Privacy Statements

Data Protection Notice

This document is a translation of the original german version (conterra.de/datenschutzhinweise). In case of differences the german version is compulsory.

 

1 Name and contact information of the responsible party

 

The responsible party, in terms of the EU General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions, is:

 

con terra GmbH
Martin-Luther-King-Weg 20
48155 Münster, Germany

 

+49 251 59689 300

 

info@conterra.de
www.con-terra.com

 

2 Contact data of the Data Protection designee

 

The Data Protection designee of the responsible party is:

 

DataCo GmbH
Dachauer Strasse 65
80335 Munich, Germany

 

www.dataguard.de/en/home/
datenschutzbeauftragter@conterra.de

 

3 General data processing information

 

3.1 Scope of the personal data processing

 

We process the personal data of our users only to the extent necessary to provide a functionally capable website as well as our content and services. The processing of our users’ personal data is consistently only done with the consent of the user. An exception is only made in those cases in which the prior obtainment of consent is not possible due to actual circumstances and the processing of the data is required by law.

 

3.2 The legal basis for the processing of personal data

 

Insofar as we have obtained the consent of the person concerned for the personal data processing operations, Art. 6, Sect. 1, Line 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

 

With regard to the processing of personal data necessary for the fulfilment of a contract to which the contractual party is the person concerned, Art. 6, Sect. 1, Line 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

 

Insofar as the processing of personal data is required for compliance with a legal obligation to which our company is subject to, Art. 6, Sect. 1, Line 1 lit. c of the GDPR serves as the legal basis.

 

In the event that the vital interests of the person concerned or another natural person necessitate the processing of personal data, Art. 6, Sect. 1, Line 1 lit. d of the GDPR serves as the legal basis.

 

If the processing is necessary to uphold a legitimate interest of our enterprise or that of a third party, and this interest does not outweigh the interests, fundamental rights and liberties of the person concerned, then Art. 6, Sect. 1, Line 1 lit. f of the GDPR serves as the legal basis for the processing.

 

3.3 Data deletion and storage duration

 

The personal data of the person concerned will be deleted or blocked as soon as the purpose for its storage no longer exists. In addition, data may be stored if required by provisions of European or national legislators in EU statutory regulations, laws, or other rules to which the responsible party is subject to. A blocking or deletion of data is also carried out even if the storage period specified by the stated standards expires, unless there is a need for further storage of the data to conclude of fulfil a contract.

 

4 Rights of the person concerned

 

If your personal data is to be processed, you are a person concerned in terms of the GDPR and you have the following rights vis-à-vis the responsible party:

 

4.1 Right to information

You can request a confirmation from the responsible party as to whether personal data pertaining to you is being processed.

 

If processing of this nature is taking place, you can request the following information from the responsible party:

 

  1. The purposes for which the personal data is being processed
  2. The categories of personal data which are being processed
  3. The recipients and categories of recipients to whom the personal data has been disclosed or is to be disclosed
  4. The planned storage duration of the personal data pertaining to you or, if specific details or are not possible, the criteria for determining the storage duration
  5. The existence of a right to correction or deletion of personal data pertaining to you, of the right to restriction of the processing by the responsible party, or a right of objection against this processing
  6. The existence of a right of complaint to a supervisory authority
  7. All available information about the origin of the data if the personal data was not obtained from the person concerned
  8. The existence of any automated means of decision-making, including profiling as per Art. 22 Sects. 1 and 4 of the GDPR and – at least in these cases – meaningful information about the underlying logic involved and the scope and intended effects of such processing for the person concerned

 

You have the right to request information as to whether or not your personal data is being conveyed to a third country or an international organization. In conjunction with this, you may request to be notified of any transmission, based on the applicable guarantees as per Art. 46 of the GDPR.

 

4.2 Right to correction

 

You have a right to correct and/or complete your personal data vis-à-vis the responsible party, inasmuch as the processed personal data relating to you is inaccurate or incomplete. The responsible party must undertake the correction without delay.

 

4.3 Right to restriction of the processing

 

Under the following conditions, you can require that the processing of your personal data be restricted:

 

If you disagree with the accuracy of the personal data pertaining to you for a period for which the responsible party is able to verity the correctness of the personal data

 

The processing is unlawful and you reject the deletion of the personal data and instead require restriction of the use of your personal data

 

The party responsible for the personal data no longer requires it for processing purposes, but you still require it to exercise, enforce, or defend legal claims, or

 

If you filed an objection to the processing in accordance with Art. 21, Sect. 1 of the GDPR, and it still has not yet been decided as to whether the legitimate reasons of the responsible party outweigh your reasons.

 

If the processing of personal data pertaining to you has been restricted, then this data may only be processed – with the exception of its being stored – with your consent or to exercise, enforce, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

 

If the processing restriction was put into effect according to the aforementioned prerequisites, you will be informed by the responsible party before the restriction is lifted.

 

4.4 Right to deletion

 

4.4.1 Obligatory deletion

 

You can require that the responsible party promptly deletes personal data pertaining to you; the responsible party is obliged to promptly delete this data inasmuch as one of the following reasons applies:

 

  1. The personal data is no longer necessary for the purposes for which it was originally collected or processed in any other manner.
  2. You withdraw your underlying consent to the processing as per Art. 6, Sect. 1, Line 1, lit. a or Art. 9, Sect. 2, lit. a of the GDPR and there is no other legal basis for the processing.
  3. You file an objection to the processing in accordance with Art. 21, Sect. 1, of the GDPR and there are no overriding legitimate reasons for processing, or you file an objection to the processing in accordance with Art. 21, Sect. 2 of the GDPR.
  4. The personal data pertaining to you has been processed unlawfully.
  5. The personal data pertaining to you is to be deleted in compliance with a legal obligation, or is necessary in accordance with European Union law or the laws of the member states, to which the responsible party is subject to.
  6. The personal data pertaining to you was collected with regard to services offered by an information services provider, in accordance with Art. 8, Sect. 1 of the GDPR.

 

4.4.2 Information to third parties

 

If the party responsible for the personal data has made it public and is obliged to delete it in accordance with Art. 17, Sect. 1 of the GDPR, then the responsible party shall, taking into account the available technology and the implementation costs, undertake appropriate measures, including those of a technical nature, to inform the parties responsible for data processing of the personal data, that you – as the affected person – have requested the deletion of all links to this personal data, or copies or reproductions of this personal data.

