Privacy Statements

Data Protection Notice

This document is a translation of the original german version (conterra.de/datenschutzhinweise). In case of differences the german version is compulsory.

1 Name and contact information of the responsible party

The responsible party, in terms of the EU General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions, is:

con terra GmbH
Martin-Luther-King-Weg 20
48155 Münster, Germany

+49 251 59689 300

info@conterra.de
www.con-terra.com

2 Contact data of the Data Protection designee

The Data Protection designee of the responsible party is:

DataCo GmbH
Dachauer Strasse 65
80335 Munich, Germany

www.dataguard.de/en/home/
datenschutzbeauftragter@conterra.de

3 General data processing information

3.1 Scope of the personal data processing

We process the personal data of our users only to the extent necessary to provide a functionally capable website as well as our content and services. The processing of our users’ personal data is consistently only done with the consent of the user. An exception is only made in those cases in which the prior obtainment of consent is not possible due to actual circumstances and the processing of the data is required by law.

3.2 The legal basis for the processing of personal data

Insofar as we have obtained the consent of the person concerned for the personal data processing operations, Art. 6, Sect. 1, Line 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

With regard to the processing of personal data necessary for the fulfilment of a contract to which the contractual party is the person concerned, Art. 6, Sect. 1, Line 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required for compliance with a legal obligation to which our company is subject to, Art. 6, Sect. 1, Line 1 lit. c of the GDPR serves as the legal basis.

In the event that the vital interests of the person concerned or another natural person necessitate the processing of personal data, Art. 6, Sect. 1, Line 1 lit. d of the GDPR serves as the legal basis.

If the processing is necessary to uphold a legitimate interest of our enterprise or that of a third party, and this interest does not outweigh the interests, fundamental rights and liberties of the person concerned, then Art. 6, Sect. 1, Line 1 lit. f of the GDPR serves as the legal basis for the processing.

3.3 Data deletion and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose for its storage no longer exists. In addition, data may be stored if required by provisions of European or national legislators in EU statutory regulations, laws, or other rules to which the responsible party is subject to. A blocking or deletion of data is also carried out even if the storage period specified by the stated standards expires, unless there is a need for further storage of the data to conclude of fulfil a contract.

4 Rights of the person concerned

If your personal data is to be processed, you are a person concerned in terms of the GDPR and you have the following rights vis-à-vis the responsible party:

4.1 Right to information

You can request a confirmation from the responsible party as to whether personal data pertaining to you is being processed.

If processing of this nature is taking place, you can request the following information from the responsible party:

The purposes for which the personal data is being processed
The categories of personal data which are being processed
The recipients and categories of recipients to whom the personal data has been disclosed or is to be disclosed
The planned storage duration of the personal data pertaining to you or, if specific details or are not possible, the criteria for determining the storage duration
The existence of a right to correction or deletion of personal data pertaining to you, of the right to restriction of the processing by the responsible party, or a right of objection against this processing
The existence of a right of complaint to a supervisory authority
All available information about the origin of the data if the personal data was not obtained from the person concerned
The existence of any automated means of decision-making, including profiling as per Art. 22 Sects. 1 and 4 of the GDPR and – at least in these cases – meaningful information about the underlying logic involved and the scope and intended effects of such processing for the person concerned

You have the right to request information as to whether or not your personal data is being conveyed to a third country or an international organization. In conjunction with this, you may request to be notified of any transmission, based on the applicable guarantees as per Art. 46 of the GDPR.

4.2 Right to correction

You have a right to correct and/or complete your personal data vis-à-vis the responsible party, inasmuch as the processed personal data relating to you is inaccurate or incomplete. The responsible party must undertake the correction without delay.

4.3 Right to restriction of the processing

Under the following conditions, you can require that the processing of your personal data be restricted:

If you disagree with the accuracy of the personal data pertaining to you for a period for which the responsible party is able to verity the correctness of the personal data

The processing is unlawful and you reject the deletion of the personal data and instead require restriction of the use of your personal data

The party responsible for the personal data no longer requires it for processing purposes, but you still require it to exercise, enforce, or defend legal claims, or

If you filed an objection to the processing in accordance with Art. 21, Sect. 1 of the GDPR, and it still has not yet been decided as to whether the legitimate reasons of the responsible party outweigh your reasons.

If the processing of personal data pertaining to you has been restricted, then this data may only be processed – with the exception of its being stored – with your consent or to exercise, enforce, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

If the processing restriction was put into effect according to the aforementioned prerequisites, you will be informed by the responsible party before the restriction is lifted.

4.4 Right to deletion

4.4.1 Obligatory deletion

You can require that the responsible party promptly deletes personal data pertaining to you; the responsible party is obliged to promptly delete this data inasmuch as one of the following reasons applies:

The personal data is no longer necessary for the purposes for which it was originally collected or processed in any other manner.
You withdraw your underlying consent to the processing as per Art. 6, Sect. 1, Line 1, lit. a or Art. 9, Sect. 2, lit. a of the GDPR and there is no other legal basis for the processing.
You file an objection to the processing in accordance with Art. 21, Sect. 1, of the GDPR and there are no overriding legitimate reasons for processing, or you file an objection to the processing in accordance with Art. 21, Sect. 2 of the GDPR.
The personal data pertaining to you has been processed unlawfully.
The personal data pertaining to you is to be deleted in compliance with a legal obligation, or is necessary in accordance with European Union law or the laws of the member states, to which the responsible party is subject to.
The personal data pertaining to you was collected with regard to services offered by an information services provider, in accordance with Art. 8, Sect. 1 of the GDPR.

4.4.2 Information to third parties

If the party responsible for the personal data has made it public and is obliged to delete it in accordance with Art. 17, Sect. 1 of the GDPR, then the responsible party shall, taking into account the available technology and the implementation costs, undertake appropriate measures, including those of a technical nature, to inform the parties responsible for data processing of the personal data, that you – as the affected person – have requested the deletion of all links to this personal data, or copies or reproductions of this personal data.

4.4.3 Exceptions

The right of deletion does not apply insofar as the processing is deemed as necessary

to ensure exercising of the right to freedom of expression and information;
to fulfil a legal obligation to the processing to which the responsible party is subject to in accordance with the European Union law or the laws of its member states, or the accomplishment of a task which lies in the public interest or in the exercise of governmental authority, and that has been conveyed to the responsible party;
for reasons of public interest in the area of public health, in accordance with Art. 9, Sect. 2, lit. h and i, as well as with Art. 9, Sect. 3 of the GDPR;
for archival purposes in the public interest, or for scientific, historical research, or statistical purposes, in accordance with Art. 89, Sect. 1 of the GDPR, insofar as the statute stated under Section a) foreseeably makes attainment of the objectives of this processing impossible or seriously impaired, or
to exercise, enforce, or defend legal claims.

4.5 Right to notification

If you have exercised your right to require correction, deletion, or restriction of the processing by the responsible party, the responsible party is obligated to notify all recipients, to whom the respective personal data has been disclosed, of the correction or deletion of the data or the restriction of its processing, unless this proves impossible or would involve a disproportionate amount of effort.

You have the right to vis-à-vis the responsible party to be informed about these recipients.

