viadee Unternehmensberatung AG
Commercial register/no: HRB 17380
Managing directors: Heinrich Riemann, Frank Weymerich
Phone number: +49 (0)251 7777 70
E-mail address: firstname.lastname@example.org
Data protection officer:
Phone number: +49 (0)251 7777 70
E-mail address: Datenschutzbeauftragter@viadee.de
1. BASIC PRINCIPLES FOR PROCESSING DATA; LEGAL BASIS
1.1. This privacy statement explains to you the nature, scope and purpose of the personal data processed within our online offering and the websites, functions and content associated with it (hereinafter jointly referred to as “online offering” or “website”) as well as within the products, solutions and consulting services of our company (hereinafter referred to as “products and services”). The privacy statement applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offering or our products and solutions are handled.
1.2. As regards the use of terms such as “personal data” or “data processing”, we refer to the definitions in Art. 4 General Data Protection Regulation (GDPR).
1.3. The personal data of the users processed within the scope of the online offering, products and services include the general data (e.g. names and addresses of customers), contract data (e.g. services used, names of the responsible persons, payment information), usage data (e.g. the visited pages of our website, interest in our products) and content data (e.g., entries in contact forms).
1.4. The term “user” covers all categories of data subjects affected by data processing. These include our business partners, customers, interested parties and other visitors to our website. Terms such as “user” are used in a gender-neutral sense.
1.5. We process users’ personal data only in compliance with the relevant data protection regulations. This means that users’ data is only processed if legal permission has been given for this. This refers in particular to data processing that is necessary for providing our contractual services (e.g. processing of orders) and online services, or that is required by law or if consent has been given by the user as well as on the basis of our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our website and in securing our online offering within the meaning of Art. 6 (1) lit. f. GDPR, particularly for range measurement, creating profiles for advertising and marketing purposes, collecting access data and using the services of third parties).
1.6. The legal basis for obtaining consent is Art. 6 (1) lit. a. and Art. 7 GDPR, the legal basis for processing data to enable us to perform our services and carry out contractual measures is Art. 6 (1) lit. b. GDPR, the legal basis for processing data to enable us to fulfil our legal obligations is Art. 6 (1) lit. c. GDPR and the legal basis for processing data to preserve our legitimate interests is Art. 6 (1) lit. f. GDPR.
2. SECURITY MEASURES
2.1. We apply organisational, contractual and technical security measures in accordance with the latest technological standards to ensure that the provisions of the data protection laws are complied with and to thereby protect the data processed by us from accidental or intentional manipulation, loss, destruction or from access by unauthorised persons.
2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.
3. DATA TRANSFER TO THIRD PARTIES AND THIRD-PARTY SUPPLIERS
3.1. Data is only passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1) lit. b) GDPR or for legitimate interests in efficiently and effectively managing our business operations pursuant to Art. 6 (1) lit. f. GDPR.
3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
3.3. If content, tools or solutions of other providers (hereinafter jointly referred to as “third party providers”) are used within the scope of this privacy statement and their named offices are domiciled in a third country, it must be assumed that data is transferred to the country of domicile of the third party providers. Third countries are countries in which the GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data is transferred to third countries either if there is an appropriate level of data protection, if the user has consented to the aforesaid transfer or other legal permission has been obtained.
4. PROVISION OF CONTRACTUAL SERVICES
4.1. We process general data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) lit. b GDPR.
4.2. Within the context of registering and renewing logins, we store the IP address and the time of user action. The storage is based on our legitimate interests and is also done to protect users against misuse and other unauthorised use. This data will not be passed on to third parties unless it is necessary to assert our claims or we are obliged to do so by law pursuant to Art. 6 (1) lit. c GDPR.
4.3. We process usage data (e.g. the visited pages of our website, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to display product information to the user based, for example, on the services they have previously used.
5.1. When contacting us (via the contact form or e-mail), the user’s details are processed in order to handle the contact request and its settlement in accordance with Art. 6 (1) lit. b) GDPR.
5.2. The user data can be stored in our Customer Relationship Management System (“CRM system”) or comparable inquiry system.
We use the marketing automation system “HubSpot” of the provider HubSpot, Inc., HubSpot Headquarters (Cambridge, MA) 25 First St., 2nd floor Cambridge, Massachusetts 02141 on the basis of our legitimate interests (efficient and fast processing of user requests). For this purpose we have signed a contract with HubSpot containing so-called standard contractual clauses in which HubSpot agrees to process user data only in accordance with our instructions and to comply with the EU data protection laws. Moreover, HubSpot is certified under the Privacy Shield Agreement which provides an additional guarantee of compliance with European data protection laws.