 

4.4.3 Exceptions

 

The right of deletion does not apply insofar as the processing is deemed as necessary

 

  1. to ensure exercising of the right to freedom of expression and information;
  2. to fulfil a legal obligation to the processing to which the responsible party is subject to in accordance with the European Union law or the laws of its member states, or the accomplishment of a task which lies in the public interest or in the exercise of governmental authority, and that has been conveyed to the responsible party;
  3. for reasons of public interest in the area of public health, in accordance with Art. 9, Sect. 2, lit. h and i, as well as with Art. 9, Sect. 3 of the GDPR;
  4. for archival purposes in the public interest, or for scientific, historical research, or statistical purposes, in accordance with Art. 89, Sect. 1 of the GDPR, insofar as the statute stated under Section a) foreseeably makes attainment of the objectives of this processing impossible or seriously impaired, or
  5. to exercise, enforce, or defend legal claims.

 

4.5 Right to notification

 

If you have exercised your right to require correction, deletion, or restriction of the processing by the responsible party, the responsible party is obligated to notify all recipients, to whom the respective personal data has been disclosed, of the correction or deletion of the data or the restriction of its processing, unless this proves impossible or would involve a disproportionate amount of effort.

 

You have the right to vis-à-vis the responsible party to be informed about these recipients.

 

4.6 Right to data portability

 

You have the right to receive the pertinent personal data which you have provided to us in a structured, commonly-used and machine-readable format. You also have the right to convey this data to a different responsible party without interference from the responsible party to whom the personal data was provided, if

 

  1. the processing is based on consent granted in accordance with Art. 6, Sect. 1, Line 1 lit. a of the GDPR or Art. 9, Sect. 2, lit. a of the GDPR, or on a contract in accordance with Art. 6, Sect. 1, Line 1 lit. b of the GDPR and
  2. the processing is carried out using automated procedures.

 

In exercising this right, you also have the right to ensure that personal data pertaining to you is conveyed directly from one responsible party to another responsible party, insofar as this is technically feasible. Civil liberties and rights of other persons may not be infringed on by this.

 

The right to data portability does not apply to the processing of personal data that is required for the accomplishment of a task in the public interest or in the exercising of governmental authority, which has been conveyed to the responsible party.

 

4.7 Right of objection

 

You have the right, based on reasons arising from the specific situation, to file an objection at any time against the processing of personal data pertaining to you, which have been obtained based on Art. 6, Sect. 1, Line 1 lit. e or f of the GDPR. This also applies to any profiling based on these provisions.

 

The responsible party no longer processes the personal data pertaining to you, unless the responsible party can prove there are imperative security reasons that justify the processing and which outweigh your interests, rights, and liberties, or the processing serves to exercise, enforce, or defend legal claims.

 

If the personal data is processed in order to propagate direct advertising, you have the right to file an objection against the processing of personal data for such advertising purposes at any time. This also applies to profiling, inasmuch as it is in conjunction with such direct advertising.

 

If you object to the processing for purposes of direct marketing, the personal data pertaining to you will no longer be processed for these purposes.

 

You have the option, in conjunction with the use of an information services provider – regardless of Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.

 

4.8 Right of withdrawal of the declaration of consent under data protection laws

 

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the processing of your data up to the time of your withdrawal of consent shall remain unaffected.

 

4.9 Specific automated decision-making, including profiling

 

You have the right to not be subject to a decision based solely on automated processing – including profiling – which would produce a legal effect on you or significantly impact you in a similar manner. This does not apply if the decision is:

 

  1. Necessary to conclude or fulfil a contract between you and the responsible party
  2. Permissible based on the laws of the European Union or its member states, to which the responsible party is subject to, and this legislation contains measures appropriate to safeguard your rights, liberties and legitimate interests, or
  3. Carried out with your express consent.

 

However, these decisions may not be made based on certain categories of personal data, pursuant to Art. 9, Sect. 1 of the GDPR, insofar as Art. 9, Sect. 2 lit. a or b of the GDPR do not apply and adequate measures for the protection of your rights, liberties, and legitimate interests have been taken.

 

With regard to the cases referred to in 1. and 3., the responsible party shall take appropriate measures in order to safeguard your rights, liberties, and legitimate interests, including at the very least the right to initiate the intervention by a person on the part of the responsible party, upon presentation of the own position and objection to the decision.

 

4.10 Right to file a complaint with a supervisory authority

 

Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the member state in which you reside, where your place of work is, or where the alleged infringement occurred, if you are of the opinion that the processing of the personal data pertaining to you violates the GDPR.

 

The supervisory authority with whom you have filed the complaint, notifies the complainants as to the status and the results of the complaint, including the possibility of a judicial remedy as per Art. 78 of the GDPR.

 

5 Website provision and the generation of log files

 

5.1 Description and scope of the data processing

 

When our website is accessed it automatically logs data and information from the computer system of the accessing computer.

 

The following data is thereby collected:

 

  1. Information about the browser type and version used
  2. The user’s operating system
  3. The user’s Internet service provider
  4. The IP address of the user
  5. The date and time of access
  6. Websites from which the user’s system was routed to our website
  7. Webpages that can be accessed by the user’s system through our website.

 

This data is stored in the log files on our system. There is no storage of this data together with other personal data of the user.

 

5.2 Purpose of the data processing

 

The temporary storage of the IP address by the system is necessary to enable provision of the webpage to the user’s computer. This requires that the user’s IP address is temporarily saved for the duration of the session.

 

The saving in log files is done to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

 

For these purposes, we also have a legitimate interest in the processing of data in accordance with Art. 6, Sect. 1, Line 1, lit. f of the GDPR.

 

5.3 Legal basis for the data processing

 

The legal basis for the temporary storage of data and log files is Art. 6, Sect. 1, Line 1, lit. f of the GDPR.

 

5.4 Duration of the data storage

 

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. With regard to the compiling of the data to make the website available, this occurs once the session is finished.

 

With regard to the storing of the data in log files, this is done after no more than seven days. Further storage beyond this is possible, however. In this case, the IP addresses of the users deleted or altered so that a correlation with the accessing client is no longer possible.

 

5.5 Possibility of objection and elimination

 

The collection of data to make our web presence available and the storage of the data in log files is absolutely necessary to operate the website. There is therefore no possible option for objection on the part of the user.

 

6 Use of cookies

 

6.1 Description and scope of the data processing

 

Our site uses cookies. Cookies are text files which are stored within the web browser or stored by the web browser on the user’s computer system. If a user accesses a website, consequently a cookie is stored on the user’s operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when you revisit the website.

 

We utilise cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a change of websites.

 

The following data is stored in and transmitted by the cookies:

 

  • Language settings
  • Login information

 

In addition, we use cookies on our website to analyse the surfing behaviour of users.

 

The following data can be transmitted this way:

 

  • Search terms entered
  • Frequency of page accessing
  • Use of website functions

 

The user data collected in this manner is pseudonymised by technical means. Therefore, correlation of the data to the accessing user is no longer possible. The data is not stored together with other personal data of the user.