4.6 Right to data portability

You have the right to receive the pertinent personal data which you have provided to us in a structured, commonly-used and machine-readable format. You also have the right to convey this data to a different responsible party without interference from the responsible party to whom the personal data was provided, if

the processing is based on consent granted in accordance with Art. 6, Sect. 1, Line 1 lit. a of the GDPR or Art. 9, Sect. 2, lit. a of the GDPR, or on a contract in accordance with Art. 6, Sect. 1, Line 1 lit. b of the GDPR and
the processing is carried out using automated procedures.

In exercising this right, you also have the right to ensure that personal data pertaining to you is conveyed directly from one responsible party to another responsible party, insofar as this is technically feasible. Civil liberties and rights of other persons may not be infringed on by this.

The right to data portability does not apply to the processing of personal data that is required for the accomplishment of a task in the public interest or in the exercising of governmental authority, which has been conveyed to the responsible party.

4.7 Right of objection

You have the right, based on reasons arising from the specific situation, to file an objection at any time against the processing of personal data pertaining to you, which have been obtained based on Art. 6, Sect. 1, Line 1 lit. e or f of the GDPR. This also applies to any profiling based on these provisions.

The responsible party no longer processes the personal data pertaining to you, unless the responsible party can prove there are imperative security reasons that justify the processing and which outweigh your interests, rights, and liberties, or the processing serves to exercise, enforce, or defend legal claims.

If the personal data is processed in order to propagate direct advertising, you have the right to file an objection against the processing of personal data for such advertising purposes at any time. This also applies to profiling, inasmuch as it is in conjunction with such direct advertising.

If you object to the processing for purposes of direct marketing, the personal data pertaining to you will no longer be processed for these purposes.

You have the option, in conjunction with the use of an information services provider – regardless of Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.

4.8 Right of withdrawal of the declaration of consent under data protection laws

4.9 Specific automated decision-making, including profiling

You have the right to not be subject to a decision based solely on automated processing – including profiling – which would produce a legal effect on you or significantly impact you in a similar manner. This does not apply if the decision is:

Necessary to conclude or fulfil a contract between you and the responsible party
Permissible based on the laws of the European Union or its member states, to which the responsible party is subject to, and this legislation contains measures appropriate to safeguard your rights, liberties and legitimate interests, or
Carried out with your express consent.

However, these decisions may not be made based on certain categories of personal data, pursuant to Art. 9, Sect. 1 of the GDPR, insofar as Art. 9, Sect. 2 lit. a or b of the GDPR do not apply and adequate measures for the protection of your rights, liberties, and legitimate interests have been taken.

With regard to the cases referred to in 1. and 3., the responsible party shall take appropriate measures in order to safeguard your rights, liberties, and legitimate interests, including at the very least the right to initiate the intervention by a person on the part of the responsible party, upon presentation of the own position and objection to the decision.

4.10 Right to file a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the member state in which you reside, where your place of work is, or where the alleged infringement occurred, if you are of the opinion that the processing of the personal data pertaining to you violates the GDPR.

The supervisory authority with whom you have filed the complaint, notifies the complainants as to the status and the results of the complaint, including the possibility of a judicial remedy as per Art. 78 of the GDPR.

5 Website provision and the generation of log files

5.1 Description and scope of the data processing

When our website is accessed it automatically logs data and information from the computer system of the accessing computer.

The following data is thereby collected:

Information about the browser type and version used
The user’s operating system
The user’s Internet service provider
The IP address of the user
The date and time of access
Websites from which the user’s system was routed to our website
Webpages that can be accessed by the user’s system through our website.

This data is stored in the log files on our system. There is no storage of this data together with other personal data of the user.

5.2 Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable provision of the webpage to the user’s computer. This requires that the user’s IP address is temporarily saved for the duration of the session.

The saving in log files is done to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, we also have a legitimate interest in the processing of data in accordance with Art. 6, Sect. 1, Line 1, lit. f of the GDPR.

5.3 Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6, Sect. 1, Line 1, lit. f of the GDPR.

5.4 Duration of the data storage

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. With regard to the compiling of the data to make the website available, this occurs once the session is finished.

With regard to the storing of the data in log files, this is done after no more than seven days. Further storage beyond this is possible, however. In this case, the IP addresses of the users deleted or altered so that a correlation with the accessing client is no longer possible.

5.5 Possibility of objection and elimination

The collection of data to make our web presence available and the storage of the data in log files is absolutely necessary to operate the website. There is therefore no possible option for objection on the part of the user.

6 Use of cookies

6.1 Implementation of Google Consent Mode v2

As part of the Digital Markets Act (DMA), the EU Commission has imposed various obligations on gatekeepers (Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft). Gatekeepers are obliged to ensure compliance with all the legal requirements of the Digital Markets Act. Consequently, Google has introduced Google Consent Mode V2.
We use the BASIC Google Consent Mode V2.
Based on your consent, Consent Mode v2 decides whether or not Google tags may be loaded or executed. If you consent to the use of cookies, Google tags and trackers for Google services will be loaded and your personal data will be processed according to our website settings.
If you do not give your consent, the Google tags will be delayed or not loaded at all. This prevents your personal data from being forwarded to Google.
If you have any further questions, we are happy to help.Description and scope of the data processing

6.2 Description and scope of the data processing

Our site uses cookies. Cookies are text files which are stored within the web browser or stored by the web browser on the user’s computer system. If a user accesses a website, consequently a cookie is stored on the user’s operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when you revisit the website.

We utilise cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a change of websites.

The following data is stored in and transmitted by the cookies:

Language settings
Login information

In addition, we use cookies on our website to analyse the surfing behaviour of users.

The following data can be transmitted this way:

Search terms entered
Frequency of page accessing
Use of website functions

The user data collected in this manner is pseudonymised by technical means. Therefore, correlation of the data to the accessing user is no longer possible. The data is not stored together with other personal data of the user.

When visiting our website, the user is informed about the use of cookies for analysis purposes and his or her consent for the processing of personal data used in this context is obtained (see also chapter 17.4 and 17.9). Reference to this privacy statement is made in conjunction with this.

6.3 Purpose of the data processing

The purpose for using technically required cookies is to simplify usage of webpages for the user. Some functions of our website could not be offered without the usage of cookies. To ensure usability, it is necessary that the browser is recognized again even after a page change.

We use cookies for the following functions:

Acquisition of language settings
Taking note of search terms

The user data collected by technically required cookies are not used to create user profiles.

Cookie analysis is carried out for the purpose of improving the quality of our website and its content. By analysing cookies we are able to find out how our website is being used and can continuously optimise our web presence.

The purpose for using technically required cookies is to simplify usage of webpages for the user. Some functions of our website could not be offered without the usage of cookies. To ensure usability it is necessary that the browser is recognized again even after a page change.

For these purposes, we also have a legitimate interest in the processing of data in accordance with Art. 6, Sect. 1, Line 1, lit. f of the GDPR.

6.4 Legal basis for the data processing

The legal basis for the processing of personal data using cookies which are technically necessary is established in Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

The legal basis for the processing of personal data through the use of cookies for analysis purposes is derived from the appropriate consent granted by the user, as per Art. 6, Sect. 1, Line 1, lit. a of the GDPR.

