Privacy policy

We are pleased that you are visiting our website. KUMAVISION AG (hereinafter "we" or "us") attaches great importance to the security of user data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.

Agreement according to §26 S.1 Abs.1 DSGVO ("jointly responsible")

Table of Contents

Contact details of those responsible

KUMAVISION AG

Oberfischbach 3
88677 Markdorf (Lake Constance)
Germany

Contact:
This email address is being protected from spam bots! To display JavaScript must be turned on.
Tel.: + 49 7544 966-300
http://www.kumavision.com

Contact details of the Data protection officer

German Data Protection Law Office - Maximilian Musch

External data protection officer: Maximilian Musch
Richard-Wagner-Straße 2
88094 top rings
Germany

Contact: Tel.: 07542 949 21 - 02
Email: This email address is being protected from spam bots! To display JavaScript must be turned on.
Website: www.ddsk.de 

Concepts

The technical terms used in this data protection declaration are to be understood as legally defined in Art. 4 GDPR. 

Recipients of data

Service providers (recipients of data) used in connection with the processing of data via the website are named in our data protection declaration under the respective category/heading. 

General information on data processing

Automated data processing (log files etc.)

In principle, the website can be visited without active information about the person of the user. However, access data (server log files) are automatically saved each time the website is accessed, e.g. B. the name of the Internet service provider, the operating system used, the website from which the user visits the website, the date and duration of the visit or the name of the requested file, as well as for security reasons, e.g. B. to detect attacks on the website, the IP address of the end device used for a period of 7 days. This data does not allow any conclusions to be drawn about the person of the user. This data is not merged with other data sources.

The legal basis for processing the data is Art. 6 (1) (c) GDPR i. In conjunction with Art. 32 GDPR and Art. 24 GDPR.

The data will be processed and used for the following purposes:

  1. Provision of the website
  2. improving our websites
  3. Prevention and detection of errors/malfunctions and abuse of the website.

Processing is necessary to ensure the functionality and error-free and secure operation of the website and to adapt this website to user requirements. 

Consent management tool

A process for consent management is used on the website in order to be able to verifiably store and manage the consent given by visitors to the website in accordance with the requirements of the GDPR. At the same time, website visitors can use the integrated service to manage the consent and preferences they have given or the revoke consent.

The consent status is stored on the server side and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or his device. In addition, the time of the declaration of consent is recorded. 

Categories of affected persons: 
Website visitors who use the consent management tool

Categories data:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), consent data (consent ID, consent number, time of submission of consent, opt-in or opt-out, banner language , customer setting, template version)

Purposes of processing:
Fulfillment of accountability, consent management

Legal basis:
Legal obligation (Art. 6 Para. 1 lit. c) GDPR i. in conjunction with Art. 7 GDPR) 

usercentrics

Recipient: Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany       

Privacy Policy: https://usercentrics.com/de/datenschutzerklaerung/  

Use of cookies (general, functionality, opt-out links, etc.)

In order to make visiting the website attractive and to enable the use of certain functions, so-called cookies are used on the website. Cookies are a standard Internet technology used to store and retrieve login and other usage information for all users of the website.

Cookies are small text files that are stored on the end device. They make it possible, among other things, to save user settings so that the website can be displayed in a format tailored to the user's device. Some of the cookies used are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the user's end device and enable the browser to be recognized on the next visit (so-called permanent cookies).

The browser can be set in such a way that users are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Furthermore, the cookies can be deleted afterwards in order to remove data that the website has stored on the user's device. The deactivation of cookies (so-called opt-out) can lead to some limitations in the functionality of the website.

 Categories of affected persons:  Website visitors, users of online services

Opt-Out:

Internet Explorer: https://support.microsoft.com/de-de/help/17442  

Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Safari: https://support.apple.com/de-de/HT201265

Legal basis:
Consent (Art. 6 Para. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 lit. f) GDPR)
The relevant legal basis is specifically named for the corresponding tool.

Legitimate interests:
Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, preservation of user status over the entire website, recognition for next website visitors, user-friendly online offer, ensuring chat functions 

Web analysis and optimization

Tools for web analysis and range measurement are used so that visitor flows on the website can be evaluated. For this purpose, information about the behavior, interests or demographic information about website visitors, such as age, gender or similar, is collected. This makes it possible to recognize at what time the website, its functions or content are most frequented or invite repeated visits. In addition, the information collected can be used to determine whether the website requires optimization or adjustment.