 

When visiting our website, the user is informed about the use of cookies for analysis purposes and his or her consent for the processing of personal data used in this context is obtained (see also chapter 17.4 and 17.9). Reference to this privacy statement is made in conjunction with this.

 

6.2 Purpose of the data processing

 

The purpose for using technically required cookies is to simplify usage of webpages for the user. Some functions of our website could not be offered without the usage of cookies. To ensure usability, it is necessary that the browser is recognized again even after a page change.

 

We use cookies for the following functions:

 

  • Acquisition of language settings
  • Taking note of search terms

 

The user data collected by technically required cookies are not used to create user profiles.

 

Cookie analysis is carried out for the purpose of improving the quality of our website and its content. By analysing cookies we are able to find out how our website is being used and can continuously optimise our web presence.

 

The purpose for using technically required cookies is to simplify usage of webpages for the user. Some functions of our website could not be offered without the usage of cookies. To ensure usability it is necessary that the browser is recognized again even after a page change.

 

For these purposes, we also have a legitimate interest in the processing of data in accordance with Art. 6, Sect. 1, Line 1, lit. f of the GDPR.

 

 

6.3 Legal basis for the data processing

 

The legal basis for the processing of personal data using cookies which are technically necessary is established in Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

 

The legal basis for the processing of personal data through the use of cookies for analysis purposes is derived from the appropriate consent granted by the user, as per Art. 6, Sect. 1, Line 1, lit. a of the GDPR.

 

6.4 Duration of the data storage, possibility of objection and elimination

 

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, you as a user maintain full control over the use of the cookies. You are able to deactivate or restrict the transfer of cookies by modifying the settings in your web browser. Previously stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, however, you may no longer be able to fully use all of the functions of the website.

 

If you use a Safari browser as of version 12.1, cookies are automatically deleted after seven days. This also applies to opt-out cookies that prevent tracking measures.

 

7 Newsletter

 

7.1 Description and scope of the data processing

 

On our website it is possible to subscribe or unsubscribe to a free newsletter. After registration for the newsletter is completed, the data from the input screen is transmitted to us.

 

  • E-mail address
  • Last name
  • First name
  • Telephone / mobile phone number
  • Address
  • IP address of the accessing computer
  • The date and time of registration
  • Company, fax, subject, subject matter

 

For sending the newsletter we use Sendinblue or Microsoft Dynamics (see chapter 17.5 or 17.9)

 

7.2 Purpose of the data processing

 

Recording of the user’s e-mail address just serves to deliver the newsletter.

 

The recording of other personal data in conjunction with the registration process serves to prevent misuse of the services or the e-mail addresses which are used.

 

7.3 Legal basis for the data processing

 

The legal basis for the processing of personal data after the user’s registration for the newsletter is based on the presence of consent granted by the user, as per Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

 

7.4 Duration of the data storage

 

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. The user’s e-mail address will be stored as long as the subscription is current.

 

All other personal data recorded as part of the registration procedure is usually deleted after a period of seven days.

 

7.5 Possibility of objection and elimination

 

The subscription to the newsletter can be cancelled at any time by the respective user. There is a corresponding link for this purpose in every newsletter.

 

This also enables the withdrawal of consent to the storing of personal data collected during the registration process.

 

8 E-mail contact

 

8.1 Description and scope of the data processing

 

On our website it is possible to contact us via the provided e-mail address. In this case, the user’s personal data associated with the e-mail is stored.

 

The data is used exclusively for the processing of the message exchange.

 

8.2 Purpose of the data processing

 

In the event of a contact via e-mail, this also entails the necessary legitimate interest in the processing of the data.

 

8.3 Legal basis for the data processing

 

The legal basis for the processing of the data in the course of sending an e-mail is Art. 6, Sect. 1, lit. f of the GDPR. If the aim of the e-mail contact is to conclude a contract, an additional legal basis for the processing is Art. 6, Sect. 1, lit. b of the GDPR.

 

8.4 Duration of the data storage

 

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. For the personal data that has been sent with an e-mail, this is the case once the message exchange with the user is finished. The message exchange is finished when, if it is clear from the circumstances, the issue at hand has been conclusively resolved.

 

The personal data additionally gathered during the transmission process is deleted after a period of seven days at the latest.

 

8.5 Possibility of objection and elimination

 

The user has the option to withdraw his consent for the processing of personal data at any time. If the user contacts us via email, he or she can object to the storage of his or her personal data at any time. In such a case, the message exchange cannot be continued.

 

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the processing of your data up to the time of your withdrawal of consent shall remain unaffected. You have the right, based on reasons arising from the specific situation, to file an objection at any time against the processing of personal data pertaining to you, which have been obtained based on Art. 6, Sect. 1, Line 1 lit. e or f of the GDPR. This also applies to any profiling based on these provisions. The responsible party no longer processes the personal data pertaining to you, unless the responsible party can prove there are imperative security reasons that justify the processing and which outweigh your interests, rights, and liberties, or the processing serves to exercise, enforce, or defend legal claims. If the personal data is processed in order to propagate direct advertising, you have the right to file an objection against the processing of personal data for such advertising purposes at any time. This also applies to profiling, inasmuch as it is in conjunction with such direct advertising. If you object to the processing for purposes of direct marketing, the personal data pertaining to you will no longer be processed for these purposes. You have the option, in conjunction with the use of an information services provider – regardless of Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.

 

All personal data that has been stored in the course of the contact will, in this case, be deleted.

 

9 Input forms

 

9.1 Description and scope of the data processing

 

There are different input forms on our website, which can be used for different applications. This can be, for example, establishing electronic contact, registration for events or training, retrieval of content, registration for further offers (see also 16), login, participation in a promotion, software download or other topics. If a user takes advantage of the options offered, the data entered in the input mask will be transmitted to us and stored. Microsoft Dynamics 365 (see chapter 17.9) is used for the input forms.

At the time of sending the message, the following data is partially stored:

  • Email address
  • Surname
  • First name
  • Address
  • Phone/mobile number
  • IP address of the visitor’s computer
  • Date and time of contact
  • Company, Fax, Subject, Request

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.

It is also possible to contact us via the email address provided. For this, see chapter 8.

The data will be used exclusively for the processing of the conversation.

 

9.2 Purpose of the data processing

 

The processing of the personal data from the input screen is used solely for the processing of the corresponding matter.

 

The other personal data processed during the send procedure is intended to prevent the misuse of the forms and to ensure the security of our information technology systems.

