Privacy Policy | osapiens

The protection of personal data is an important concern for osapiens Holding GmbH (hereinafter referred to as „osapiens“, “us”, “our”or “we”). Your personal data as website user (hereinafter referred to as “you” and “your”) is processed in compliance with the applicable data protection provisions, in particular the General Data Protection Regulation (GDPR).

Pursuant to Art.4 no. 1 GDPR, personal data means any information relating to an identified or identifiable natural person that you provide to us (hereinafter referred to as „data„).

With this data privacy policy, we inform you about the type, scope, and purposes of the data processing and how this data is handled. In addition, you will learn about the rights you have regarding the processing of your data.

 

Responsible person (Controller) and data protection officer

Responsible for the processing of your data is:

osapiens Holding GmbH

Julius-Hatry-Straße 1

68163 Mannheim

Deutschland

Phone: +49 621 / 150 206 90

eMail: info@osapiens.com

We have appointed a data protection officer:

c/o TÜV SÜD Akademie GmbH

Westendstraße 160

80339 München

 

Our data protection officer will be happy to answer any questions you may have on data protection issues. You can reach our data protection officer at

  • our above-mentioned business address with the addition of „Datenschutz“ or
  • by e-mail at dataprotection@osapiens.com

 

External Hosting

This website is hosted externally. Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We are using the following host(s):

Digitalocean LLC
101 Avenue of the Americas 10th Floor
New York, NY 10013
United States

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Collection and storage of data as well as type and purpose of their use

Website visit

Each time you access our website, your browser automatically transmits data that is stored in the server’s log files. These are the following data („log files data„):

  • Browser type and browser version;
  • Name und URL of the accessed file;
  • Date and time of the server request;
  • Report about successful access (HTTPS response code);
  • Operating system in use;
  • Referrer URL;
  • Websites that are accessed by the user’s system via our website;
  • Internet service provider of the user and
  • IP-address (anonymized) and the requesting provider.

We analyse log files data anonymously to continuously improve the website, to adapt the website to the interests of our users and to improve errors more quickly. These purposes are also our legitimate interest in data processing according to Art.6 (1) lit. f) GDPR.

In non-anonymised form, log files data is used exclusively to identify malfunctions and to ensure system security, including the detection and tracking of unauthorized access attempts and fraud. These log files data are stored for 7 days and then deleted. Log files data whose further retention is required for evidence purposes is excluded from deletion until final clarification of the respective incident and may be passed on to investigating authorities in individual cases.

Contact form

If you send us requests via contact form, we store your contact data for processing of your request as well as for the case of follow-up questions. While using the contact form you must submit first and last name as well as a valid email address in order to allocate a person behind the request and in order to be able to answer it.Additional information like industry, job title, phone number, solution of interest with regards to our services and any additional message can be provided optionally. If you do not wish to provide the data we have requested,we may not be able to provide the information and/or services you request or perform certain tasks for which your data is requested.

The processing of this data is based on Art. 6 (1) lit. b) GDPR, insofar as that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us(Art. 6 (1) letter f) GDPR) or on your consent according to Art. 6 (1) lit. a)GDPR, if this has been requested; the consent can be revoked at anytime.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. when the processing of your request is completed). Mandatory Statutory provisions – in particular retention periods – remain unaffected.

Requests by email, telephone or fax

If you contact us by email, telephone or fax, your request including all therefrom resulting data will be stored and processed by us for the purpose of treating your request. We do not share this data without your consent.