The information collected for this purpose is stored in cookies or similar processes are used and are used for range measurement and optimization. The data stored in the cookies may include content viewed, online presences visited, settings and functions and systems used.

As a rule, no clear user data is processed for the purposes described. In this case, the data is changed in such a way that the actual identity of the user is not known to either the person responsible or the provider of the tool used (e.g. via IP address anonymization options). The anonymized data can be displayed via a dashboard. This can be used to deliver key figures or statistics about visits to the website. This includes e.g. B. Key figures, which provide information about the period within which the website was visited the most. It can be used to discuss where the website is still adaptable and what content can best be placed where and when. 

Categories of affected persons: 
Website visitors, users of online services

Categories data:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. e-mail address, telephone number), content data (e.g. text information, photographs, videos)

Purposes of processing:
Website analysis, range measurement, utilization and evaluation of website interaction, lead evaluation

Legal basis:
Consent (Art. 6 Para. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 lit. f) GDPR)

Legitimate interests:
Optimization and further development of the website, increase in profits, customer loyalty and acquisition, cookieless analysis, success control of marketing measures for B2B customers 

Hotjar

Recipient: Hotjar Ltd., Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta    

Privacy Policy: https://www.hotjar.com/legal/policies/privacy

Opt-Out Link: https://www.hotjar.com/legal/compliance/opt-out  

Legal basis: Consent (Art. 6 Para. 1 lit. a) GDPR) 

Dealfront (cookieless use)

Recipient: Dealfront Group GmbH, Durlacher Allee 73, 76131 Karlsruhe, Germany

Privacy Policy: https://www.dealfront.com/privacy-notice/

Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f) GDPR)

Opt-Out Link: https://privacycockpit.dealfront.com/

LinkedIn Analytics

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Privacy Policy: https://www.linkedin.com/legal/privacy-policy 

Legal basis: Consent (Art. 6 Para. 1 lit. a) GDPR

Matomo (local integration)

Provider: InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand         

Privacy Policy: https://matomo.org/privacy-policy/     

Legal basis: Legitimate interests (Art. 6 Para. 1 lit. f) GDPR)

Opt-Out Link: 

 

 

 

Hosting (incl. content delivery network)

The website is hosted by an external service provider. Personal data of visitors to the website, in particular so-called log files, are stored on the service provider's servers. It can also be data that arises or is collected during active use of the online offer. By using a specialized service provider, the online offer can be made available securely and efficiently. The data is not processed by the hosting provider used for their own purposes.

Categories of affected persons: 
website visitors

Categories data:         
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:      
Proper design of the online offer

Legal basis:       
Consent (Art. 6 Para. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 lit. f) GDPR)

Legitimate interests:         
Proper presentation and optimization of the website, faster website accessibility, avoidance of downtime, high scalability 

Mittwald web hosting

Recipient: Mittwald CM Service GmbH & Co. KG, Königsberger Str. 4 – 6, 32339 Espelkamp, ​​Germany    

Privacy Policy: https://www.mittwald.de/datenschutz          

Legal basis: Legitimate interests (Art. 6 Para. 1 lit. f) GDPR)  

Online marketing

In order to constantly increase the range and awareness of the online offer, personal data is processed as part of online marketing, in particular with regard to potential interests and measuring the effectiveness of the marketing measures used.

For the purpose of measuring the effectiveness of marketing measures and identifying potential interests, relevant information is stored in cookies or similar processes are used. The data stored in the cookies may include content viewed, online presences visited, settings and functions and systems used. As a rule, no clear user data is processed for the purposes described. The data is changed in such a way that the actual identity of the user is not known. The data changed in this way is regularly stored in user profiles.

If user profiles are stored, the data can be read out, supplemented and supplemented on the server of the online marketing provider when visiting other online offers that use the same online marketing process.

Whether advertisements were successful can be determined on the basis of summarized data made available to the person responsible by the provider of the online marketing process (so-called conversion measurement). As part of these conversion measurements, it can be traced whether a marketing measure has led to a so-called conversion of the visitor to the online offer. This evaluation is used to analyze the success of online marketing. 

