Privacy Policy & Cookies

Protecting your privacy is important to us. We process your data only in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and any other applicable data protection provisions, in particular the German Federal Data Protection Law (BDSG). Naturally, all data is treated confidentially. In the following information on our Privacy Policy, we would like to explain to you in detail how your data is processed if you use our websites.

1. General information regarding the collection of personal data

The collection, processing and use of personal data for the use of our website is generally limited to the extent necessary and will collect, process and use only the required data. Personal information refers to all data that can be directly related to you personally, e.g. your name, address, e-mail addresses, user behavior. In addition, we apply the widely-used secure-socket layer (SSL) process in combination with the respectively highest encryption level that your web browser supports. This is usually a 256 bit encryption. If your browser does not support a 256 bit encryption, we will use a 128 bit v3 technology instead. You can see by the closed key or lock symbol in your browser’s lower status bar whether individual pages on our website are transmitted in encrypted format or not.

Controller

The responsible body (controller) for the collection, processing and use of your personal data in accordance with Art. 4 para. 7 GDPR is:

Violetta Krok

VK Business Communication Solutions

Phone: 0049-731-2901160

E-mail: info@vk-bcs.com

2. Purposes and legal bases for the processing of your personal information and additional information relating to the specific data processing

2.1 General processing of our business partners’ information

2.1.1 Description and scope of data processing

We store your personal information (e.g. email, address, postal address, phone number, etc.) in order to handle our business relationships with our business partners (customers, other business partners). The personal information that we collect for this purpose is used internally in those departments that are responsible for handling our business relationships.

This information may be combined with other data that you provide to us as part of orders, queries and business communications through other means (fax, postal mail, phone, etc.) and stored.

2.1.2 Purposes of data processing

We process your personal information for purposes that are respectively required for the fulfilment of the requirements of our business relationship, such as for the following purposes:

Creation of service offers to customers
Determination of your individual prices
Contract negotiations
Clarification of all technical aspects of products and services as part of the business relationship
Payment transactions
General business correspondence with you

We may also use service providers (e.g. banks for the processing of payment transactions), if required. We will only disclose your data to such third parties as required for the performance of these tasks.

Our legitimate interest in employing third party service providers is based on our desire to provide our services very efficiently and effectively and thus as quickly and cost-effectively as possible. Third parties to whom we disclose the personal information of our business partners are obliged to adhere to the provisions of our Privacy Policy.

We reserve the right to provide your personal information to third party service providers for credit checks to safeguard our legitimate interest in securing our receivables. These credit agencies will provide us with information about your payment history and a credit evaluation. This information will enable us to evaluate our business relationship and will be used by us for decisions about providing services and to protect ourselves against payment defaults.

2.1.3 Legal bases of data processing

The legal basis for the data processing is Art. 6 (1) (1) a and f GDPR. The data processing is based on your binding consent and our legitimate interest. Our legitimate interests arise from the aforementioned purposes for the collection of data. If the specific goal of a business relationship is the conclusion of a contract, then Art. 6 (1) (1) b GDPR forms an additional legal basis for the processing.

2.1.4 Duration of data retention

We retain your personal information for the duration of our business relationship or in accordance with legally stipulated retention periods.

2.2 Visits to our websites

2.2.1 Description and scope of data processing

Each time our website is called up, our systems automatically collect data and information from the calling computer’s operating system (personal data that your browser transmits to us). This is also the case if you do not register with us or transmit data to us by actively entering any type of information. The following data is collected during each visit of our website:

The user’s IP-address
Date and time of the query or access
Time zone difference to Greenwich Mean Time (GMT)
Content of the query (specific page)
Access status/HTTP status code
The respectively transmitted data amount
Website from which the request originated (from which the user’s system was transferred to our website)
Website that is called up by the user’s system via our website
Information regarding the browser type and the used version
Operating system and its interface
Language and version of the browser software

These types of data are stored in our system’s log files. They are not stored together with any other of your personal information.

2.2.2 Purposes of data processing

The aforementioned data, particularly the IP-address, is generally only stored temporarily for the duration of the session by our systems and is only required for the proper functioning and display of the website. Your data is also processed to evaluate and continuously ensure system security and stability as well as for other administrative purposes.

To the extent that your data is stored in our log files, this also only serves to ensure the proper functioning of our website. The data also helps us to optimize and ensure the security of our IT systems.

Your data is not evaluated for marketing purposes in this context.