6.5 Duration of the data storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, you as a user maintain full control over the use of the cookies. You are able to deactivate or restrict the transfer of cookies by modifying the settings in your web browser. Previously stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, however, you may no longer be able to fully use all of the functions of the website.

If you use a Safari browser as of version 12.1, cookies are automatically deleted after seven days. This also applies to opt-out cookies that prevent tracking measures.

7 Newsletter

7.1 Description and scope of the data processing

On our website it is possible to subscribe or unsubscribe to a free newsletter. After registration for the newsletter is completed, the data from the input screen is transmitted to us.

E-mail address
Last name
First name
Telephone / mobile phone number
Address
IP address of the accessing computer
The date and time of registration
Company, fax, subject, subject matter

For sending the newsletter we use Sendinblue or Microsoft Dynamics (see chapter 17.5 or 17.9)

7.2 Purpose of the data processing

Recording of the user’s e-mail address just serves to deliver the newsletter.

The recording of other personal data in conjunction with the registration process serves to prevent misuse of the services or the e-mail addresses which are used.

7.3 Legal basis for the data processing

The legal basis for the processing of personal data after the user’s registration for the newsletter is based on the presence of consent granted by the user, as per Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

7.4 Duration of the data storage

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. The user’s e-mail address will be stored as long as the subscription is current.

All other personal data recorded as part of the registration procedure is usually deleted after a period of seven days.

7.5 Possibility of objection and elimination

The subscription to the newsletter can be cancelled at any time by the respective user. There is a corresponding link for this purpose in every newsletter.

This also enables the withdrawal of consent to the storing of personal data collected during the registration process.

8 E-mail contact

8.1 Description and scope of the data processing

On our website it is possible to contact us via the provided e-mail address. In this case, the user’s personal data associated with the e-mail is stored.

The data is used exclusively for the processing of the message exchange.

8.2 Purpose of the data processing

In the event of a contact via e-mail, this also entails the necessary legitimate interest in the processing of the data.

8.3 Legal basis for the data processing

The legal basis for the processing of the data in the course of sending an e-mail is Art. 6, Sect. 1, lit. f of the GDPR. If the aim of the e-mail contact is to conclude a contract, an additional legal basis for the processing is Art. 6, Sect. 1, lit. b of the GDPR.

8.4 Duration of the data storage

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. For the personal data that has been sent with an e-mail, this is the case once the message exchange with the user is finished. The message exchange is finished when, if it is clear from the circumstances, the issue at hand has been conclusively resolved.

The personal data additionally gathered during the transmission process is deleted after a period of seven days at the latest.

8.5 Possibility of objection and elimination

The user has the option to withdraw his consent for the processing of personal data at any time. If the user contacts us via email, he or she can object to the storage of his or her personal data at any time. In such a case, the message exchange cannot be continued.

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the processing of your data up to the time of your withdrawal of consent shall remain unaffected. You have the right, based on reasons arising from the specific situation, to file an objection at any time against the processing of personal data pertaining to you, which have been obtained based on Art. 6, Sect. 1, Line 1 lit. e or f of the GDPR. This also applies to any profiling based on these provisions. The responsible party no longer processes the personal data pertaining to you, unless the responsible party can prove there are imperative security reasons that justify the processing and which outweigh your interests, rights, and liberties, or the processing serves to exercise, enforce, or defend legal claims. If the personal data is processed in order to propagate direct advertising, you have the right to file an objection against the processing of personal data for such advertising purposes at any time. This also applies to profiling, inasmuch as it is in conjunction with such direct advertising. If you object to the processing for purposes of direct marketing, the personal data pertaining to you will no longer be processed for these purposes. You have the option, in conjunction with the use of an information services provider – regardless of Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.

All personal data that has been stored in the course of the contact will, in this case, be deleted.

9 Input forms

9.1 Description and scope of the data processing

There are different input forms on our website, which can be used for different applications. This can be, for example, establishing electronic contact, registration for events or training, retrieval of content, registration for further offers (see also 16), login, participation in a promotion, software download or other topics. If a user takes advantage of the options offered, the data entered in the input mask will be transmitted to us and stored. Microsoft Dynamics 365 (see chapter 17.9) is used for the input forms.

At the time of sending the message, the following data is partially stored:

Email address
Surname
First name
Address
Phone/mobile number
IP address of the visitor’s computer
Date and time of contact
Company, Fax, Subject, Request

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.

It is also possible to contact us via the email address provided. For this, see chapter 8.

The data will be used exclusively for the processing of the conversation.

9.2 Purpose of the data processing

The processing of the personal data from the input screen is used solely for the processing of the corresponding matter.

The other personal data processed during the send procedure is intended to prevent the misuse of the forms and to ensure the security of our information technology systems.

9.3 Legal basis for the data processing

The legal basis for the processing of personal data is derived from the consent granted by the user, as per Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

9.4 Duration of the data storage

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected. For the personal data from the input screen, this is the case when the message exchange with the user is finished. The message exchange is finished when, if it is clear from the circumstances, the issue at hand has been conclusively resolved.

The personal data additionally gathered during the transmission process is deleted after a period of seven days at the latest.

9.5 Possibility of objection and elimination

The user has the option to withdraw his consent for the processing of personal data at any time.

All personal data that has been stored in the course of the contact will, in this case, be deleted.

10 Job application

10.1 Description and scope of the data processing

You can send your job application to us by e-mail at jobs@conterra.de or via dreamjob.conterra.de. We collect your e-mail address and the following additional data:

Form of address
First name
Last name
Telephone / mobile phone number
Additional contact information, such as the address, if provided voluntarily in the e-mail.

You will receive an e-mail confirmation of receipt of your job application documents from us. We might also possibly request the following information from you:

Most recent employment letters of recommendation
Diploma/vocational training certificate, qualifications certifications
Résumé in tabular format
Salary requirement
Work samples

Within the framework of the application process, your consent to the processing of the data is obtained with reference to this Data Protection Notice. Your data will be stored by us and made available to the company-internal contacts. There is no dissemination of your data to third parties. The data will be used exclusively for the processing of your application.

10.2 Purpose of the data processing

The processing of personal data from your application e-mail is only used by us to handle your application.

10.3 Legal basis for the data processing

The legal basis for the processing of your data is the initiation of the contract at the request of the person concerned, Art. 6, Sect. 1, Line 1 lit. b Alt. 1 of the GDPR and Art. 26, Sect. 1, Line 1 of the BDSG.

10.4 Duration of the data storage

After completion of the application procedure, the data is stored for up to six months. After six months at the latest your data will be deleted. In the event of a legal obligation, the data will be stored within the framework of the applicable provisions. If no release of the data as described above has been received, the data will be deleted after three months.

10.5 Possibility of objection and elimination

The applicant has the opportunity to object to the processing of personal data at any time. In such a case, the application can no longer be taken into consideration.

Information on the right to deletion and correction can be found in section “Rights of the person concerned”. Please advise us of any differing deletion or correction requests at jobs@conterra.de.

All personal data that has been stored in the course of the electronic job application will, in this case, be deleted.