Categories of affected persons: 
Website visitors, users of online services, interested parties, communication partners, business and contractual partners

Categories data:         
Usage and interaction data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), if applicable location data, contact data, content data (e.g. text information)

Purposes of processing:      
Marketing (partly interest-based and behavioral), conversion measurement, target group formation, click tracking, development of marketing strategies and increasing the efficiency of campaigns

Legal basis:       
Consent (Art. 6 Para. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 lit. f) GDPR)

Legitimate interests:         
Optimization and further development of the website, increase in profits, customer retention and acquisition

 

Google Ads

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland          

Privacy Policy: https://policies.google.com/privacy?hl=en-US

Legal basis: Consent (Art. 6 Para. 1 lit. a) GDPR)

Microsoft Azure

Recipient: Microsoft Ireland Operations Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland

Privacy Policy: https://aka.ms/privacyresponse

Legal basis: Consent (Art. 6 Para. 1 lit. a) GDPR) 

Microsoft Dynamics365 for marketing

Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA 

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

Opt-Out:https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings

Legal basis: Consent (Art. 6 Para. 1 lit. a) GDPR) 

Social media presences

The person responsible makes offers (e.g. fan pages) available online on various social media platforms, which contain various information.

Social media channels are used to increase visibility among potential prospects, customers and employees and to make those responsible visible to the public. Social networks have proven themselves in increasing reach and promoting interaction and communication with interested parties.

Some of the data from users in social networks is used to conduct market research and thus to pursue advertising purposes. User profiles can be created and used based on the usage behavior of users, for example by specifying interests, in order to adapt advertisements to the interests of target groups. For this purpose, cookies are regularly stored on the users' end devices, sometimes regardless of whether they are registered users of the social network.

In connection with the use of social media, the associated messengers may be used in order to be able to communicate easily with users. It is pointed out that the security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the service provider can draw conclusions that and when users communicate with us and, if necessary, collect location data.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This can result in risks for users, for example because it makes it more difficult to enforce their rights. 

Categories of affected persons: 
Registered users and non-registered users of the social network

Categories data:         
Content data (e.g. text information, contributions, possibly videos), usage and interaction data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of processing:      
Extension of reach, networking with interested parties, potential employees, employee branding, etc.

Legal basis:        
Legitimate interests (Art. 6 Para. 1 lit. f) GDPR), consent (Art. 6 Para. 1 lit. a) GDPR)

Legitimate interests:         
Interaction and communication on social media presence, increase in profits, insights into target groups 

Facebook

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland      

Privacy Policy: https://www.facebook.com/privacy/explanation     

Opt-Out Link: https://www.facebook.com/policies/cookies/ 

Instagram

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland      

Privacy Policy: https://help.instagram.com/519522125107875      

Opt-Out Link:https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/  

kununu

Recipient: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA        

Privacy Policy: https://www.linkedin.com/legal/privacy-policy          

Twitter

Recipient: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland    

Privacy Policy: https://twitter.com/de/privacy       

Opt-Out Link: https://help.twitter.com/de/rules-and-policies/twitter-cookies#privacy-options 

YouTube

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland       

Privacy Policy: https://policies.google.com/privacy?hl=en&gl=de          

XING

Recipient: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany  

Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung           

Plugins and embedded content from third parties

The website includes functions and content obtained from third parties. For example, videos, representations, buttons or posts (hereinafter Content called) are included.

In order for content to be displayed to visitors to the website, the respective third-party provider processes the IP address of the user, among other things, so that the content can be transmitted to the browser and displayed. Without this processing operation, it is not possible to display third-party content.

In some cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on the website, technical information about the user's browser or operating system, the time of visit or websites to which reference is made. The data obtained is stored in cookies on the user's end device.

In order to protect the personal data of visitors to the website, technical security precautions have been taken on the website to prevent this data from being automatically transmitted to third-party providers. This data is only transmitted when the user uses the buttons or clicks on the third-party content and gives their consent. Before using the button and giving consent, users are informed in advance of the associated risks of data transmission to third parties. 

