Data Protection Statement
Contact details of the company
Gewerbepark Birkenhain 1
Phone: +49 6051 8846-0
Fax: +49 6051 8846-480
Contact details of the Data Protection Officer
Thomas Kolb LL.M., external Data Protection Officer
Fax: +49 621/121829-32
Welcome to our website
The protection of your data is very important to us. We will therefore explain to you below how we process your personal data.
Categories of data; data sources
As a matter of principle, we process the personal data that you provide us within the context of an inquiry, a pre-contractual legal relationship or a contractual relationship. In individual cases, and as far as this is necessary within the scope of the fulfilment of the contract, we also process personal data which have been acquired admissibly from publicly accessible sources (e.g. commercial register, debtor’s register, Internet) or which have been communicated to us admissibly by third parties (e.g. credit agencies).
This may include information relating to your person (name, date of birth, legal representative), address data (postal address, e-mail address, contact person), financial data (name of accountholder, IBAN, BIC), contract data (contract period, services purchased, cancellations), communication data (correspondence, e-mail correspondence), advertising data (advertising correspondence) and other, comparable categories of personal data.
General processing of visitor data
The use of our website is principally possible without providing personal data.
We would nevertheless like to point out that in this case, too, access data are collected and stored in the server logfiles. This includes, in particular, the following data:
- type and version of your browser
- operating system
- the website from which you are visiting us
- date and time of your visit
- your IP address
In principle we evaluate this information in anonymised form to prevent attacks (processing of personal data in the context of a balancing of interests pursuant to point (f) of the first subparagraph of Article 6 (1) GDPR) and erase it thereafter. As a matter of principle, the data cannot be traced back to personally you by us, neither are the data combined with other data.
In case of concrete indications of unlawful usage, however, we reserve the right to evaluate the data retroactively.
Various cookies may be used during your visit to our website. Cookies are text files which are placed on your computer and enable, amongst others, an unimpeded visit to our website.
Cookies are in part necessary to be able to provide our website functionality. Such function cookies are used on the basis of a legitimate interest in enabling the use of our website including its functions, pursuant to point (f) of the first subparagraph of Article 6 (1) GDPR.
We employ other – nonessential – cookies on the basis of point (a) of the first subparagraph of Article 6 (1) GDPR, and thereby on the basis of your consent. The purposes of the respectively employed cookies include:
- to allow the use of special functions,
- to analyse usage behaviour (in a pseudonymised manner) in order to optimise our website,
- to improve the attractiveness and user-friendliness of our website,
- to improve our offering and to tailor it to meet users’ needs.
Non-essential cookies are used in the context of so-called usage profiles. In doing so, you are assigned a pseudonym under which the usage data are stored. Your IP address is used exclusively in truncated form, thereby fundamentally preventing the establishment of an association between the usage profile and a specific person.
The majority of the cookies we use are erased from your computer again after your browser is closed (session cookies). Other types of cookies may remain on your computer, and enable us to recognise your computer again by means of the saved user profile when you next visit our website (persistent cookies).
When using our website, you can declare your consent by confirming this via our cookie banner.
You may withdraw your consent, once given, at any time with effect for the future.
If you contact us by email or via a form provided on our website, the personal data you provide us will be processed by us to answer your inquiry. We will erase the data once your inquiry has been conclusively dealt with, provided that the data are not subject to a contractual or statutory obligation to retain them.
Processing of personal data subject to consent (point (a) of first subparagraph of Article 6 (1) GDPR)
In individual cases, we will request your consent to certain specifically stated purposes connected with the data collection (e.g. inquiry via a contact form, opening a customer account, ordering a newsletter, use of advertising cookies and analytics cookies).
Your data will only be processed if you give us your consent. Under certain circumstances, the handling of your request may not be possible without you giving us your consent, and the handling of your request must therefore be made conditional thereon. The data will be processed exclusively for the purpose(s) expressly stated.