11 Company identity / media presence

Utilisation of the company’s media presence in social networks

11.1 Twitter:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

We provide information on our company’s page and offer Twitter users the opportunity to communicate with us. If you do something (e.g. comments, posts, likes, etc.) on our company’s Twitter presence, it could be that your personal data (e.g. your real name or a photo of your user profile) is publicly displayed. Because we generally have, to a large extent, no influence on the processing of your personal data for the con terra GmbH company Twitter presence, for which Twitter shares the responsibility, we are unable to provide any binding information on the purpose and scope of the processing of your data.

Our company web presence in social networks is for the communication and exchange of information with (potential) customers. Specifically, we use our company web presence for:

Our company web presence helps us to inform users about our services. Each user is thereby free to publish personal data in conjunction with activities.

In doing so, publications presented in the company web presence include the following content:

Information about products
Information about services
Contests
Customer contact

Each user is free to decide whether personal data may be published by way of activities.

The legal basis for the processing of personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

We store your activities and personal data publicised through our company’s Twitter presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.
We further process data from our company web presence in our systems. This data is stored there for the following periods: We store your activities and personal data publicised through our company’s web presence until withdrawal of the data. In addition, we adhere to the statutory retention periods.

Twitter has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, Twitter is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

You can object to the processing of your personal data that we collect in conjunction with your use of our company’s Twitter presence at any time, and assert your data subject rights under IV. of this Data Protection Notice. For this, send a formless e-mail to us at info@conterra.de. You will find further information on the processing of your personal data by Twitter and the corresponding possibilities for objection here:

Twitter: https://twitter.com/en/privacy

Utilisation of the company’s media presence in social networks

11.2 YouTube:

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States of America

We provide information on our company’s page and offer YouTube users the opportunity to communicate with us. If you do something (e.g. comments, posts, likes, etc.) on our company’s YouTube presence, it could be that your personal data (e.g. your real name or a photo of your user profile) is publicly displayed. Because we generally have, to a large extent, no influence on the processing of your personal data for the con terra GmbH company YouTube presence, for which Twitter shares the responsibility, we are unable to provide any binding information on the purpose and scope of the processing of your data.

Our company web presence in social networks is for the communication and exchange of information with (potential) customers. Specifically, we use our company web presence for:

Our company web presence helps us to inform users about our services. Each user is thereby free to publish personal data in conjunction with activities.

In doing so, publications presented in the company web presence include the following content:

Information about products
Information about services
Contests
Customer contact

Each user is free to decide whether personal data may be published by way of activities.

The legal basis for the processing of personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

We store your activities and personal data publicised through our company’s YouTube presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.
We further process data from our company web presence in our systems. This data is stored there for the following periods: We store your activities and personal data publicised through our company’s web presence until withdrawal of the data. In addition, we adhere to the statutory retention periods.

YouTube has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, YouTube is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can object to the processing of your personal data that we collect in conjunction with your use of our company’s YouTube presence at any time, and assert your data subject rights under IV. of this Data Protection Notice. For this, send a formless e-mail to us at info@conterra.de. You will find further information on the processing of your personal data by YouTube and the corresponding possibilities for objection here:

YouTube: https://policies.google.com/privacy?gl=DE&hl=en

12 Use of company’s web presence in career-oriented networks

12.1 Scope of the data processing

We make use of the possibility of extending our company’s web presence to career-oriented networks. We maintain our company’s web presence in the following career-oriented networks:

LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
XING: XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany

We provide information and offer users the opportunity to communicate with us.

The web presence is used for job applications, information/PR, and Active Sourcing.

We have no details on the processing of your personal data by the host company, who bears joint responsibility for our web presence there. You will find further information in the Data Protection Notice.

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING: https://privacy.xing.com/de/datenschutzerklaerung

If you do something (e.g. comments, posts, likes, etc.) on our company’s web presence here, it could be that your personal data (e.g. your real name or a photo of your user profile) is publicly displayed.

12.2 Legal basis for the data processing

The legal basis for the processing of your data in conjunction with the use of our web presence is Art. 6, Sect. 1, Line 1 lit. f of the GDPR.

12.3 Purpose of the data processing

Our company web presence helps us to inform users about our services. Each user is thereby free to publish personal data in conjunction with activities.

12.4 Duration of the data storage

We store your activities and personal data publicised through our company’s web presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.

12.5 Possibility of objection and elimination

You can object to the processing of your personal data that we collect in conjunction with your use of our company’s web presence at any time, and assert your data subject rights under IV. of this Data Protection Notice. For this, send a formless e-mail to us at the email address stated in this Data Protection Notice.

LinkedIn has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, LinkedIn is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

You will find further information on possibilities for objection and elimination at:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING: https://privacy.xing.com/de/datenschutzerklaerung

13 Use of Limesurvey

We use online surveys to obtain feedback from customers on a voluntary basis regarding participation in workshops or other topics. For these online surveys, we use LimeSurvey from LimeSurvey GmbH, Umfragedienste & Beratung, Papenreye 63, 22453 Hamburg, https://www.limesurvey.org.

Data processed in surveys

Surveys are anonymous, no data is automatically collected that can be linked to the participant. Any participation in surveys is voluntary and we take great care to protect the privacy and integrity of our respondents. When configuring the surveys, we make sure that no personal data of the respondents is stored.

The survey is hosted by our hosting provider (see section 13).

14 Hosting

The website is hosted on servers operated by a service provider contracted by us.

Our service provider is:

Alfahosting GmbH, Ankerstrasse 3b, 06108 Halle (Saale), Germany

The server routinely collects and stores information in so-called server log files, which are automatically transmitted by your browser when you visit the website. The stored information includes:

Browser type and browser version
Operating system in use
Referenced URL
The host name of the accessing computer
Date and time of the server query
IP address

There is no combining of this data with data from other sources. This data is collected based on Art. 6, Sect. 1, lit. f of the GDPR. The website operator has a legitimate interest in the technically error-free representation and optimization of its website; server log files are necessary to do this.

The server which hosts the website is geographically located in Germany.

15 Online conferences and webinars

15.1 Description and scope of data processing

We use functionalities of web conferencing services to let meetings, webinars and workshops take place online.

Microsoft Teams or Zoom are the tools used for this purpose.

If the online meeting is recorded, this will be indicated when an invitation is issued and it will also be indicated at the beginning of the recording.

15.1.1 Microsoft Teams

When a meeting recording is started, Microsoft Teams displays a notification for all participants in the desktop, web, and mobile apps, as well as for people who joined by phone.

For more information, see the Microsoft privacy statement:

https://privacy.microsoft.com/de-DE/privacystatement#mainnoticetoendusersmodule

https://privacy.microsoft.com/de-DE/privacystatement

15.1.2 Zoom

We use functionalities of the Zoom web conferencing service of Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (hereinafter: Zoom).

Cookies from Zoom are stored on your terminal device. For information regarding cookies and similar technologies, please refer to Zoom's Cookie Policy:

https://zoom.us/cookie-policy

Depending on the data you provide when using Zoom and how you use Zoom, the following personal data is processed by Zoom as a result:

Name
Username
Home address
E-mail address
Telephone numbers
Your job title and employer
Information about your credit/debit card or other payment methods
Information about your Facebook profile
General information about your product and service preferences
IP address
MAC address
Device ID (UDID)
Device type
Type and version of operating system and client version
Information about your use of or other interaction with our products ("usage information")
Information that you upload, provide or create while using Zoom.

