Privacy policy

For the website https://www.clonedesk.com

I. Responsible

The responsible body within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:

CloneDesk UG (limited liability), represented by the Managing Director Hendrik Henze

Großbeerenstr. 89

10963 Berlin

Register court: Berlin-Charlottenburg District Court

Register number: HRB 213850

VAT identification number according to Section 27a UStG: DE328673609

Phone: +49 (0) 30 – 6 09 84 99 77

Fax: +49 (0) 30 – 6 09 84 99 73

Email: info@clonedesk.com

II. General information on data processing

(1) In principle, the processing of personal data only takes place insofar as this is necessary for the provision of a functional website with its contents and services. Regular processing takes place only with the consent of the data subject. Exceptionally, processing takes place without the consent of the data subject, if this is not possible for actual reasons and the processing of the data is permitted by legal regulations.

(2) Article 6(2) 1 lit. a GDPR serves as the legal basis for the processing of personal data, insofar as the consent of the data subject has been obtained for the processing of personal data.

Art. 1 lit. b GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Art. 1 lit. c GDPR serves as the legal basis for the processing of personal data to the extent that processing of personal data is necessary to fulfil a legal obligation to which the company is subject.

Art. 1 lit. f GDPR serves as the legal basis for the processing of personal data to the extent necessary for the processing to safeguard a legitimate interest of the company or a third party and not the interests, fundamental rights and freedoms of the the first interest predominates.

(3) The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage is omitted. Storage may also take place if this has been provided for by relevant national or European rules. The data shall also be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or a fulfilment of the contract.

III. Use of the website

(1) Each time the website is accessed, the system automatically collects data and information from the computer system of the calling computer.

The following data are collected:

  1. IP address
  2. Date and time of the request
  3. Time zone difference to Greenwich Mean Time (GMT)
  4. Content of the website
  5. Access Status (HTTP Status)
  6. Amount of data transferred
  7. Web browser
  8. Language and version of the browser
  9. Operating system
  10. Website from which you have accessed the website

The data is stored in the log files of the system. This data will not be stored together with other personal data of the user.

(2) The legal basis for this is Article 6(0). 1 lit. f GDPR.

(3) The collection and temporary storage of the IP address is necessary to enable the display of the website on your terminal device. To do this, your IP address must be stored for the duration of your visit to the website. An evaluation of this data for marketing purposes does not take place.

(4) The data will be deleted when the session is over. Insofar as this data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

(5) The collection of data for the provision of the website and the storage of the data in log files is mandatory for the provision of the website. There is therefore no possibility of conflict.

IV. Use of cookies

(1) The website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is re-accessed. Cookies cannot transmit viruses to the terminal device or run programs themselves.

Cookies are used to make an internet presence more user-friendly. Some elements of the website require that the calling browser can be identified even after a page change.

Transient cookies are automatically deleted when the session is closed. This includes, among other things, session cookies, which store the so-called session ID, can be assigned to the common session based on the various requests of the web browser. This allows the terminal to recognize when resessioning.

Persistent cookies are automatically deleted after a predetermined storage period, which may vary depending on the cookie. The corresponding settings can be deleted at any time in the settings of the web browser.

The following data is stored in the cookies:

  1. Log-in information
  2. Language
  3. search terms entered
  4. Number of views on the website
  5. Use of individual functions of the website

(2) The legal basis for this is Article 6(3). 1 lit. f GDPR.

(3) The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of the website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies is not used for the creation of user profiles.

(4) Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, all functions of the website may not be able to be used in full.

(5) Click on this link to see and edit your current privacy settings:

See & edit privacy settings

V. Contact forms and e-mail contact

(1) The website uses contact forms which can be used for electronic contact. When used, the data entered in the input mask is transmitted to the website and stored there. This data is:

  1. Name
  2. E-mail address
  3. Content of the contact

In addition, the following data is collected when contacting:

  1. IP address of the calling computer
  2. Date and time of contact

In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.

(2) The legal basis for the processing of the data is Art. 1 lit. a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6(4) of the 1 lit. f GDPR.