The processingof these data is based on Art. 6 (1) lit. b) GDPR, as far as your request isrelated to the fulfillment of a contract or is necessary for the performance ofpre-contractual measures. In all other cases, the processing is based on ourlegitimate interest in the effective handling of the requests addressed to us(Art. 6 (1) lit. f) GDPR) or on your consent according to Art. 6 (1) lit. a)GDPR, if this has been requested; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after completion of your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Newsletter, downloads, webinars, and demo requests

To register for the newsletter, the data requested in the registration process, such as the title, name and email address are collected. The registration for the newsletter is recorded. After registration, you will receive a message to the specified email address in which you are asked to confirm the registration („double opt-in“). We further record whether you have opened the email and which newsletter issues you have read, when and how often. If you subscribe our newsletter, we will send information about our offers on a regular basis. To download certain free documents (e.g. white papers), register for free webinars and request free demos, it is necessary to provide the name and email address of the interested party. Additional details and information, such as industry, job title, telephone number, interest in our services and additional messages can be provided optionally. By downloading, registering or requesting, you provide your consent to collect your data in order to send you personalised information on specific topics in the form of newsletters tailored to your specific interests. We use Hubspot CRM (see below for more details) for our marketing activities.The double opt-in procedure also applies here. The data collected by us when you register for the newsletter will be used exclusively for advertising purpose. The legal basis for sending the newsletter is your consent according to Art. 6 (1) lit. a) in conjunction with. Art. 7 GDPR and Section 7 (2) no. 3 Law on Unfair Competition (Gesetz gegen den unlauteren Wettbewerb-UWG). Legal basis for the recording of the login registration is our legitimate interest (Art. 6 (1) lit. f) GDPR). You can revoke the given consent to store the data, the email address and their use for sending the newsletter at any time, for example via the „unsubscribe from all communication“ link in the newsletter. The legality of the data processing already carried out remains unaffected until your revocation. The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter. After unsubscribing from the newsletter or after expiry of the purpose, your data will be deleted from the newsletter distribution list. After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider (Hubspot CRM as described below) in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest according to Art. 6 (1) lit. f) GDPR). The storage in the blacklist is not limited in time. You can object the storage if your interests outweigh our legitimate interest. We store the registration data as long as they are needed for sending the newsletter. We store the login registration data as long as there is an interest in proving the initially granted consent.

Sending advertising

If you are our customer, we send you information about campaigns, offers and our products by letter. In this manner, we provide you information on subjects that you may be interested in. This is a special form of direct marketing that intensifies the relationship with customers by providing them with exclusive information.

The legal basis is Art. 6 (1) lit. f) GDPR. If a corresponding consent has been requested, the processing is exclusively based on Art. 6 (1) lit. a) GDPR; the consent can be revoked at any time.

You may object to the sending of advertising at any time. A notification in text form using the contact data (e.g. email, fax, letter) mentioned above is sufficient for this purpose. Your data will remain with us until the purpose for processing the data no longer applies.

 

Privacy Policy for business partners

For further information on the data processing processes with regards to our business partners, please refer to the separate privacy policy for business partners. https://preferences.osapiens.com/emailprivacypolicyen

 

Privacy information for applicants (Recruiting)

Further information on the application process can be found in the separate privacy policy for applicants (recruiting).

https://www.osapiens.com/privacy-policy-for-applicants

 

Cookies

On our website we use so-called „cookies“. Cookies are small text files and do not cause any damage on your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete it yourself or it is automatically deleted by your web browser.

In some cases,cookies from third-party companies may also be stored on your terminal device when you enter our website (third party-cookies). These enable us or you to use certain services of the third-party company.

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function). Other cookies are used to evaluate user behavior or show advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies)or to provide certain functions that you have requested (functional cookies,e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f)GDPR, unless another legal basis is specified. The website provider has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies concerned is based exclusively on this consent (Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG); the consent can be revoked at any time.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the scope of this data protection policy and, if necessary, request your consent.

You can set your browser in such a way that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or generally, or to exclude the cookies completely. Excluding cookies may limit the functionality of the website.

Please refer to the user menu of your web browser or the website of your browser’s manufacturer for information on how to set your browser program appropriately. Regularly, in the menu bar of your web browser, the help function will show you how to be informed about the setting of cookies, or you can reject new cookies and also delete cookies already received.

We inform you in advance about the use of cookies with a corresponding notice via a cookie banner.

