Privacy Policy

Privacy Policy | osapiens

The protection of personal data is an important concern for osapiens Holding GmbH (hereinafter referred to as „osapiens“, “us”, “our” or “we”). Your personal data as website user (hereinafter referred to as “you” and “your”) is processed in compliance with the applicable data protection provisions, in particular the European General Data Protection Regulation (GDPR).

Pursuant to Art. 4 no. 1 GDPR, personal data means any information relating to an identified or identifiable natural person that you provide to us (hereinafter referred to as “data“).

With this data privacy policy, we inform you about the type, scope, and purposes of the data processing and how this data is handled. In addition, you will learn about the rights you have regarding the processing of your data.

Responsible person (Controller) and data protection officer

Responsible for the processing of your data is:

osapiens Holding GmbH

Julius-Hatry-Straße 1

68163 Mannheim

Germany

Phone: +49 621 / 150 206 90

E-mail: info@osapiens.com

We have appointed a data protection officer:

c/o TÜV SÜD Akademie GmbH

Westendstraße 160

80339 Munich

Germany

Our data protection officer will be happy to answer any questions you may have on data protection issues. You can reach our data protection officer at

our above-mentioned business address with the addition of “Data Protection” or
by e-mail at dataprotection@osapiens.com.

External Hosting

This website is hosted externally. Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) lit. b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) lit. f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) of Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei digitalen Diensten – TDDDG), insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time. Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We are using the following host:

DigitalOcean LLC

101 Avenue of the Americas 10th Floor

New York, NY 10013

USA

We have concluded a data processing agreement for the use of the above-mentioned service.

DigitalOcean LLC is certified in accordance with the DPF (see definition below).

For further details, please read the data privacy policy of DigitalOcean LLC: https://www.digitalocean.com/legal/privacy-policy.

Collection and storage of your data as well as type and purpose of their use

Website visit

Each time you access our website, your browser automatically transmits data that is stored in the server’s log files. These are the following data (“log files data“):

Browser type and browser version;
Name und URL of the accessed file;
Date and time of the server request;
Report about successful access (HTTPS response code);
Operating system in use;
Referrer URL;
Websites that are accessed by the user’s system via our website;
Internet service provider of the user; and
IP-address (anonymized) and the requesting provider.

We analyse log files data anonymously to continuously improve the website, to adapt the website to the interests of our users and to improve errors more quickly. These purposes are also our legitimate interest in data processing according to Art.6 (1) lit. f) GDPR.

In non-anonymised form, log files data is used exclusively to identify malfunctions and to ensure system security, including the detection and tracking of unauthorized access attempts and fraud. These log files data are stored for 7 days and then deleted. Log files data whose further retention is required for evidence purposes is excluded from deletion until final clarification of the respective incident and may be passed on to investigating authorities in individual cases.

Contact form

If you send us requests via contact form (e.g. free demos of our products/software solutions or information material), we store your contact data for processing of your request as well as for the case of follow-up questions. While using the contact form you must submit first, last name, country as well as a valid e-mail address to allocate a person behind the request and to be able to answer it. Additional details information like industry, job title, phone number, solution of interest with regards to our services and any additional message can be provided optionally. If you do not wish to provide the data we have requested, we may not be able to provide the information and/or services you request or perform certain tasks for which your data is requested.

We use the form of the service provider TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona (hereinafter referred to as “Typeform“) to provide documents and information on webinars that are customised to you as far as possible. Typeform uses several cookies to collect information about the end device.

The processing of this data is based on Art. 6 (1) lit. b) GDPR, insofar as that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the request addressed to us (Art. 6 (1) lit. f) GDPR) or in cases of cookies on your consent according to Art. 6 (1) lit. a) GDPR, if this has been requested; the consent can be revoked at any time.

We have concluded a data processing agreement with the service provider Typeform in accordance with Art. 28 GDPR.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. when the processing of your request is completed). Mandatory Statutory provisions – in particular retention periods – remain unaffected.

Requests by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request including all therefrom resulting data will be stored and processed by us for the purpose of treating your request. We do not share this data without your consent.

