Data protection

ART. 13 of the German Data Protection Act (GDPR)

Thank you for visiting our website. We would like to inform you in the subsequent paragraphs about how we handle your data in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Person responsible
The entity named in the imprint is responsible for the data collection and processing described below. 

User data
When you visit our websites, user data is temporarily stored on our web server as a protocol for statistical purposes in order to improve the quality of our websites. This data set consists of

• the page from which the file was requested,
• the name of the file,
• date and time of the request,
• the amount of data transferred,
• the access status (file transferred, file not found),
• the description of the type of web browser used,
• the IP address of the requesting computer, which is abbreviated so that no personal references can be made. 

The above log data is only stored anonymously.

Data transfer to third parties
We transfer your data to service providers who support us in operating our websites and the associated processes within the scope of order processing in accordance with Art. 28 of the GDPR. All our service providers are strictly bound by instructions and contractually obligated to us appropriately. These may include, for example, service providers for hosting or web analytics.

Data transfer to third countries
We sometimes transfer personal data to a third country outside the EU. We have ensured an adequate level of data protection in each case:

In the case of Google Inc. and Meta Platforms Inc. (USA), we have concluded the EU standard contractual clauses and implemented additional technical and organisational measures for data security.

Cookies

Google Analytics
We use the web analysis tool "Google Analytics" to design our websites in line with requirements. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise returning visitors and count them as such. Within the scope of Google Analytics, we are supported by Google Ireland Limited and Google LLC. (USA) as processors according to Art. 28 GDPR. Data processing may therefore also take place outside the EU or EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed due to processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or having legal recourse. Please bear this in mind if you decide to give your consent to our use of Google Analytics. Data processing is based on your consent in accordance with Art. 6 (1) lit. a GDPR, provided you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 (1) lit. a GDPR. You can revoke your consent at any time. The banner can be called up again at any time by clicking on "Cookie settings" in the footer at the bottom right.

Data privacy
In order to protect your data from unauthorised access as thoroughly as possible, we take technical and organisational measures. We use an encryption procedure on our pages. Your details are transferred from your computer to our server and vice versa over the internet using TLS encryption. You can recognise this when the lock symbol is closed in the status bar of your browser and the address line begins with https://.

Meta
This website uses the retargeting technology "Meta Pixel" of the provider Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, provided that you have given your consent via our banner. The banner can be called up again by clicking on ‘Cookie settings’ in the footer at the bottom right. You can revoke your consent there at any time. If you have given your consent, the functions that the pixel performs are saved by corresponding cookies. Furthermore, a direct connection between your browser and the meta server is established via the retargeting tags. Meta thereby receives the information that you have visited our site with your IP address. This allows Meta to associate your visit to our website with your user account. We can use the information obtained in this way to display Meta Ads. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Meta. Further information on this can be found in Meta's privacy policy at https://www.facebook.com/about/privacy/.

LinkedIn
This website uses the retargeting technology "LinkedIn Pixel" of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, provided you have given your consent via our banner. The banner can be called up again by clicking on ‘Cookie settings’ in the footer at the bottom right. You can revoke your consent there at any time. If you have given your consent, the functions performed by the pixel are stored by corresponding cookies. This enables us to display personalized advertisements on LinkedIn to visitors to our website. In addition, LinkedIn will recognize you if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn uses this data to create anonymous reports on the performance of adverts and information on website interaction. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information on this can be found at: https://www.linkedin.com/legal/privacy-policy.

Embedded YouTube videos
On our websites, we embed videos via the third-party provider YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, which are not stored on our servers. To ensure that accessing our web pages with embedded videos does not automatically lead to content from the third-party provider being reloaded, we only display locally stored preview images of the videos in a first step. This does not provide the third-party provider with any information. Only after a click on the preview image is the content of the third-party provider loaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider. The embedding is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO, provided that you have given your consent by clicking on the preview image. You can find further information on "YouTube" data protection in the provider's data protection declaration at: https://policies.google.com/privacy.

