Data Protection

• Privacy Notice for Visitors to Our Website
• Privacy Notice under Articles 13 and 14 GDPR for Customers and Suppliers

‍

Privacy Notice for Visitors to Our Website

We are pleased about your visit to our website and your interest in our company and services. We respect your privacy and ensure the protection of your personal data by processing your personal data in accordance with the content of this privacy policy and applicable data protection laws.

You may visit our web pages without disclosing your identity. To display our web pages, you are only required to provide the data transmitted from your browser to our server (see “Logfiles”). Other personal data from you will only be stored if you voluntarily enter it on the website or use corresponding functions, e.g. via contact forms or by registering for our newsletter.

Below you will find our privacy provisions for website visitors:

• Contact
• Cookies
• Fan Pages
• Logfiles
• Google Analytics
• Google Ads Conversion Tracking
• Google Tag Manager
• LinkedIn Insight Tag
• LinkedIn Analytics
• Revocation of Consents & Objection
• Your Rights
• Responsible

Contact

You may enter your personal data on our website in order to contact us. Only the fields marked with a star are mandatory. Always required are your email address and telephone number, because we reserve the right to respond to your inquiry either electronically or by phone. The provision of additional data may help in processing your inquiry but is not mandatory (voluntary information). These data are used and stored only with your consent for the purpose of processing your message (Art. 6 (1) lit. a GDPR). Use for other purposes or disclosure to third parties will not occur unless you explicitly agree to it.

For arranging an appointment, we use, with your consent, the application Calendly, a service of Calendly, Inc. (115E Main St., Ste A1B Buford, GA 30518, USA). Please note that when using Calendly, you are subject to the Calendly Terms of Use and Privacy Policy. You also have the option, via the cookie notice specific to Calendly, to view which cookies are used by Calendly and to grant or revoke consent to their use.

To protect against spam and abuse, Calendly uses Cloudflare Turnstile (Cloudflare, Inc., USA). Your IP address is technically processed to detect automated access. This processing is necessary to provide the form function securely (Art. 6 (1) lit. f GDPR) and is not used for analytics or marketing. If data is transferred to the USA, this is on the basis of the EU – U.S. Data Privacy Framework.

Data transfers to Calendly, Inc. (USA) are made on the basis of the adequacy decision of the EU Commission for the EU-U.S. Data Privacy Framework. More information about data processing by Calendly is available at:
https://calendly.com/legal/privacy-notice

Cookies

Cookies are very small text files used by web pages, which your browser stores on your device and which may transmit certain information to us or, in some cases, to a third party.

• Transient (session) cookies are automatically deleted when you close your browser. These include, for example, session cookies, which store a so-called session ID that allows various requests from your browser to be assigned to the same session.
• Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. Unlike transient cookies, they are not deleted just by closing the browser. However, you can also delete them at any time in your browser settings.

Cookies that are absolutely necessary to provide a user-requested service (“essential cookies”) are processed on the basis of our legitimate interest for providing and operating the website (Art. 6 (1) lit. f GDPR and § 25 (2) TTDDG).

Further information about cookies that are set when visiting our website and are required for the technical operation of the site can be found in our cookie banner under the “Essential” category.

If cookies or access to other information on your device are not strictly necessary to provide a specifically requested service, they will be used only if you give your consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDDG). Details about the type of information, purpose, storage duration, and possible recipients of the data are given further in this privacy policy.

You can set your browser to refuse all cookies or to allow only certain ones or to not accept them at all. Please see your browser help system for details. If your browser rejects all cookies, it is possible that not all functions of this website can be used.

Fan Pages

To provide up-to-date information and interact with customers, partners or other interested parties, we operate so-called “fanpages” on social networks. Among them: LinkedIn

The data processing is done by the provider (social media platform). Processing outside the European Union cannot be excluded. The platform provider may provide us with aggregated usage data. We do not have access to personally identifiable data unless you interact beyond simply visiting the fanpage.

The legal basis is Art. 6 (1) lit. f GDPR, unless you have given consent via an opt-in (e.g. checking a box or activating a button). In that case, the legal basis is Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future.

Since data processing occurs through the platform provider, we recommend that for your rights of access, correction, deletion, portability or objection with respect to your fanpage, you primarily contact the social media provider. Of course, we will assist you if required.

In addition, cookies may be set on your device by the social media provider. The purposes and legal bases for these cookies are described under “Cookies” in this privacy policy or in the privacy policies of the platform provider.