Consent with Cookiebot

Our website uses consent technology from Cookiebot to obtain your consent to the storage of certain cookies on your end device or for the use of certain technologies and to document this in a data protection-compliant manner. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).

When you enter our website, a connection is established with the Cookiebot servers to obtain your consent and provide you with other explanations regarding the use of cookies. Cookiebot will then store a cookie in your browser to identify the consent you have given or its revocation. The data collected in this way isstored until you request us to delete it, delete the Cookiebot cookie itself or the purpose for which the data is stored no longer applies. Mandatory legalstorage obligations remain unaffected. Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1)lit. c) GDPR.

We have concluded a data processing agreement for the use of the above-mentioned service with Cookiebot.

Recipients of data

In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of data to these external parties. We only disclose data to external parties if this is required as part of the fulfillment of a contract (Art. 6 (1) lit. b) GDPR, if we are legally obligated to do so (e.g., disclosure of data to tax authorities) based on Art. 6 (1) lit.c) GDPR, if we have a legitimate interest in the disclosure pursuant to Art. 6(1) lit. f) GDPR, or if another legal basis permits the disclosure of thisdata. When using processors, we only disclose your data based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Data transfer to third countries that are not secure under data protection law and the transferto US companies that are not certified based on EU-US Data Privacy Framework(DPF)

We use, among other technologies, tools from companies located in third-party countries(outside of EU or European Economic Area (EEA)) that are not safe under data protection law, as well as US tools whose providers are not certified under the DPF. If these tools are enabled, your data may be transferred to and processed in these countries. We would like you to note that no level of data protection comparable to that in the EU can be guaranteed in third countries that are insecure in terms of data protection law.

We would like to point out that the US, as a secure third-party country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permitted if the recipient is certified under the DPF or has appropriate additional assurances. Information on transfers to third-party countries, including the data recipients, can be found in this Data Privacy Policy.

 

Integration of third-party services and contents

Google Services

In the following we describe the use of data using services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The responsible service provider in the EU is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

We use services,where Google acts either as data processor or as joint controller together with us based on the respective agreements. So far as data is processed in the US,we point out that this is carried out based on the standard contractual clauses(SCC) of the EU Commission.

Please find details here:

https://support.google.com/publisherpolicies/answer/10437486?hl=en,

https://business.safety.google/adsprocessorterms/ and

https://business.safety.google/adscontrollerterms/.

Furthermore, Google LLC is certified in accordance with the DPF. For more information,please contact follow the link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

For more information about Google’s use of data, settings, and opportunities to raise objections, please refer to Google’s privacy declaration https://policies.google.com/privacy?hl=en-US.

Google Tag Manager

We use the Google Tag Manager. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it.However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) company in the US.

The Google Tag Manager is used based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a)GDPR and Section 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Google Analytics

We use functions of the web analysis service Google Analytics. The service provider of this service is Google.

Google Analytics enables the website provider to analyze the behavior patterns of the website visitors. To that end, the website provider receives a variety of user data,such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device ofthe user. An assignment to a user-ID does not take place.

Furthermore,Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting).

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be anonymized by Google within member states of the EU or EEA.

The use of this analysis tool is based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in analysing user behaviour to optimize both its web offer and its advertising. If a corresponding consent has been requested (e.g.consent to store cookies), the processing is based exclusively on Art. 6 (1) lit.a) GDPR and Section 25 (1) TTDSG; the consent can be revoked at any time.

The data sent by us and linked to cookies are automatically deleted after 2 months. The deletion of data whose retention period has been reached takes place automatically once a month. I you visit our website again within the period of 2 months, the retention period will be prolonged for another 2 months.

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Google Analytics Terms of Service at: https://marketingplatform.google.com/about/analytics/terms/us/.

Google Ads

We use Google Ads. Google Ads is an online promotional program of Google.