The processing of these data is based on Art. 6 (1) lit. b) GDPR, as far as your request is related to the fulfilment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) lit. f) GDPR) or on your consent according to Art. 6 (1) lit. a) GDPR, if this has been requested; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after completion of your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Newsletter

To register for the newsletter, the data requested in the registration process, such as the title, name and e-mail address are collected. The registration for the newsletter is recorded. After registration, you will receive a message to the specified e-mail address in which you are asked to confirm the registration (“double opt-in”). We further record whether you have opened the e-mail and which newsletter issues you have read, when and how often. If you subscribe our newsletter, we will send information about our offers on a regular basis.

The data collected by us when you register for the newsletter will be used exclusively for advertising purpose. The legal basis for sending the newsletter is your consent according to Art. 6 (1) lit. a) GDPR. Legal basis for the recording of the login registration is our legitimate interest (Art. 6 (1) lit. f) GDPR).

You can revoke the given consent to store the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe from all communication” link in the newsletter. The legality of the data processing already carried out remains unaffected until your revocation. The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter.

After unsubscribing from the newsletter or after expiry of the purpose, your data will be deleted from the newsletter distribution list. After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider (Hubspot CRM as described below) in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest according to Art. 6 (1) lit. f) GDPR).

We store the registration data as long as they are needed for sending the newsletter. We store the login registration data as long as there is an interest in proving the initially granted consent.

Downloads and webinars

To download free documents (e.g. white papers) and to register for webinars free of charge, it is necessary to provide your first name, surname, e-mail address and country. Additional information, such as industry, job title, telephone number, interest in our services and additional messages can be provided optionally. By downloading or registering, you give us your consent to collect your data to send you personalised topic-related information in the form of newsletters tailored to your interests. Furthermore, you agree that your data may be transmitted to our co-operation partners if you register for webinars with our co-operation partners. You can find an overview of our cooperation partners here. We use Hubspot CRM for our marketing activities (see below for details). The double opt-in procedure also applies here.

The legal basis for this is your consent in accordance with Art. 6 (1) lit. a) GDPR. The legal basis for forwarding your data to our cooperation partners is also Art. 6 (1) lit. a) GDPR. You can withdraw your consent to the processing of your personal data at any time.

Sending advertising

If you are our customer, we send you information about campaigns, offers and our products by letter. In this manner, we provide you information on subjects that you may be interested in. This is a special form of direct marketing that intensifies the relationship with customers by providing them with exclusive information.

The legal basis is Art. 6 (1) lit. f) GDPR. If a corresponding consent has been requested, the processing is exclusively based on Art. 6 (1) lit. a) GDPR; the consent can be revoked at any time.

You may object to the sending of advertising at any time. A notification in text form using the contact data (e.g. e-mail, fax, letter) mentioned above is sufficient for this purpose. Your data will remain with us until the purpose for processing the data no longer applies.

Privacy Policy for business partners

For further information on the data processing processes with regards to our business partners, please refer to the separate privacy policy for business partners.

Privacy Policy for applicants (Recruiting)

Further information on the application process can be found in the separate privacy policy for applicants (recruiting).

Cookies

On our website we use so-called “cookies”. Cookies are small text files and do not cause any damage on your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete it yourself or it is automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our website (third party-cookies). These enable us or you to use certain services of the third-party company.

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function). Other cookies are used to evaluate user behaviour or show advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored based on Art. 6 (1) lit. f) GDPR, unless another legal basis is specified. The website provider has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies concerned is based exclusively on this consent (Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG); the consent can be revoked at any time.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the scope of this data protection policy and, if necessary, request your consent.

You can set your browser in such a way that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or generally, or to exclude the cookies completely. Excluding cookies may limit the functionality of the website.

Please refer to the user menu of your web browser or the website of your browser’s manufacturer for information on how to set your browser program appropriately. Regularly, in the menu bar of your web browser, the help function will show you how to be informed about the setting of cookies, or you can reject new cookies and delete cookies already received.