Further information:

• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com/legal/privacy-policy
  If data transfers to the LinkedIn Corporation (USA) should occur, this is done under the adequacy decision of the EU Commission for the EU-U.S. Data Privacy Framework.

Logfiles

With each access to our site, we collect the following data about your computer:

• the IP address of your computer,
• the browser request, including request time,
• the status and the amount of data transferred,
• product and version information about the browser and operating system,
• the referring website (referrer).

Your IP address is stored only for the duration of your use of the website and thereafter promptly deleted or anonymized. The other data are stored for a limited time. We use these data for operating our website, in particular to detect and correct errors, determine site usage, and make optimizations or improvements (legal basis: Art. 6 (1) lit. f GDPR).

Google Analytics

This website uses Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use Google Analytics in order to analyze the usage of our website and to regularly improve it. The statistics obtained help us to improve our offering and make it more interesting for users. The legal basis for using Google Analytics is your consent under Art. 6 (1) lit. a GDPR.

Google Analytics uses “cookies,” text files that are stored on your computer and which enable the analysis of your use of the website. Information about the cookies used within the scope of Google Analytics can be found in our cookie banner under the “Statistics” category.

Among other things, the following data are collected: page views, clicks, internal searches, downloads, interactions with videos, technical settings of browser and device (as under “Logfiles”), and your IP address. IP addresses are truncated before further processing to avoid direct personal reference.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports about website activity, and provide further services to the website operator related to website and Internet usage. The IP address transmitted by your browser via Google Analytics will not be merged with other Google data.

You can withdraw your consent for the processing of personal data via Google Analytics at any time. You can also prevent the storing of cookies by suitable settings of your browser software; however, we point out that in such case you may not be able to use all functions of this website fully.

Additionally, you can prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of these data by Google by installing the browser add-on available at http://tools.google.com/dlpage/gaoptout?hl=de or by clicking on the following link to set an opt-out cookie (Opt-Out Cookie).
Google Analytics per Opt-Out Cookie deaktivieren

More information about the purpose and scope of data collection and processing by Google Analytics is available in Google’s privacy policy.
If data transfers to Google LLC (USA) should occur, this is based on the adequacy decision of the EU Commission for the EU-U.S. Data Privacy Framework.

Google AdWords Conversion Tracking

We use the service Google AdWords to draw attention to our offerings via advertisements (so-called Google AdWords) on external websites. We can correlate the data from ad campaigns to assess how successful individual ads are. Our interest is to show you ads that may be of interest, make our website more attractive to you, and to have fair calculation of advertising costs.

These advertisements are delivered by Google via so-called “AdServer.” For this, AdServer cookies are used, through which certain parameters such as the display of ads or user clicks may be measured. If you reach our website via one of our Google ads, a cookie from Google AdWords is stored on your device. Details about the cookies used in the context of Google AdWords Conversion Tracking are available via the cookie notice on our website (under “Statistics”).

These cookies allow Google to recognize your browser. If a user visits particular pages of a website of an AdWords client and the cookie on their device has not expired, Google and the client may detect that the user has clicked on the ad and was redirected to that page. Each AdWords client is assigned a unique cookie. Cookies cannot be tracked across websites of AdWords clients. We ourselves do not collect or process personal data in these advertising measures. We only receive aggregated statistical evaluations from Google. We do not receive personally identifying user data.

Because of these marketing tools, your browser will automatically connect to Google servers. We have no control over the extent or further use of the data collected by Google and thus inform you based on our state of knowledge: by integrating AdWords Conversion Tracking, Google receives information that you visited a part of our website or clicked on one of our advertisements. If you are registered for a Google service, Google may associate your visit with your account. Even if you are not signed in, Google may still obtain your IP address and store it.

You can prevent participation in this tracking in multiple ways:
a) by refusing consent to cookies and data processing for marketing purposes;
b) by setting your browser to block third-party cookies, in particular that will prevent cookies from being stored on your device;
c) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain “**www.googleadservices.com**”;
d) by opting out of interest-based advertising over http://www.aboutads.info/choices (this setting is deleted if you delete cookies);
e) via the plugin provided at http://www.google.com/settings/ads/plugin (Firefox, Internet Explorer, Chrome).
Please note that in such cases not all functions of this website may be fully usable.

The legal basis for the processing of your data is your consent under Art. 6 (1) lit. a GDPR. More information about Google’s privacy practices is available at http://www.google.com/intl/de/policies/privacy.
If a data transfer to Google LLC (USA) should occur, it is based on the adequacy decision of the EU Commission for the EU-U.S. Data Privacy Framework.

