Privacy Policy

Information about what personal data we process for which purpose, on which basis and for how long is provided hereafter:

Data Processed for Credit Information:

This Privacy Policy concerns information about data that is processed when you visit our website or contact us, not information about personal data that is processed when providing credit information.

Extensive information about how Boniversum GmbH processes data when providing credit information may be found in our FAQ and “Information Under the EU GDPR for Consumers.”

Overview / Table of Contents

Our Privacy Policy provides the following information:

A. Our Contact Details and General Information About Data Processed by Us 

  • Name and Contact Details of Our Controller
  • Contact Details of Our Data Protection Officer
  • Legal Bases for Processing Personal Data
  • Data Erasure and Storage Periods
  • Our Sources of Personal Data
  • General Categories and Purposes of and Legal Bases for Processing Personal Data
  • Recipients or Categories of Recipients of Personal Data
  • Data Processed for Our Newsletter
  • Data Processed for Our Media Mailing List
  • Contacting Us by Email, Fax or Telephone

 

B. Scope of Processing Personal Data on Our Website 

  • Providing Our Website and Creating Log Files
  • Processed Application Data
  • Contacting Us via Contact Form and Email
  • Cookies Used by Us and Third-Party Providers
  • Use of etracker
  • Use of Google Ads and Google Conversion Tracking
  • Use of Google APIs
  • Use of the “BoniBot” Chatbot
  • Encryption on Our Website
  • Transferring Personal Data to Third Countries (Outside of the EU)

 

C. Your Data Subject Rights 

  • Right of Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restriction of Processing
  • Right to Notification
  • Right to Data Portability
  • Right to Object to Processing for Purposes of Legitimate Interests
  • Right to Withdraw Consent
  • Automated Decision-Making, Including Profiling
  • Freedom to Provide Data
  • Right to Lodge a Complaint With a Supervisory Authority

A. Our Contact Details and General Information About Data Processed by Us

Name and Contact Details of our Controller

The controller within the meaning of data protection law for the collection and use of personal data is:

Creditreform Boniversum GmbH
Hammfelddamm 13
41460 Neuss
Germany

Tel: +49 2131 109-501
Fax: +49 2131 109-557
Email: info@boniversum.de
Website: www.boniversum.de

For more information about our company, please the imprint of our website at www.boniversum.de/en/imprint.

 

Contact Details of Our Data Protection Officer

You may contact our data protection at:

Creditreform Boniversum GmbH
Datenschutzbeauftragter
Hammfelddamm 13
D-41460 Neuss
Germany
datenschutz@boniversum.de

 

 

Legal Bases for Processing Personal Data

Where we process personal data, the following applies:

  • Where we obtain your consent to process your personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) will serve as the legal basis for processing personal data.
  • When processing personal data for the performance of a contract with you, Article 6(1)(b) of the GDPR will serve as the legal basis. This also applies where processing is necessary for steps prior to entering into a contract.
  • Where processing personal data is necessary for compliance with a legal obligation to which we are subject, Article 6(1)(c) of the GDPR will serve as the legal basis.
  • In case personal data must be processed to protect your or another natural person’s vital interests, Article 6(1)(d) of the GDPR will serve as the legal basis.
  • Where processing is necessary for purposes of our or a third party’s legitimate interests that are not overridden by your interests or fundamental freedoms and rights, Article 6(1)(f) of the GDPR will serve as the legal basis for processing.

 

Data Erasure and Storage Periods

We will erase or block personal data when the purpose for its storage no longer applies. Furthermore, data may be stored if required by EU or national regulations or laws or other provisions to which we are subject as the controller. Personal data will also be stored or erased if a storage period required above expires, unless this data must continue to be stored for the conclusion or performance of a contract.

This means:Where we process personal data on the basis of consent (Article 6(1)(a) of the GDPR), this data will no longer be processed when this consent is withdrawn, except in case of other legal grounds for processing this data, such as if we may continue to process your data for the performance of contract or for purposes of our legitimate interests (see below) at the time of withdrawal.

Where we process data for purposes of our legitimate interests (Article 6(1)(f) of the GDPR) with prior consideration, we will store this data until these legitimate interests no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C).

Where we process personal data for the performance of a contract, we will store this data until the contract is fully performed and processed and no claims under the contract may be exercised, i.e., until the statute of limitations expires. Under Section 195 of the German Civil Code [Bürgerliches Gesetzbuch (BGB)], the statute of limitations lasts three (3) years. However, certain claims, such as damages, will only expire after 30 years (see Section 197 of the German Civil Code). In case of a legitimate reason to believe that this may be relevant, we will store personal data for this long. The above statutes of limitations will commence at the end of the year (i.e., on December 31) in which the claim was established and the creditor learns or, without gross negligence, should have learned of the circumstances establishing the claim and the identity of the debtor.