Google Ads enables us to display ads (cookie will be set) in the Google search engine oron third-party websites, if the user enters certain search terms into Google(keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests;target group targeting). As the website provider, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

By way of the integration of Google Ads, Google receives the information that you viewed the relevant part of our website or clicked any of our ads. Due to the applied marketing tools, your browser automatically establishes a direct connection with the server of Google. We have no influence on the scope and the further use of the data processed by Google by applying this tool. Therefore, we inform you in accordance with our knowledge: if you are registered with one of the service tools offered by Google, Google can allocate the visit to your account.Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and store your IP address.

The use of these services occurs based on your consent pursuant to Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG. You may revoke your consent at any time.

You may prevent participation in this tracking process in several ways a) by a corresponding setting of your browser, particularly, the disabling of cookies means that you will not receive ads from third-party providers, b) by installing the plugin provided by Google via the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign „About Ads“, via the link http://www.aboutads.info/choices,whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in the browsers Firefox, Explorer or Google Chrome via the link http://www.google.com/settings/ads/plugin, e) by setting the respective cookies. We would like to inform you that in this case you may not be able touse all the functions of this website to their full extent.

 

Other Services

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereafter referred to as “Hubspot”).

Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts, to communicate with you and to plan and execute marketing activities in line with your interests.

Hubspot CRM enables us to capture, sort and analyze customer interactions via email, social media, or phone across multiple channels. The data collected in this way can be evaluated and used for communication with the potential customer or marketing measures (e.g., newsletter mailings). Hubspot CRM also enables us to collect and analyze the user behavior of our contacts on our website.

The use of Hubspot is based on Art. 6 (1) lit. f) GDPR. The website provider has a legitimate interest in the most efficient customer management and customer communication.If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of theTTDSG. This consent can be revoked at any time.

We have concluded a data processing agreement for the use of the above-mentioned service with Hubspot. The data transmission to the US is based on the SCCclauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield and https://eur-lex.europa.eu/eli/dec_impl/2021/914.

Furthermore, the Hubspot is certified in accordance with the DPF. For more information, please follow the link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TN8pAAG&status=Active.

For more details,please refer to Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.

Hotjar

We use Hotjar on this website (https://www.hotjar.com). The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (hereinafter referred to as „Hotjar“). Hotjar is a service that analyses your behaviour and feedback on our website through a combination of analytics and feedback tools. This enables us to better understand your needs and to optimise our offer on this website and make it more attractive. Hotjar allows us – inter alia – to record your mouse movements, scrolling movements and clicks. Hotjar can also determine how long you have stayed on a certain position with the mouse pointer. Out of this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by website visitors. Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels). In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve our website offer. Hotjar uses cookies and other technologies to collect data about the behaviour of users and their end devices, in particular the IP address of the device (only collected and stored anonymously during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time. The use of Hotjar is based on Art. 6 (1) lit. f) GDPR. Unless consent has been obtained, the use of this service is based on Art. 6 (1) lit. f) GDPR; the website provider has a legitimate interest in analysing user behaviour in order to optimise both its offering and its advertising. As a user, you always have the option of preventing the collection of your data. To do so, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/. Please note that Hotjar must be deactivated separately for each browser or end device. For more details, please refer to Hotjar’s privacy policy: https://www.hotjar.com/privacy. We have concluded a data processing agreement for the use of the above-mentioned service with Hotjar.

Microsoft Advertising (BingAds)