 

9.3 Legal basis for the data processing

 

The legal basis for the processing of personal data is derived from the consent granted by the user, as per Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

 

9.4 Duration of the data storage

 

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. For the personal data from the input screen, this is the case when the message exchange with the user is finished. The message exchange is finished when, if it is clear from the circumstances, the issue at hand has been conclusively resolved.

 

The personal data additionally gathered during the transmission process is deleted after a period of seven days at the latest.

 

9.5 Possibility of objection and elimination

 

The user has the option to withdraw his consent for the processing of personal data at any time. 

 

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the processing of your data up to the time of your withdrawal of consent shall remain unaffected. You have the right, based on reasons arising from the specific situation, to file an objection at any time against the processing of personal data pertaining to you, which have been obtained based on Art. 6, Sect. 1, Line 1 lit. e or f of the GDPR. This also applies to any profiling based on these provisions. The responsible party no longer processes the personal data pertaining to you, unless the responsible party can prove there are imperative security reasons that justify the processing and which outweigh your interests, rights, and liberties, or the processing serves to exercise, enforce, or defend legal claims. If the personal data is processed in order to propagate direct advertising, you have the right to file an objection against the processing of personal data for such advertising purposes at any time. This also applies to profiling, inasmuch as it is in conjunction with such direct advertising. If you object to the processing for purposes of direct marketing, the personal data pertaining to you will no longer be processed for these purposes. You have the option, in conjunction with the use of an information services provider – regardless of Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.

 

All personal data that has been stored in the course of the contact will, in this case, be deleted.

 

10 Job application

 

10.1 Description and scope of the data processing

 

You can send your job application to us by e-mail at jobs@conterra.de or via dreamjob.conterra.de. We collect your e-mail address and the following additional data:

 

  • Form of address
  • First name
  • Last name
  • Telephone / mobile phone number
  • Additional contact information, such as the address, if provided voluntarily in the e-mail.

 

You will receive an e-mail confirmation of receipt of your job application documents from us. We might also possibly request the following information from you:

 

  • Most recent employment letters of recommendation
  • Diploma/vocational training certificate, qualifications certifications
  • Résumé in tabular format
  • Salary requirement
  • Work samples

 

Within the framework of the application process, your consent to the processing of the data is obtained with reference to this Data Protection Notice. Your data will be stored by us and made available to the company-internal contacts. There is no dissemination of your data to third parties. The data will be used exclusively for the processing of your application.

 

10.2 Purpose of the data processing

 

The processing of personal data from your application e-mail is only used by us to handle your application.

 

10.3 Legal basis for the data processing

 

The legal basis for the processing of your data is the initiation of the contract at the request of the person concerned, Art. 6, Sect. 1, Line 1 lit. b Alt. 1 of the GDPR and Art. 26, Sect. 1, Line 1 of the BDSG.

 

10.4 Duration of the data storage

 

After completion of the application procedure, the data is stored for up to six months. After six months at the latest your data will be deleted. In the event of a legal obligation, the data will be stored within the framework of the applicable provisions. If no release of the data as described above has been received, the data will be deleted after three months.

 

10.5 Possibility of objection and elimination

 

The applicant has the opportunity to object to the processing of personal data at any time. In such a case, the application can no longer be taken into consideration.

 

Information on the right to deletion and correction can be found in section “Rights of the person concerned”. Please advise us of any differing deletion or correction requests at jobs@conterra.de.

 

All personal data that has been stored in the course of the electronic job application will, in this case, be deleted.

 

11 Company identity / media presence

 

Utilisation of the company’s media presence in social networks

 

11.1 Twitter:

 

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

 

We provide information on our company’s page and offer Twitter users the opportunity to communicate with us. If you do something (e.g. comments, posts, likes, etc.) on our company’s Twitter presence, it could be that your personal data (e.g. your real name or a photo of your user profile) is publicly displayed. Because we generally have, to a large extent, no influence on the processing of your personal data for the con terra GmbH company Twitter presence, for which Twitter shares the responsibility, we are unable to provide any binding information on the purpose and scope of the processing of your data.

 

Our company web presence in social networks is for the communication and exchange of information with (potential) customers. Specifically, we use our company web presence for:

 

Our company web presence helps us to inform users about our services. Each user is thereby free to publish personal data in conjunction with activities.

 

In doing so, publications presented in the company web presence include the following content:

 

  • Information about products
  • Information about services
  • Contests
  • Customer contact

 

Each user is free to decide whether personal data may be published by way of activities.

 

The legal basis for the processing of personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

 

We store your activities and personal data publicised through our company’s Twitter presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.
We further process data from our company web presence in our systems. This data is stored there for the following periods: We store your activities and personal data publicised through our company’s web presence until withdrawal of the data. In addition, we adhere to the statutory retention periods.

 

Twitter has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, Twitter is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

 

You can object to the processing of your personal data that we collect in conjunction with your use of our company’s Twitter presence at any time, and assert your data subject rights under IV. of this Data Protection Notice. For this, send a formless e-mail to us at info@conterra.de. You will find further information on the processing of your personal data by Twitter and the corresponding possibilities for objection here:

 

Twitter: https://twitter.com/en/privacy

 

Utilisation of the company’s media presence in social networks

 

11.2 YouTube:

 

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States of America

 

We provide information on our company’s page and offer YouTube users the opportunity to communicate with us. If you do something (e.g. comments, posts, likes, etc.) on our company’s YouTube presence, it could be that your personal data (e.g. your real name or a photo of your user profile) is publicly displayed. Because we generally have, to a large extent, no influence on the processing of your personal data for the con terra GmbH company YouTube presence, for which Twitter shares the responsibility, we are unable to provide any binding information on the purpose and scope of the processing of your data.

 

Our company web presence in social networks is for the communication and exchange of information with (potential) customers. Specifically, we use our company web presence for:

 

Our company web presence helps us to inform users about our services. Each user is thereby free to publish personal data in conjunction with activities.

 

In doing so, publications presented in the company web presence include the following content:

 

  • Information about products
  • Information about services
  • Contests
  • Customer contact

 

Each user is free to decide whether personal data may be published by way of activities.

 

The legal basis for the processing of personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

 

We store your activities and personal data publicised through our company’s YouTube presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.
We further process data from our company web presence in our systems. This data is stored there for the following periods: We store your activities and personal data publicised through our company’s web presence until withdrawal of the data. In addition, we adhere to the statutory retention periods.