You may withdraw your given consent at any time with effect for the future. The withdrawal has no influence on the lawfulness of the processing before your consent was withdrawn.
If you send us an inquiry via our contact form, we will process the data you provide us – by virtue of your consent pursuant to point (a) of the first subparagraph of Article 6 (1) GDPR – to handle your inquiry. As a matter of principle, your data will be erased after your inquiry has been dealt with, provided that the data are not subject to a contractual or statutory obligation to retain them. If you send us information of a contractually relevant nature, we will transfer this to our system for existing customer relationships.
You may withdraw at any time with effect for the future your consent to our use of all your furnished contact data.
Processing of personal data for performance of contract (point (b) of first subparagraph of Article 6 (1) GDPR)
If you enter into a contract with us, we will use personal data to the extent needed for performance of contract and / or for implementing pre-contractual measures. The purposes of the data processing will be determined by the concrete contents of the contract which can be found in the contractual documents.
Processing of personal data in the context of a balancing of interests (point (f) of first subparagraph of Article 6 (1) GDPR)
We process personal data in the context of a balancing of interests provided that this is necessary to safeguard our own interests and / or the interests of third parties.
Examples of such purposes are:
- ensuring our IT security and the integrity of our systems
- preventing or investigating criminal offences
- asserting / defending against legal claims.
Cross-border transmission of data (point (a) of the first sentence of Article 49 (1) GDPR)
Where personal data are transmitted to a third country, we comply with the relevant statutory data protection guidelines in that the data are transmitted on the basis of standard contractual clauses or we obtain your consent to the data transmission in accordance with the point (a) of the first sentence of Article 49 (1) GDPR.
Data may be transmitted, for example, in connection with the use of Google, LinkedIn, HubSpot and Vimeo services. Due to the use of these services, data are transmitted to the United States of America.
The data will only be transmitted if you have given us your consent.
The specific details of the recipient, the personal data transmitted and the purpose of the data transmission can be found in the explanations for the respective processing below.
A risk arises for your personal data as a result of the data transmission. In the United States of America, there is no level of data protection comparable to EU law (GDPR) and / or national regulations (e.g. BDSG) or sufficient guarantees that ensure the maintenance of an adequate level of data protection. Moreover, due to the U.S. legal situation, any deficits cannot be compensated for by other specific guarantees. Nevertheless, depending on the service concerned, standard contractual clauses may be used in some cases to achieve the greatest possible protection of your data. Further details as to whether standard contractual clauses are used can be found in the explanations for the respective services.
You can withdraw your consent at any time with effect for the future. The withdrawal has no influence on the lawfulness of the processing performed up until the time of the withdrawal.
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called “cookies” – text files that are placed on your computer to enable analysis of your website usage.
In the context of using cookies, we rely on your consent to the data collection. Consequently, if you do not consent to the use of data when you first visit our website, we will not collect your usage behaviour and other personal data that could arise during your visit to the website and will therefore also not use them for usage analytics and subsequent remarketing activities. This also applies to third-party cookies such as the Google Analytics plugin.
If you consent to the processing of your data within the scope of the opt-in procedure (confirmation of the cookie banner), the processing is permitted by virtue of your given consent in accordance with point (a) of the first sentence of Article 6 (1) GDPR; as such, we use your data, to the extent of your given consent, for the purposes of marketing and the evaluation of your usage behaviour.
The information generated by the cookie about your use of this website is usually transmitted to a Google LLC server in the USA and stored there. Information about the use of this website and your IP address may possibly be transmitted to a Google server in the USA and also stored there. The information generated by the cookie about your use of this website, and possibly also information about your IP address, is usually transmitted to a Google LLC server in the USA and stored there. The data transmission is permitted by virtue of your given consent in accordance with point (a) of the first sentence of Article 49 (1) GDPR. In the event that IP anonymization is enabled on this website, however, Google will truncate your IP address beforehand within the Member States of the European Union or in other States party to the Agreement on the European Economic Area. Only in exceptional cases will Google transmit the full IP address to a Google server in the USA and truncate it there.