If the e-mail contact is aimed at concluding or fulfilling a contract, the additional legal basis for the processing is Art. 1 lit. b GDPR.

(3) The processing of personal data from the input mask is used solely for the processing of contact. In the event of an e-mail contact, this also has the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of the information technology systems.

4. The data shall be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the data subject has ended. The conversation ends if it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

(5) The data subject has the possibility to withdraw his/her consent to the processing of personal data at any time. If you contact us by e-mail, the storage of personal data can be objected to at any time. In such a case, however, the conversation cannot be continued.

All personal data stored during the contact will be deleted in this case.

VI. Newsletter registration

(1) It is possible to subscribe to a free newsletter. When you register for the newsletter, the e-mail address is transmitted from the input form.

In addition, the following data will be collected at the time of registration:

(1) IP address of the calling computer

(2) Date and time of registration

Consent is obtained for the processing of the data during the registration process and reference is made to this data protection declaration.

(2) The legal basis for the processing of the data after the user has registered for the newsletter is Art. 1 lit. a GDPR.

(3) The collection of the user’s e-mail address is used to deliver the newsletter.

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the e-mail address used.

4. The data shall be deleted as soon as they are no longer necessary for the purpose of their collection. The user’s e-mail address is therefore stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will normally be deleted after a period of seven days.

(5) The subscription to the newsletter may be cancelled by the data subject at any time. For this purpose, there is a corresponding link in each newsletter.

This also allows a revocation of the consent to the storage of the personal data collected during the registration process.

VII. Registration

(1) The website offers users the opportunity to register with personal data and to create a user account free of charge. The data is entered, transmitted and stored in an input mask. The data will not be passed on to third parties. The following data will be collected during the registration process:

In addition, the following data is collected at the time of registration:

1. IP address of the calling computer

2. Date and time of registration

3. E-mail address

As part of the registration process, the user’s consent to the processing of this data is obtained with reference to the data protection declaration.

(2) The legal basis for this is Art. 1 lit. a GDPR. If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 1 lit. b GDPR.

(3) Registration of the user is required in order to set up a customer account. It thus serves the identification of the user and the fulfilment of the user contract through the service.

4. The data shall be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case during the registration process for the performance of a contract or for the implementation of pre-contractual measures if the data are no longer necessary for the execution of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

(5) Data subjects have the possibility to modify user data in their user profile under the item “Profile Information” at any time. Insofar as the data are necessary for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible, unless contractual or legal obligations preclude deletion.

VIII. Use of the functions in the login area

(1) For the use of the CloneDesk functions, inventory data (e.g., names and addresses as well as contact details of users, usernames of the users), contract data (e.g. services used, names of contact persons, payment information) are as well as the IP address and the time of the respective user action as well as the user ID and the URLs accessed. This data is stored in the log files of our system. In addition, the data of third parties entered by the user will be processed.

(2) The legal basis for the processing of the data is Art. 1 lit. a GDPR. Consent is obtained at the time of conclusion of the contract.

The additional legal basis for processing is Article 6(3). 1 lit. b GDPR, since the processing of the said data is used for the performance of a contract to which the user is a party or to carry out pre-contractual measures.

Furthermore, the processing is carried out in order to improve our services in the interest of the analysis, optimization and economic operation of our online offer within the meaning of Article 6 paragraph. 1 lit. f. GDPR

(3) Purpose of processing

1. the inventory data (e.g., names and addresses as well as contact details of users) and contract data (e.g., services used, names of contact persons, payment information) are the execution of the contract, in particular the sending of E-mail reminders (“notifications”) and billing purposes.

2. is made by usernames and the input of the respective users in order to ensure the access authorization of the service.

3. the IP address, the time of the respective user action as well as the urLs accessed is done to optimize our services and continuously improve the user experience.

4. the data of third parties entered by the user is the execution of the contract and the provision of the contractually promised services.

