Data Protection

1) Information about the collection of personal data and contact details of the controller

We are pleased that you are visiting our website and thank you for your interest. The following provides information on how your personal data is handled when you use our website. Personal data means all data with which you can be personally identified.

1.2 The controller for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Deutor Cybersecurity Solutions GmbH
At the Tower 44
53721 Siegburg

Telephone: +49 (0) 2241 – 2674861
E-mail in**@****or.de

The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string „https://“ and the padlock icon in your browser bar.

2) Data collection when visiting our website

When you simply use our website for informational purposes, meaning you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called „server log files“). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

– Our visited website

Date and time of access

– Amount of data sent in bytes

– Source/Reference from which you arrived at the page

– Browser used

– Operating system used

– IP address used (if applicable: in anonymised form)

Processing is carried out on the basis of our legitimate interest in improving the stability and functionality of our website, in accordance with Article 6(1)(f) of the GDPR. The data will not be passed on or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

Hosting

Hosting by Strato

This website is hosted by an external service provider (host). The host is Strato AG (hereinafter referred to as „Strato“), Pascalstraße 10, 10587 Berlin, Germany. Personal data collected on this website is stored on Strato's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.
Strato is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR).
Strato will only process your data to the extent necessary for the fulfilment of its contractual obligations and will follow our instructions regarding this data. Further processing on servers other than those mentioned above by Strato will only take place within the framework set out below.
Conclusion of a contract for order processing
To ensure data protection-compliant processing, we have concluded a data processing agreement with Strato. More information on how user data is handled can be found in Strato's privacy policy: https://www.strato.de/datenschutz/.

4) Biscuits

To make visiting our website attractive and enable the use of certain functions, we use what are known as cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us to recognise your browser on your next visit (so-called persistent cookies). If cookies are set, they collect and process specific user information within an individual scope, such as browser and location data, as well as IP address values. Persistent cookies are automatically deleted after a predetermined period, which can vary depending on the cookie. You can find the duration of storage for each cookie in the overview of your web browser's cookie settings.

Partly, cookies are used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping basket for a later visit to the website). If personal data is processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Please note that you can adjust your browser settings to inform you about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers at the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/de/latest/web-preferences/#Cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact and CRM System Salesforce

5.1 Getting in Touch

When you contact us (e.g. via contact form or email), personal data will be collected. The data collected in the case of a contact form is evident from the respective contact form. This data will be stored and used exclusively for the purpose of responding to your request or for contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been finally processed. This is the case when circumstances indicate that the matter in question has been finally resolved and provided that there are no legal retention obligations contrary to this.

5.2 CRM System Salesforce

This website uses the CRM system of the provider Salesforce.com, The Landmark at One Market, Suite 300, San Francisco, CA 94105 USA („Salesforce“). When you contact us via the contact form, email, telephone or social media, the details of the enquirer will be processed insofar as this is necessary to answer the enquiry. The data processed includes your master data (e.g. name, address), contact details (e.g. email, telephone number), your entries in the online form, usage data (e.g. access times, websites visited), metadata (e.g. device information, IP addresses). The purpose of processing the aforementioned data is the processing and management of contact details, as well as answering enquiries.

If personal data is processed in this context, the data processing is carried out for statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6(1)(f) GDPR. Further legal basis for data processing that is applied within the scope of Salesforce is Art. 6(1) sentence 1(b) GDPR for contract fulfilment and processing of pre-contractual inquiries.

We have concluded a data processing agreement with Salesforce, with which we oblige Salesforce to protect our customers' data and not pass it on to third parties.

You can permanently object to the collection of data by Salesforce using cookies and the setting of cookies by preventing the storage of cookies through your browser settings accordingly.

You can find further information about Salesforce's data protection provisions at the following internet address: https://www.salesforce.com/de/company/privacy/
Where legally required, we have obtained your consent for the processing of your data as described above, in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service in the „Cookie Consent Tool“ provided on the website.

6) Online appointment booking

SVOBe

Appointment booking, live chat system + video call, billing

We process your personal data as part of the online appointment booking process provided. You can see which data we collect for online appointments from the respective input form or the appointment request for making an appointment. If certain data is required in order to be able to make an online appointment, we will indicate this accordingly in the input form or appointment request. If we provide you with a free text field in the input form, you can describe your request in more detail there. You can then also decide for yourself which additional data you would like to enter. The data you provide will be stored and used exclusively for the purpose of making an appointment. When processing personal data that is necessary for the fulfilment of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by sending a message to the controller named at the beginning of this statement.