On behalf of this website’s operator, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website activity and Internet usage. The IP address which your browser transmits in the context of Google Analytics will not be combined with other data from Google, unless you have configured the web and app activity settings in the settings of a Google account to allow Google to perform such a combination.
On our website, Google Analytics has been extended by the code “anonymizeIp” in order to be able to record IP addresses anonymously (so-called IP masking).
LinkedIn Insight Tag
This website uses the analytics and tracking tool of the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
This enables the collection of data from visitors to our website, such as IP address, browser, timestamp and pages viewed. Collected data are encrypted and anonymized within seven days. Anonymized data are erased after 90 days. LinkedIn does not transmit any personal data to us. All that occurs is summarized reporting about the website target group and advertisement performance.
A further available possibility is that of retargeting website visitors. We can use these data to place targeted advertisements outside our own website without identifying the individual website visitor.
We process the data by virtue of your consent declared in the cookie banner when you call up the website, in accordance with the point (a) of the first sentence of Article 6 (1) GDPR. The data transmission to the USA is permitted by virtue of your given consent in accordance with the point (a) of the first sentence of Article 49 (1) GDPR.
LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
We also use the analytics tool HubSpot on our website. This tool is operated by HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA.
HubSpot enables us to analyse your use of our website. For this purpose, cookies are stored on your computer and information such as IP address, location, type of browser, duration of visit and pages viewed is evaluated.
In the process, your personal data are transmitted to the USA. This occurs on the basis of standard contractual clauses in accordance with point (c) of Article 46 (2) GDPR. Standard contractual clauses are clauses that have been pre-approved by the EU Commission and intend to ensure that your data are duly protected outside the ambit of GDPR (i.e. outside the EU and EEA). Moreover, the data transmission is permitted by virtue of your given consent in accordance with point (a) of the first sentence of Article 49 (1) GDPR.
You can find HubSpot’s data processing terms and conditions (Data Processing Agreement), which reflect the EU Commission’s standard contractual clauses, at https://legal.hubspot.com/dpa.
Use of Vimeo
On some of our web pages, we use a plugin from the provider Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011 (“Vimeo”), USA.
Information about the use of this website and your IP address is transmitted to a Vimeo server in the USA and also stored on that server. The data transmission is permitted by virtue of your given consent in accordance with point (a) of the first sentence of Article 49 (1) GDPR.
We have no knowledge about the downstream usage of the data by Vimeo. For more information about the data privacy standard of Vimeo LLC, please visit the following link: https://vimeo.com/privacy.
Use of Google Fonts
To display external fonts, we use Google Fonts in so-called “Online” mode. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this connection, a server call is made, during which data (including your IP address) and the page from which the call is made are transmitted to a Google server in the USA. Details of how Google processes these data are not known to us.
The data transmission to the USA is permitted by virtue of your given consent in accordance with the point (a) of the first sentence of Article 49 (1) GDPR. The processing is necessary for the proper presentation of our website and is therefore in our interest as well as yours. The legal basis of the processing is therefore point (f) of the first sentence of Article 6 (1) GDPR, namely a legitimate interest in having a properly functioning website for presenting the company externally.
We use a plugin of the Internet service Google Maps on our website. The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
If you agree to the processing of your data by the “Google Maps” plugin by clicking the “Load map” button, you give your consent to the processing of your personal data in accordance with point (a) of the first sentence of Article 6 (1) GDPR. Information about the use of this website and your IP address will be transmitted to a Google server in the USA and also stored on that server. The data transmission is permitted by virtue of your given consent in accordance with point (a) of the first sentence of Article 49 (1) GDPR. In the context of using Google Maps, a contract on joint responsibility within the meaning of Article 26 GDPR was concluded between us and Google (see: https://privacy.google.com/intl/en_en/businesses/mapscontrollerterms/).