Google Maps
On our website, we embed the interactive map service Google Maps from the third-party provider Google Ireland Ltd. in the access-protected area. Google Maps is not stored on our servers. In order to ensure that accessing our website with the embedded map service does not automatically lead to the content of the third-party provider being reloaded, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information. Only after a click on the preview image is the content of the third-party provider loaded. This provides the third party with the information that you have accessed our site as well as the technically necessary usage data. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission to load content from the third-party provider. The embedding is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided you have given this by clicking on the preview image. Please note that the embedding of some map services leads to your data being processed outside the EU or EEA by Google LLC. In some countries (especially the US), there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to seek redress. In this respect, the transfer to an unsafe third country takes place on the basis of your consent pursuant to Art. 49 (1) lit. a GDPR.

Newsletter
On our websites, you can subscribe to a newsletter. Please note that you in order to subscribe, you need to disclose certain data to us (as a minimum, your last name and email address for general communication, and the country where your company is headquartered so that we can find the matching topics/products). We will only send you the newsletter if you expressly consented to receiving it pursuant to Article 6(1)(a) GDPR by checking the box on the bottom left. After successful subscription, we will send you a confirmation email to the address you specified (so-called double-opt-in). You may withdraw your consent at any time. An easy way to withdraw your consent is for example clicking on the 'Unsubscribe' link comprised in every newsletter. After sending the newsletters, we will determine how many recipients open the respective email. In doing so, we will not collect or process any personal data on the specific actions of an individual user. The number of users opening the newsletters is determined on the legal basis of Article 6(1)(f) GDPR. The newsletter form is provided and sent by HubSpot, Inc. (25 First Street, Cambridge, MA 02141 USA). To determine how many users open the newsletters, HubSpot uses a so-called pixel, which is embedded in the email and establishes a connection to the provider's server when the email is opened. The actual pixel is just an image file. Tracking will take place when the email is opened, which downloads the pixel image from the server. This will not store any tracking data or cookies on your device, just an invisible pixel. This pixel does not allow for accessing previously tracked data or the behaviour in the emails. Insofar, HubSpot acts as a processor on our behalf. We concluded a corresponding contract for processing respectively the EU standard contractual clauses with HubSpot. For data transfers to the USA that cannot be ruled out, an adequate level of data protection is also guaranteed due to HubSpot's participation in the EU-U.S. Data Privacy Framework. For more information on HubSpot's privacy policy, go to legal.hubspot.com/de/privacy-policy.

Contact form
You can get in touch with us using our contact form. To use our contact form, you first need to fill in the data items marked as mandatory fields. We will use these data in compliance with Article 6(1)(1)(f) GDPR to respond to your inquiry. In respect of the other fields, it is up to you if you wish to disclose further data to us. This information is voluntary, we do not absolutely need it to contact you. We will process your voluntary information on the basis of your consent. Your data will only be processed to respond to your inquiry. We will erase your data provided they are no longer needed and the erasure does not violate any statutory obligations to preserve records. As far as your data that you transmit via the contact form are processed based on Article 6(1)(1)(f) GDPR, you can object to the processing at any time. You can also withdraw your consent to the processing of the voluntary information at any time. To do this, please contact the e-mail address given in the publishing information.

Raffles
We will use the data you disclose to us in the frame of raffles exclusively for determining and contacting the winners. The legal basis for this is Art. 6 para. 1 lit. b GDPR (necessary for the realisation of the raffle). We will not use your data simultaneously for our own marketing purposes. We will erase these data immediately after prize handover, or previously if you objected to the use of your data. The raffle form is provided and sent by HubSpot, Inc. (25 First Street, Cambridge, MA 02141 USA). Insofar, HubSpot acts as a processor on our behalf. We concluded a corresponding contract for processing respectively the EU standard contractual clauses with HubSpot. For data transfers to the USA that cannot be ruled out, an adequate level of data protection is also guaranteed due to HubSpot's participation in the EU-U.S. Data Privacy Framework. For more information on HubSpot's privacy policy, go to legal.hubspot.com/de/privacy-policy.