We inform you in advance about the use of cookies with a corresponding notice via a cookie banner.

Cookie consent management – Usercentrics

Our website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device or for the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (hereinafter referred to as “Usercentrics“).

When you enter our website, a connection is established with the Usercentrics servers to obtain your consent and provide you with further explanations on the use of cookies. Usercentrics then stores a cookie in your browser to identify the consent you have given or its revocation. The data collected in this way (settings and login data, consent ID, consent number, time of consent, type of consent (implicit or explicit), opt-in or opt-out, banner language, customer setting, customer setting version, template and template version and device data (HTTP agent, HTTP referrer and the device ID)) will be deleted after 12 months or earlier if you ask us to delete it, you delete the Usercentrics cookie yourself or the purpose of the data storage no longer applies. Mandatory statutory retention obligations remain unaffected. Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.

We have concluded a data processing agreement with Usercentrics for the use of the above-mentioned service.

Recipients of data

In the scope of our business activities, we cooperate with various external partners. In some cases, this also requires the transfer of data to these external parties. We only disclose data to external parties if this is required as part of the fulfilment of a contract (Art. 6 (1) lit. b) GDPR, if we are legally obligated to do so (e.g., disclosure of data to tax authorities) based on Art. 6 (1) lit. c) GDPR, if we have a legitimate interest in the disclosure pursuant to Art. 6(1) lit. f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose your data based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Transfer to recipients outside the European Economic Area (EEA)

We might transfer personal data to recipients located outside the EEA into so-called third countries. In such cases, prior to the transfer we ensure that either the data recipient provides an appropriate level of data protection (e.g. standard contractual clauses) or that you have consented to the transfer.

Transfer to recipients in the USA

Please note that, as a safe third country, the USA generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified in accordance with the EU-US Data Privacy Framework (DPF). For more information, please follow the link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TT9jAAG&status=Active. In cases where no certification is available corresponding guarantees need to be provided by the recipients in the USA.

Integration of third-party services and contents

Google Services

In the following we describe the processing of data using services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The responsible service provider in the EU is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

We use services, where Google acts either as data processor or as joint controller together with us based on the respective agreements. So far as data is processed in the US, we point out that this is carried out based on the standard contractual clauses (SCC) of the EU Commission.

Please find details here:

‍https://support.google.com/publisherpolicies/answer/10437486?hl=en,

‍https://business.safety.google/adsprocessorterms/ and

‍https://business.safety.google/adscontrollerterms/.

Furthermore, Google LLC is certified in accordance with the DPF. For more information, please contact follow the link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

For more information about Google’s use of data, settings, and opportunities to raise objections, please refer to Google’s privacy declaration https://policies.google.com/privacy?hl=en-US.

Google Tag Manager

We use the Google Tag Manager. The service provider is Google.

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) company in the US.

The Google Tag Manager is used based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Google Analytics

We use functions of the web analysis service Google Analytics. The service provider of this service is Google.

Google Analytics enables the website provider to analyse the behaviour patterns of the website visitors. To that end, the website provider receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modelling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analysing the user behaviour patterns (e.g., cookies or device fingerprinting).

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be anonymized by Google within member states of the EU or EEA.

The use of this analysis tool is based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in analysing user behaviour to optimize both its web offer and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG; the consent can be revoked at any time.

The data sent by us and linked to cookies are automatically deleted after 2 months. The deletion of data whose retention period has been reached takes place automatically once a month. I you visit our website again within the period of 2 months, the retention period will be prolonged for another 2 months.

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Google Analytics Terms of Service at: https://marketingplatform.google.com/about/analytics/terms/us/.

Google Ads

We use Google Ads. Google Ads is an online promotional program of Google.

Google Ads enables us to display ads (cookie will be set) in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website provider, we can analyse these data quantitatively, for instance by analysing which search terms resulted in the display of our ads and how many ads led to respective clicks.