2.2.3 Legal bases of data processing

The legal basis for the data processing and temporary storage of your personal information is Art. 6 (1) (1) f GDPR. Our legitimate interests arise from the aforementioned purposes for the collection of data.

2.2.4 Duration of data retention

Your data is deleted as soon as it is no longer necessary to achieve the aforementioned purposes. In the context of data collection to ensure the proper presentation of our website, the data is deleted when the session ends.

If your data is stored in the log files, it is deleted at the latest seven days after it was stored. Storage of data beyond this period is only possible in exceptional cases, e.g. if required for technical reasons or to improve our systems. In this case, the users’ IP addresses are deleted or pseudonymized to ensure that an assignment to the respective user is no longer possible.

2.2.5 Option to object or erase

The collection of your data to provide you with a functioning website and the potential storage in the log files is required for the operation of the website.

It is therefore not possible to object to the collection of this data.

2.3 Contact form, e-mail contact

2.3.1 Description and scope of data processing

We have integrated a contact form on our website via which you can contact us. When you use the contact form, the information entered into the entry screen is transmitted to us and stored:

Required: E-mail address […]
Voluntary: Last name, First name […]

In addition, your IP address and the date and time of your query are stored. Your consent to the processing of the data is obtained as part of the submission process and this Privacy Policy is referenced.

You can also contact us via the e-mail addresses provided by us. In this case, we store and further process the personal data transmitted to us in your e-mail, particularly to process your query or the reason for which you contacted us.

Personal data is not forwarded to third parties. The information is exclusively used to process our conversation with you.

2.3.2 Legal basis of data processing

The legal basis for the data processing when the contact form is used is your consent in accordance with Art. 6 (1) (1) a GDPR.

The legal basis for the data processing when we receive an email is Art. 6 (1) (1) a and f GDPR. The data processing is based on your binding consent and our legitimate interest. If the goal of the e-mail contact is to conclude a contract, Art. 6 (1) (1) b GDPR forms an additional legal basis for the processing.

2.3.3 Purposes of data processing

The processing of personal data from the entry screen or the e-mail sent to us is only meant for the processing of your contact with us. In the event that you contact us via e-mail, it shows the required legitimate interest in our processing of data. All other personal data processed during the mailing process is used to prevent misuse of the contact form and to ensure the safety of our IT systems.

2.3.4 Duration of data retention

We will delete the data as soon as we no longer need it for the presented purposes. This is the case for the personal data from the entry screen of the contact form and the data transmitted via e-mail if the respective conversation with you has been concluded. As a rule, a conversation is ended if circumstances indicate that the reason for which you contacted us has been conclusively clarified.

Any additional collected data from the submission process is deleted after seven days at the latest.

2.3.5 Option to object or erase

You have the option to revoke your consent to the processing of your personal data at any time. If you contact us via e-mail, you can object to the storage of your personal data at any time. In such a case, we may not be able to continue the conversation with you. All personal data that was stored as part of you contacting us will be deleted in this case.

2.4 Electronic newsletter

2.4.1 Description and scope of data processing

When sending out our electronic newsletter to which you can subscribe, we process the following of our personal data:

Required: E-mail address
Voluntary: Last name, First name […]

The submission of your e-mail address is required so we can send you our electronic newsletter. Any processing of your additional personal information serves to personalize this contact and our offerings and information and is voluntary.

2.4.2 Purposes of data processing

We process your e-mail address to be able to contact you when we send you our electronic newsletter, to provide you with information about current events and any current developments as well as to maintain our contractual relationship with you. We also use this data to send you e-mail ads if we received your e-mail address in relation to our products and services, for advertising about similar products and services that we offer.

2.4.3 Legal bases of data processing

We will on principle always ask for your consent before we will start sending you our newsletter. For this, we will use the double-opt-in procedure. We will send you an e-mail after you subscribed to our newsletter, where we request your confirmation that you would like to subscribe to our newsletter. If you do not confirm within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses that were used and the times of the registration and confirmation. The purpose of this process is to evidence your registration and to be able to detect a potential misuse of your personal data.

If we do not already process your data based on your explicit consent in exceptional cases, your personal data will be only processed as required to safeguard our legitimate interests or the legitimate interests of third parties and your interests or basic rights and basic freedoms that require the protection of your personal data do not take precedence (Art. 6 (1) (1) f GDPR).