Links to other websites
Our website contains links to other external websites (Facebook, Twitter, LinkedIn and YouTube). These are pure links and not plugins. If you click on a link, you will call up the corresponding website and be forwarded to it.
In addition, the providers of the aforementioned websites process your personal data for their own purposes. We can make no claims about the nature of the processing, the purposes or the storage period of your personal data by these providers. Please refer to the data privacy policies of the respective provider for further details about how these process your personal data. They can be found at:
Forwarding of data
We will forward your data to third parties if you have given us your consent to do so, or if this is necessary for fulfilling contractual or legal obligations.
Data may also be forwarded within the CID Group; the CID Group consists of the following companies:
- CID Consulting GmbH domiciled in Germany
- CID Media GmbH domiciled in Germany
- CID Slovakia s.r.o. domiciled in Slovakia
- CID Lietuva UAB domiciled in Lithuania
- CID Mobility GmbH domiciled in Germany
- CID Ukraine TOV domiciled in Ukraine
- CID Digital Services doo domiciled in Slovenia
- CID Italia Srl domiciled in Italy
- CID Austria GmbH domiciled in Austria
- CID Holding Corporation domiciled in USA
- CID Digital Services LLC domiciled in USA
- CID Digital Services Ltd. domiciled in United Kingdom
Data are forwarded within the Group, to the extent that this is necessary for fulfilling contractual or legal obligations (points (b) and (c) of the first subparagraph of Article 6 (1) GDPR) or where a legitimate interest exists in a Group-wide forwarding of the data (point (f) of the first subparagraph of Article 6 (1) GDPR).
Data are always forwarded on the basis of a legal standard or an appropriate contract pursuant to Article 26 or Article 28 GDPR which ensures that all data protection requirements are observed. Where data are forwarded to a third state, we always ensure that the requirements of Article 44 et seq GDPR are fulfilled, and that an adequate level of data protection is thus maintained.
Apart from that, data will be forwarded in cases required by law, such as in the case of a statutory duty to provide information to law enforcement agencies.
Rights of data subjects
As the data subject of the processed personal data, you have the following rights:
You have the right to demand confirmation as to whether personal data concerning your person are processed. Where this is the case, you have the right to information about the personal data and the specific information set out under Article 15 GDPR.
You have the right to demand of the controller that inaccurate personal data concerning your person be rectified without undue delay and that any incomplete personal data be completed (Article 16 GDPR).
You have the right to demand of the controller that personal data concerning your person be erased without undue delay provided that one of the specific grounds set out under Article 17 GDPR applies, e.g. when the data are no longer needed for the pursued purpose (right to erasure).
You have the right to demand of the controller that processing be restricted where one of the conditions set out under Article 18 GDPR is satisfied, e.g. where you have objected to the processing, for the duration of the investigation by the controller.
You have the right to object at any time to processing of personal data concerning your person on grounds relating to your particular situation. The controller with then no longer process the personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your own interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims (Article 21 GDPR).
With respect to the exercise of your rights, you can contact us at any time using the contact options provided on our website.
Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to your person infringes GDPR (Article 77 GDPR). You may exercise this right with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. In the regional state of Hesse (Germany), the competent supervisory authority is the Hessian Commissioner for Data Protection and Freedom of Information (Hessischer Beauftragter für Datenschutz und Informationsfreiheit).
For further information, please visit the service portal of the Regional State of Hesse at the following link (available in German only): https://datenschutz.hessen.de/.
You may naturally also contact us directly, should you be dissatisfied or have questions about data protection. The fastest way is to get in touch with our internal contact for data protection matters whose contact details are:
Thomas Kolb LL.M., external Data Protection Officer
Fax: +49 (0)621 121829-32
Obligation to provide data
You are principally under no obligation to provide data. It may, however, be necessary to provide data in order to use certain functions or enter into a contract. If you do not provide the required data in such cases, it may be impossible for you to use certain functions or services, or for you to enter into a contract.