Categories of affected persons:  Users of the plug-in or integrated third-party content

Categories data:          Usage and interaction data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number), master data (e.g. name, address)

Purposes of processing:       Designing our online offering, increasing the reach of advertisements on social media, sharing posts and content, interest and behavior-based marketing, cross-device tracking

Legal basis:         Consent (Art. 6 Para. 1 lit. a) GDPR) 

Google Translate

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy Policy: https://policies.google.com/privacy?hl=en&gl=de 

Instagram pixels

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland      

Privacy Policy: https://help.instagram.com/519522125107875      

Opt-Out Link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/  

LinkedIn Insight Day

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA        

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Vimeo

Recipient: Vimeo Inc., 555 West 18th Street New York, New York 10011, USA  

Privacy Policy: https://vimeo.com/privacy 

YouTube

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland          

Privacy Policy: https://policies.google.com/privacy?hl=en&gl=de    

Opt-Out Link: https://tools.google.com/dlpage/gaoptout?hl=en   

Online conferences, meetings and webinars

We make use of the opportunity to hold online conferences, meetings and/or webinars. For this we use the offer of other providers, which we have carefully selected.

When actively using such offers, the data of the communication participants are processed and stored on the servers of the third-party providers used, insofar as the data is required for the communication process. Furthermore, usage and metadata can be processed. 

Categories of affected persons:  Participants in the respective online offer (conference, meeting, webinar)

Categories data:          Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:       Processing of inquiries, increasing efficiency, promoting cross-company or cross-location cooperation

Legal basis:         Consent (Art. 6 Para. 1 lit. a) GDPR) 

Microsoft Teams

Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA 

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement          

Opt-Out Link:https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings 

Live chat

Consultation services can be obtained using the live chat on the website. This is usually done by an employee of the company. The purpose of the data collection is based on the request made.

The text content entered into the chat mask as part of the live chat (names, request, any contact details) is voluntary. If the inquirers want further contact during the chat, they can use the contact form on the website.

If the live chat is used, the Internet browser automatically transmits certain data to the server for technical reasons at the beginning of use. This data is also processed for analysis purposes - without being assigned to a specific person.

 

Categories of affected persons:  Chatbot users

Categories data:          Master data (e.g. last name, first name), contact data (e.g. e-mail address), content data (e.g. text entries, inquiries), usage data (e.g. duration of use, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:       Processing inquiries, increasing efficiency

Legal basis:           Consent (Art. 6 Para. 1 lit. a) GDPR), pre-contractual initiation, contract (Art. 6 Para. 1 lit. b) GDPR) 

SmartSupp Chat

Recipient: Smartsupp.com, sro ID No.: 036 68 681, 602 00 Brno, Czech Republic, EU    

Privacy Policy: https://www.smartsupp.com/de/help/privacy/

External customer portal

We link to a provider's customer portal on our website. Login is only possible for authenticated customers. These must have access to the portal activated in advance by KUMA support. This is usually done by creating a new user in the portal and assigning individual user names, e.g. B. the e-mail address and passwords by the provider of the portal. Access data can neither be viewed nor saved by us.

Relevant processes for support requests from customers are stored in the customer portal. As a rule, technical data and a transaction number are stored for this purpose.

There is no link tracking via the website. At no time can it be determined which website visitor has registered via the portal.

In order to change or delete links from user accounts, the settings within the user account must be changed at the respective method provider. 

Categories of affected persons:  users of the respective function

Categories data:          User handles (e.g. username, authentication confirmation)

Purposes of processing:       authentication user

Legal basis:         Consent (Art. 6 Para. 1 lit. a) GDPR), fulfillment or initiation of a contract (Art. 6 Para. 1 lit. b) GDPR)

Atlassian (JIRA)

Receiver: Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia

Privacy Policy: https://www.atlassian.com/legal/privacy-policy 

promotional communication

We also use the data provided to us for advertising purposes, in particular to provide information on various channels about news from us or from our portfolio of offers. Advertising on our part takes place within the framework of the legal requirements and - if required - after obtaining consent.

If the recipients of our advertising do not want this, they can inform us at any time. We will be happy to comply with the corresponding request. 

Categories of affected persons:  communication partner

Categories data:          Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number)

Purposes of processing:       Direct marketing

Legal basis:           Consent (Art. 6 Para. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 lit. f) GDPR)

Legitimate interests:  Retaining existing and gaining new contacts or contractual partners 

Contacting us

On our online offer we offer the possibility to contact us directly or to obtain information about various contact options. In order to always have an overview of contacts with us, we use Microsoft Dynamics 365 CRM for processing corresponding requests.

If contact is made, we process the data of the requesting person to the extent necessary to answer or process the request. Depending on how you contact us, the processed data may vary. 