2.4.4 Duration of data retention

We will delete the data as soon as we no longer need it for the described purposes. We will store your personal data for advertising and information purposes, i.e. the transmission of information and service offerings, for max. one year after the last relevant contact with you. A relevant contact has occurred, for example, if reciprocal verbal, telephone or written communication has taken place between us and you.

2.4.5 Option to object or erase

You can revoke your consent at any time and thus unsubscribe from receiving information about our current and future products, services or other information about us. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by notifying us via e-mail to [insert e-mail address] or by sending a notice to our indicated contact information. If you revoke your consent to our use of your data, we will no longer send you any advertising messages.

2.5 General information regarding cookie use

Cookies are placed on your computer when you visit and use our website. Cookies are small text files which are stored in the internet browser or by the internet browser on the user’s computer. If a user calls up a website, a cookie may be stored in the operating system of the user. This cookie contains a characteristic set of characters that enable a unique identification of the browser during a repeat visit of the website.

Some of these cookies are essential, i.e. they are required for the proper technical operation of our website. Other cookies are used for statistical purposes or the analysis of all accesses to our website or for marketing purposes or to offer you the use of external media. Both temporary or session cookies and permanent cookies are used. Temporary cookies are erased as soon as you exit your browser. Permanent cookies are retained over a longer period of time, but can be manually deleted at any time. Some of the cookies are placed by third parties.

The legal basis for the use of essential cookies is Art. 6 (1) (1) f GDPR, and for the use of all additional cookies the legal basis is your consent according to Art. 6 (1) (1) a GDPR. If we do not already process your data based on your explicit consent, your personal data will be only processed as required to safeguard our legitimate interests or the legitimate interests of third parties and your interests or basic rights and basic freedoms that require the protection of your personal data do not take precedence.

In addition to the present information in our Privacy Statement, you can find detailed information regarding the use of the respective cookies, and particularly their purpose, respective function duration and to what extent they are placed by third parties or to what extent third parties have access to the data collected by the cookies, in the “Cookie Settings” [insert active link]. Depending on the category of the cookies used, you will also find detailed information regarding the legal bases for the respective data processing.

You can consent to each cookie category individually; and you can also change your respective individual consent at any time on the sub-page “Cookie Settings” [insert active link here] or revoke your consent by notifying us.

2.6 External links

If links on our webpages lead to the websites of other providers or partners, our Privacy Policy does not apply to their contents. We have no influence on the compliance with legal data protection provisions by these external providers. You can find information regarding the data privacy or protection by the operators of these pages on the respective websites.

3. Transfer of your data to third parties

We do not disclose personal data to companies, organizations or persons outside of our company, except in the following circumstances:

3.1 With your consent

We do not disclose personal data to companies, organizations or persons outside of our company, unless you gave us your explicit consent.

3.2 Processing by third parties

We may transfer your personal data to third party business partners, including trusted companies and persons that will process the data on our behalf. This shall always be based on our instructions and in accordance with our Privacy Policy and other appropriate confidentiality and security measures.

3.3 For legal reasons

We will transfer your personal data to companies, organizations and persons outside of our company if we can assume according to our best knowledge and belief that access to this data or its use, storage or transfer is reasonably necessary to comply in particular with applicable laws, regulations or legal processes or to comply with an executable order of a public authority.

4. Transfer of your data to a third country or international organization

If not explicitly mentioned as part of this Privacy Policy, your personal data is not transferred to third countries or international organizations.

5. Automated decision-making

Automated decision-making does not occur.

6. Integration of social media plug-ins

6.1 Integration of LinkedIn

6.1.1 Description and scope of data processing

Our website uses a LinkedIn social media plug-in. You can recognize the plug-in and its provider via the marking on the box and the initial letter or the logo.

We use the so-called two-click solution. If you visit our page, no personal data is initially transmitted to the provider of the plug-ins or third parties. The plug-in provider will only receive the information that you called up the respective website of our online offering if you click on the highlighted field and activate it. In this case, the information collected during your visit of our website is transmitted to the third party. As the plug-in provider collects information via cookies, we recommend reviewing the cookie settings via your browser’s security settings and deleting all cookies before clicking on the provider button.

We would like to point out that the transmission of data to the plug-in provider takes place irrespective of whether you have an account with the plug-in provider and/or are logged in there. If you are logged in to your account with the plug-in provider, your data collected on our website is directly assigned to your account with the plug-in provider. If you press the activated button and, e.g., create a link to the page, the plug-in provider will also store this information in your user account and may let your contacts publicly know.