 

YouTube has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, YouTube is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

 

You can object to the processing of your personal data that we collect in conjunction with your use of our company’s YouTube presence at any time, and assert your data subject rights under IV. of this Data Protection Notice. For this, send a formless e-mail to us at info@conterra.de. You will find further information on the processing of your personal data by YouTube and the corresponding possibilities for objection here:

 

YouTube: https://policies.google.com/privacy?gl=DE&hl=en

 

12 Use of company’s web presence in career-oriented networks

 

12.1 Scope of the data processing

 

We make use of the possibility of extending our company’s web presence to career-oriented networks. We maintain our company’s web presence in the following career-oriented networks:

 

  • LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
  • XING: XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany

 

We provide information and offer users the opportunity to communicate with us.

 

The web presence is used for job applications, information/PR, and Active Sourcing.

 

We have no details on the processing of your personal data by the host company, who bears joint responsibility for our web presence there. You will find further information in the Data Protection Notice.

 

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

 

XING: https://privacy.xing.com/de/datenschutzerklaerung

 

If you do something (e.g. comments, posts, likes, etc.) on our company’s web presence here, it could be that your personal data (e.g. your real name or a photo of your user profile) is publicly displayed.

 

12.2 Legal basis for the data processing

 

The legal basis for the processing of your data in conjunction with the use of our web presence is Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

 

12.3 Purpose of the data processing

 

Our company web presence helps us to inform users about our services. Each user is thereby free to publish personal data in conjunction with activities.

 

12.4 Duration of the data storage

 

We store your activities and personal data publicised through our company’s web presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.

 

12.5 Possibility of objection and elimination

 

You can object to the processing of your personal data that we collect in conjunction with your use of our company’s web presence at any time, and assert your data subject rights under IV. of this Data Protection Notice. For this, send a formless e-mail to us at the email address stated in this Data Protection Notice.

 

LinkedIn has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, LinkedIn is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

 

You will find further information on possibilities for objection and elimination at:

 

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

 

XING: https://privacy.xing.com/de/datenschutzerklaerung

 

 

13 Use of Limesurvey

 

We use online surveys to obtain feedback from customers on a voluntary basis regarding participation in workshops or other topics. For these online surveys, we use LimeSurvey from LimeSurvey GmbH, Umfragedienste & Beratung, Papenreye 63, 22453 Hamburg, https://www.limesurvey.org.

 

Data processed in surveys

 

Surveys are anonymous, no data is automatically collected that can be linked to the participant. Any participation in surveys is voluntary and we take great care to protect the privacy and integrity of our respondents. When configuring the surveys, we make sure that no personal data of the respondents is stored.

 

The survey is hosted by our hosting provider (see section 13).

 

14 Hosting

 

The website is hosted on servers operated by a service provider contracted by us.

 

Our service provider is:

 

Alfahosting GmbH, Ankerstrasse 3b, 06108 Halle (Saale), Germany

 

The server routinely collects and stores information in so-called server log files, which are automatically transmitted by your browser when you visit the website. The stored information includes:

 

  • Browser type and browser version
  • Operating system in use
  • Referenced URL
  • The host name of the accessing computer
  • Date and time of the server query
  • IP address

 

There is no combining of this data with data from other sources. This data is collected based on Art. 6, Sect. 1, lit. f of the GDPR. The website operator has a legitimate interest in the technically error-free representation and optimization of its website; server log files are necessary to do this.

 

The server which hosts the website is geographically located in Germany.

 

15 Online conferences and webinars

 

15.1 Description and scope of data processing

 

We use functionalities of web conferencing services to let meetings, webinars and workshops take place online.

 

Microsoft Teams or Zoom are the tools used for this purpose.

 

If the online meeting is recorded, this will be indicated when an invitation is issued and it will also be indicated at the beginning of the recording.

 

15.1.1 Microsoft Teams

 

When a meeting recording is started, Microsoft Teams displays a notification for all participants in the desktop, web, and mobile apps, as well as for people who joined by phone.

 

For more information, see the Microsoft privacy statement:

 

https://privacy.microsoft.com/de-DE/privacystatement#mainnoticetoendusersmodule

 

https://privacy.microsoft.com/de-DE/privacystatement

 

15.1.2 Zoom

 

We use functionalities of the Zoom web conferencing service of Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (hereinafter: Zoom).

 

Cookies from Zoom are stored on your terminal device. For information regarding cookies and similar technologies, please refer to Zoom's Cookie Policy:

 

https://zoom.us/cookie-policy

 

Depending on the data you provide when using Zoom and how you use Zoom, the following personal data is processed by Zoom as a result:

 

  • Name
  • Username
  • Home address
  • E-mail address
  • Telephone numbers
  • Your job title and employer
  • Information about your credit/debit card or other payment methods
  • Information about your Facebook profile
  • General information about your product and service preferences
  • IP address
  • MAC address
  • Device ID (UDID)
  • Device type
  • Type and version of operating system and client version
  • Information about your use of or other interaction with our products ("usage information")
  • Information that you upload, provide or create while using Zoom.

 

In the process, data is transferred to and processed by Zoom's servers in the United States. Zoom has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. This means that Zoom undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below:

 

https://www.privacyshield.gov/participant?id=a2zt0000000TNkCAAW&status=Active

 

Further information on the processing of data by Zoom can be found here: https://zoom.us/de-de/privacy.html

 

For follow-up, con terra may subsequently contact participants based on the data provided.

 

15.2 Purpose of data processing

 

The use of Zoom serves our legitimate interest of conducting web conferences, webinars, workshops and suchlike.

 

15.3 Legal basis for the processing of personal data

 

The legal basis for data processing for the purpose of conducting web conferences is Art. 6 para.1 p.1 lit. f DSGVO. Our legitimate interest here lies in the purposes of data processing stated under 2.

 

The legal basis for data processing for subsequent contact is consent pursuant to Art. 6 para.1 p.1 lit. a DSGVO.

 

15.4 Duration of storage

 

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

 

15.5 Revocation, objection and removal options

 

You have the right to revoke your declaration of consent under data protection law with regard to contacting us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To do so, please send an informal email to info@conterra.de.

 

You can prevent the collection as well as the processing of your personal data by Zoom by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

 

For more information on how to object to and opt-out of Zoom, please visit: https://zoom.us/de-de/privacy.html

 

16 Registration

 

16.1 Description and scope of the data processing

 

On our Internet pages, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. Microsoft Dynamics 365 (see chapter 17.9) is used for the form. The following data is collected during the registration process:

 

  • E-mail address
  • Last name
  • First name
  • Address
  • Telephone / mobile phone number
  • IP address of the calling computer
  • The date and time of registration

 

Form of address, company, company of the invoice recipient, department of the invoice recipient, contact person of the invoice recipient, fax number of the invoice recipient, e-mail of the recipient of the invoice, voucher code, comments

 

The user's consent to the processing of this data is obtained as part of the registration process.

 

16.2 Purpose of the data processing

 

Registration of the user is necessary to fulfil a contract with the user or to conduct pre-contractual measures.