Hubspot is an integrated software solution that covers various aspects of our online marketing. These include:
- E-mail marketing (newsletters and automated mailings, e.g. for providing downloads)
- Social media publishing and reporting
- Reporting and data processing (tracking e.g. traffic sources, access, etc. …)
- Contact management (e.g. user segmentation and CRM)
- Landing pages and contact forms
Our registration service allows visitors to our website to learn more about our company, download content and provide their contact data and other demographic information. This information and the contents of our website are stored on servers of our software partner HubSpot. They can be used by us to contact visitors to our website and to determine which services of our company might be of interest to them. All the information we collect is covered by this privacy statement. We use all the information collected solely for optimising our marketing activities. HubSpot is a software company from the USA with a subsidiary in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 (0)1 518 7500.
HubSpot is certified under the terms of the EU-U.S. Privacy Shield Framework and is obliged to comply with the TRUSTe’s Privacy Seal and the U.S.-Swiss Safe Harbor framework.
More information from HubSpot regarding the EU data protection rules
You can find more information about the cookies used by HubSpot here & here
If on principle you are opposed to Hubspot recording your data, you can prevent cookies from being saved at any time by changing your browser settings.
6. COMMENTS AND CONTRIBUTIONS
6.1. If users leave comments or make other contributions, their IP addresses are stored on the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR.
6.2. This is done for security reasons if someone writes illegal contents (insults, forbidden political propaganda etc.) in comments and contributions. In cases of this kind, we ourselves could be held responsible for the comment or contribution and are therefore interested in the identity of the author.
7. COLLECTING ACCESS DATA AND LOGFILES
7.1. On the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR, we collect data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
7.2. Log file information is stored for security reasons (e.g. to clarify misuse or fraud) for a maximum period of twelve months and then deleted. Access data includes: name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user’s operating system, referrer URL (previously visited page), IP address and requesting provider. The provider uses the log data only for statistical evaluation purposes to enable the offering to be operated, rendered secure and optimised. However, the provider reserves the right to subsequently check the log data if there is a justified suspicion of illegal use on the basis of concrete indications. Data that needs to be further stored for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
8. COOKIES & RANGE MEASUREMENT
8.1. Cookies are items of information that are transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
8.2. We use “session cookies” that are stored solely for the duration of the current visit to our website (e.g. to enable your login status or the shopping cart function to be stored and thereby enable our online offering to be used in the first place). A random-generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when, for example, you finish using our online service and log out or close your browser.
8.3. Users are informed within the scope of this privacy statement about how cookies are used for pseudonymous range measurement.
8.4. If users do not wish cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. Please note that the exclusion of cookies can restrict some of the functionalities of this online offering.
9. GOOGLE ANALYTICS
9.2. Google is certified under the Privacy Shield Agreement which guarantees compliance with the European data protection laws.
9.3. Google uses this information on our behalf to evaluate how our online offerings are used, to compile reports on the activities within this online offering and provide us with other services associated with the use of this online service and the internet. Pseudonymous user profiles of the users can be created from the processed data.
9.4. We use Google Analytics solely with activated IP anonymisation. This means that Google abbreviates the user’s IP address within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.
9.5. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being saved by selecting the appropriate settings on their browser; they can also prevent the data generated by the cookies and relating to their use of the online offering from being collected by Google as well as prevent aforesaid data from being processed by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser add-on or for browsers on mobile devices, please click this link to prevent Google Analytics from collecting data from this website in the future. An opt-out cookie will then be stored on your device. If you delete your cookies, you must activate this link again.
9.6. Further information on the use of data by Google, the setting possibilities and means of opt-out can be found on the Google website:
– Google’s use of data when you use our partners’ websites or apps
– Use of data for advertising purposes
– Managing information used by Google for showing you advertisements
9.7. We use the “Google Tag Manager” to integrate and manage Google’s analysis and marketing services into our website.
10.1. You can find information here about the contents of our newsletter as well as the registration, dispatching and statistical evaluation procedures as well as your opt-out rights. By registering for our newsletter, you consent to the receipt of the newsletter and to the procedures described below.
10.2. Content of the newsletter: we send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletter”) only if the recipient has consented to this or on the basis of legal permission. If the contents of the newsletter are specifically described in the course of the registration procedure, these form the basis of the user’s consent. Otherwise our newsletters contain information about our products, offers, promotions and our company.
10.3. Double opt-in and newsletter records: we use the so-called double opt-in procedure for newsletter registration. This means that an e-mail is sent to you after registering, requesting you to confirm your registration. This confirmation is necessary so that no one can register from other e-mail addresses. A record is made of the newsletter registrations so that we can evidence the registration procedure in line with legal requirements. This includes saving the login and confirmation times as well as the IP address. A record is also made of changes to your data stored with the dispatch service provider.