6.1.2 Purposes of data processing

The transmission of data to the plug-in provider serves to facilitate the use of the plug-in provider’s websites. Via the plug-ins, we offer you the opportunity to interact with social networks and other users which allows us to improve our service offering and make it more interesting for you as a user.

6.1.3 Consent to the transmission of personal data to a third country

Subject to legal or contractual permissions, personal data may only be processed in a third country if the special requirements of Art. 44 et seqq. GDPR are fulfilled. Data transmission is accordingly permitted if the European Commission has determined in a resolution within the meaning of Art. 45 (1), (3) GDPR that the respective third country provides an adequate level of data protection. The European Commission certifies to third countries by means of so-called adequacy decisions that they possess a level of data protection that is comparable to the recognized standard in the European Economic Area (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

If data transfer occurs between the U.S. and the EU in exceptional cases, it must be pointed out that no such adequacy decision exists for the U.S. For this reason, other guarantees must generally exist to receive assurance that sufficient data protection is ensured in the U.S. This would be possible through binding corporate policies, standard contract clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.

Although LinkedIn has submitted to the respective standard contractual clauses of the European Commission, U.S. companies are still obligated to surrender personal data to security authorities without you as data subject being able to take legal action against this. It can therefore not be excluded that U.S. authorities (e.g. secret service-type organizations) will process, analyze and permanently store your data which is located on servers in the U.S. We have no control over these processing activities. You may also not be able to assert or enforce your right to information against LinkedIn on a sustained basis. Furthermore, the technical and organizational measures for the security of personal data at LinkedIn quantitatively and qualitatively may not fully correspond to the GDPR requirements.

There is therefore a possibility that the standard contractual clauses of the European Commission used by LinkedIn do not represent sufficient guarantees within the meaning of Art. 46 (2) a GDPR.

By consenting to data collection by LinkedIn, you expressly consent to the data transfer presented herein and you have been informed above about the potential risks of such data transfer without the existence of an adequacy decision and without suitable guarantees.

You can revoke your consent at any time. The lawfulness of the data processing that occurred before the revocation on the basis of consent remains unaffected by the revocation.

6.1.4 Legal basis of data processing

Legal basis is your explicit and voluntary consent to the processing of your personal data pursuant to Art. 6 (1) (1) a GDPR with regard to the purposes listed under the item “Purposes of data processing”.

6.1.5 Duration of data retention; option to object or erase

The cookies we placed will be stored on your computer and the computer will transmit them to our page. For this reason you have control over the cookie use. By changing the settings in your internet browser, you can disable or restrict the cookie transmissions. You can delete cookies that are already stored on your computer at any time. If you disable the use of cookies for our website or delete already placed cookies, you may not be able to fully use all functions of our website.

6.1.6 Purposes and legal basis of data processing, duration of data retention, option to object or erase with the plug-in provider

We have no control over the collected data and the data processing, and we are not aware of the full scope of the data collection, the purposes of the processing and the retention periods. We also have no information regarding the deletion of the collected data by the plug-in provider. The plug-in provider may be storing the data collected as user profiles and use it for advertising purposes, market research and/or a customized website design. This type of analysis (also performed for users who are not logged in) is carried out to display advertising tailored to the respective user and to inform other users of the social network about your activities on our website. You have the right to object against the creation of these user profiles. To execute your right to object you will need to contact the respective plug-in provider. For further information regarding the purpose and scope of the data collection and its processing by the plug-in provider please refer to the provider’s privacy policy. There you will also find additional information regarding your respective rights and setting options to protect your privacy.

6.1.7 Other information

Further information on the purpose and scope of the data collection and processing and your respective rights and setting options to protect your privacy can be obtained from: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, and can be found under https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

6.2 Integration of XING

6.2.1 Description and scope of data processing

Our website uses a XING social media plug-in. You can recognize the plug-in and its provider via the marking on the box and the initial letter or the logo.

6.2.2 Purposes of data processing

6.2.3 Legal bases of data processing

If you have given your consent, the legal basis for the processing of data is Art. 6 (1) (1) a GDPR, and for the protection of our legitimate interests it is Art. 6 (1) (1) f GDPR; our legitimate interests follow from the data processing purposes presented herein.