For our online marketing measures, we use the Microsoft Advertising programme of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The responsible provider in the EU is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 Ireland (hereinafter referred to as „Microsoft“). The data processing serves marketing and advertising purposes and the purpose of measuring the success of the advertising measures (conversion tracking). By using the service we will find out the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. However, it is not possible to personally identify these users. Microsoft Advertising uses technologies such as cookies and tracking pixels that enable your use of the website to be analysed. When you click on an advert placed by Microsoft Advertising, a cookie for conversion tracking is stored on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognise that you have clicked on the ad and have been redirected to this page. The following information may be collected: IP address, identifiers assigned by Microsoft (identifiers), information about the browser you are using and the device you are using, referrer URL (website from which you accessed our website), URL of our website. Microsoft uses the data to optimise its own advertising and other services. We only receive data or evaluations of your web behaviour, but no personal information. We have no control over how Microsoft uses the collected user data. The use of cookies or comparable technologies is based on your consent in accordance with Art. 6 (1) lit. a) GDPR and Section 25 (1) of the Telecommunications-Telemedia Data Protection Act. You can revoke your consent at any time. In addition, we have a legitimate interest in using the Microsoft Advertising service to optimise our online offering and our marketing measures. The legal basis for this is Art. 6 (1) lit. f) GDPR. The data subject may, as stated above, avoid the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Microsoft from placing a conversion cookie on the data subject’s IT system. In addition, a cookie already set by Microsoft Advertising can be deleted at any time via the Internet browser or other software programmes. Furthermore, the data subject has the option of objecting to interest-based advertising by Microsoft. To do this, the data subject must access the link from each of the Internet browsers they use: https://account.microsoft.com/privacy/ad-settings/ and make the desired settings there. Microsoft’s data processing takes place on servers in data centres in the EU. For this purpose, we have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. Microsoft provides extensive technical and organisational measures that correspond to the current state of the art in IT security, e.g. with regard to access authorisation and end-to-end encryption concepts for data lines, databases and servers. It cannot be excluded that, in individual cases, companies affiliated with Microsoft outside the EU (so-called third countries) may gain access to the data. Such third country transfers are only possible if there is an adequacy decision by the EU Commission, if the controller or processor has provided appropriate safeguards to protect the data or if one of the exceptions under Art. 49 GDPR applies. Microsoft has DPF certification, which can be found here https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active. Although no further measures are required, we have also concluded the so-called standard contractual clauses with Microsoft as part of the order processing contract. These represent a further guarantee for third country transfers. Microsoft reserves the right to process customer data (which may include your data) for its own legitimate business purposes. We have no influence on this data processing by Microsoft. Further information and the applicable data protection provisions of Microsoft can be found at https://privacy.microsoft.com/de-DE/.

Data processing in connection with your registration and participation in events

When you execute a registration for an event, we process the following data: name, company, e-mail address. We use this data exclusively in connection with your participation in the respective event. The legal basis for the processing is Art. 6 (1) lit. b) GDPR. The data collected in connection with an event will be stored by us for a period of three years.

Event registration via Eventbrite

We partly use Eventbrite, an event platform of Eventbrite Inc, 95 Third Street, 2nd Floor, San Francisco, California, 94103 USA, as a booking system for participation in our events. In Europe, the company is represented by Eventbrite DE GmbH, Oranienstr. 25, 10999 Berlin, Germany (hereinafter referred to as „Eventbrite“). If you wish to make a booking on our website and click on the corresponding button or link, you will be redirected to the Eventbrite website. When you make a booking with Eventbrite, Eventbrite collects and processes the following data:

• name

• e-mail address

• billing address

• payment details

• date of birth

• information on booked and attended events.

The legal basis for the use of Eventbrite is Art. 6 (1) lit. f) GDPR. The processing of data required for the fulfilment of the contract is based on Art. 6 (1) lit. b) GDPR. The purpose of the data processing is to provide an online platform for the sale of tickets for our events. This is also our legitimate interest in using the Eventbrite service. It cannot be excluded that, in individual cases, companies affiliated with Eventbrite outside the EU (so-called third countries) may obtain access to the data. Such third country transfers are only possible if there is an adequacy decision by the EU Commission, if the controller or processor has provided suitable guarantees for the protection of data or if one of the exceptions of Art. 49 GDPR applies. Eventbrite in the USA has DPF certification, which can be found here https://www.dataprivacyframework.gov/s/participant-search. Although no further measures are required, we have also concluded the so-called standard contractual clauses with Eventbrite as part of the data processing agreement. These represent a further guarantee for third country transfers. You can find more information on the standard data protection clauses at Eventbrite at: https://www.eventbrite.com/help/en-us/articles/429030/data-processing-addendum-for-organizers/. Further information on the processing of data at Eventbrite can be found in the privacy policy on the Eventbrite website: https://www.eventbrite.de/help/de/articles/460838/datenschutzrichtlinien-von-eventbrite/.