7) Registration and data processing upon opening a customer account and for contract processing

7.1 Registration

You can register on our website by providing personal data. The personal data processed for registration is evident from the input mask used for registration. We use the so-called double opt-in procedure for registration, meaning your registration is only complete once you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If your confirmation does not take place within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. You can provide all further information voluntarily by using our portal.
When you use our portal, we store your data required for contract fulfilment, including any payment method details, until you permanently delete your account. Furthermore, we store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all details in the protected customer area. The legal basis is Art. 6 (1) lit. f GDPR.

7.2 Data processing when opening a customer account and for contract processing

In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The data collected is evident from the respective input forms. You can delete your customer account at any time by sending a message to the above-mentioned address of the controller. We store and use the data you provide for contract processing. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with due consideration of tax and commercial retention periods and deleted upon expiry of these periods, unless you have expressly consented to further use of your data or further data use permitted by law has been reserved by us.

8) Use of customer data for direct marketing

Sign up for our email newsletter

By signing up for our email newsletter, you will regularly receive information about our offers. Your email address is the only mandatory piece of information for sending the newsletter. Providing further details is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending our newsletter. This means that we will only send you an email newsletter once you have explicitly confirmed that you consent to receiving newsletters. We will then send you a confirmation email, asking you to confirm by clicking on a corresponding link that you wish to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named at the beginning. Once you have cancelled your subscription, your e-mail address will be deleted from our newsletter mailing list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

9) Use of Social Media: Social Plugins

eRecht24 Safe Sharing Tool

The content on this website can be shared on social networks like Facebook, Twitter & Co. in compliance with data protection regulations. This page uses the eRecht24 Safe Sharing Tool for this purpose. This tool only establishes direct contact between the networks and users when the user actively clicks on one of these buttons. Clicking on the button constitutes consent within the meaning of Art. 6(1)(a) GDPR. This consent can be withdrawn at any time with future effect.

This tool does not automatically transmit user data to the operators of these platforms. If the user is logged into one of the social networks, an information window will appear when using the social buttons from Facebook, Twitter & Co., where the user can confirm the text before sending it.

Our users can share the content of this page on social networks in compliance with data protection regulations, without complete browsing profiles being created by the network operators.

9.2 Facebook Plugins (Like & Share Buttons)

This website incorporates plugins from the Facebook social network. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can recognise the Facebook plugins by the Facebook logo or the „Like“ button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When you visit this website, the plugin establishes a direct connection between your browser and the Facebook server. This allows Facebook to receive information that you have visited this website with your IP address. If you click on the Facebook „Like button“ while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how Facebook uses it. You can find further information on this in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.

If you do not wish for Facebook to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.

The use of Facebook plugins is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the widest possible visibility on social media. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be withdrawn at any time.

9.3 X (Twitter) Plugin

This website integrates features of the service X (Twitter). These features are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using X (Twitter) and the „Retweet“ function, the websites you visit are linked to your X (Twitter) account and made known to other users. Data is also transferred to X (Twitter) during this process. Please note that as the provider of these pages, we have no knowledge of the content of the transferred data or its use by Twitter. Further information on this can be found in Twitter's privacy policy at: https://twitter.com/de/privacy.

The use of the X (Twitter) plugin is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the widest possible visibility on social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be withdrawn at any time.

You can change your privacy settings on X (Twitter) in the account settings at https://twitter.com/account/settings.

9.4 LinkedIn Plugin

This website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Every time a page on this website containing LinkedIn features is accessed, a connection is made to LinkedIn's servers. LinkedIn will be informed that you have visited this website with your IP address. If you click the LinkedIn „Recommend“ button and are logged into your LinkedIn account, LinkedIn will be able to link your visit to this website to you and your user account. Please note that we, as the providers of the pages, have no knowledge of the content of the data transmitted or its use by LinkedIn.

The use of the LinkedIn plugin is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in maximum visibility on social media. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be withdrawn at any time.

Further information on this can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

9.5 XING Plugin

This website uses functions of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Whenever one of our pages containing XING features is accessed, a connection is made to XING servers. To our knowledge, no personal data is stored in this process. In particular, no IP addresses are stored, nor is user behaviour analysed.

The storage and analysis of the data are carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the broadest possible visibility on social media. Where appropriate consent has been requested, processing shall be exclusively on the basis of Art. 6 (1) (a) GDPR; consent can be withdrawn at any time.

You can find further information on data protection and the XING Share button in the XING data protection statement at: https://www.xing.com/app/share?op=data_protection.

Our social media presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. You can find the specific social networks we use below.

Social networks such as Facebook, Twitter, etc can usually analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection occurs, for example, via cookies that are stored on your end device or by capturing your IP address.