6.2.4 Duration of data retention; option to object or erase

6.2.5 Purposes and legal basis of data processing, duration of data retention, option to object or erase with the plug-in provider

6.2.6 Other information

Further information on the purpose and scope of the data collection and processing and your respective rights and setting options to protect your privacy can be obtained from: Xing AG, Gänsemarkt 43, 20354 Hamburg. Additional information on the Xing social plug-ins can be obtained under: http://www.xing.com/privacy.

6.3 Integration of YouTube

6.3.1 Description and scope of data processing

Our website uses a YouTube social media plug-in. You can recognize the plug-in and its provider via the marking on the box and the initial letter or the logo.

6.3.2 Purposes of data processing

6.3.3 Consent to the transmission of personal data to a third country

Although Google has submitted to the respective standard contractual clauses of the European Commission, U.S. companies are still obligated to surrender personal data to security authorities without you as data subject being able to take legal action against this. It can therefore not be excluded that U.S. authorities (e.g. secret service-type organizations) will process, analyze and permanently store your data which is located on servers in the U.S. We have no control over these processing activities. You may also not be able to assert or enforce your right to information against Google on a sustained basis. Furthermore, the technical and organizational measures for the security of personal data at Google quantitatively and qualitatively may not fully correspond to the GDPR requirements.

There is thus a possibility that the standard contractual clauses of the European Commission used by Google do not represent sufficient guarantees within the meaning of Art. 46 (2) a GDPR.

By consenting to data collection by Google, you expressly consent to the data transfer presented herein and you have been informed above about the potential risks of such data transfer without the existence of an adequacy decision and without suitable guarantees.

You can revoke your consent at any time. The lawfulness of the data processing that occurred before the revocation on the basis of consent remains unaffected by the revocation.

6.3.4 Legal basis of data processing

Legal basis is your explicit and voluntary consent to the processing of your personal data for presentation and advertising purposes pursuant to Art. 6 (1) (1) a GDP.

6.3.5 Duration of data retention; option to object or erase

6.3.6 Purposes and legal basis of data processing, duration of data retention, option to object or erase with the plug-in provider

6.3.7 Other information

Further information on the purpose and scope of the data collection and processing and your respective rights and setting options to protect your privacy can be obtained from: Google Ireland Limited Gordon House, Barrow Street Dublin 4 as well as under https://policies.google.com/privacy?hl=de.

6.4 Integration of Facebook

6.4.1 Description and scope of data processing

Our website uses a Facebook social media plug-in. You can recognize the plug-in and its provider via the marking on the box and the initial letter or the logo. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland (hereinafter “Meta”).

6.4.2 Purposes of data processing

6.4.3 Consent to the transmission of personal data to a third country

Subject to legal or contractual permissions, personal data may only be processed in a third country if the special requirements of Art. 44 et seqq. GDPR are fulfilled. Data transmission is accordingly permitted if the European Commission has determined in a resolution within the meaning of Art. 45 (1), (3) GDPR that the respective third country provides an adequate level of data protection. The European Commission certifies to third countries by means of so-called adequacy decisions that they possess a level of data protection that is comparable to the recognized standard in the European Economic Area (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

Although Meta has submitted to the respective standard contractual clauses of the European Commission, U.S. companies are still obligated to surrender personal data to security authorities without you as data subject being able to take legal action against this. It can therefore not be excluded that U.S. authorities (e.g. secret service-type organizations) will process, analyze and permanently store your data which is located on servers in the U.S. We have no control over these processing activities. You may also not be able to assert or enforce your right to information against Meta on a sustained basis. Furthermore, the technical and organizational measures for the security of personal data at Meta quantitatively and qualitatively may not fully correspond to the GDPR requirements.

There is thus a possibility that the standard contractual clauses of the European Commission used by Meta do not represent sufficient guarantees within the meaning of Art. 46 (2) a GDPR.

By consenting to data collection by Meta, you expressly consent to the data transfer presented here and you have been informed above about the potential risks of such data transfer without the existence of an adequacy decision and without suitable guarantees.

You can revoke your consent at any time. The lawfulness of the data processing that occurred before the revocation on the basis of consent remains unaffected by the revocation.

6.4.4 Legal bases of data processing

6.4.5 Duration of data retention; option to object or erase

6.4.6 Purposes and legal basis of data processing, duration of data retention, option to object or erase with the plug-in provider

We have no control over the collected data and the data processing, and we are not aware of the full scope of the data collection, the purposes of the processing and the retention periods. We also have no information regarding the deletion of the collected data by the plug-in provider. The plug-in provider may be storing the data collected as user profiles and use them for advertising purposes, market research and/or a customized website design. This type of analysis (also performed for users who are not logged in) is carried out to display advertising tailored to the respective user and to inform other users of the social network about your activities on our website. You have the right to object against the creation of these user profiles. To execute your right to object you will need to contact the respective plug-in provider. For further information regarding the purpose and scope of the data collection and its processing by the plug-in provider please refer to the provider’s privacy policy. There you will also find additional information regarding your respective rights and setting options to protect your privacy.