In the process, data is transferred to and processed by Zoom's servers in the United States. Zoom has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. This means that Zoom undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below:

https://www.privacyshield.gov/participant?id=a2zt0000000TNkCAAW&status=Active

Further information on the processing of data by Zoom can be found here: https://zoom.us/de-de/privacy.html

For follow-up, con terra may subsequently contact participants based on the data provided.

15.2 Purpose of data processing

The use of Zoom serves our legitimate interest of conducting web conferences, webinars, workshops and suchlike.

15.3 Legal basis for the processing of personal data

The legal basis for data processing for the purpose of conducting web conferences is Art. 6 para.1 p.1 lit. f DSGVO. Our legitimate interest here lies in the purposes of data processing stated under 2.

The legal basis for data processing for subsequent contact is consent pursuant to Art. 6 para.1 p.1 lit. a DSGVO.

15.4 Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

15.5 Revocation, objection and removal options

You have the right to revoke your declaration of consent under data protection law with regard to contacting us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To do so, please send an informal email to info@conterra.de.

You can prevent the collection as well as the processing of your personal data by Zoom by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For more information on how to object to and opt-out of Zoom, please visit: https://zoom.us/de-de/privacy.html

16 Registration

16.1 Description and scope of the data processing

On our Internet pages or on the Internet pages of events organised by con terra, users are given the opportunity to register by providing personal data.

16.1.1 Input mask on our Internet pages

The data is entered in an input mask and transmitted to us and stored. Microsoft Dynamics 365 (see chapter 17.9) is used for the form. The following data is collected during the registration process:

E-mail address
Last name
First name
Address
Telephone / mobile phone number
IP address of the calling computer
The date and time of registration

Form of address, company, company of the invoice recipient, department of the invoice recipient, contact person of the invoice recipient, fax number of the invoice recipient, e-mail of the recipient of the invoice, voucher code, comments

The user's consent to the processing of this data is obtained as part of the registration process.

16.1.2 Internet pages of events

When registering on the internet pages of events organised by con terra, functions and contents of the service pretix, offered by rami.io GmbH, Markgräfler Straße 16, 69126 Heidelberg, Germany, are integrated. This includes the ticket shop, which is integrated via a JavaScript widget. If you buy a ticket, pretix uses a technically necessary cookie to enable the order process and to remember which shopping cart belongs to you. The cookie is set as soon as you interact with the widget. pretix does not store IP addresses, browser information or other unnecessary meta data beyond the duration of your request. You can find more information about data protection at pretix here: https://pretix.eu/about/de/privacy"

16.2 Purpose of the data processing

Registration of the user is necessary to fulfil a contract with the user or to conduct pre-contractual measures.

This includes in particular the processing of orders and services, the booking of training courses, as well as requests for a course schedule, customer magazine, or a return call.

16.3 Legal basis for the data processing

The legal basis for the processing of personal data is derived from the consent granted by the user, as per Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

If the registration serves the purpose of fulfilment of a contract to which the user is a contractual party, or for the implementation of pre-contractual measures, then an additional legal basis for the processing of the data is Art. 6, Sect. 1, Line 1 lit. b of the GDPR.

16.4 Duration of the data storage

The data will be deleted as soon as it is no longer required to accomplish the purpose for which it was collected.

This is the case for the data collected during the registration process for contractual fulfilment, or to implement pre-contractual measures, if the data is no longer required for execution of the contract. It can be necessary after the conclusion of the contract as well to store personal data of the contractual partner, or to comply with contractual or legal obligations.

16.5 Possibility of objection and elimination

As a user, you have the option to rescind the registration at any time. You can have the data stored regarding you changed at any time.

Right to deletion: You can require that the responsible party promptly deletes personal data pertaining to you; the responsible party is obliged to promptly delete this data inasmuch as one of the following reasons applies: 1. The personal data is no longer necessary for the purposes for which it was originally collected or processed in any other manner. 2. You withdraw your underlying consent to the processing as per Art. 6, Sect. 1, Line 1 lit. a or Art. 9, Sect. 2, lit. a of the GDPR and there is no other legal basis for the processing. 3. You file an objection to the processing in accordance with Art. 21, Sect. 1, of the GDPR and there are no overriding legitimate reasons for processing, or you file an objection to the processing in accordance with Art. 21, Sect. 2 of the GDPR. 4. The personal data pertaining to you has been processed unlawfully. 5. The personal data pertaining to you is to be deleted in compliance with a legal obligation, or is necessary in accordance with European Union law or the laws of the member states, to which the responsible party is subject to. 6. The personal data pertaining to you was collected with regard to services offered by an information services provider, in accordance with Art. 8, Sect. 1 of the GDPR. Right to correction: You have a right to correct and/or complete your personal data vis-à-vis the responsible party, inasmuch as the processed personal data relating to you is inaccurate or incomplete. The responsible party must undertake the correction without delay.

If the data is necessary for the fulfilment of a contract or to implement pre-contractual measures, a precipitative deletion of the data is only possible insofar as there are no contractual or statutory obligations which would contravene a deletion.

17 Plug-ins used

We use plug-ins for various purposes. The plug-ins used are listed in the following:

17.1 Use of AddToAny

17.1.1 Scope of the personal data processing

We use the sharing tool AddToAny. It makes it possible for you to share displayed content with people in your environment. To do this, you can apply the Share feature of “AddToAny”. Already as you visit our web pages, the plug-in establishes a direct connection between your browser and the AddToAny server. AddToAny thus receives the information that you have visited our site with your IP address. AddToAny anonymises IP addresses. Cookies are used when utilising AddToAny. The data generated during the session (such as the time of use or the browser language) is transmitted to AddToAny and processed there. By means of the cookie, AddToAny can track which other pages have been accessed with the AddToAny plug-in and what social media services you visit. However, we neither have knowledge of the contents of the data collected independently by AddToAny independently nor how it is actually used by AddToAny. We also have no access to this data.
Further information on the processing of data by AddToAny can be found here:

https://www.addtoany.com/terms
https://www.addtoany.com/privacy

17.1.2 Purpose of the data processing

The use of social media buttons by means of AddToAny serves to increase the user-friendliness.

17.1.3 The legal basis for the processing of personal data

The legal basis for the processing of the user’s personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR. The legitimate interest lies in the ability to provide user-friendly offerings that make it easy for visitors to be able to share our content via any chosen service.

17.1.4 Duration of the data storage

AddToAny saves server log data for 30 days or less and only saves aggregated usage data.