Using the data collected in this way, operators of social media portals can create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both within and outside of the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot fully trace all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Please refer to the terms of use and data protection provisions of the respective social media portals for details.
Legal basis

Our social media presences are intended to ensure the most comprehensive internet presence possible. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on differing legal grounds which are to be provided by the social network operators (e.g., consent within the meaning of Art. 6(1)(a) GDPR).

Responsible party and assertion of rights

When you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the social media platform operator for the data processing operations triggered by this visit. You can generally assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both towards us and towards the operator of the respective social media portal (e.g. towards Facebook).

Please note that despite our joint responsibility with the social media platform operators, we do not have full influence over the data processing operations of the social media platforms. Our capabilities are largely determined by the corporate policy of the respective provider.

Storage duration

The data we collect directly from you via our social media presence will be deleted by our systems as soon as the purpose for its storage ceases to apply, you request its deletion, you withdraw your consent for storage, or the purpose for data storage ceases to apply. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We have no influence over the storage duration of your data, which is held by the social network operators for their own purposes. For details on this, please consult the social network operators directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

We have entered into a joint controller agreement (Controller Addendum) with Facebook. This agreement specifies for which data processing operations we or Facebook is responsible when you visit our Facebook Page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising preferences yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfers to the USA are based on the EU Commission's standard contractual clauses. More details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Twitter

We use the microblogging service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your Twitter privacy settings yourself within your user account. To do this, click on the following link and log in: https://twitter.com/personalization.

Data transfers to the USA are based on the EU Commission's standard contractual clauses. Further details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

Details can be found in Twitter's Privacy Policy: https://twitter.com/de/privacy.

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Further details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de.

11) Use of Social Media: Videos

Using YouTube videos

This website uses the YouTube embed function to display and play videos from the provider „YouTube“, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“).

The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider „YouTube“ uses cookies to collect information about user behaviour. According to information from „YouTube“, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behaviour. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyses them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.

Regardless of whether embedded videos are played, a connection to the Google network is established every time this website is accessed, which can trigger further data processing operations beyond our control.

Further information on data protection with „YouTube“ can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy

Where legally required, we have obtained your consent for the processing of your data as described above, in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service in the „Cookie Consent Tool“ provided on the website.

12) Web analysis services

Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“). Google (Universal) Analytics uses „cookies“, which are text files placed on your device to help analyse your use of the website. The information generated by the cookie about your use of this website (including your abbreviated IP address) is usually transferred to a Google server and stored there. This may also involve transferring data to Google LLC's servers in the USA.
This website uses Google (Universal) Analytics with the extension „_anonymizeIp()“, which ensures anonymised IP address collection by shortening it and thus excludes direct personal identification. Through this extension, your IP address will be previously shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC. server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with further services related to website and internet usage. The IP address transmitted by your browser within the scope of Google (Universal) Analytics will not be merged with other Google data.
Google Analytics, via a specific feature known as „demographics“, also enables the creation of statistics concerning the age, gender, and interests of website visitors, based on an analysis of interest-based advertising and the inclusion of third-party information. This allows for the definition and differentiation of website user groups for the purpose of marketing measures being targeted and optimised to specific audiences. However, datasets recorded via „demographics“ cannot be assigned to a specific individual.

All of the above-described processing activities, particularly the setting of Google Analytics cookies for reading information from the device used, will only be carried out if you have given us your explicit consent to do so in accordance with Art. 6 (1) (a) GDPR. Without this consent, Google Analytics will not be used during your visit to the website.
You can withdraw your consent at any time with effect for the future. To exercise your withdrawal, please deactivate this service in the „Cookie Consent Tool“ provided on the website. We have concluded a contract processing agreement with Google for the use of Google Analytics, under which Google is obliged to protect the data of our site visitors and not to pass it on to third parties.
For the transfer of data from the EU to the USA, Google here relies on so-called Standard Data Protection Clauses of the European Commission, which are intended to ensure compliance with European data protection standards in the USA.
Further details on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de

13) Online Marketing, Tools & Miscellaneous

13.1 Pardot Marketing Automation Services

This website uses the services of the Pardot Marketing Automation System, a software-based marketing service from Pardot LLC, The Landmark at One Market, Suite 300, San Francisco, CA 94105 USA („Pardot“). Pardot is a subsidiary of the parent company „Salesforce.com“.

Using Pardot, various customer service and customer management functions can be digitally synchronised and handled via a central user interface. This enables Pardot to generate leads, manage central email and newsletter marketing, manage contacts by dividing users into groups with the help of CRM, and manage contact forms.

