed and displayed for a specifically identified person but for the cookie holder, regardless of who this cookie holder is. This does not apply if the user has explicitly permitted Google to process the data without pseudonymization. The information collected about the user by Google Marketing Services is transmitted to and stored on Google's servers in the USA.
Among the Google Marketing Services we use is the online advertising program “Google AdWords.” In the case of Google AdWords, each AdWords customer receives a different “conversion cookie.” Cookies cannot therefore be tracked via the websites of AdWords customers. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.
We also use the service “Google Optimizer.” Google Optimizer allows us to track how various changes to a website (e.g., changes to input fields, designs, etc.) impact the website as part of so-called “A/B testing.” For these testing purposes, cookies are stored on the devices of users, and only pseudonymous data of the users is processed.
We may also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services on our website.
For more information on Google’s data use for marketing purposes, please visit the overview and Google's privacy policy.
If you wish to object to interest-based advertising via Google Marketing Services, you can use the settings and opt-out options.
10. Rights of the Data Subject
a) Right to Information
You can request confirmation from the controller as to whether personal data concerning you is being processed.
If such processing is taking place, you can request information from the controller about the following:
the purposes for which the personal data is processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed; the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period; the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; all available information about the source of the data, if the personal data is not collected from the data subject; the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR, and—at least in those cases—meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
b) Right to Rectification
You have the right to request the rectification and/or completion of your personal data from the controller, if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
c) Right to Restriction of Processing
Under the following conditions, you can request the restriction of the processing of personal data concerning you: if you contest the accuracy of the personal data for a period that enables the controller to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data; if the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims; or if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, this data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been limited under the above conditions, you will be informed by the controller before the restriction is lifted.
d) Right to Erasure
1) Obligation to Erase
You can demand from the controller that personal data concerning you be erased without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies: The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed. You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR. The personal data concerning you was unlawfully processed. The erasure of the personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject. The personal data concerning you was collected in relation to services offered by an information society in accordance with Art. 8(1) GDPR.
2) Information to Third Parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, this personal data.
3) Exceptions
The right to erasure does not exist to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR; for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, in so far as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the purposes of that processing; or for the establishment, exercise, or defense of legal claims.
e) Right to Notification
If you have exercised the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification, erasure, or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
f) Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
h) Right to Withdraw Data Protection Consent
You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
i) Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or the performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
In these cases, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
j) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Status: October 2023
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the associated website(s), function(s), and content, as well as external online presences, such as our social media profiles. Regarding the terminology used, such as "personal data" or "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Table of Contents: Name and address of the responsible party, contact for the data protection officer, information obligations, general information on data processing, provision of the website and creation of log files, use of cookies, use of the contact form, rights of the affected person
1. Name and address of the responsible party
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Convidera GmbH
Stolbergerstrasse 90D
50933 Cologne
Germany
Tel.: +49(221) 993 185 00
Email: info@convidera.de
Website: convidera.com
2. Name and address of the Data Protection Officer
If you have any questions about the handling of your personal data or wish to exercise your data subject rights, you can contact our Data Protection Officer at:
Email: datenschutz@convidera.com
Phone number and address see above
3. Information obligations
a) Types of processed data
We process the following types of data on our website: inventory data, contact data, content data, usage data, meta-/communication data. No special categories of data (Art. 9 para. 1 GDPR) are processed.
b) Categories of persons affected by the processing
The following groups of persons are affected by the processing: customers, prospects, visitors, and users of the online offering
c) Purpose of processing
The data is processed for the following purposes: providing the online offering, its content and functions, rendering contractual services, service and customer care, answering contact inquiries, communication with users, security measures, marketing, advertising, and market research
d) Changes and updates to the privacy policy
Please regularly review the content of our privacy policy. We adjust the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as an action on your part (e.g., consent) or other individual notification becomes necessary due to the changes.
e) Security Measures
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, considering the state of technology, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk. These measures include, in particular, securing the confidentiality, integrity, and availability of data through control of physical access to the data, as well as input, transfer, access, availability, and separation of the data. Additionally, we have set up procedures to ensure the exercise of data subjects' rights, the deletion of data, and a response to data breaches. Furthermore, we consider the protection of personal data as early as the development or selection of hardware, software, and procedures, according to the principle of data protection by design and by default (Art. 25 GDPR). Security measures include, in particular, the encrypted transmission of data between your browser and our server.
f) Cooperation with Data Processors and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (data processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is required under Art. 6 para. 1 lit. b GDPR for contract fulfillment), you have given your consent, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “processing agreement,” this is done based on Art. 28 GDPR.
g) Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure, or transfer of data to third parties, this only occurs if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of an EU-equivalent level of data protection or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
4. General Information on Data Processing
a) Scope of Processing Personal Data
We only process personal data of our users to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users occurs regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons, and the processing of the data is permitted by legal provisions.
b) Legal Basis for Processing Personal Data
If we obtain consent from the data subject for processing personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
If processing personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
c) Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue beyond this if required by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also occurs if a storage period prescribed by the aforementioned standards expires, unless it is necessary to continue storing the data for contract conclusion or fulfillment.