17.1.5 Possibility of objection and elimination

You can prevent the collection and processing of your personal data by AddToAny by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. Detailed information on the processing of data by AddToAny can be found at:
https://www.addtoany.com/terms and https://www.addtoany.com/privacy

17.2 Use of Twitter

17.2.1 Scope of the personal data processing

We use the social plug-ins of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as: Twitter).
With the social media plug-ins we can integrate the content from Twitter (in particular tweets or moments) or embed links to Twitter’s platform (in particular the Tweet or Follow buttons) to our web presence. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system).
Twitter’s servers are located in the USA, where the data is collected and processed. Twitter has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, Twitter is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
By using Twitter and the “Re-tweet” function, the webpages and online presences you have visited are linked with your Twitter account and disseminated to third parties. We receive no information about the content of the transmitted data and their use by Twitter.
Further information on the processing of data by Twitter can be found here:
https://twitter.com/en/privacy

17.2.2 Purpose of the data processing

The integration of the Twitter plug-in serves to improve the user-friendliness. The contents of Twitter can be presented in an embedded manner and users of the Twitter service can take advantage of Twitter’s functions.

17.2.3 The legal basis for the processing of personal data

The legal basis for the processing is Art. 6, Sect. 1, Line 1 lit. f of the GDPR. Our legitimate interest in this lies in the aforementioned purposes of the data processing.

17.2.4 Duration of the data storage

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law.

17.2.5 Possibility of objection and elimination

You can prevent the collection and processing of your personal data by Twitter by blocking the saving of cookies on your computer, by using the “Do Not Track” function of a supporting browser, to prevent third-party "Do Not Track" function, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You will find further information on possibilities for objection and elimination vis-à-vis Twitter at:
https://twitter.com/en/privacy

17.3 Use of YouTube

17.3.1 Scope of the personal data processing

We use the YouTube plug-in distributed by Google, YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, and their EU representative Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: Google). We use the YouTube plug-in in order to embed YouTube videos in our web presence. When you visit our website, your browser establishes a connection with the YouTube servers. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system).
This makes it possible for data to be transferred to Google servers in the USA. Google has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and has had its compliance certified. Consequently, Google is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We have no influence on the content of the plug-ins. If you have logged into your Youtube account during your visit, YouTube can correlate your online presence to this account. Through the interaction with this plug-in the respective information will be transferred to and stored directly by YouTube.
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=en

17.3.2 Purpose of the data processing

The use of the YouTube plug-in serves to improve the user-friendliness and provide an appealing representation of our web presence.

17.3.3 The legal basis for the processing of personal data

The legal basis for the processing of the user’s personal data is Art. 6, Sect. 1, Line 1, lit. f of the GDPR. Our legitimate interest in this lies in the aforementioned purposes of the data processing.

17.3.4 Duration of the data storage

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law, e.g. for tax and accounting purposes.

17.3.5 Possibility of objection and elimination

You can prevent the collection and processing of your personal data by Google by blocking the saving of cookies on your computer by third-parties, by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
With the following link, you can deactivate the usage of your personal data by Google:
https://adssettings.google.de
You will find further information on possibilities for objection and elimination vis-à-vis Google at:
https://policies.google.com/privacy?gl=DE&hl=en

17.4 Use of Google Analytics (GA 4)

17.4.1 Scope of the processing of personal data

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google).
Google Analytics examines, among other things, how website visitors use our site. Google places cookies on your end device. When a website is visited, user behaviour is recorded in the form of "events". This process may entail the storage and analysis of personal data, including:
•   initial visit to the website
•   interaction with the website, usage path
•   clicks on external links
•   video usage
•   file downloads
•   ad impressions and clicks
•   scroll behaviour (if to end of page)
•   searches on the website
•   language selection
•   page visits
•   location (region)
•   your IP address (in shortened form)
•   technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
•   your internet provider
•   referrer URL

We use Google Signals. This captures additional information in Google Analytics about users who have activated personalised ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

By default, GA 4 has IP address anonymisation enabled. This means that your IP address is shortened by Google within the member states of the European Union or other contracting states to the Agreement on the European Economic Area. Exceptionally, only in rare cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google states that the IP address transmitted by your browser will not be merged with other Google data within the scope of Google Analytics.
You can obtain further information on the processing of data by Google here: https://policies.google.com/privacy

17.4.2 Purpose of data processing

We use GA 4 to evaluate the use of our online presence and to generate reports about the activities on our website. The reports are used to analyse the performance of our website and our advertising campaigns, and to target advertising towards those people who have already expressed an initial interest by visiting our site.

17.4.3 Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is, in principle, the user's consent in accordance with art. 6, para. 1, sentence 1, letter a) GDPR.

17.4.3 Duration of the storage

After two months, your personal data will be deleted. This deletion takes place automatically once a month.

17.4.4 Revocation, objection and removal options

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke your consent using our Cookie Consent Tool.
You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the ""Do Not Track"" function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser.
You can find further information on objection and removal options vis-à-vis Google at: https://policies.google.com/technologies/partner-sites

You can also prevent the collection of data generated by the cookie and related to your use of the online presence (incl. your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can deactivate the use of your personal data by Google using the following link: https://adssettings.google.de

17.5 Use of Sendinblue

17.5.1 Scope of the personal data processing

For the sending of our newsletter we use the service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany (hereinafter referred to as: Sendinblue). Sendinblue is a service provider for e-mail and SMS text message marketing who enables us to directly communicate with potential customers through newsletters via e-mail and SMS. If you register for the newsletter, the data you entered specifically in the newsletter registration is transmitted to Sendinblue and stored there. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system). Your data will also be saved by Sendinblue. Your data from receiving the newsletter will not be disseminated to third parties and Sendinblue also acquires no right to disseminate your data. After you register, Sendinblue will send you an e-mail to confirm your registration. In addition, Sendinblue offers various analysis options on how the sent newsletter is opened and used, e.g. to how many users an e-mail or SMS text message has been sent, whether e-mails or SMS text messages have been rejected, and whether users have had themselves removed from the distribution list after receiving an e-mail or SMS text message.
Further information on the processing of data by Sendinblue can be found here: https://www.sendinblue.com/legal/privacypolicy/

17.5.2 Purpose of the data processing

The personal data collected within the scope of registration to the newsletter is used exclusively for distributing our newsletter, but possibly also for invitations to events and, inasmuch as you are already one of our customers, for our customer e-mail. Moreover, subscribers to the newsletter could be informed by e-mail if necessary, e.g. for newsletter service operation or related registration, as in the case of changes to the newsletter offerings or the technical circumstances.

17.5.3 The legal basis for the processing of personal data

The legal basis for the processing of the user’s personal data is the consent granted by the user in accordance with Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

17.5.4 Duration of the data storage

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law. You can also contact Sendinblue and request the deletion of your data.

17.5.5 Possibility of withdrawal and elimination

You have the right to withdraw your declaration of consent under data protection law at any time. The legality of the processing of your data up to the time of your withdrawal of consent shall remain unaffected.
You can withdraw your consent to the storage of your data, as well as its use for sending the newsletter by Sendinblue, at any time. You can put your withdrawal into effect at any time by sending an e-mail to Sendinblue or by clicking on the link provided in each newsletter.
You will find further information on possibilities for objection and elimination vis-à-vis Sendinblue at:https://www.sendinblue.com/legal/privacypolicy/

17.6 Use of Survey Monkey

17.6.1 Scope of the processing of personal data
17.6.1.1 Use of Survey Monkey

We ask clients to voluntarily answer questions on their use of our products. For surveys, we use the online survey tool SurveyMonkey, which is offered and operated by SurveyMonkey Europe UC, based at 2 Shelbourne Buildings, 2nd Floor, 2 Shelbourne Road, Dublin 4, Ireland ("SurveyMonkey").