4. The data shall be deleted as soon as they are no longer necessary for the purpose of their collection.

This is the case for data collected during the registration process for the performance of a contract or for the implementation of pre-contractual measures, if the data are no longer necessary for the execution of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations (in particular tax retention periods).

(5) The user may modify or delete the stored data at any time.

If the data are necessary for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible unless contractual or legal obligations preclude deletion. In particular, the notice periods of existing contracts remain unaffected.

IX. Payment with PayPal

(1) If you choose the PayPal payment method, we will work with the payment service provider PayPal, PayPal (Europe) S.A.R.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg. As part of the payment process, a direct forwarding is made to the PayPal website, within which the payment is processed. We do not collect, process or store the data to be entered there by you. In this respect, only The Privacy Policy of PayPal, which you https://www.paypal.com/de/webapps/mpp/ua/privacy-prev.

In addition, the following data will be collected for online payments:

1. Access data

2. Profile data

3. Name of the retrieved file

4. Date and time of retrieval

5. Amount of data transferred

6. Message whether the retrieval was successful

7. Description of the type of web browser used

8. requesting domain

This data is stored exclusively for technical reasons and is not assigned to a specific person at any time. In addition, the data is collected directly by the payment service provider. The data to be entered there are neither collected, processed or stored by us. In this respect, the data protection guidelines of the respective payment service provider apply exclusively.

(2) The legal basis for the processing of the data at the time of payment by the user is Art. 1 lit. a GDPR.

In addition, Article 6(1) of the European 1 lit. b GDPR as the legal basis for the processing of personal data, insofar as these are used for the performance of a contract.

(3) The collection is carried out for the processing of the payment transaction and thus for the performance of the contract.

4. The data shall be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for the personal data used for payment when the respective contractual relationship with the data subject has ended. The contractual relationship ends if it can be inferred from the circumstances that the data subject is no longer a customer (e.g. by deleting an account).

(5) The data subject has the possibility to withdraw his/her consent to the processing of personal data at any time. This does not affect the obligation to fulfil contracts.

X. Payment with Stripe

(1) If you choose the Stripe payment method, we will work with the payment service provider Stripe, Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. As part of the payment process, a direct forwarding is made to the Stripe website, within which the payment is processed. We do not collect, process or store the data to be entered there by you. To this extent, Stripe’s Privacy Policy applies only, which you https://stripe.com/de/privacy.

(2) The legal basis for the processing of the data at the time of payment by the user is Art. 1 lit. a GDPR.

In addition, Article 6(1) of the European 1 lit. b GDPR as the legal basis for the processing of personal data, insofar as these are used for the performance of a contract.

(3) The collection is carried out for the processing of the payment transaction and thus for the performance of the contract.

4. The data shall be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for the personal data used for payment when the respective contractual relationship with the data subject has ended. The contractual relationship ends if it can be inferred from the circumstances that the data subject is no longer a customer (e.g. by deleting an account).

(5) The data subject has the possibility to withdraw his/her consent to the processing of personal data at any time. This does not affect the obligation to fulfil contracts.

XI. Google Analytics

(1) The Website uses “Google Analytics”, a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google uses cookies, i.e. small text files, which are stored on the terminal device and which enable an analysis of the use of the website. The information generated by the cookie about the use of the website is usually transmitted to a Google server in the USA and stored there. If the website is enabled to anonymise the IP address to be transmitted by the cookie by the extension “_anonymizeIp()” (hereinafter referred to as “IP anonymisation”), Google’s IP address will be activated within Member States of the European Union or other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information to evaluate the use of the website on behalf of the controller, to compile reports on website usage and to provide other services related to website and internet usage. Pseudonymous usage profiles can be created from the processed data. The IP address transmitted when using Google Analytics will not be merged with other data from Google.

The website uses Google Analytics only with the activated IP anonymization described above. This means that your IP address will only be processed by Google in abbreviated manner. A personal resitability can thus be excluded.

(2) In this case, The legal basis shall be Article 6(p.). 1 lit. f GDPR.