6.4.7 Other information

Further information on the purpose and scope of the data collection and processing and your respective rights and setting options to protect your privacy can be obtained from:

Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland and under https://about.facebook.com/actions/protecting-privacy-and-security/, https://www.facebook.com/policy.php/

7. Integration of Google Analytics

7.1.1 Description and scope of data processing

This website uses Google Analytics, a web analysis service of Google Ireland Limited Gordon House, Barrow Street Dublin 4 (hereinafter: Google). Google Analytics uses cookies which permit an analysis of your use of our website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the USA and stored there. If you activate the IP anonymization on this website, Google will first shorten (anonymize) your IP address within the European Union Member States or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google uses this information on the operator’s behalf to analyze your use of this website to put together reports about website activities and to provide additional services to the website operator in relation to website use and internet use.
The IP address which is transmitted by your browser as part of Google Analytics is not combined with any other Google data.
It is possible to prevent cookie storage with a respective browser software setting; we would like to point out that in this case, however, you may not be able to use all functions of this website. A further option to prevent the collection and processing of the data generated by the cookie in relation to your use of the website (incl. your IP address) by Google is to download and install the browser plug-in available under this link: http://tools.google.com/dlpage/gaoptout?hl=de.
Google Analytics is used with the extension “_anonymizeIp()” on this website. As a result, the IP addresses are further processed in shortened form and any references to real persons can be excluded. To the extent that the data collected about you has a personal reference, it will be immediately excluded and the personal data is immediately deleted.

7.1.2 Purpose of data processing

We use Google Analytics to be able to analyze and continuously enhance our website. With the resulting statistics we can improve our offering and make it more interesting for you.

7.1.3 Consent to the transmission of personal data to a third country

Subject to legal or contractual permissions, personal data may only be processed in a third country if the special requirements of 44 et seqq. GDPR are fulfilled. Data transmission is accordingly permitted if the European Commission has determined in a resolution within the meaning of Art. 45 (1), (3) GDPR that the respective third country provides an adequate level of data protection. The European Commission certifies to third countries by means of so-called adequacy decisions that they possess a level of data protection that is comparable to the recognized standard in the European Economic Area (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).
If data transfer occurs between the U.S. and the EU in exceptional cases, it must be pointed out that no such adequacy decision exists for the U.S. For this reason, other guarantees must generally exist to receive assurance that sufficient data protection is ensured in the U.S. This would be possible through binding corporate policies, standard contract clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.
Although Google has submitted to the respective standard contractual clauses of the European Commission, U.S. companies are still obligated to surrender personal data to security authorities without you as data subject being able to take legal action against this. It can therefore not be excluded that U.S. authorities (e.g. secret service-type organizations) will process, analyze and permanently store your data which is located on servers in the U.S. We have no control over these processing activities. You may also not be able to assert or enforce your right to information against Google on a sustained basis. Furthermore, the technical and organizational measures for the security of personal data at Google quantitatively and qualitatively may not fully correspond to the GDPR requirements.
There is thus a possibility that the standard contractual clauses of the European Commission used by Google do not represent sufficient guarantees within the meaning of Art. 46 (2) a GDPR.
By consenting to data collection by Google Analytics, you expressly consent to the data transfer presented herein and you have been informed above about the potential risks of such data transfer without the existence of an adequacy decision and without suitable guarantees.
You can revoke your consent at any time. The lawfulness of the data processing that occurred before the revocation on the basis of consent remains unaffected by the revocation.

7.1.4 Legal basis of data processing

Legal basis is your explicit and voluntary consent to the processing of your personal data pursuant to Art. 6 (1) (1) a GDPR with regard to the purposes of the analysis and statistics relating to user behavior by Google Analytics.

7.1.5 Other information

Further information on the purpose and scope of the data collection and processing and your respective rights and setting options to protect your privacy can be obtained from: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms: http://google.com/analytics/terms/de.html, and privacy policy: http://www.google.de/intl/de/policies/privacy.