5. Provision of the Website and Creation of Log Files
a) Description and Scope of Data Processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device in the form of a session cookie. The following data is collected:
Information about the browser type and version used
The user's operating system
The user's Internet service provider
The user's IP address
Date and time of access
Websites from which the user's system accessed our website
Websites accessed by the user's system through our website
The data is stored anonymously in the log files of our system in the event of a system error, solely to reproduce the error. There is no storage of personal data. If no errors occur during the session, no data is saved.
b) Legal Basis for Data Processing
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.
c) Purpose of Processing
The temporary storage (session) of the IP address by the system is necessary to deliver the website to the user's computer. The IP address must remain stored for the duration of the session to maintain the website's functionality. The data is also used to optimize the website and ensure the security of our information technology systems. There is no analysis of the data for marketing purposes. This purpose also reflects our legitimate interest in data processing under Art. 6 para. 1 lit. f GDPR.
d) Storage Duration
The data is deleted as soon as it is no longer necessary for the purpose of its collection. If data is collected to provide the website, it is deleted when the session ends.
e) Objection and Removal Possibility
The collection of data for providing the website and the storage of data in log files is necessary for operating the website. Thus, the user has no option to object.
6. Use of Cookies
a) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified the next time the website is accessed.
We use cookies to make our website user-friendly and secure. Some elements of our website require the identifying browser to be recognized even after a page change.
Additionally, we use cookies on our website that allow for the anonymized analysis of users' surfing behavior, among other things.
The data collected from users in this way is anonymized/pseudonymized through technical measures as much as possible. Thus, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When visiting our website, users are informed about the use of cookies for analysis purposes through an info banner and are referred to this privacy policy. In this context, there is also a notice on how to prevent the storage of cookies in the browser settings.
Additionally, the user is informed upon visiting our website about the use of cookies for analysis purposes beyond what is necessary and is asked for consent to the processing of personal data used in this context. A reference to this privacy policy is also provided in this context.
The following data is stored or transmitted:
b) Legal Basis for Data Processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the user's consent, according to Article 6(1)(a) of the GDPR.
c) Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
We need cookies for the following applications:
Authentication
Prevention of Cross-Site Request Forgery (CSRF) attacks
Unique, anonymous identification for correct website delivery
The user data collected through technically necessary cookies is not used to create user profiles. The use of analysis cookies serves the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can continuously optimize our offerings.
We need analysis cookies for the following applications:
Contact forms
Newsletter
Our legitimate interest in the processing of personal data also lies in these purposes in accordance with Article 6(1)(f) of the GDPR.
d) Duration of Storage, Right to Object, and Removal Option
Cookies are stored on the user's computer and transmitted to our site from there. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
7. Use of the Contact Form
Confirmations and Information Emails via HubSpot
a) Description and Scope of Data Processing
Our website includes a contact form. If a user takes advantage of this option, the data entered into the input mask will be transmitted to us and stored. These data are:
First name
Last name
Email address
At the time of the request submission, the following data are also stored:
Date and time of the request
We use the shipping service provider HubSpot for sending registration confirmations and for the subsequent transmission of additional information. HubSpot is a software company based in the USA with a branch in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
In addition to the mandatory email addresses, this provider also stores the date of the last profile update and language information transmitted by the browser used. The USA is considered an insecure third country regarding the processing of personal data. However, personal data may still be transmitted to the USA if you provide explicit consent through the Consent Manager. The legal basis for this is Art. 49 Para. 1 lit. a GDPR.
More information about HubSpot's data protection policies
More information from HubSpot regarding the EU-data protection regulations
More information about the cookies used by HubSpot can be found here & here
By accepting the data protection notices and subsequently clicking on the "Submit" button, you agree to the transmission of your data entered into the input mask to HubSpot and the automated processes associated with it.
b) Legal Basis for Data Processing
The legal basis for the processing of data is the user's consent according to Article 6(1)(a) of the GDPR.
You can view the data protection regulations of the service provider here: More information about Hubspot's data protection policies. According to Article 28(3) sentence 1 of the GDPR, we have concluded a data processing agreement with the service provider.
c) Purpose of Data Processing
The processing of personal data from the input mask serves solely to handle/respond to your inquiry.
d) Duration of Storage
The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input mask of the registration form, this occurs when your request has been resolved.
The additional personal data collected during the submission process is deleted no later than seven days after submission.
e) Right to Object and Removal Option
The user has the right to withdraw their consent to the processing of personal data at any time.
If you wish to withdraw your consent to the processing/storage, please send an email to: datenschutz@convidera.de.