 

This includes in particular the processing of orders and services, the booking of training courses, as well as requests for a course schedule, customer magazine, or a return call.

 

16.3 Legal basis for the data processing

 

The legal basis for the processing of personal data is derived from the consent granted by the user, as per Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

 

If the registration serves the purpose of fulfilment of a contract to which the user is a contractual party, or for the implementation of pre-contractual measures, then an additional legal basis for the processing of the data is Art. 6, Sect. 1, Line 1 lit. b of the GDPR.

 

16.4 Duration of the data storage

 

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected.

 

This is the case for the data collected during the registration process for contractual fulfilment, or to implement pre-contractual measures, if the data is no longer required for execution of the contract. It can be necessary after the conclusion of the contract as well to store personal data of the contractual partner, or to comply with contractual or legal obligations.

 

16.5 Possibility of objection and elimination

 

As a user, you have the option to rescind the registration at any time. You can have the data stored regarding you changed at any time.

 

Right to deletion: You can require that the responsible party promptly deletes personal data pertaining to you; the responsible party is obliged to promptly delete this data inasmuch as one of the following reasons applies: 1. The personal data is no longer necessary for the purposes for which it was originally collected or processed in any other manner. 2. You withdraw your underlying consent to the processing as per Art. 6, Sect. 1, Line 1 lit. a or Art. 9, Sect. 2, lit. a of the GDPR and there is no other legal basis for the processing. 3. You file an objection to the processing in accordance with Art. 21, Sect. 1, of the GDPR and there are no overriding legitimate reasons for processing, or you file an objection to the processing in accordance with Art. 21, Sect. 2 of the GDPR. 4. The personal data pertaining to you has been processed unlawfully. 5. The personal data pertaining to you is to be deleted in compliance with a legal obligation, or is necessary in accordance with European Union law or the laws of the member states, to which the responsible party is subject to. 6. The personal data pertaining to you was collected with regard to services offered by an information services provider, in accordance with Art. 8, Sect. 1 of the GDPR. Right to correction: You have a right to correct and/or complete your personal data vis-à-vis the responsible party, inasmuch as the processed personal data relating to you is inaccurate or incomplete. The responsible party must undertake the correction without delay.

 

If the data is necessary for the fulfilment of a contract or to implement pre-contractual measures, a precipitative deletion of the data is only possible insofar as there are no contractual or statutory obligations which would contravene a deletion.

 

17 Plug-ins used

 

We use plug-ins for various purposes. The plug-ins used are listed in the following:

 

17.1 Use of AddToAny

 
17.1.1 Scope of the personal data processing

 

We use the sharing tool AddToAny. It makes it possible for you to share displayed content with people in your environment. To do this, you can apply the Share feature of “AddToAny”. Already as you visit our web pages, the plug-in establishes a direct connection between your browser and the AddToAny server. AddToAny thus receives the information that you have visited our site with your IP address. AddToAny anonymises IP addresses. Cookies are used when utilising AddToAny. The data generated during the session (such as the time of use or the browser language) is transmitted to AddToAny and processed there. By means of the cookie, AddToAny can track which other pages have been accessed with the AddToAny plug-in and what social media services you visit. However, we neither have knowledge of the contents of the data collected independently by AddToAny independently nor how it is actually used by AddToAny. We also have no access to this data.
Further information on the processing of data by AddToAny can be found here:

https://www.addtoany.com/terms
https://www.addtoany.com/privacy

 
17.1.2 Purpose of the data processing

 

The use of social media buttons by means of AddToAny serves to increase the user-friendliness.

 
17.1.3 The legal basis for the processing of personal data

 

The legal basis for the processing of the user’s personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR. The legitimate interest lies in the ability to provide user-friendly offerings that make it easy for visitors to be able to share our content via any chosen service.

 
17.1.4 Duration of the data storage

 

AddToAny saves server log data for 30 days or less and only saves aggregated usage data.

 
17.1.5 Possibility of objection and elimination

 

You can prevent the collection and processing of your personal data by AddToAny by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. Detailed information on the processing of data by AddToAny can be found at:
https://www.addtoany.com/terms and https://www.addtoany.com/privacy

 

17.2 Use of Twitter

 
17.2.1 Scope of the personal data processing

 

We use the social plug-ins of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as: Twitter).
With the social media plug-ins we can integrate the content from Twitter (in particular tweets or moments) or embed links to Twitter’s platform (in particular the Tweet or Follow buttons) to our web presence. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system).
Twitter’s servers are located in the USA, where the data is collected and processed. Twitter has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, Twitter is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
By using Twitter and the “Re-tweet” function, the webpages and online presences you have visited are linked with your Twitter account and disseminated to third parties. We receive no information about the content of the transmitted data and their use by Twitter.
Further information on the processing of data by Twitter can be found here:
https://twitter.com/en/privacy

 
17.2.2 Purpose of the data processing

 

The integration of the Twitter plug-in serves to improve the user-friendliness. The contents of Twitter can be presented in an embedded manner and users of the Twitter service can take advantage of Twitter’s functions.

 
17.2.3 The legal basis for the processing of personal data

 

The legal basis for the processing is Art. 6, Sect. 1, Line 1 lit. f of the GDPR. Our legitimate interest in this lies in the aforementioned purposes of the data processing.

 
17.2.4 Duration of the data storage

 

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law.

 
17.2.5 Possibility of objection and elimination

 

You can prevent the collection and processing of your personal data by Twitter by blocking the saving of cookies on your computer, by using the “Do Not Track” function of a supporting browser, to prevent third-party "Do Not Track" function, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You will find further information on possibilities for objection and elimination vis-à-vis Twitter at:
https://twitter.com/en/privacy

 

17.3 Use of YouTube

 
17.3.1 Scope of the personal data processing

 

We use the YouTube plug-in distributed by Google, YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, and their EU representative Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: Google). We use the YouTube plug-in in order to embed YouTube videos in our web presence. When you visit our website, your browser establishes a connection with the YouTube servers. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system).
This makes it possible for data to be transferred to Google servers in the USA. Google has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, Google is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We have no influence on the content of the plug-ins. If you have logged into your Youtube account during your visit, YouTube can correlate your online presence to this account. Through the interaction with this plug-in the respective information will be transferred to and stored directly by YouTube.
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=en

 
17.3.2 Purpose of the data processing

 

The use of the YouTube plug-in serves to improve the user-friendliness and provide an appealing representation of our web presence.

 
17.3.3 The legal basis for the processing of personal data

 

The legal basis for the processing of the user’s personal data is Art. 6, Sect. 1, Line 1, lit. f of the GDPR. Our legitimate interest in this lies in the aforementioned purposes of the data processing.