8. Integration of Microsoft Teams

8.1 Description, scope and purpose of data processing

We use, among other things, the conference tool Microsoft Teams for communication with our customers. The software provider is Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399, USA (“Microsoft”).

Microsoft collects all data that you provide/use for the use of the tools (e-mail address and/or your telephone number). Microsoft additionally collects data on the duration of the conference, start and end (times) of conference participation, number of participants and other “context data” in relation to the communicational process (meta data). Microsoft also processes all technical data required for the processing of online communication. This includes in particular IP addresses, MAC addresses, device IDs, device types, operating system type and version, client version, camera type, microphone or speaker type and type of the connection. If contents are exchanged, uploaded or provided in any other manner within Microsoft Teams, these are also stored on Microsoft servers. These contents include in particular cloud records, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of Microsoft Teams. Please note that we do not have full control over the data processing performed by the tools used.

8.2 Consent to the transmission of personal data to a third country

Subject to legal or contractual permissions, personal data may only be processed in a third country if the special requirements of Art. 44 et seqq. GDPR are fulfilled. Data transmission is accordingly permitted, if the European Commission has determined in a resolution within the meaning of Art. 45 (1), (3) GDPR that the respective third country provides an adequate level of data protection. The European Commission certifies to third countries by means of so-called adequacy decisions that they possess a level of data protection that is comparable to the recognized standard in the European Economic Area (a list of these countries and a copy of the adequacy decisions can be found here:

http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

If data transfer occurs between the U.S. and the EU in exceptional cases, it must be pointed out that no such adequacy decision exists for the U.S. For this reason, other guarantees must generally exist to receive assurance that sufficient data protection is ensured in the U.S. This would be possible through binding corporate policies, standard contract clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.

Although Microsoft has submitted to the respective standard contractual clauses of the European Commission, U.S. companies are still obligated to surrender personal data to security authorities without you as data subject being able to take legal action against this. It can therefore not be excluded that U.S. authorities (e.g. secret service-type organizations) will process, analyze and permanently store your data which is located on servers in the U.S. We have no control over these processing activities. You may also not be able to assert or enforce your right to information against Microsoft on a sustained basis. Furthermore, the technical and organizational measures for the security of personal data at Microsoft quantitatively and qualitatively may not fully correspond to the GDPR requirements.

It may therefore be that the standard contractual clauses of the European Commission used by Microsoft do not represent sufficient guarantees within the meaning of Art. 46 (2) a GDPR. Microsoft also undertakes pursuant to the document that can be obtained here

https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18986

to only release data to US security authorities if Microsoft has been obligated to do so based on a binding government order. Furthermore, Microsoft is obliged to take legal steps to challenge the government order to release the data. In addition, Microsoft will generally indemnify and hold harmless any data subject against tangible or intangible damage which arises if Microsoft discloses personal data which was transmitted pursuant to the standard contractual clauses in response to an order of a non-EU/EEA government authority or law enforcement authority.

By consenting to data collection by Microsoft, you expressly consent to the data transfer presented here and you have been informed above about the potential risks of such data transfer without the existence of an adequacy decision and without suitable guarantees.

You can revoke your consent at any time. The lawfulness of the data processing that occurred before the revocation on the basis of consent remains unaffected by the revocation.

8.3 Legal basis of data processing

Legal basis is your explicit and voluntary consent to the processing of your personal data for communication purposes pursuant to Art. 6 (1) (1) a GDP.

8.4 Duration of data retention

The data directly collected by us via the video and conference tools will be deleted by our systems as soon as you request such deletion, revoke your consent to the data retention or if the purpose for storing the data no longer applies. The stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. We have no control over the retention period of your data that Microsoft stores for its own purposes.

8.5 Other information

Further information on the purpose and scope of the data collection and processing and your respective rights and setting options to protect your privacy can be obtained from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and under https://privacy.microsoft.com/de-de/privacystatement and https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18986

9. Integration of Zoom

9.1 Description, scope and purpose of data processing

We use, among other things, the conference tool Zoom for communication with our customers. The provider is Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (“Zoom”).

Zoom collects all data that you provide/use for the use of the tools (e-mail address and/or your telephone number). Zoom additionally collects data on the duration of the conference, start and end (times) of conference participation, number of participants and other “context data” in relation to the communicational process (meta data). Zoom also processes all technical data required for the processing of online communication. This includes in particular IP addresses, MAC addresses, device IDs, device types, operating system type and version, client version, camera type, microphone or speaker type and type of the connection. If contents are exchanged, uploaded or provided in any other manner within Zoom, these are also stored on Zoom servers. These contents include in particular cloud records, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of Zoom. Please note that we do not have full control over the data processing performed by the tools used.