(3) The website uses Google Analytics for the purpose of analysing the use of the website and of continuously improving individual functions and offers as well as the user experience. By statistically evaluating the user behaviour, the offer can be improved and made more interesting for the user. This also includes the legitimate interest in the processing of the above data.

(4) The storage of cookies generated by Google Analytics can be prevented by making appropriate settings of the web browser. It is pointed out that in this case not all functions of the website can be used. If the collection of data generated by the cookie and related to user behaviour (including your IP address) and the processing of this data by Google is to be prevented, the web browser plug-in available under the following link can be downloaded and installed: http://tools.google.com/dlpage/gaoptout?hl=de.

In order to oblige Google to process the data transmitted only in accordance with the instructions and to comply with the applicable data protection regulations, the controller has concluded an order processing contract with Google.

In exceptional cases where personal data is transferred to the United States, Google has submitted to the Privacy Shield Agreement between the European Union and the United States and has certified itself. As a result, Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on the use of data by Google, the setting and opposition options as well as data protection can be found in the following websites of Google:

  1. User Conditions: http://www.google.com/analytics/terms/de.html
  2. Data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html
  3. Privacy Policy: http://www.google.de/intl/de/policies/privacy
  4. Google’s use of data when you use our partners’ websites or apps: https://www.google.com/intl/de/policies/privacy/partners
  5. Data use for advertising purposes: http://www.google.com/policies/technologies/ads
  6. Settings for personalized advertising by Google: http://www.google.de/settings/ads

XII. Google Tag Manager

We use “Google Tag Manager”, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Tag Manager allows us as a marketer to manage website tags from a single interface. The Google Tag Manager tool, which implements the tags, is a cookieless domain and does not collect any personal data. Google Tag Manager is responsible for triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it will remain for all tracking tags implemented with Google Tag Manager.

Google has signed up to the Privacy Shield Agreement between the European Union and the United States and has certified itself. As a result, Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. For more information on data protection, see the following Google websites:

• Privacy Policy: http://www.google.de/intl/de/policies/privacy

• FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html

Terms of Service Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html

XIII. Google Web Fonts

(1) The website uses external fonts, so-called “Google Fonts”. Google Fonts is a service of Google. The integration of these web fonts is carried out by a server call, usually a Google server in the USA. This transmits to the server which pages of the website have been visited. The IP address of the browser of the terminal device of the visitor to these internet pages is stored by Google. For more information, see Google’s privacy policy, which can be found here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/

(2) In this case, The legal basis shall be Article 6(p.). 1 lit. f GDPR.

(3) The use of Google Webfonts is in the interest of a uniform and appealing presentation of our online offers.

(4) Google Webfonts can be deactivated e.g. with the plugin “Autoptimize”. In this case, a standard font is used.

XIV. Google (Invisible)reCAPTCHA

(1) The Website uses “Google reCAPTCHA”, a turbulence test of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google checks whether the data entry on the website is by a human or by an automated program. For this purpose, user behavior is analyzed on the basis of various characteristics. The analysis starts automatically as soon as the website is entered. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay on a website or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses run completely in the background. Site visitors are not notified that an analysis is taking place.

(2) The legal basis for processing is Article 6(0). 1 lit. f. GDPR.

(3) The controller has the legitimate interest to protect the website from abusive automated spying and from SPAM.

(4) For more information about Google reCAPTCHA and Google’s privacy policy, please refer to the following links:

1st https://www.google.com/intl/de/policies/privacy/

https://www.google.com/recaptcha/intro/android.html 2

XV. Facebook Pixel

(1) The Website uses “Facebook Pixel” (hereinafter referred to as “Pixel”), an analysis program of the social network “Facebook.com” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as “Facebook”) to users who have previously seen or clicked on a Facebook ad. The collected data is collected anonymously and is used for evaluation for market research purposes. Facebook may connect this data to an existing Facebook account and also use it for its own advertising purposes, in accordance with Facebook’s data usage policy

The user can enable Facebook and its partners to run ads on and off Facebook. A cookie can also be stored on the computer for these purposes.