Google Tag Manager

This website uses Google Tag Manager, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This service allows the management of components used on the website. It is possible that those managed components process personal data or set cookies which require consent. Information about data processing by these components can be found in this privacy policy.

The Google Tag Manager itself does not collect personal data. It also does not access the content of the managed components, nor does it itself set or process cookies.

LinkedIn Insight Tag

With your consent, this website uses the LinkedIn Insight Tag, an application of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The cookies associated with Insight Tag collect data such as your IP address, device and browser properties, URL, and referrer URL. We do not control LinkedIn’s data processing. If you are logged into LinkedIn with a user account, LinkedIn may associate your browsing behavior with your account. LinkedIn may store your data as a usage profile and use it, e.g. for advertising.

We use LinkedIn Insight Tags to analyze usage of our website and improve it. LinkedIn provides us with non-personal aggregated reports of the audience of our website and ad performance. The legal basis is your consent under Art. 6 (1) lit. a GDPR. Information about cookies used by LinkedIn is available in the cookie banner under “Marketing.”

If data transfers to the LinkedIn Corporation (USA) occur, they are based on the adequacy decision of the EU Commission for the EU-U.S. Data Privacy Framework.

More information:

• LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

LinkedIn Analytics

Our website uses LinkedIn features. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Each time a page containing LinkedIn functions is retrieved, a connection to LinkedIn servers is established. LinkedIn is thereby informed that you have visited our pages with your IP address. If you are logged into LinkedIn, the visit may be associated with your user account. With LinkedIn Analytics, the profile visits and interactions may be evaluated (e.g. how often downloads or registrations occurred).

These analyses are done with your consent (Art. 6 (1) lit. a GDPR). The cookies listed in our cookie banner under “Marketing” may be used. More details can be found there.

More info:

• LinkedIn’s privacy details: https://www.linkedin.com/legal/privacy-policy

If data transfers to LinkedIn Corporation (USA) occur, it is under the EU-U.S. Data Privacy Framework adequacy decision.

Revocation of Consents & Objection to Data Processing

If you have provided consents, you may revoke them at any time with effect going forward.

If we base data processing on a balancing of interests (Art. 6 (1) lit. f GDPR), you can object to that processing. If you object, please provide the reasons why we should not process your personal data as we did. Upon such objection, we will review the situation and either stop or adjust processing, or show you our compelling legitimate grounds for further processing.

You can send the revocation or objection to us via the contact details under “Controller.”

You may also object to processing for advertising or data analysis purposes at any time.

Your Rights

You have the following rights with respect to your personal data:

• Right of access
• Right to correction or deletion
• Right to restriction of processing
• Right to object to processing
• Right to data portability

You also have the right to lodge a complaint with a data protection supervisory authority about how your personal data is processed by us.

Responsible

These privacy notices apply to data processing by:
InformMe GmbH
Weihenstephaner Straße 12, Design Offices, 81673 Munich
Email: kontakt@informme.info

Data Protection Officer: datenschutzanfragen@xdsb.de
or via postal address with “Data Protection Officer” added

‍

Privacy Notice under Art. 13 & 14 GDPR for Customers and Suppliers

With the following information, we would like to give you an overview of the personal data we process and inform you about your rights under data protection law.

Contents

• Responsible and Data Protection Officer
• Sources of Personal Data
• Purposes and Legal Basis of Processing
• Recipients of Personal Data
• Transfer to Third Countries or International Organisations
• Storage Duration of Data
• Rights of Data Subjects
• Obligation to Provide Data
• Automated Decision-Making or Profiling

Responsible and Data Protection Officer

These privacy notices apply to the processing of personal data by:

InformMe GmbH
Weihenstephaner Straße 12, Design Offices, 81673 Munich
Email: kontakt@informme.info

Data Protection Officer: datenschutzanfragen@xdsb.de
or by post at the above address with the addition “Data Protection Officer”

Sources of Personal Data

We process personal data that we obtain from business relationships (e.g. with customers or suppliers) or from inquiries to our company.
Such data are usually provided directly by the contracting party or by the inquiring person.
Personal data may also originate from public sources (e.g. commercial registers) if the processing of such data is lawful.
In some cases, data may also have been lawfully transmitted to us by other companies.
Depending on the individual case, we may also store our own information (e.g. in the course of an ongoing business relationship).