9.2 Consent to the transmission of personal data to a third country

Subject to legal or contractual permissions, personal data may only be processed in a third country if the special requirements of Art. 44 et seqq. GDPR are fulfilled. Data transmission is accordingly permitted, if the European Commission has determined in a resolution within the meaning of Art. 45 (1), (3) GDPR that the respective third country provides an adequate level of data protection. The European Commission certifies to third countries by means of so-called adequacy decisions that they possess a level of data protection that is comparable to the recognized standard in the European Economic Area (a list of these countries and a copy of the adequacy decisions can be found here:

http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

Although Zoom has submitted to the respective standard contractual clauses of the European Commission, U.S. companies are still obligated to surrender personal data to security authorities without you as data subject being able to take legal action against this. It can therefore not be excluded that U.S. authorities (e.g. secret service-type organizations) will process, analyze and permanently store your data which is located on servers in the U.S. We have no control over these processing activities. You may also not be able to assert or enforce your right to information against Zoom on a sustained basis. Furthermore, the technical and organizational measures for the security of personal data at Zoom quantitatively and qualitatively may not fully correspond to the GDPR requirements.

It may therefore be that the standard contractual clauses of the European Commission used by Zoom do not represent sufficient guarantees within the meaning of Art. 46 (2)a GDPR.

By consenting to data collection by Zoom you expressly consent to the data transfer presented here and you have been informed above about the potential risks of such data transfer without the existence of an adequacy decision and without suitable guarantees.

You can revoke your consent at any time. The lawfulness of the data processing that occurred before the revocation on the basis of consent remains unaffected by the revocation.

9.3 Legal basis of data processing

Legal basis is your explicit and voluntary consent to the processing of your personal data for communication purposes pursuant to Art. 6 (1) (1) a GDP.

9.4 Duration of data retention

9.5 Other information

Further information on the purpose and scope of the data collection and processing and your respective rights and setting options to protect your privacy can be obtained from Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA and under https://explore.zoom.us/de/privacy/.

10. Your rights

You have the right:

to request information on your personal data that we process according to 15 GDPR. In particular, you can request confirmation on the purposes of the processing, the category of the personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention time, the existence of a right to rectification, erasure, restriction of processing or the right to object to such processing, the existence of a right to lodge a complaint, on the source of your data if it was not collected on our website, and the existence of an automated decision making, including profiling, and the right to request meaningful information about the logic involved;
to demand the rectification of inaccurate or incomplete personal data which we have on file pursuant to Art. 16 GDPR;
to demand to have your personal data, which we have stored, erased to the extent that its processing is not required to exercise the right of free expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims pursuant to Art. 17 GDPR;
to request a restriction of the processing of your personal data pursuant to Art. 18 GDPR to the extent that you deny the correctness of this data, that the processing is illegal, but that you reject its erasure and we no longer need the data, but you require it to assert, exercise or defend legal claims, or that you filed an objection against the processing in accordance with Art. 21 GDPR;
to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format and have the right to request its transmission to another controller pursuant to Art. 20 GDPR;
pursuant to Art. 7 (3) GDPR, to revoke your previously given consent to us at any time (see also Section 7.1). As a consequence, we will in the future no longer be permitted to continue the data processing that was based on this consent, and
according to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or work or the place of our registered office for this purpose.

11. Objection or revocation of consent to the processing of your data

If you gave your consent to the processing of your data, you can revoke your consent pursuant to Art. 7 (3) GDPR at any time. Such revocation will affect the permissibility of our processing of your personal data after you submitted the revocation to us.

If your personal data is being processed based on our legitimate interests in accordance with Art. 6 (1) (1) f GDPR, you have the right to object against the processing in accordance with Art. 21 GDPR. This is the case if the processing is in particular no longer required for the fulfillment of a contract with you, which is presented by us in each case in the description of the functions. When exercising an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the factual situation and will either discontinue or adjust our data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

You can of course object to the processing of your personal data for advertising and data analysis purposes at any time. You can notify us of our objection to receiving advertising at the above indicated contact data.

Violetta Krok

Professional Development Coach + Trainer

VK Business Communication Solutions | Ulm | Germany

Global Code of Ethics | Imprint | Data Protection