- Web Analysis by Google
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on activities within this online offer, and to provide us with further services related to the use of this online offer and internet usage. Pseudonymous usage profiles of the users may be created from the processed data.
Further information on data usage by Google, settings, and options for objection can be found on Google's websites: Google Privacy (“Data use by Google when you use websites or apps of our partners”), Google Ad Policy (“Data use for advertising purposes”), Google Ads Settings (“Manage the information that Google uses to show you ads”).
Web Analysis through Advertising Networks
a) Google Re/Marketing Services
We use the marketing and remarketing services (short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) based on our legitimate interests (i.e., interest in analysis, optimization, and the economic operation of our online offering in accordance with Art. 6(1)(f) GDPR).
The USA is considered a third country in relation to the processing of personal data. However, through your explicit consent via the Consent Manager, personal data may still be transmitted to the USA. The legal basis for this is Art. 49(1)(a) GDPR.
The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner, showing users only ads that potentially align with their interests. If a user, for example, is shown ads for products they have shown interest in on other websites, this is called "remarketing." To do this, when our website and other websites that use Google Marketing Services are accessed, Google immediately runs a code and (re)marketing tags (invisible graphics or code, also called "Web Beacons") are embedded in the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (similar technologies may also be used instead of cookies). Cookies can be set from various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com.
This file records which websites the user visits, what content they are interested in, and which offers they clicked on, along with technical information about the browser and operating system, referring websites, visit time, and other details on the use of the online offering. The user's IP address is also recorded, but within Google Analytics, it is processed in a shortened form, ensuring that the IP address is anonymized in EU member states or other contracting states of the European Economic Area before transmission to the USA. In exceptional cases, the full IP address may be transmitted to a server in the USA and then shortened there.
The IP address is not merged with other Google data. The aforementioned information may also be linked by Google with information from other sources. If the user then visits other websites, tailored ads may be shown to them based on their interests. The user's data is processed pseudonymously within the scope of Google Marketing Services. This means that Google does not store and process, for example, the name or email address of the user but rather processes the data relevant to the cookie within pseudonymous user profiles.
From Google's perspective, the ads are not managed and displayed for a specifically identified person but for the cookie holder, regardless of who this cookie holder is. This does not apply if the user has explicitly permitted Google to process the data without pseudonymization. The information collected about the user by Google Marketing Services is transmitted to and stored on Google's servers in the USA.
Among the Google Marketing Services we use is the online advertising program “Google AdWords.” In the case of Google AdWords, each AdWords customer receives a different “conversion cookie.” Cookies cannot therefore be tracked via the websites of AdWords customers. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.
We also use the service “Google Optimizer.” Google Optimizer allows us to track how various changes to a website (e.g., changes to input fields, designs, etc.) impact the website as part of so-called “A/B testing.” For these testing purposes, cookies are stored on the devices of users, and only pseudonymous data of the users is processed.
We may also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services on our website.
For more information on Google’s data use for marketing purposes, please visit the overview and Google's privacy policy.
If you wish to object to interest-based advertising via Google Marketing Services, you can use the settings and opt-out options.
10. Rights of the Data Subject
a) Right to Information
You can request confirmation from the controller as to whether personal data concerning you is being processed.
If such processing is taking place, you can request information from the controller about the following:
the purposes for which the personal data is processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed; the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period; the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; all available information about the source of the data, if the personal data is not collected from the data subject; the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR, and—at least in those cases—meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
b) Right to Rectification
You have the right to request the rectification and/or completion of your personal data from the controller, if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
c) Right to Restriction of Processing
Under the following conditions, you can request the restriction of the processing of personal data concerning you: if you contest the accuracy of the personal data for a period that enables the controller to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data; if the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims; or if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, this data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been limited under the above conditions, you will be informed by the controller before the restriction is lifted.
d) Right to Erasure
1) Obligation to Erase
You can demand from the controller that personal data concerning you be erased without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies: The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed. You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR. The personal data concerning you was unlawfully processed. The erasure of the personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject. The personal data concerning you was collected in relation to services offered by an information society in accordance with Art. 8(1) GDPR.
2) Information to Third Parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, this personal data.
3) Exceptions
The right to erasure does not exist to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR; for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, in so far as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the purposes of that processing; or for the establishment, exercise, or defense of legal claims.
e) Right to Notification
If you have exercised the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification, erasure, or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
f) Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
h) Right to Withdraw Data Protection Consent
You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
i) Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or the performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
In these cases, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
j) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Are you ready to take control of your multi-level sales?
Book a demo to learn more about the possibilities of PartnerLink.
Are you ready to take control of your multi-level sales?
Book a demo to learn more about the possibilities of PartnerLink.
Are you ready to take control of your multi-level sales?
Book a demo to learn more about the possibilities of PartnerLink.