Depending on the case, this may include:

• Master data (e.g. name, address)
• Contact data (e.g. telephone number, email address)
• Contract and billing data required to fulfill our contractual obligations
• Data necessary to process an inquiry
• Creditworthiness data
• Marketing and sales data
• Other data from comparable categories

Purposes and Legal Basis of Processing

We process personal data in compliance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

a) Performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR)
We process personal data primarily to fulfill contractual obligations and to provide related services, or in the context of contract initiation (e.g. preparing offers or conducting negotiations).
The specific purpose depends on the product or service to which the business relationship or contract initiation relates.

b) Compliance with legal obligations (Art. 6 (1) (c) GDPR)
In many cases, we are legally required to collect certain personal data and to transmit them to designated public authorities.
For example, we must provide the tax authorities with the personal data required under applicable tax laws for assessment purposes.

c) Legitimate interests (Art. 6 (1) (f) GDPR)
In addition, we process personal data to pursue our legitimate interests, including:

• Responding to general inquiries about our products or services
• Credit checks via credit agencies to assess default risk
• Marketing or market research
• Video surveillance to protect property rights at our premises
• Assertion of legal claims and defense in legal disputes
• Ensuring IT operations and IT security
• Implementing building and facility security measures (e.g. access control)
• Improving internal business processes and optimizing products

We may also use communication systems (e.g. video conferencing, chat tools, etc.) for communication.
Depending on the context, your contact details, messages, and possibly image and sound data may be processed.
Recordings are made only with your explicit consent.
Please also refer to the privacy policies of the respective tool providers.

d) Consent (Art. 6 (1) (a) GDPR)
In some situations, processing your personal data is not mandatory and takes place only with your consent.
In these cases, we inform you of this fact, the voluntary nature of the consent, and your right to withdraw consent at any time with future effect.
This applies, for example, to:

• Certain data processing activities on our website (see our website’s Privacy Policy)
• Certain marketing activities (if marketing consent is legally required)

Recipients of Personal Data

In general, access to your data is limited to persons or departments that need them to fulfill contractual or legal obligations (“need-to-know” principle).
This also includes service providers and agents who act on our behalf and/or are bound to handle data confidentially.

In some situations, we transmit your data to:

• Public authorities (e.g. tax authorities) where a legal obligation exists
• Other companies as part of contract execution, a balancing of interests, or based on your consent – such as:
  • Companies involved in the performance of our services
  • Logistics partners
  • Marketing service providers
  • Credit agencies
  • Banks
  • Accountants or tax consultants
  • Lawyers

Transfer to Third Countries or International Organisations

We may transfer personal data to recipients located in countries outside the European Union (“third countries”) if this is necessary for the performance of business relationships, legally required, or you have given consent.

We also use or may use service providers that are based in a third country or whose own subcontractors are located in a third country.

A data transfer to a third country is permissible under Art. 45 GDPR if the European Commission has determined that the country ensures an adequate level of protection.
If no such decision exists, a transfer is permissible under Art. 46 GDPR, provided appropriate safeguards (e.g. standard contractual clauses issued by the European Commission) are in place and enforceable rights and effective legal remedies are available to data subjects.

We cooperate only with third-country entities that meet these criteria.

Storage Duration of Data

We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations.
If storage of the data is no longer necessary, the data are deleted unless statutory retention obligations apply – for example:

• Commercial or tax retention obligations under the German Fiscal Code (AO) or the German Commercial Code (HGB) — 6 or 10 years, and
• Preservation of evidence during statutory limitation periods.

Rights of Data Subjects

You have the following rights regarding your personal data:

• Right of access
• Right to rectification or erasure
• Right to restriction of processing
• Right to object to processing
• Right to data portability

You also have the right to lodge a complaint with a data protection supervisory authority about how we process your personal data.

Alternatively, you may contact our Data Protection Officer directly (confidentially if you wish).

If you have given consent (Art. 6 (1) (a) GDPR), you may withdraw it at any time with effect for the future.

Where processing is based on legitimate interests (Art. 6 (1) (f) GDPR), you may object to the processing of your personal data.
Please state the reasons why we should not process your data as we have done.
We will then examine your objection and either stop or adjust processing or demonstrate compelling legitimate grounds that override your interests.

You can object to the processing of your personal data for advertising purposes at any time.

Obligation to Provide Data

In the course of performing or initiating a contract, you must provide the personal data required to fulfill the contract, carry out pre-contractual measures, or meet legal obligations.
Without these data, we cannot conclude or execute a contract with you.

Where data collection is based on consent, providing your data is voluntary.
If you do not give consent, we will not be able to provide services or features based on such consent.
You can withdraw your consent at any time with effect for the future.

Automated Decision-Making or Profiling

No automated decision-making or profiling takes place.