Survey Monkey collects the following data from you:

• Other data provided by you
• Name
• IP address of the requesting computer

We would like to expressly point out that SurveyMonkey reserves the right to collect, process, use and forward information and evaluations for its own purposes. In particular, cookies, ad tracking and IP addresses are used or recorded for this purpose. SurveyMonkey also reserves the right to transfer this information to third parties, including to other countries and the United States. Data is also transmitted to the servers of SurveyMonkey Inc, One Curiosity Way, San Mateo, California, 94403, USA and processed there. SurveyMonkey Inc. is a participant in the EU-US Privacy Framework. SurveyMonkey Inc. thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found at the following link:

https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

Further information on the processing of data by SurveyMonkey can be found at:

https://de.surveymonkey.com/mp/legal/privacy-policy/.

Use of MS Forms

We use Microsoft Forms functionalities from the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft").
We use Microsoft Forms to integrate contact forms and/or surveys on our website that users can fill in.

During the process, data may be transferred between Microsoft Ireland and the parent company in the USA. To ensure suitable guarantees for protecting the transfer and processing of personal data outside the EU, data is transferred to and processed by Microsoft in accordance with Microsoft's "Online Service Terms” on the basis of suitable guarantees in accordance with Art. 46 et seq. GDPR, in particular by concluding what are known as standard data protection clauses in accordance with Art. 46(2)(c) GDPR.

Further information on the processing of data by Microsoft can be found at:

https://privacy.microsoft.com/de-de/privacy

https://docs.microsoft.com/de-de/microsoft-365/bookings/bookings-faq?view=o365-worldwide

17.6.2 Purpose of the data processing

The conducting of surveys regarding the user experience of our products and online presence helps us to continuously develop and improve our user-friendliness. We try to utilise the knowledge about user behaviour gained from the surveys to develop new products. We use these plug-ins to be able to easily create and integrate forms and to display them in an appealing way.

17.6.3 The legal basis for the processing of personal data

The legal basis for the processing of users' personal data is generally the user's consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO. If the processing relates to the initiation or fulfilment of a contract, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

17.6.4 Duration of the data storage

Your personal information will be retained for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes. Survey Monkey itself does not delete your personal data. After completion of a survey (including the evaluation), however, we delete the data in our SurveyMonkey user account.

17.6.5 Possibility of objection and elimination

Participants in the surveys can contact us at any time and request the deletion of their survey data input, including personal data, if collected. Subsequent correction of the individual answers after a survey has been submitted is not possible. For specific data protection requests, contact SurveyMonkey Europe UC at dpo@surveymonkey.com.

17.7 User participation

17.7.1 Scope of processing of personal data

We ask users of our technology to provide speech samples in the form of audio recordings on a voluntary basis. The speech samples do not contain any personal data and are aimed exclusively at the pronunciation and manner of speaking of the users. If personal information is unintentionally found in the voice samples, it will be deleted by us.

The speech samples are processed by locally executed speech recognition systems that do not require any transfer to third-party providers. The only exception is the use of the WebSpeech API of the W3C (https://www.w3.org/), which enables the use of speech recognition functions via JavaScript in web browsers.

When using the WebSpeech API in the browser, the browser establishes a connection with the servers of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) or rather Apple (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA) (depending on the browser). As a result, personal data can be stored and evaluated as well as device and browser information (in particular the IP address and the operating system). Data may be transferred to Google or rather Apple servers in the USA. We have concluded an order processing agreement with Google and Apple respectively with the current standard contractual clauses of the EU, which are to be classified as a suitable guarantee for the transfer of personal data outside the EU or the EEA according to Art. 46 para. 2 lit. c DSGVO.

17.7.2 Purpose of the data processing

User participation helps us to continuously develop and improve our products. We evaluate the findings on the user behavior and pronunciation obtained from the speech samples in order to be able to develop new products in line with requirements.

17.7.3 The legal basis for the processing of personal data

The legal basis for the processing of your data in connection with the implementation of surveys is consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.

17.7.4 Duration of the data storage

We store the language samples for as long as necessary to achieve the purposes described in this Privacy Policy.

17.7.5 Possibility of objection and elimination

Users may contact us at any time to withdraw consent and request the deletion of data, including personal data if collected.

17.8 Use of LinkedIn

17.8.1 Scope of the personal data processing

We make use of the functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages is accessed that includes features of LinkedIn, a connection to the LinkedIn servers is made. LinkedIn is informed that you have visited our webpages with your IP address. If you are logged into your LinkedIn account and click on the LinkedIn “Recommend” button, it is possible to correlate your visit to our website and your user account. Personal data can be stored and evaluated in this manner, particularly the user activities (especially which pages have been visited and which elements has been clicked on), but also device and browser information (in particular the IP address and the operating system).
This makes it possible for data to be transferred to LinkedIn servers in the USA. LinkedIn has subjected itself to the Privacy Shield agreement concluded between the European Union and the USA and had its compliance certified. Consequently, LinkedIn is committed to adhering to the standards and regulations of the European Data Protection Law. Detailed information can be found under the following link:
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
We point out that we, as the provider of the website, have no knowledge about the content of transferred data or their usage by LinkedIn. Further information on the processing of data by LinkedIn can be found here:
https://www.linkedin.com/legal/privacy-policy.

17.8.2 Purpose of the data processing

The use of the LinkedIn plug-ins serves to increase the user-friendliness of our web presence.

17.8.3 The legal basis for the processing of personal data

The legal basis for the processing of the user’s personal data is the consent granted in terms of Art. 6, Sect. 1, Line 1 lit. a of the GDPR.

17.8.4 Duration of the data storage

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law, e.g. for tax and accounting purposes.

17.8.5 Possibility of objection and elimination

You can prevent the collection and processing of your personal data by LinkedIn by blocking the saving of cookies on your computer by third-parties, by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. In addition, the transmission can be prevented by the fact that you have logged out of your LinkedIn account before accessing our website.
With the following links, you can deactivate the usage of your personal data by LinkedIn:
https://www.linkedin.com/psettings/guest-controls
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy
You will find further information on possibilities for objection and elimination vis-à-vis LinkedIn at:
https://www.linkedin.com/legal/privacy-policy\

17.9 Use of the XING Share button

17.9.1 Scope of the personal data processing

Our web presence uses the XING Share button of XING SE, Dammtorstrasse 29-32, 20354 Hamburg, Germany. When you call up this website, a connection to the servers of XING SE (hereinafter referred to as: XING) is quickly made through your web browser, with which the “XING Share button” functions (in particular the calculation/display of the counter value) are carried out. These servers are configured to be especially data protection-conscious. Accordingly, no data will be stored regarding the access by visitors from which a direct personal reference could be derived. In particular, XING does not save the IP addresses of visitors to the webpages that include the XING Share button. Further information on the processing of data by XING can be found here:
https://www.xing.com/app/share?op=data_protection

17.9.2 Purpose of the data processing

The integration of the “XING Share button” serves to improve the user-friendliness of our web presence. When you click this button you will be redirected to the homepage of XING. If you are logged into your profile, you can recommend the link to our web presence.