To fulfil its various functions, Pardot uses cookies, small text files that are stored locally in your web browser's cache on your end device, enabling us to analyse your use of the website. The cookies collect certain information, such as the IP address, location, time of page access, among others. Information collected by Pardot is stored on Pardot's servers and analysed on our behalf.

If personal data is processed in this context, the data processing is carried out for the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6(1)(f) GDPR. Further legal bases for data processing that are applied within the scope of specific Pardot services (such as the necessity of explicit consent in accordance with Art. 6(1)(a) GDPR for sending newsletters) remain unaffected by this.

We have concluded a data processing agreement with Pardot, which obliges Pardot to protect our customers' data and not to disclose it to third parties.

You can permanently object to Pardot's data collection via cookies and the setting of cookies by preventing cookie storage through your browser settings accordingly.

Further information regarding Pardot's data protection provisions can be found at the following internet address: https://www.salesforce.com/de/company/privacy/

13.2 Borlabs

This website uses the cookie consent tool Borlabs from the provider Mr Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg („Borlabs“), which sets two technically necessary cookies („borlabsCookie“ and „borlabsCookieUnblockContent“) to save your cookie preference. The aforementioned processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in providing cookie preference management for website visitors.

„Borlabs Cookie“ does not process any personal data. Your selected preference, chosen when you entered the website, is stored in the „borlabsCookie“ cookie. The „borlabsCookieUnblockContent“ cookie stores which (external) media/content you want to have permanently unblocked. If you wish to revoke these settings, simply delete the cookies in your browser. When you re-enter/reload the website, you will be asked for your cookie preference again.

13.3 Google reCAPTCHA

We also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“) on this website. This function is primarily used to distinguish whether an input is made by a natural person or is made abusively by machine and automated processing. The service includes sending the IP address and, if necessary, other data required by Google for the reCAPTCHA service to Google, and is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in determining individual responsibility on the internet and preventing abuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA.

Further information about Google reCAPTCHA, as well as Google's privacy policy, can be viewed at: https://www.google.com/intl/de/policies/privacy/

Where legally required, and in accordance with Article 6(1)(a) of the GDPR, we have obtained your consent for the processing of your data as described above. You may withdraw your consent at any time with future effect. To exercise your right of withdrawal, please follow the procedure for lodging an objection as described above.

14) Rights of the Data Subject

14.1 The applicable data protection law grants you comprehensive data subject rights against the controller regarding the processing of your personal data (rights of access and intervention), which we will inform you about below:

- Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries;

– Right to rectification, Article 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of your incomplete data stored by us;

– Right to erasure under Article 17 GDPR: You have the right to request the erasure of your personal data where the conditions of Article 17(1) GDPR are met. However, this right does not exist, in particular, if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;

– Right to restriction of processing under Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data, as long as the accuracy of your data, which you dispute, is being verified, if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the establishment, exercise or defence of legal claims, after we no longer require this data after the purpose has been achieved, or if you have objected on grounds relating to your particular situation, as long as it has not yet been determined whether our legitimate grounds override yours;

– Right to information according to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or is associated with disproportionate effort. You have the right to be informed about these recipients.

– Right to data portability under Art. 20 GDPR: You have the right to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request its transmission to another controller, insofar as this is technically feasible;

– Right of withdrawal of consent granted, in accordance with Article 7(3) GDPR: You have the right to withdraw consent granted at any time with future effect. In the event of withdrawal, we will immediately delete the data concerned, provided that further processing cannot be based on a legal basis for processing without consent. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent up to the point of withdrawal;

– Right to lodge a complaint pursuant to Art. 77 GDPR: Notwithstanding any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

14.2 RIGHT OF OBJECTION

If we process your personal data within the framework of a balancing of interests based on our overriding legitimate interest, you have the right to object to this processing at any time, for reasons arising from your particular situation, with effect for the future.

EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING PURPOSES. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

15. Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention periods (e.g. commercial and tax law retention periods).

When personal data is processed based on explicit consent pursuant to Art. 6 (1) lit. a GDPR, this data will be stored for as long as the data subject withdraws their consent.

Are there statutory retention periods for data processed within the scope of contractual or contract-related obligations based on Art. 6(1)(b) GDPR, will this data be routinely deleted after the expiry of the retention periods, provided it is no longer required for the fulfilment or initiation of contracts and/or no legitimate interest on our part for further storage continues to exist.

When processing personal data based on Article 6(1)(f) of the GDPR, this data will be stored until the data subject exercises their right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defence of legal claims.

When processing personal data for direct marketing purposes on the basis of Article 6 (1) (f) of the GDPR, this data will be stored until the data subject exercises their right to object under Article 21 (2) of the GDPR.

Unless otherwise stated in the other information of this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Status: 24.09.2020