Social Media

We maintain publicly accessible profiles on social networks. You can find the social networks we use in detail below. The social media icons presented on ourwebsite are links. This means that your data on our website is not processed by the social media providers. If you click on the „plug-ins“, you will be redirected to our respective social media presence.

Social networks such as Facebook, Instagram, etc. can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media accounts causes many processing operations that are relevant to data protection.

In detail

If you are logged into your social media account and visit our social media presence, the provider of the social media portal can allocate this visit to your user account.However, your data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, thisdata collection takes place, for example, via cookies that are stored on your device or by recording your IP address.

By collecting data, the providers of the social media portals can create user profiles in which your preferences and interests are stored. Thus, demand-driven advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we are not able to track all processing on the social media portals.Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media provider.

Legal basis

Our social media presences are designed to ensure the broadest possible presence on the internet. This complies with our legitimate interest according to Art. 6 (1) lit.f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be stated by the respective social providers (e.g. consent according to Art. 6 (1) lit. a) GDPR).

Data controller and enforcement of rights

If you visit one of our social media websites (e.g. Facebook), please take note that we are jointly responsible with the provider of the social media platform for the data processing resulting from this visit. In principle, you can assert your claims(information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our possibilities are significantly determined by the company policy of the respective provider.

Storage period

The data directly collected by us via the social media presence will be deleted from our system as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until youdelete them. Binding legal conditions – in particular retention periods and limitation periods – will remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes.

For details,please contact the social media provider directly (e.g. in their privacy policy, see below).

Our social networks in detail

YouTube

Our website embeds videos (from our YouTube channel) of the website YouTube. The Service Provider is Google.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out because of the expanded data protection mode. For instance, regardless of whether you’re watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified,which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore,after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 (1) lit. f) GDPR, this is a legitimate interest.If appropriate consent has been obtained, the processing is carried out exclusively based on Art. 6 (1) lit. a) GDPR and Section 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of theTTDSG. This consent can be revoked at any time.

LinkedIn, LinkedIn Insight Tag and LinkedIn Ads

We have a profile on LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company,Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).

Furthermore, we use the LinkedIn Insight Tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyze the key occupational data (e.g., career level, company size, country, location,industry, job title) of our website users to help us better target our site to the relevant audience. We can also use Insight Tag to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices(e.g. from PC to tablet). Insight Tag also features a retargeting function that allows us to display targeted advertising (LinkedIn Ads) to visitors to our website outside of the website. This will be done for marketing and optimisation purposes, in particular to analyse the use and to continuously improve individual functions and the user experience. According to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The Direct identifiers of LinkedIn members are deleted by LinkedIn after sevendays. The remaining pseudonymized data will then be deleted within 180 days https://www.linkedin.com/help/linkedin/answer/a1445756/linkedin-marketing-solutions-und-die-datenschutz-grundverordnung-dsgvo-?lang=de.

The data collected by LinkedIn cannot be assigned by us as a website provider to specific individuals. LinkedIn may store the data collected from website visitors on its servers in the US and use it for its own purposes. For details,please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

If your approval(consent) has been obtained the use of the abovementioned service shall occur based on Art. 6 (1) lit. a) GDPR and Section 25 TTDSG. Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur based on Art. 6 (1) lit. f) GDPR; the website provider has a legitimate interest in effective advertising promotions that include the utilization of social media.