HubSpot is certified under the Privacy Shield Agreement which offers a guarantee of compliance with the European data protection rules:
10.5. According to its own information, the dispatch service provider can also use this data in pseudonymous form, i.e. without allocation to a user, in order to optimise or improve its own services, e.g. for technically optimising the dispatch and presentation of the newsletter or for statistical purposes in order to determine the recipients’ country of origin. However, the dispatch service provider shall not use the data of our newsletter recipients to write to the recipients itself or pass aforesaid data on to third parties.
10.6. Registration data: to register for the newsletter, it is sufficient to enter your e-mail address, surname, first name.
10.7. Statistical survey and analyses – the newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the server of the dispatch service company when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system as well as your IP address and time of retrieval are initially collected. This information is used to technically enhance the services on the basis of the technical data or target groups and reading behaviours via their retrieval points (which can be determined with the help of the IP address) or access times. The statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients but it is neither our intention nor that of the dispatch service provider to monitor individual users. The evaluations serve to recognise the reading habits of our users and to adapt our content to them or to send specific content in line with our users’ interests.
10.8. The use of the dispatch service provider, the statistical surveys and analyses as well as the recording of the registration procedure are based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. We are interested in employing a user-friendly and secure newsletter system that serves both our business interests and as well as the expectations of our users.
10.9. Cancellation/revocation – you can cancel the receipt of our newsletter at any time or revoke your consent. When doing this, your consent to the dispatch by the dispatch service provider and to the statistical evaluation are simultaneously revoked. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. You can find a link for cancelling the newsletter at the end of each newsletter. If users have only registered for the newsletter and have cancelled this registration, their personal data is deleted.
11. INTEGRATING SERVICES AND CONTENTS OF THIRD PARTIES
11.1. As part of our online offering, we use content or service offerings of third parties on the basis of our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our online offering within the meaning of Art. 6 (1) lit. f. GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter jointly referred to as “content”). This always presupposes that the third-party providers of this content can note the user’s IP address, otherwise they would not be able to send the content to the browsers of the aforesaid users without the IP address. The IP address is therefore required for presenting this content. We endeavour to only use the content of providers that use the IP address solely for the distribution of content. Third parties can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and can include technical information about the browser and operating system, referring websites, visiting times and other information about the use of our website, and can also be linked to such information from other sources.
11.2. Below is a list of the third-party providers and their contents, along with links to their privacy statements which contain further information on how data is processed and on the opt-out possibilities, some of which have already been named here:
- External fonts of Google, Inc., https://www.google.com/fonts („Google fonts“). The Google fonts are integrated via a server called up at Google (usually in the USA).
- Maps of the “Google Maps” service of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- Videos of the platform “YouTube” of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- We use functions of the XING network. The provider is XING AG, Dammtorstraße 29–32, 20354 Hamburg, Germany. Each time you access one of our pages that contains Xing features, you will be connected to the Xing servers. As far as we are aware, no personal data is saved. Most importantly, no IP addresses are stored or evaluation made of user behaviour.
12. USER RIGHTS
12.1. Users have the right, upon request and free of charge, to obtain information about the personal data we have stored about them.
12.2. Users also have the right to demand correction of their incorrect data, to have the processing of their personal data restricted or have it deleted, and are entitled, where applicable, to exercise their rights in respect of data portability and, in the event of suspicion of unlawful data processing, to file a complaint at the competent supervisory authority.
12.3. Users can also revoke their consent, in all cases with effect for the future.
13. DELETION OF DATA
13.1. The data stored by us will be deleted as soon as it is no longer required for the intended purpose and provided no legal obligations exist to retain said data. If the user’s data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be stored for commercial or tax reasons.
13.2. In accordance with legal requirements, the storage period for commercial accounts, inventories, opening balance sheets, annual financial statements, business letters, accounting vouchers etc. under section 257 (1) HGB (German Commercial Code) is 6 years and for accounts, records, management reports, accounting vouchers, commercial and business letters, taxation-relevant documents etc. under section 147 (1) AO (German Fiscal Code) 10 years.
14. REVOCATION RIGHT
Users may at any time object to the future processing of their personal data in accordance with the statutory provisions. The objection may in particular be lodged against processing for the purposes of direct marketing.
15. CHANGES TO THE PRIVACY STATEMENT
15.1. We reserve the right to change our privacy statement in order to adapt it to altered legal situations or in the event of changes to the service or data processing. However, this only applies to declarations regarding data processing. If users are required to give consent or components of the privacy statement contain provisions concerning the contractual relationship with the users, the changes will only be made with the consent of the users.
15.2. Users are requested to inform themselves regularly about the content of the privacy statement.