(2) The legal basis of the processing is the legitimate interest in the analysis, optimisation and economic operation of the website within the meaning of Article 6(c). 1 lit. f. GDPR.

(3) The Website uses pixels for marketing and optimization purposes, in particular to serve for relevant and interesting ads, to improve campaign performance reports or to avoid seeing the same ads multiple times. This also includes the legitimate interest in the processing of the above data.

(4) The installation of cookies is prevented by deleting existing cookies and by disabling the storage of cookies in the settings of the web browser. It should be noted that in this case not all functions of the website can be used in full.

Consent can be revoked here:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

In addition, Facebook has submitted to the Privacy Shield Agreement between the European Union and the United States and has certified itself. As a result, Facebook is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

Third-party information: Facebook Ireland Ltd. 4 Grand Canal Square , Grand Canal Harbour, Dublin 4, IRELAND, Fax: +0016505435325. Further information on the use of data by Facebook, on setting and opposition options as well as on data protection can be found on the following facebook websites:

https://www.facebook.com/about/privacy/

XVI. Facebook Connect

(1) The Website uses “Facebook Connect” (hereinafter referred to as “Connect”), an analysis program of the social network “Facebook.com” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as “Facebook”) to Registration or login via Facebook instead of a direct registration on the website.

By clicking on Facebook Connect, the user is redirected to the Facebook website in order to register or log in. This link transmits the following data:

1. Facebook name

2. Facebook profile and cover image

3. Facebook cover image

4. E-mail address stored on Facebook

5. Facebook ID

6. Facebook Friends Lists

7. Facebook Likes (“Like Me”)

8th Birthday

9. Gender

10th country

11. Language

(2) The legal basis for processing is the performance of a contract within the meaning of Article 6(c). 1 lit. b. GDPR.

(3) The website uses Connect to set up, provide and personalise the user account. Personal data about the use of the website (usage data) are only collected, processed and used to the extent necessary to enable or bill the user to use the service.

4. The charges charged shall be deleted after the conclusion of the order or termination of the contract. Lawhole retention periods remain unaffected.

XVII. Facebook Custom Audiences

(1) We use “Facebook Custom Audiences”, a remarketing tool of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as “Facebook”). Facebook Custom Audiences allows us to provide interest-based advertisements to visitors to our website as part of a visit to the social network Facebook or as part of a visit to other websites that also use Facebook Custom Audiences, so-called ” Facebook Ads”. By using “Facebook Custom Audiences”, your web browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected through Facebook’s use of Facebook Custom Audiences. To our knowledge, Facebook receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, there is a possibility that Facebook will find out and store your IP address and any other identifiers.

(2) In this case, The legal basis shall be Article 6(p.). 1 lit. f GDPR.

(3) We use Facebook Custom Audiences for marketing and optimization purposes, in particular to serve relevant and interesting advertisements for you and thus to improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third party provider.

(4) The deactivation of Facebook Custom Audiences is possible for logged-in users under https://www.facebook.com/settings/?tab=ads#_. Please note that this setting will be deleted when you delete your cookies. In addition, you can deactivate cookies for range measurement and advertising purposes via the following websites:

http://optout.networkadvertising.org/

http://www.aboutads.info/choices

http://www.youronlinechoices.com/uk/your-ad-choices/

Please note that this setting will also be deleted if you delete your cookies.

In addition, Facebook has submitted to the Privacy Shield Agreement between the European Union and the United States and has certified itself. As a result, Facebook is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Third-party information: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

For more information from the third party on data protection, see the following Facebook website: https://www.facebook.com/about/privacy

XVIII. LinkedIn Ads

(1) We use “Marketing Solutions (formerly LinkedIn Ads)”, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “Marketing Solutions”) on our website. Marketing Solutions stores and processes information about your user behaviour on our website. Marketing Solutions uses cookies, i.e. small text files, which are stored locally in the cache of your web browser on your device and which enable an analysis of your use of our website.

(2) In this case, The legal basis shall be Article 6(p.). 1 lit. f GDPR.