By way of the integration of Google Ads, Google receives the information that you viewed the relevant part of our website or clicked any of our ads. Due to the applied marketing tools, your browser automatically establishes a direct connection with the server of Google. We have no influence on the scope and the further use of the data processed by Google by applying this tool. Therefore, we inform you in accordance with our knowledge: if you are registered with one of the service tools offered by Google, Google can allocate the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and store your IP address.

The use of these services occurs based on your consent pursuant to Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG. You may revoke your consent at any time.

You may prevent participation in this tracking process in several ways a) by a corresponding setting of your browser, particularly, the disabling of cookies means that you will not receive ads from third-party providers, b) by installing the plugin provided by Google via the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign “About Ads”, via the link http://www.aboutads.info/choices,whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in the browsers Firefox, Explorer or Google Chrome via the link http://www.google.com/settings/ads/plugin, e) by setting the respective cookies. We would like to inform you that in this case you may not be able to use all the functions of this website to their full extent.

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereafter referred to as “Hubspot”).

Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts, to communicate with you and to plan and execute marketing activities in line with your interests.

Hubspot CRM enables us to capture, sort and analyse customer interactions via e-mail, social media, or phone across multiple channels. The data collected in this way can be evaluated and used for communication with the potential customer or marketing measures (e.g., newsletter mailings). Hubspot CRM also enables us to collect and analyse the user behaviour of our contacts on our website.

The use of Hubspot is based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in the most efficient customer management and customer communication. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

We have concluded a data processing agreement for the use of the above-mentioned service with Hubspot. The data transmission to the US is based on the SCC clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield and https://eur-lex.europa.eu/eli/dec_impl/2021/914.

Furthermore, the Hubspot is certified in accordance with the DPF. For more information, please follow the link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TN8pAAG&status=Active.

We have concluded a data processing agreement for the use of the above-mentioned service with Hubspot.

For more details, please refer to Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.

GeoTargetly

On our website we use the geo-personalisation service from GeoTargetly, s. r. o., Obchodná 2, 811 06 Bratislav, Slovakia (hereinafter referred to as “GeoTargetly“), namely “Geo Targetly redirect“, which enables us to redirect visitors to location-specific pages. In our specific case we redirect visitors from different countries directly to the right language.

When you visit our Website, Geo Targetly will transfer certain data to a server of GeoTargetly, which is now hosted on Google Cloud and located inter alia in countries outside of EEA. Such data comprise your IP address, the referrer URL, the current browser URL, your browser screen size as well as other available information. The IP address is used to determine your approximate location. The information collected and the location are used to provide geo-personalized content, redirects, pop-ups, notification bars, and other output forms on the Website. On our website we use Geo Targetly redirect. This geo redirect service allows us to redirect a visitor from one website or page to another website or page based on their geolocation. We redirect visitors of our website based on their country, state / region, city, latitude-longitude-radius zone and IP address. Redirection is applied on the starting page of the website. The tool allows to create multiple location segments when redirecting URL pairs so visitors from different locations can be redirected to different websites.

Cookies are used which are deleted after 24 hours. GeoTargetly does not store your data on their servers for longer period of times, as they are only short-term processed allowing GeoTargetly to perform their services and have Geo Targetly working properly. The information is solely used to determine the relevant geo-personalised output. In this context, we process your data based on our overriding legitimate interest in compiling easy-to-use website access statistics in a cost-efficient manner (Art. 6 (1) lit. f) GDPR) and your consent based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG.

We have concluded a data processing agreement for the use of the above-mentioned service with GeoTargetly.

Further information on data protection in connection with Geo Targetly and your options in this regard can be found at https://geotargetly.com/privacy-policy and at https://geotargetly.com/gdpr.

VWO

This website uses the web analytics service VWO from Wingify Software Pvt. Ltd. (hereinafter referred to as “Wingify”). Wingify is an Indian company with its head office in India (KLJ TOWER, 1104, North, Netaji Subhash Place, Pitam Pura, Delhi, 110034, India) and a German office in Hamburg (Wingify Software Pvt. Ltd., Heidenkampsweg 58, Hamburg, 20097, Germany).