 
17.3.4 Duration of the data storage

 

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law, e.g. for tax and accounting purposes.

 
17.3.5 Possibility of objection and elimination

 

You can prevent the collection and processing of your personal data by Google by blocking the saving of cookies on your computer by third-parties, by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
With the following link, you can deactivate the usage of your personal data by Google:
https://adssettings.google.de
You will find further information on possibilities for objection and elimination vis-à-vis Google at:
https://policies.google.com/privacy?gl=DE&hl=en

 

17.4 Use of Google Analytics

 
17.4.1 Scope of the personal data processing

 

We use Google Analytics, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, D04 E5F5, Dublin, Ireland (hereinafter referred to as: Google). Google Analytics examines, among other things, the origin of the visitors, their time spent on individual pages, and their usage of search engines, thus enabling better control of the success of advertising campaigns. Google places a cookie on your computer. With it, personal data can be stored and evaluated, especially the user activities (in particular which pages have been visited and which elements has been clicked). Additional data includes device and browser information (in particular the IP address and the operating system), data on the displayed advertisements (in particular, in relation to the advertisements were displayed and whether the user has clicked), and also data from advertising partners (in particular pseudonymised user IDs). Information obtained by the cookie on how you use this web presence is transferred to a Google Inc. server in the USA and saved there. In the case of activation of IP anonymisation at this website, your IP address will first be abbreviated by Google within member states of the European Union or in other contracting states to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there.
Google has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and had its compliance certified. Consequently, Google is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
The IP anonymisation is active at this website. On behalf of the operator of this web presence, Google will use this information to evaluate how you use the web presence and to compile reports on web presence activities for the website operator in order to facilitate the provision of further services related to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics will not be consolidated with other data gathered by Google. You can prevent the saving of cookies by setting your browser software accordingly. In this case, however, we would like to point out that you may not be able to fully use all of the functions of the web presence.
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=en

 
17.4.2 Purpose of the data processing

 

The purpose of the processing of personal data is to address a target group in a focused manner that has already has expressed an initial interest by visiting a certain webpage.

 
17.4.3 The legal basis for the processing of personal data

 

The legal basis for the processing of the user’s personal data is the consent granted by the user in accordance with Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

 
17.4.4 Duration of the data storage

 

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law. Advertising in server logs is anonymised data by Google, according to its own account, in that parts of the IP address and cookie information are deleted after 9 to 18 months.

 
17.4.5 Possibility of withdrawal and elimination

 

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the processing of your data up to the time of your withdrawal of consent shall remain unaffected.
You can prevent the collection and processing of your personal data by Google by blocking the saving of cookies on your computer by third-parties, by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can also prevent the gathering of the data by Google, which is generated by the cookie based on your use of the website (including your IP address), and the processing of this data by Google, by downloading and installing the browser plug-in available under following link.
https://tools.google.com/dlpage/gaoptout?hl=en
With the following link you can deactivate the usage of your personal data by Google:
https://adssettings.google.de
You will find further information on the possibility of withdrawal and elimination vis-à-vis Google under:
https://policies.google.com/privacy?gl=DE&hl=en

 

17.5 Use of Sendinblue

 
17.5.1 Scope of the personal data processing

 

For the sending of our newsletter we use the service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany (hereinafter referred to as: Sendinblue). Sendinblue is a service provider for e-mail and SMS text message marketing who enables us to directly communicate with potential customers through newsletters via e-mail and SMS. If you register for the newsletter, the data you entered specifically in the newsletter registration is transmitted to Sendinblue and stored there. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system). Your data will also be saved by Sendinblue. Your data from receiving the newsletter will not be disseminated to third parties and Sendinblue also acquires no right to disseminate your data. After you register, Sendinblue will send you an e-mail to confirm your registration. In addition, Sendinblue offers various analysis options on how the sent newsletter is opened and used, e.g. to how many users an e-mail or SMS text message has been sent, whether e-mails or SMS text messages have been rejected, and whether users have had themselves removed from the distribution list after receiving an e-mail or SMS text message.
Further information on the processing of data by Sendinblue can be found here: https://www.sendinblue.com/legal/privacypolicy/

 
17.5.2 Purpose of the data processing

 

The personal data collected within the scope of registration to the newsletter is used exclusively for distributing our newsletter, but possibly also for invitations to events and, inasmuch as you are already one of our customers, for our customer e-mail. Moreover, subscribers to the newsletter could be informed by e-mail if necessary, e.g. for newsletter service operation or related registration, as in the case of changes to the newsletter offerings or the technical circumstances.

 
17.5.3 The legal basis for the processing of personal data

 

The legal basis for the processing of the user’s personal data is the consent granted by the user in accordance with Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

 
17.5.4 Duration of the data storage

 

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law. You can also contact Sendinblue and request the deletion of your data.

 
17.5.5 Possibility of withdrawal and elimination

 

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the processing of your data up to the time of your withdrawal of consent shall remain unaffected.
You can withdraw your consent to the storage of your data, as well as its use for sending the newsletter by Sendinblue, at any time. You can put your withdrawal into effect at any time by sending an e-mail to Sendinblue or by clicking on the link provided in each newsletter.
You will find further information on possibilities for objection and elimination vis-à-vis Sendinblue at:https://www.sendinblue.com/legal/privacypolicy/

 

17.6 Use of Survey Monkey

 
17.6.1 Scope of the personal data processing

 

We survey customers on a voluntary basis as to their use of our products. For surveys we use the online survey tool SurveyMonkey, offered and operated by SurveyMonkey Europe UC, headquartered in 2 Shelbourne Buildings, 2nd Floor, 2 Shelbourne Road, Dublin 4, Ireland (“SurveyMonkey”). The following data is collected from you by Survey Monkey:

 

• Other data collected from you
• Name
• IP address of the accessing computer 

 

We we would explicitly like to draw your attention to the fact that SurveyMonkey reserves the right to collect, process, use, and further disseminate information and evaluations for its own purposes. Ad tracking, cookies, and IP addresses are used and/or collected in particular for this purpose. Survey Monkey also reserves the right to disclose this information to third parties, also in the USA and other countries. The data is transmitted to servers at SurveyMonkey Inc., One Curiosity Way, San Mateo, California, 94403, USA and processed there. SurveyMonkey Inc. has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, SurveyMonkey Inc. is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active
Further information on processing of the data by SurveyMonkey can be found here:

https://www.surveymonkey.com/mp/legal/privacy-policy/.

 
17.6.2 Purpose of the data processing

 

The conducting of surveys regarding the user experience of our products helps us to continuously develop and improve our products. We try to utilise the knowledge about user behaviour gained from the surveys to develop new products.