(3) We use Marketing Solutions for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating the user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third party provider.

(4) You can prevent the installation of cookies by deleting existing cookies and by disabling the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to the full extent. You can also prevent LinkedIn from collecting the aforementioned information by setting an opt-out cookie on one of the linked websites below:

https://www.linkedin.com/psettings/guest-controls

http://optout.aboutads.info/?c=2#!/

http://www.youronlinechoices.com/de/praferenzmanagement/

Please note that this setting will be deleted when you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by disabling the execution of Java script in your browser. In addition, you can prevent the execution of Java script code altogether by installing a Java script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). We would like to point out that in this case you may not be able to use all functions of our website to the full extent.

LinkedIn has also signed up to the Privacy Shield Agreement between the European Union and the United States and has certified itself. As a result, LinkedIn is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Third-party information: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For more information from the third party on data protection, see the following website: https://www.linkedin.com/legal/privacy-policy

XIX. LinkedIn Marketing Solutions

(1) We use LinkedIn Marketing Solutions, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”). LinkedIn Marketing Solutions stores and processes information about your user behaviour on our website. LinkedIn Marketing Solutions uses cookies, i.e. small text files, which are stored locally in the cache of your web browser on your terminal device and which enable an analysis of your use of our website.

(2) In this case, The legal basis shall be Article 6(p.). 1 lit. f GDPR.

(3) We use LinkedIn Marketing Solutions for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating the user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third party provider.

(4) You can prevent the installation of cookies by deleting existing cookies and by disabling the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to the full extent. You can also prevent LinkedIn from collecting the aforementioned information by setting an opt-out cookie on one of the linked websites below:

https://www.linkedin.com/psettings/guest-controls

http://optout.aboutads.info/?c=2#!/

http://www.youronlinechoices.com/de/praferenzmanagement/

Please note that this setting will be deleted when you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by disabling the execution of Java script in your browser. In addition, you can prevent the execution of Java script code altogether by installing a Java script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). We would like to point out that in this case you may not be able to use all functions of our website to the full extent.

LinkedIn has also signed up to the Privacy Shield Agreement between the European Union and the United States and has certified itself. As a result, LinkedIn is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Third-party information: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For more information from the third party on data protection, see the following website: https://www.linkedin.com/legal/privacy-policy

XX. Encrypted data transfer

All data is transmitted via TLS technology via an encrypted connection. The required certificate installed on the servers was issued by an independent organization.

An encrypted connection is recognized by the fact that the address line of the browser changes from http:// to https://.

Once the encrypted TLS connection is established, your entries that you submit to the shop can no longer be read by third parties.

Xxi. Rights of the data subject

If personal data is processed by , the users are “data subject” in the GDPR and are entitled to the following rights in respect of the controller:

1. Right of access

The data subject may request confirmation from the controller as to whether personal data will be processed.

In the form of such processing, the controller may be requested to provide the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom personal data in question have been or are still being disclosed;

(4) the planned duration of the storage of personal data or, if specific information is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of personal data, a right to restrict processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data where the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, in accordance with Article 22(3). 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

There is the right to request information on whether the personal data will be transferred to a third country or to an international organisation. In this context, it may be required to provide the appropriate guarantees in accordance with the Article 46 GDPR in connection with the transmission.

2. Right to rectification

There is a right to rectification and/or completion to the controller if the processed personal data is inaccurate or incomplete. The person responsible shall make the correction without delay.

3. Right to restrict processing

The following conditions may require the restriction of the processing of personal data:

(1) if you dispute the accuracy of the personal data for a period that allows the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and the deletion of personal data is refused and the restriction of the use of the personal data is instead required;

(3) the controller no longer needs the personal data for the purposes of the processing, but these are necessary for the assertion, exercise or defence of legal claims, or

(4) if there is an objection to the processing in accordance with Article 21(4) of the 1 GDPR has been filed and it is not yet clear whether the legitimate reasons of the controller outweigh the reasons of the data subject.