With VWO can be tracked movements on the websites on which VWO is used (so-called heat maps). For example, it is possible to see how far users scroll, which buttons are clicked how often, how much time users spend on which pages, what they like and don’t like, and so on. Furthermore, with the help of VWO it is also possible to collect feedback directly from the users of the website with a survey tool. In addition, we steer with VWO tests (so-called A/B tests, split tests & multivariant tests) to understand what effects adjustments to the user interface have. We use the technology of VWO to better understand the needs of our users and to optimize the offer and experience on our website.

For example, in this context, we process the following data:

which buttons are clicked,
the course of a mouse movement,
how far scrolled,
IP address of the device,
the screen size of a device,
device type (unique device identifiers) and browser information,
geographic location (country only), and
the preferred language in which our website is displayed.

Of course, we take special care to protect your personal data when using this tool. Through VWO, the use of our website is analysed completely anonymously, all personal data is automatically hidden and not processed. Areas of the website in which personal data of you or third parties are displayed are automatically hidden by VWO and are therefore not traceable at any time. To exclude a direct personal reference, IP addresses are only stored and processed anonymously.

For this purpose, VWO works with cookies and other technologies to collect data about the behaviour of users and their end devices. VWO stores this information on our behalf in a pseudonymized user profile.

We have a legitimate interest in customising our website (Art. 6 (1) (f) GDPR). The legal basis for the setting of cookies is your consent pursuant to Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG.

You can prevent the processing of your data by VWO at any time by not giving us your consent to the use of the cookies on this website or by objecting.

Alternatively, you can prevent your data from being collected generally by VWO by deactivating the tool on the VWO opt-out page: https://vwo.com/opt-out/.

Further information about Wingify and the VWO tool is available here: https://vwo.com/. Click here to see the privacy policy for Wingify: https://vwo.com/privacy-policy/.

We have concluded a data processing agreement for the use of the above-mentioned service with Wingify.

Hotjar

We use Hotjar on this website (https://www.hotjar.com). The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (hereinafter referred to as “Hotjar”).

Hotjar is a service that analyses your behaviour and feedback on our website through a combination of analytics and feedback tools. This enables us to better understand your needs and to optimise our offer on this website and make it more attractive. Hotjar allows us – inter alia – to record your mouse movements, scrolling movements and clicks. Hotjar can also determine how long you have stayed on a certain position with the mouse pointer. Out of this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by website visitors.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve our website offer.

Hotjar uses cookies and other technologies to collect data about the behaviour of users and their end devices, in particular the IP address of the device (only collected and stored anonymously during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website.

If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time. The use of Hotjar is based on Art. 6 (1) lit. f) GDPR. Unless consent has been obtained, the use of this service is based on Art. 6 (1) lit. f) GDPR; the website provider has a legitimate interest in analysing user behaviour to optimise both its offering and its advertising.

As a user, you always have the option of preventing the collection of your data. To do so, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/. Please note that Hotjar must be deactivated separately for each browser or end device.

For more details, please refer to Hotjar’s privacy policy: https://www.hotjar.com/privacy.

We have concluded a data processing agreement for the use of the above-mentioned service with Hotjar.

Microsoft Advertising (BingAds)

For our online marketing measures, we use the Microsoft Advertising programme of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The responsible provider in the EU is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 Ireland (hereinafter referred to as “Microsoft”).

The data processing serves marketing and advertising purposes and the purpose of measuring the success of the advertising measures (conversion tracking). By using the service, we will find out the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. However, it is not possible to personally identify these users. Microsoft Advertising uses technologies such as cookies and tracking pixels that enable your use of the website to be analysed. When you click on an advert placed by Microsoft Advertising, a cookie for conversion tracking is stored on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognise that you have clicked on the ad and have been redirected to this page. The following information may be collected: IP address, identifiers assigned by Microsoft (identifiers), information about the browser you are using and the device you are using, referrer URL (website from which you accessed our website), URL of our website. Microsoft uses the data to optimise its own advertising and other services. We only receive data or evaluations of your web behaviour, but no personal information.

We have no control over how Microsoft uses the collected user data.