17.9.3 The legal basis for the processing of personal data

The legal basis for the processing of the user’s personal data is Art. 6, Sect. 1, Line 1 lit. f of the GDPR. Our legitimate interest in this lies in the aforementioned purposes of the data processing.

17.9.4 Duration of the data storage

Your personal information will be stored as long as is necessary to fulfil the purposes described in this Data Protection Notice or as long as required by law, e.g. for tax and accounting purposes.

17.9.5 Possibility of objection and elimination

You can prevent the collection and processing of your personal data by XING by blocking the saving of cookies on your computer by third-parties, by using the of “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser, or by installing and using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You will find further information on possibilities for objection and elimination vis-à-vis XING at:
https://www.xing.com/app/share?op=data_protection

17.10 Microsoft Dynamics 365

Use of Microsoft Dynamics 365

17.10.1 Scope of processing of personal data

We use functionalities of the cloud-based CRM tool Microsoft Dynamics 365 of Microsoft Deutschland GmbH, Walter-Gropius-Str. 5, 80807 Munich, Bavaria, Germany (hereinafter: Microsoft).

We use Microsoft Dynamics 365 as our customer relationship management tool and for our con terra portal. Accordingly, we store the data of our customers, partners, suppliers and interested parties there. As part of this, we continue to use Microsoft Dynamics 365 to automate our marketing. As soon as a user registers for our newsletter or the con terra portal, or if there is another type of legitimate interest in sending information, we record the user's personal data in Microsoft Dynamics 365 and use it to send the newsletter mailings. In case of newsletters or when using our websites after registration, we collect and store certain information, including your interaction with content and services.

Within the scope of using the "Marketing" module of Microsoft Dynamics 365, cookies are set on your end device. The following personal data may be processed in the process:

Device information
Browser used
Information about your account or contact in Microsoft Dynamics 365

For more information about how Microsoft processes your data, click here: https://privacy.microsoft.com/de-de/privacystatement

https://docs.microsoft.com/de-de/dynamics365/get-started/gdpr/

https://docs.microsoft.com/de-de/dynamics365/marketing/cookies

17.10.2 Purpose of data processing

Using Microsoft Dynamics 365 helps us manage our prospects, customers, partners, and suppliers, as well as efficiently automate our marketing based on existing data.

17.10.3 Legal basis for the processing of personal data

The legal basis for the processing of the personal data of the users is basically the consent of the user according to Art. 6 para. 1 p.1 point a of the GDPR.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 point b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 sentence 1 point f of the GDPR serves as the legal basis for the processing.

17.10.4 Duration of storage

Your personal information will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.

17.10.5 Revocation, objection and removal options

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can prevent the collection as well as the processing of your personal data by Microsoft by preventing third-party cookies from being stored on your computer, using the "Do Not Track" feature of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For more information about revocation, opt-out, and removal options with respect to Microsoft, see:

https://privacy.microsoft.com/de-de/privacystatement

https://docs.microsoft.com/de-de/dynamics365/get-started/gdpr/

https://docs.microsoft.com/de-de/dynamics365/marketing/cookies

If your wish to revoke or object to data processing by us, you are welcome to address it by mail to the email address mentioned in this privacy policy. Further details can be found in the individual sections of this privacy policy, in particular on data processing and the options for revoking your consent to newsletter dispatch, which is handled via Microsoft Dynamics 365.

17.11 Use of Google Tag Manager

17.11.1 Scope of the processing of personal data

We use the Google Tag Manager (https://www.google.com/intl/de/tagmanager/) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). With the Google Tag Manager, tags of Google's services and of third-party providers can be managed and embedded in a bundled form on an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behaviour, to record the impact of online advertising and social channels, to use remarketing and targeting and to test and optimise online presences. When a user visits the online presence, the current tag configuration is sent to the user's browser. It contains instructions on which tags should be triggered. Google Tag Manager ensures that other tags are triggered, which in turn may collect data. Information on this can be found in the passages on the use of the corresponding services in this privacy statement. Google Tag Manager does not access this data.
You can find more information about Google Tag Manager at https://www.google.com/intl/de/tagmanager/faq.html and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

17.11.2 Purpose of data processing

The purpose of the processing of personal data is its consolidated and clear management and the efficient integration of third-party services.

17.11.3 Legal basis for the processing of personal data

The legal basis for the processing of the users' personal data is, in principle, the user's consent in accordance with art. 6, para. 1, sentence 1, letter a GDPR.

17.11.4 Duration of storage

Your personal information will be retained for as long as is necessary to fulfil the purposes described in this privacy statement or as required by law. Advertising data in server logs is rendered anonymous by Google's own policy of deleting parts of the IP address and cookie information after 9 and 18 months respectively.

17.11.5 Option of revocation and removal

You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can also prevent the collection of data generated by the cookie and related to your use of the online presence (incl. your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can deactivate the use of your personal data by Google using the following link: https://adssettings.google.de.
You can obtain further information on objection and removal options vis-à-vis Google at: https://policies.google.com/privacy?gl=DE&hl=de.

17.12 Use of Microsoft 365 and Atlassian tools (e.g. jira and Confluence)

When working with our clients on projects, we employ a selection of collaboration tools. We do this to share information, manage and facilitate collaboration and achieve the project objective.

17.12.1 Scope of the processing of personal data

In this context, we use functionalities of Microsoft 365 from the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft") and those of the provider Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia.

The following personal data may be processed as a result:

Last name
First name
Associated company
Email address
Any other personal data that is communicated voluntarily or stored in your Microsoft or Atlassian account (e.g. photo)

Clients may have to create an account with the respective provider to gain access to resources and tools.
Data may be transferred to third countries during the process. To ensure suitable guarantees for protecting the transfer and processing of personal data outside the EU, data is transferred to and processed by Microsoft and Atlassian on the basis of suitable guarantees in accordance with Art. 46 et seq. GDPR, in particular by concluding what are known as standard data protection clauses in accordance with Art. 46(2)(c) GDPR.

You can find further information on the processing of data by Microsoft during the registration process or at: https://www.microsoft.com/de-de/microsoft-365/business/data-security-privacy-germany
You will also receive further information on the processing of data by Atlassian during the registration process or at: https://www.atlassian.com/legal/privacy-policy

17.12.2 Purpose of data processing

The use of the aforementioned services serves to enable collaboration between ourselves and clients on projects.

17.12.3 Legal basis for the processing of personal data

The legal basis for the processing of users' personal data may be the user's consent given to us or Microsoft in accordance with Art. 6(1)(1)(a) GDPR.
In addition, processing may be necessary in the course of our contractual relationship with the customer (Art. 6(1)(1)(b) GDPR). It is also in our and the client's legitimate interest (Art. 6(1)(c) GDPR) to use suitable tools in the course of project collaboration.

17.12.4 Duration of storage

The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for processing to fulfil a contract if the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner to comply with contractual or legal obligations.

17.12.5 Right of withdrawal, objection and removal

If the processing is based on consent, it can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
An objection to processing may mean that collaborative work on a project can no longer be guaranteed.

This privacy policy was created with the support of DataGuard.

Last amended 4.1. Apr 2024