HubSpot
On this website, we use the HubSpot software from HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA; European branch: 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500. HubSpot is a comprehensive software solution for various areas of our online marketing, including email marketing, social media publishing & reporting, contact management (such as user segmentation and CRM), landing pages and contact forms. With our login service, visitors of our website can learn more about us, download content, and provide their contact data and other demographic information. These data are saved to the HubSpot servers; we can use the data to communicate with the visitors of our website and to find out which items of our service portfolio could be of interest to them. All information is collected subject to our data protection regulations. It is used exclusively for the purpose of optimising our marketing strategies. For more information on HubSpot's privacy policy »For more information from HubSpot in respect of the EU data protection regulations »For more information on the cookies used by HubSpot, please go to here & here »HubSpot collects and processes data such as geographical position, browser type, navigation information, referral URL, performance data, frequency of use, mobile app data, HubSpot subscription service credentials, files viewed, domain names, pages viewed, aggregated usage, operating system version, internet service provider, IP address, device identifier, duration of visit, application origin, operating system, in-app events, access times, clickstream data and device model and version. We also use HubSpot to provide the contact forms. Your consent according to Article 6(1)(a) GDPR is the legal basis for this type of data processing. You explicitly give your consent by interacting with our emails or website, for example by filling in a contact form or clicking on a link in our emails. This consent is explicitly given by the double-opt-in process. You may withdraw your consent at any time. This can be done either by writing to us, for example by email to [privacy email address], or by clicking on the "Unsubscribe" or "Opt-out" link contained in each of our emails. After receiving the withdrawal of your consent, we will immediately erase the respective data and will not continue to use them for processing. Mandatory legal regulations – in particular retention periods – remain unaffected. In respect of the usage of HubSpot for marketing purposes, we will store your data - unless you object - until you demand their erasure, withdraw your consent to storage, or until the purpose of data storage is no longer applicable (e.g. after we completed the processing of your inquiry). Mandatory legal regulations – in particular retention periods – remain unaffected. In the course of data processing via HubSpot, data may be transferred to the USA. The security of this transfer is guaranteed by so-called standard contractual clauses, which ensure that the processing of personal data corresponds to a level of security that complies with the GDPR. An adequate level of data protection for data transfers to the USA is also guaranteed due to HubSpot's participation in the EU-U.S. Data Privacy Framework.

Your rights as a user
When processing your personal data, the GDPR affords you, as a website user, certain rights:

1 Right of access (Article 15 of the GDPR): 

You have the right to request confirmation regarding whether or not personal data concerning you are being processed. If this is the case, you have the right to be informed about such personal data and receive the information listed in detail in Article 15 of the GDPR.

2 Right to rectification and erasure (Article 16 and 17 of the GDPR): 

You have the right to immediately request the rectification of any inaccurate personal data concerning you as well as the completion of any incomplete personal data, as applicable.

You also have the right to request that personal data relating to you be immediately deleted if one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued.

3 Right to restrict processing (Article 18 of the GDPR): 

You have the right to request the restriction of processing if one of the conditions listed in Article 18 of the GDPR applies, e.g. if you have objected to the processing, for the duration of any review. 

4 Right to data portability (Article 20 of the GDPR):

In certain cases, which are detailed in Article 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, standard and machine-readable format or to request the transfer of this data to a third party.

5 Right to object (Article 21 of the GDPR):

If data is collected based on Article 6, paragraph 1, sentence 1, lit. f (data processing for the protection of legitimate interests), you have the right to object to the processing at any time for reasons relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or if the processing serves the purpose of asserting, exercising or defending legal claims.

6 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR if you are of the opinion that the processing of data concerning you violates data protection regulations. The right to lodge a complaint may in particular be exercised before a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement.

Contact details of the data protection officer
Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection:

Dr. Uwe Schläger
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen, Germany
Web: www.datenschutz-nord-gruppe.de
E-mail: office@datenschutz-nord.de
Telephone: +49 (0)421 69 66 32 0