The use of cookies or comparable technologies is based on your consent in accordance with Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG. You can revoke your consent at any time. In addition, we have a legitimate interest in using the Microsoft Advertising service to optimise our online offering and our marketing measures. The legal basis for this is Art. 6 (1) lit. f) GDPR. The data subject may, as stated above, avoid the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Microsoft from placing a conversion cookie on the data subject’s IT system. In addition, a cookie already set by Microsoft Advertising can be deleted at any time via the Internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to interest-based advertising by Microsoft. To do this, the data subject must access the link from each of the Internet browsers they use: https://account.microsoft.com/privacy/ad-settings/ and make the desired settings there.

Microsoft’s data processing takes place on servers in data centres in the EU. For this purpose, we have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. Microsoft provides extensive technical and organisational measures that correspond to the current state of the art in IT security, e.g. regarding access authorisation and end-to-end encryption concepts for data lines, databases and servers.

It cannot be excluded that, in individual cases, companies affiliated with Microsoft outside the EU (so-called third countries) may gain access to the data. Such third country transfers are only possible if there is an adequacy decision by the EU Commission, if the controller or processor has provided appropriate safeguards to protect the data or if one of the exceptions under Art. 49 GDPR applies. Microsoft has DPF certification, which can be found here https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active. Although no further measures are required, we have also concluded the so-called standard contractual clauses with Microsoft as part of the order processing contract. These represent a further guarantee for third country transfers.

Microsoft reserves the right to process customer data (which may include your data) for its own legitimate business purposes. We have no influence on this data processing by Microsoft. Further information and the applicable data protection provisions of Microsoft can be found at https://privacy.microsoft.com/de-DE/.

‍G2 Reviews and Elfsight G2 Plug-in

We use the G2 marketing tool for our website. The provider for this is G2.com, Inc. 100 S. Wacker Dr., Suite 600, Chicago, IL 60606, USA (hereinafter referred to as “G2“).

You can use G2 to submit reviews of the products we offer. G2 processes your name or initials and your e-mail address. Furthermore, G2 uses Cookies to distinguish between humans and bots.

Our interest in processing lies in strengthening customer loyalty and trustworthiness. The legal basis for this is Art. 6 (1) lit. f) GDPR. The legal basis for the setting of cookies is your consent pursuant to Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG.

Data processing takes place in the USA. G2 is certified according to the DPF and uses so-called standard contractual clauses as an additional guarantee for transfers to third countries. We have concluded corresponding data protection contracts with G2.

You can find more information about G2’s data protection here: https://legal.g2.com/privacy-policy.

With the help of the Elfsight plug-in, G2 reviews on the website can be designed in an appealing and optimised way (widget). The provider of the plug-in is Elfsight LLC, Paronyana str. 19/3, 201, Yerevan, 0015 Armenia (hereinafter referred to as “Elfsight“). Elfsight uses a cookie that prevents more than one view from being counted by the same user within 15 seconds.

We use the plug-in to make the ratings appealing and clear. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. The legal basis for the setting of cookies is your consent pursuant to Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG.

Data processing in connection with your registration and participation in events

When you execute a registration for an event, we process the following data: name, company, e-mail address. We use this data exclusively in connection with your participation in the respective event. The legal basis for the processing is Art. 6 (1) lit. b) GDPR. The data collected in connection with an event will be stored by us for a period of three years.

Event registration via Eventbrite

We partly use Eventbrite, an event platform of Eventbrite Inc, 95 Third Street, 2nd Floor, San Francisco, California, 94103 USA, as a booking system for participation in our events. In Europe, the company is represented by Eventbrite DE GmbH, Oranienstr. 25, 10999 Berlin, Germany (hereinafter referred to as “Eventbrite”). If you wish to make a booking on our website and click on the corresponding button or link, you will be redirected to the Eventbrite website. When you make a booking with Eventbrite, Eventbrite collects and processes the following data:

name
e-mail address
billing address
payment details
date of birth
information on booked and attended events.