Categories of affected persons:  Inquiring people

Categories data:          Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text input), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing:       processing of inquiries

Legal basis:         Consent (Art. 6 Para. 1 lit. a) GDPR), fulfillment or initiation of a contract (Art. 6 Para. 1 lit. b) GDPR) 

Microsoft Dynamics365 CRM

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA    

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement 

Online Events and Events

Interested parties have the opportunity to register for free online events and activities via the website. A double opt-in procedure is implemented as part of the registration process, which prevents the misuse of data and ensures that the registration for the event is actually intended by interested parties. Participants will be informed of the details (e.g. time, content, registration link, etc.) by email before the event begins. The reminder and information e-mail is automatically generated and transmitted by the provider used. Early notification by e-mail is intended to ensure proper planning and execution of the event. The information required on the registration form is marked as mandatory. The provision of additional data is voluntary and not required for participation in the event. 

Categories of affected persons:  participants, interested parties

Categories data:          master data (e.g. name, address), contact data (e.g. e-mail address, telephone number),

Purposes of processing:       Implementation and planning of online events, marketing, acquisition of new customers, increase of reach, presence

Legal basis:         Contract initiation and execution (Art. 6 Para. 1 lit. b) GDPR), consent (Art. 6 Para. 1 lit. a) GDPR) 

Microsoft Dynamics365 CRM

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA    

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement 

KUMAVISION Downloads

Via the website and on social networks e.g. B. LinkedIn, white papers and similar content can be downloaded in order to provide interested parties and potential customers with current or relevant information.

If downloads are made available via social media, the social media provider collects the IP address of the user and the e-mail address that the user entered via the form. The form we provide on social media is electronic via an interface in our CRM solution Microsoft Dynamics 365 integrated to provide automated notifications quickly and efficiently. The use of the lead-gen form is voluntary for users.

A download of the whitepaper is made dependent on the subscription to a newsletter and the consent to the data transfer to the Dynamics CRM. If this is intended, interested parties will be informed about the circumstance and they can voluntarily decide whether they want the white paper with reference to the newsletter and forwarding it to the CRM. In this case, consent is obtained separately for subscribing to download-related mailings via a double opt-in procedure, which can be given at any time revoked can be. 

Categories of affected persons:
Interested parties who specifically download our information material

Categories data:
Form data (title, name, e-mail address, job title, company name), profile information of the user, metadata (time stamp, e.g. access times, user and campaign IDs), consent data (consent ID, consent number, time of the Submission of consent, opt-in or opt-out))

Purposes of processing:
Marketing, acquiring new customers, increasing sales

Legal basis:
Consent (Art. 6 Para. 1 lit. a) GDPR) 

LinkedIn lead gen form

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA 

Privacy Policy: https://www.linkedin.com/legal/privacy-policy 

Legal basis: Consent (Art. 6 Para. 1 lit. a) GDPR) 

Microsoft Dynamics365 CRM

Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA 

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement          

Opt-Out Link:https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings 

Support and remote maintenance

It is possible to receive support services via the website under the Remote Support area. The necessary customer data (e.g. name, support key) is processed to process the request. The data entered as part of the support remain with us until the purpose for data storage no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected. Without the specification of data, support is not possible within the scope of support.

A selected service provider is used to provide support. To protect the data, a so-called order processing contract was concluded with the provider in accordance with the specifications and content of Article 28 (3) GDPR. The data processing by the provider (processor) takes place exclusively on documented instructions from the client i. S.v. Art. 29 GDPR, which is also part of the contract. 

Categories of affected persons:
customers, website visitors

Categories data:
Form data (salutation, name, support key), metadata (IP address)

Purposes of processing:
Fulfillment of contractual services, service

Legal basis:
Contract initiation and fulfillment (Art. 6 Para. 1 lit. b) GDPR), consent (Art. 6 Para. 1 lit. a) GDPR)

 

TeamViewer

Recipient: TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany    

Privacy Policy: https://www.teamviewer.com/de/datenschutzerklaerung/  

 

data transmission

Personal data of visitors to the website will be passed on for internal purposes (e.g. for internal administration or the human resources department or sales, to comply with legal or contractual obligations). The internal data transmission or disclosure of the data takes place only to the extent necessary in compliance with the relevant data protection regulations.

In order to execute contracts or to fulfill a legal obligation, it may be necessary for personal data to be passed on. If the data required in this respect is not made available, it may be that the contract with the data subject cannot be concluded.