We have concluded a Joint Controller Addendum for the use of the above-mentioned service. The data transmission to the US is based on the SCC of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Furthermore we have concluded a LinkedIn Ads Agreement for the use of LinkedIn Ads https://de.linkedin.com/legal/sas-terms.

The agreement with LinkedIn, including those concerning joint responsibility, mainly indicate that information requests and the enforcement of further rights of the data subject should most appropriately be carried out directly via LinkedIn. As the provider of the social network LinkedIn, LinkedIn solely has the direct means of access and the information required to be able to process your requests.LinkedIn can additionally take any required measures directly and provide information. If you nevertheless require our support, please feel free to contact us at any time.

You can object to LinkedIn’s analysis of user behavior and targeted advertising as well as prevent the installation of cookies in the settings of your web browser at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. In addition, LinkedIn members can control the use of their data for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.

 

Storage period

Unless Specifically stated, we only store data for as long as is necessary to fulfil the purposes for which it was collected. In several cases, it is required to store data to cope with law, for example tax or commercial law. In these cases,we will only continue to store the data for these legal purposes but will not process it in any other way and will delete it after the legal retention period has expired.

 

Data security

We make every effort to ensure the security of your data within the scope of the applicable data protection laws and technical possibilities.

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website provider, this website uses the SSL (Secure Socket Layer) coding system. We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. Complete protection of the data against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

Furthermore, wedo not guarantee that our service will be available at certain times;disruptions, interruptions or failures cannot be ruled out.

 

Your rights (rights of data subjects)

You have extensive rights with regard to the processing of your data.

Right to information

You have the right to information about the data stored by us, in particular, for what purpose the processing is carried out and how long the data is stored (Art. 15 GDPR). This right is limited by the exceptions of Section 34 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), according to which the right to information does not apply in particular if the data is stored only due to legal retention requirements or for data security and data protection control,the provision of information would require a disproportionate effort and misappropriation of the data processing is prevented by appropriate technical and organisational measures.

Right to rectify inaccurate data

You have the right to request the rectification of your data without delay if it should be inaccurate (Art. 16 GDPR).

Right to erasure

You have the right to request the erasure (Art. 17 GDPR) of your data. These conditions exist in particular if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have revoked a consent without the data processing may not be continued on another legal basis, d) you successfully object to the data processing, or e)the obligation to delete your data based on the law of the EU or an EU member state, to which we are subject, exists. This right is subject to the restrictions set out in Section 35 BDSG, according to which the right to erasure may be waived, in particular if, in the case of non-automated data processing, there is a disproportionate effort for erasure and your interest in erasure is to be regarded as low.

Right to restriction of processing

You have the right to request restriction of the processing of your data (Art. 18 GDPR). This right exists in particular if a) the accuracy of the data is disputed, b) you request restricted processing instead of erasure under the conditions of a legitimate request for erasure, c) the data is no longer necessary for the purposes pursued by us, but you need the data to assert,exercise or defend legal claims or d) the success of an objection is still disputed.

Right to data portability

You have the right to obtain your data that were provided to us in a structured, common, machine-readable format (Art. 20 GDPR), if the data has not already been deleted.

Right to object

You have the right to object to the processing of your data at any time on grounds relating to your particular situation (Art. 21 GDPR). We will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights, and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

According to Art. 7 para. 3 GDPR, you have the right to revoke your consent at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of the previous consent. The only consequence of the revocation is that we may no longer continue the data processing based on this consent for the future. However, please note that we may not be able to provide certain services or additional services if we are not able to process the data required for this purpose.

Right in relation to automated decision making: You have the right (Art. 22 GDPR) not to be subject to automated decision making, including profiling, that has legal consequences or similar significant effects for you.We generally do not use automated decision making or profiling. However, if you have been subjected to automated decision-making and do not agree with the outcome, you may contact us in the ways set out below and ask us to review the decision.

Right to complain to the supervisory authority

You have the possibility to contact the above-mentioned data protection officer (if appointed) or a data protection supervisory authority if you believe that the processing of your data violates the GDPR.