The legal basis for the use of Eventbrite is Art. 6 (1) lit. f) GDPR. The processing of data required for the fulfilment of the contract is based on Art. 6 (1) lit. b) GDPR.

The purpose of the data processing is to provide an online platform for the sale of tickets for our events. This is also our legitimate interest in using the Eventbrite service.

It cannot be excluded that, in individual cases, companies affiliated with Eventbrite outside the EU (so-called third countries) may obtain access to the data. Such third country transfers are only possible if there is an adequacy decision by the EU Commission, if the controller or processor has provided suitable guarantees for the protection of data or if one of the exceptions of Art. 49 GDPR applies. Eventbrite in the USA has DPF certification, which can be found here https://www.dataprivacyframework.gov/s/participant-search. Although no further measures are required, we have also concluded the so-called standard contractual clauses with Eventbrite as part of the data processing agreement. These represent a further guarantee for third country transfers.

You can find more information on the standard data protection clauses at Eventbrite at: https://www.eventbrite.com/help/en-us/articles/429030/data-processing-addendum-for-organizers/.

Further information on the processing of data at Eventbrite can be found in the privacy policy on the Eventbrite website: https://www.eventbrite.de/help/de/articles/460838/datenschutzrichtlinien-von-eventbrite/.

‍Social Media

We maintain publicly accessible profiles on social networks. You can find the social networks we use in detail below. The social media icons presented on our website are links. This means that your data on our website is not processed by the social media providers. If you click on the “plug-ins”, you will be redirected to our respective social media presence.

Social networks such as Facebook, Instagram, etc. can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media accounts causes many processing operations that are relevant to data protection.

In detail

If you are logged into your social media account and visit our social media presence, the provider of the social media portal can allocate this visit to your user account. However, your data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address.

By collecting data, the providers of the social media portals can create user profiles in which your preferences and interests are stored. Thus, demand-driven advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we are not able to track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media provider.

Legal basis

Our social media presences are designed to ensure the broadest possible presence on the internet. This complies with our legitimate interest according to Art. 6 (1) lit. f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be stated by the respective social providers (e.g. consent according to Art. 6 (1) lit. a) GDPR).

Data controller and enforcement of rights

If you visit one of our social media websites (e.g. Facebook), please take note that we are jointly responsible with the provider of the social media platform for the data processing resulting from this visit. In principle, you can assert your claims (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our possibilities are significantly determined by the company policy of the respective provider.

Storage period

The data directly collected by us via the social media presence will be deleted from our system as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Binding legal conditions – in particular retention periods and limitation periods – will remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes.

For details, please contact the social media provider directly (e.g. in their privacy policy, see below).

Our social networks in detail

YouTube

Our website embeds videos (from our YouTube channel) of the website YouTube. The Service Provider is Google.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out because of the expanded data protection mode. For instance, regardless of whether you’re watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 (1) lit. f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of theT DDDG. This consent can be revoked at any time.

LinkedIn, LinkedIn Insight Tag and LinkedIn Ads

We have a profile on LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).

Furthermore, we use the LinkedIn Insight Tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyse the key occupational data (e.g., career level, company size, country, location, industry, job title) of our website users to help us better target our site to the relevant audience. We can also use Insight Tag to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). Insight Tag also features a retargeting function that allows us to display targeted advertising (LinkedIn Ads) to visitors to our website outside of the website. This will be done for marketing and optimisation purposes, in particular to analyse the use and to continuously improve individual functions and the user experience. According to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The Direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data will then be deleted within 180 days https://www.linkedin.com/help/linkedin/answer/a1445756/linkedin-marketing-solutions-und-die-datenschutz-grundverordnung-dsgvo-?lang=de.

The data collected by LinkedIn cannot be assigned by us as a website provider to specific individuals. LinkedIn may store the data collected from website visitors on its servers in the US and use it for its own purposes. For details, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

If your approval(consent) has been obtained the use of the abovementioned service shall occur based on Art. 6 (1) lit. a) GDPR and Section 25 TDDDG. Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur based on Art. 6 (1) lit. f) GDPR; the website provider has a legitimate interest in effective advertising promotions that include the utilization of social media.