If the processing of the personal data has been restricted, this data may only be used, with the consent of the data subject or to assert, exercise or defend legal claims or to protect the rights of a data subject. other natural or legal person or for reasons of an important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, the data subject will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to delete

There is a right to demand that the controller delete the personal data immediately and the controller is obliged to delete such data immediately, provided that one of the following reasons applies:

(1) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) The consent to which the processing is based in accordance with the Art. 1 lit. a or Art. 2 lit. a GDPR and there is no other legal basis for processing.

(3) It is set out in accordance with the Art. 1 GDPR has been objected to the processing and there are no legitimate primary reasons for the processing, or there are no legitimate reasons for processing, or it is reported in accordance with the Art. 2 GDPR objection to the processing.

(4) The personal data have been processed unlawfully.

5. The erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data have been collected in relation to the information society services offered in accordance with Article 8(4) of the European Financial Protection Agency. 1 GDPR.

b) Information to third parties

If the controller has made the personal data public and is in accordance with the Art. 17 Abs. 1 GDPR obliges it to delete it, taking into account the available technology and implementation costs, it shall take appropriate measures, including technical measures, to ensure that data controllers who process the personal data are responsible for the data processing, that data subjects have requested from them the deletion of all links to such personal data or copies or replications of such personal data.

c) Exceptions

The right to erasure does not exist to the extent that the processing is necessary

(1) to exercise the right to freedom of expression and information;

2. to fulfil a legal obligation required by the processing under the law of the Union or the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of public violence which has been delegated to the controller;

(3) for reasons of public interest in the field of public health in accordance with Article 9(3). 2 lit. h and i and Article 9(4) 3 GDPR;

(4) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with the Article 89(1) 1 GDPR, in so far as the right referred to in section (a) is likely to make the attainment of the objectives of such processing impossible or seriously impaired, or

(5) to assert, exercise or defend legal claims.

5. Right to information

If the right to rectification, erasure or restriction of the processing has been invoked against the controller, the controller is obliged to rectify or delete the data to all recipients to whom the personal data have been disclosed, or restriction of processing, unless this proves impossible or involves a disproportionate effort.

The controller has the right to be informed of these recipients.

6. Right to data portability

There is the right to receive the personal data provided to the controller in a structured, common and machine-readable format. In addition, there is the right to transfer this data to another controller without hindrance by the controller to whom the personal data has been provided, provided that:

(1) the processing on a consent in accordance with the Art. 1 lit. a GDPR or Art. 2 lit. a GDPR or on a contract in accordance with Art. 1 lit. b GDPR is based and

(2) processing is carried out using automated procedures.

In the exercise of this right, there is also the right to obtain that the personal data be transmitted directly by a controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task which is in the public interest or carried out in the exercise of official authority delegated to the controller.

7. Right to object

There is the right, for reasons arising from the particular situation of the data subject, at any time against the processing of personal data, which is subject to Article 6(4) of the year. 1 lit. e or f GDPR to appeal; this shall also apply to profiling based on these provisions.

The controller no longer processes the personal data, unless he can prove compelling legitimate grounds for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves the purpose of assertion, exercise or defence of legal claims.

If the personal data is processed for direct marketing purposes, there is the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing.

If the processing has been objected to for direct marketing purposes, the personal data will no longer be processed for these purposes.

It is possible, in connection with the use of information society services, to exercise the right of objection, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

There is the right to revoke the declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision on a case-by-case basis, including profiling

There is the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on the data subject or, in a similar manner, significantly Affected. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between the data subject and the controller;

(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests;

(3) with the express consent of the data subject.

However, those decisions may not be based on specific categories of personal data under Article 9(1). 1 GDPR, unless Art. 2 lit. a or g and appropriate measures have been taken to protect your rights and freedoms and legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtaining the intervention of a person by the person concerned. responsible, on presentation of their own position and on appeal of the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of the residence of the data subject, the place of work or the place of the alleged infringement if there is a view that the processing of personal data is in breach of the GDPR.

The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.