 
17.6.3 The legal basis for the processing of personal data

 

The legal basis for the processing of your data in conjunction with the conducting of surveys is the granting of consent in accordance with Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

 
17.6.4 Duration of the data storage

 

Survey Monkey itself does not delete your personal data. After completion of a survey (including the evaluation), however, we delete the data in our SurveyMonkey user account.

 
17.6.5 Possibility of objection and elimination

 

Participants in the surveys can contact us at any time and request the deletion of their survey data input, including personal data, if collected. Subsequent correction of the individual answers after a survey has been submitted is not possible. For specific data protection requests, contact SurveyMonkey Europe UC at dpo@surveymonkey.com.

 

17.7 Use of LinkedIn

 
17.7.1 Scope of the personal data processing

 

We make use of the functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages is accessed that includes features of LinkedIn, a connection to the LinkedIn servers is made. LinkedIn is informed that you have visited our webpages with your IP address. If you are logged into your LinkedIn account and click on the LinkedIn “Recommend” button, it is possible to correlate your visit to our website and your user account. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system).
This makes it possible for data to be transferred to LinkedIn servers in the USA. LinkedIn has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and had its compliance certified. Consequently, LinkedIn is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link:
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
We point out that we, as the provider of the website, have no knowledge about the content of transferred data or their usage by LinkedIn. Further information on the processing of data by LinkedIn can be found here:
https://www.linkedin.com/legal/privacy-policy.

 
17.7.2 Purpose of the data processing

 

The use of the LinkedIn plug-ins serves to increase the user-friendliness of our web presence.

 
17.7.3 The legal basis for the processing of personal data

 

The legal basis for the processing of the user’s personal data is the consent granted in terms of Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

 
17.7.4 Duration of the data storage

 

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law, e.g. for tax and accounting purposes.

 
17.7.5 Possibility of objection and elimination

 

You can prevent the collection and processing of your personal data by LinkedIn by blocking the saving of cookies on your computer by third-parties, by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. In addition, the transmission can be prevented by the fact that you have logged out of your LinkedIn account before accessing our website.
With the following links, you can deactivate the usage of your personal data by LinkedIn:
https://www.linkedin.com/psettings/guest-controls
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy
You will find further information on possibilities for objection and elimination vis-à-vis LinkedIn at:
https://www.linkedin.com/legal/privacy-policy\

 

17.8 Use of the XING Share button

 
17.8.1 Scope of the personal data processing

 

Our web presence uses the XING Share button of XING SE, Dammtorstrasse 29-32, 20354 Hamburg, Germany. When you call up this website, a connection to the servers of XING SE (hereinafter referred to as: XING) is quickly made through your web browser, with which the “XING Share button” functions (in particular the calculation/display of the counter value) are carried out. These servers are configured to be especially data protection-conscious. Accordingly, no data will be stored regarding the access by visitors from which a direct personal reference could be derived. In particular, XING does not save the IP addresses of visitors to the webpages that include the XING Share button. Further information on the processing of data by XING can be found here:
https://www.xing.com/app/share?op=data_protection

 
17.8.2 Purpose of the data processing

 

The integration of the “XING Share button” serves to improve the user-friendliness of our web presence. When you click this button you will be redirected to the homepage of XING. If you are logged into your profile, you can recommend the link to our web presence.

 
17.8.3 The legal basis for the processing of personal data

 

The legal basis for the processing of the user’s personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR. Our legitimate interest in this lies in the aforementioned purposes of the data processing.

 
17.8.4 Duration of the data storage

 

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law, e.g. for tax and accounting purposes.

 
17.8.5 Possibility of objection and elimination

 

You can prevent the collection and processing of your personal data by XING by blocking the saving of cookies on your computer by third-parties, by using the of “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You will find further information on possibilities for objection and elimination vis-à-vis XING at:
https://www.xing.com/app/share?op=data_protection

 

17.9 Microsoft Dynamics 365

 

Use of Microsoft Dynamics 365

 

17.9.1    Scope of processing of personal data

We use functionalities of the cloud-based CRM tool Microsoft Dynamics 365 of Microsoft Deutschland GmbH, Walter-Gropius-Str. 5, 80807 Munich, Bavaria, Germany (hereinafter: Microsoft).

 

We use Microsoft Dynamics 365 as our customer relationship management tool and for our con terra portal. Accordingly, we store the data of our customers, partners, suppliers and interested parties there. As part of this, we continue to use Microsoft Dynamics 365 to automate our marketing. As soon as a user registers for our newsletter or the con terra portal, or if there is another type of legitimate interest in sending information, we record the user's personal data in Microsoft Dynamics 365 and use it to send the newsletter mailings. In case of newsletters or when using our websites after registration, we collect and store certain information, including your interaction with content and services.

Within the scope of using the "Marketing" module of Microsoft Dynamics 365, cookies are set on your end device. The following personal data may be processed in the process:

  • Device information
  • Browser used
  • Information about your account or contact in Microsoft Dynamics 365

 

For more information about how Microsoft processes your data, click here:  https://privacy.microsoft.com/de-de/privacystatement

https://docs.microsoft.com/de-de/dynamics365/get-started/gdpr/

https://docs.microsoft.com/de-de/dynamics365/marketing/cookies

 

17.9.2    Purpose of data processing

Using Microsoft Dynamics 365 helps us manage our prospects, customers, partners, and suppliers, as well as efficiently automate our marketing based on existing data.

 

17.9.3    Legal basis for the processing of personal data

The legal basis for the processing of the personal data of the users is basically the consent of the user according to Art. 6 para. 1 p.1 point a of the GDPR.  

 

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 point b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

 

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 sentence 1 point f of the GDPR serves as the legal basis for the processing.

 

17.9.4    Duration of storage

Your personal information will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.

 

17.9.5    Revocation, objection and removal options

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can prevent the collection as well as the processing of your personal data by Microsoft by preventing third-party cookies from being stored on your computer, using the "Do Not Track" feature of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

 

For more information about revocation, opt-out, and removal options with respect to Microsoft, see: 

https://privacy.microsoft.com/de-de/privacystatement

https://docs.microsoft.com/de-de/dynamics365/get-started/gdpr/

https://docs.microsoft.com/de-de/dynamics365/marketing/cookies

 

If your wish to revoke or object to data processing by us, you are welcome to address it by mail to the email address mentioned in this privacy policy. Further details can be found in the individual sections of this privacy policy, in particular on data processing and the options for revoking your consent to newsletter dispatch, which is handled via Microsoft Dynamics 365.

 

This privacy policy was created with the support of DataGuard.
Version 3.2
Feb 2022.