We have concluded a Joint Controller Addendum for the use of the above-mentioned service. The data transmission to the US is based on the SCC of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Furthermore, we have concluded a LinkedIn Ads Agreement for the use of LinkedIn Ads https://de.linkedin.com/legal/sas-terms.

The agreement with LinkedIn, including those concerning joint responsibility, mainly indicate that information requests and the enforcement of further rights of the data subject should most appropriately be carried out directly via LinkedIn. As the provider of the social network LinkedIn, LinkedIn solely has the direct means of access, and the information required to be able to process your requests. LinkedIn can additionally take any required measures directly and provide information. If you nevertheless require our support, please feel free to contact us at any time.

You can object to LinkedIn’s analysis of user behaviour and targeted advertising as well as prevent the installation of cookies in the settings of your web browser at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. In addition, LinkedIn members can control the use of their data for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.

Storage period

Unless specifically stated, we only store data for as long as is necessary to fulfil the purposes for which it was collected. In several cases, it is required to store data to cope with law, for example tax or commercial law. In these cases, we will only continue to store the data for these legal purposes but will not process it in any other way and will delete it after the legal retention period has expired.

Data security

We make every effort to ensure the security of your data within the scope of the applicable data protection laws and technical possibilities.

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website provider, this website uses the SSL (Secure Socket Layer) coding system. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

Furthermore, we do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out.

Your rights (rights of data subjects)

You have extensive rights regarding the processing of your data.

Right to information: You have the right to information about the data stored by us, in particular, for what purpose the processing is carried out and how long the data is stored (Art. 15 GDPR). This right is limited by the exceptions of Section 34 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), according to which the right to information does not apply in particular if the data is stored only due to legal retention requirements or for data security and data protection control, the provision of information would require a disproportionate effort and misappropriation of the data processing is prevented by appropriate technical and organisational measures.

Right to rectify inaccurate data: You have the right to request the rectification of your data without delay if it should be inaccurate (Art. 16 GDPR).

Right to erasure: You have the right to request the erasure (Art. 17 GDPR) of your data. These conditions exist in particular if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have revoked a consent without the data processing may not be continued on another legal basis, d) you successfully object to the data processing, or e)the obligation to delete your data based on the law of the EU or an EU member state, to which we are subject, exists. This right is subject to the restrictions set out in Section 35 BDSG, according to which the right to erasure may be waived, in particular if, in the case of non-automated data processing, there is a disproportionate effort for erasure and your interest in erasure is to be regarded as low.

Right to restriction of processing: You have the right to request restriction of the processing of your data (Art. 18 GDPR). This right exists in particular if a) the accuracy of the data is disputed, b) you request restricted processing instead of erasure under the conditions of a legitimate request for erasure, c) the data is no longer necessary for the purposes pursued by us, but you need the data to assert, exercise or defend legal claims or d) the success of an objection is still disputed.

Right to data portability: You have the right to obtain your data that were provided to us in a structured, common, machine-readable format (Art. 20 GDPR), if the data has not already been deleted.

Right to object: You have the right to object to the processing of your data at any time on grounds relating to your particular situation (Art. 21 GDPR). We will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights, and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

According to Art. 7 (3) GDPR, you have the right to revoke your consent at any time. The revocation does not affect the lawfulness of the processing carried out based on the previous consent. The only consequence of the revocation is that we may no longer continue the data processing based on this consent for the future. However, please note that we may not be able to provide certain services or additional services if we are not able to process the data required for this purpose.

Right in relation to automated decision making: You have the right (Art. 22 GDPR) not to be subject to automated decision making, including profiling, that has legal consequences or similar significant effects for you. We generally do not use automated decision making or profiling. However, if you have been subjected to automated decision-making and do not agree with the outcome, you may contact us in the ways set out below and ask us to review the decision.

Right to complain to the supervisory authority: You have the possibility to contact the above-mentioned data protection officer (if appointed) or a data protection supervisory authority if you believe that the processing of your data violates the GDPR.