The data is processed using or accessing certain services, e.g. Google services (e.g. YouTube) or Microsoft forms, possibly also outside the EU/EEA, in so-called third countries (e.g. USA). . This cannot be ruled out even if we have always selected European data centers.

There is no adequacy decision by the European Commission for the transmission of data to the USA, which is considered an unsafe third country. Adequacy refers to the level of protection of the data in that third country or international organization in question. There is a risk for data subjects that data may be processed by US authorities for control and monitoring purposes without these having the right to appeal.

An agreement on data protection (order processing contract) or data processing agreements including standard contractual clauses in accordance with Art. 44 et seq. GDPR was concluded with the providers and additional measures were defined to ensure the highest possible protection for the personal data of data subjects.

Guarantees used for third-country transfers (if available):

Standard contractual clauses in accordance with Article 46 (1), (2) (c) GDPR

Atlasian:

https://www.atlassian.com/legal/data-processing-addendum

https://www.atlassian.com/legal/data-transfer-impact-assessment

Google services (including YouTube):

https://privacy.google.com/businesses/processorterms/

https://privacy.google.com/businesses/processorterms/mccs/

Microsoft Services:

https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

LinkedIn:

https://www.linkedin.com/legal/l/dpa

Vimeo:

https://de-1bbeae2b241b298db.getsmartling.com/data-processing

 

Retention period

Data from visitors to the website is generally stored for as long as is necessary to provide the service or insofar as this has been provided for by the European legislator for directives and regulations or another legislator in laws or regulations to which the person responsible is subject. In all other cases, personal data will be deleted once the purpose has been fulfilled, with the exception of data that must continue to be stored to fulfill legal obligations (e.g. obligations due to tax and commercial law retention periods, documents such as contracts and invoices). . 

Automated Decision Making

Automated decision-making or profiling according to Art. 22 GDPR does not take place. 

Legal basis

The relevant legal bases result primarily from the GDPR. These are supplemented by the national laws of the member states and may apply together with or in addition to the GDPR.

Consent:           Article 6 paragraph 1 letter a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Fulfillment of contract:    Art. 6 (1) b) GDPR serves as the legal basis for processing that is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures that are carried out at the request of the data subject.

Legal obligation:          Article 6 (1) (c) GDPR serves as the legal basis for processing that is required to fulfill a legal obligation.

Vital Interests:       Article 6 (1) (d) GDPR serves as the legal basis if processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest:      Article 6 paragraph 1 letter e) GDPR serves as the legal basis for processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.

Legitimate interest:     Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail, especially when the data subject is a child. 

Rights of the persons concerned

Right to information:          In accordance with Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data relating to them. You can request information about this data as well as the further information listed in Art. 15 Para. 1 DSGVO and a copy of your data.

Right to rectification:    In accordance with Art. 16 GDPR, data subjects have the right to request the correction or completion of the data relating to them and processed by us.

Right to erasure:         Affected persons have the right according to Art. 17 DSGVO to demand the immediate deletion of the data concerning them. Alternatively, you can request us to restrict the processing of your data in accordance with Article 18 GDPR.

Right to data portability:         In accordance with Art. 20 GDPR, data subjects have the right to request the provision of the data they have made available to us and to request their transmission to another person responsible.

Right of appeal:    Affected persons also have the right to complain to the supervisory authority responsible for them in accordance with Art. 77 GDPR.

Right to object:    If personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Article 21 GDPR, insofar as this There are reasons that arise from your particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right of objection, which we will implement without specifying a particular situation.

Instructions for cancellation

Some data processing operations are only possible with the express consent of the persons concerned. You have the option to revoke consent that you have already given at any time without giving reasons. An informal message or e-mail is sufficient for this This email address is being protected from spam bots! To display JavaScript must be turned on. to us. The consent of data processing operations on our online offer can be given in our consent managers be adjusted or revoked directly.

The granting of consent is voluntary and not required for the use of the online offer.

The legality of the data processing carried out before the revocation remains unaffected by the revocation.

External links

On our website you can find links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

amendments

We reserve the right to adapt this data protection information at any time in the event of changes to our online offer and in compliance with the applicable data protection regulations so that they comply with legal requirements.

 This Privacy Policy was created by

German data protection law firm

- Maximilian Musch - 

Contact