Please note that we are also subject to legal storage obligations for tax and accounting reasons which require us to store certain data, which may include personal data, for six (6) to ten (10) years as evidence of our accounting. These storage periods have priority over the above-stated erasure obligations and will also commence at the end of the respective year, i.e., on December 31.

Complaints about the deletion periods in a credit report can also be directed to the conciliation body of the association "Die Wirtschaftsauskunfteien" at:

TIGGES DCO GmbH
-Beschwerde Auskunfteien-
Zollhof 8
40221 Düsseldorf

Tel: +49 211 819982-70
E-Mail: beschwerde-auskunfteien@tigges-dco.de
Website: www.tigges-dco.de/ueberwachungsstelle

 

Sources of Personal Data

Personal data processed by us is primarily provided by the data subjects themselves, for example, by:

  • Transmitting information, such as their IP address, to our web server via their browser and device (e.g., PC, smartphone, tablet or notebook) when using our website
  • Requesting information material or offers from us as prospective customers
  • Placing orders or concluding contracts as our customers
  • Requesting information material, press releases, statements, etc., as media representatives
  • Supplying us with goods as suppliers or performing contracted services
     

Only in exceptions will we process personal data provided by third parties, e.g., when someone acts on a third party’s behalf.

 

General Categories and Purposes of and Legal Bases for Processing Personal Data

We process the following categories of personal data:

  • Users of our website
  • Prospective customers
  • Media representatives
  • Customers
  • Suppliers
     

Depending on the data category, we process personal data for the following purposes and on the stated legal bases of the General Data Protection Regulation (GDPR):

User data: Data of our website’s users is collected and processed by us anonymously. Persons cannot be identified. IP addresses are only processed in anonymized form. Any personal data that is processed is processed for purposes of our legitimate interests on the basis of Article 6(1)(f) of the GDPR. Our legitimate interests are our interest in the security and integrity of our website and of the data on our web server (especially to detect disruptions and errors and track unauthorized access), our marketing interests and interest in collecting data for statistical purposes (to improve our website, services and offers). We determined that processing this data is necessary for purposes of our legitimate interests and not overridden by your interests or fundamental rights and freedoms that may require the protection of this data.

Data of prospective customers/media representatives: We only process data of media representatives or prospective customers of our services that is entered into an input field or provided to us by email for an inquiry. Such data may be provided freely and will only be processed to process your inquiry. Data provided freely to us for the purpose of receiving information about our services is processed as part of the requested steps prior to entering into a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of your transmitted consent in accordance with Article 6(1)(a) of the GDPR.

Customer data: We process data of our customers for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent in accordance with Article 6(1)(a) of the GDPR. This also applies to processing necessary for steps prior to entering into a contract (e.g., to prepare and discuss offers).

Data of suppliers/business partners: We process data of our suppliers and business partners for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent in accordance with Article 6(1)(a) of the GDPR. This also applies to processing necessary for steps prior to entering into a contract (e.g., to prepare and discuss offers).

 

Recipients or Categories of Recipients of Personal Data

Your personal data will only be transferred to third parties or otherwise transmitted if necessary for contract performance (e.g., to process an order) or for billing purposes (e.g., to process payments for goods or services) or if we have a legitimate interest in such a transfer/transmission that is not overridden by your interests or fundamental rights and freedoms or to which you consented.

Categories of recipients may include:

  • Service providers
  • Suppliers
  • Media representatives
  • Payment service providers, Banks
  • Tax consultants

 

Data Processed for Our Newsletter

You may subscribe to our free newsletter on our website or by request. When you subscribe to our newsletter, the following data from the input field will be transmitted to us:

  • Your email address (mandatory)
  • Your first and last name (optional)
  • Your company (optional)
     

The following data will also be collected when you subscribe to our newsletter (opt-in evidence):

  • Your IP address
  • Time and date of your subscription

This prevents misuse of our services and of your email address and enables us to comply with our legal obligations to provide evidence that your email address actually opted in, i.e., explicitly consented to receiving our newsletter.

Subscriptions to our newsletter use the so-called double opt-in procedure. This means that, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent subscriptions using others’ email addresses. When you click on the link to confirm your subscription, your IP address and the time and date on which you clicked on the link will be recorded. We process this data to comply with our legal obligations to provide evidence that your email address actually opted in, i.e., explicitly consented to receiving our newsletter.

Your consent to processing this data will be requested and this Privacy Policy will be noted during the subscription process.

Use of the mailingwork Newsletter Service
Personal data is transferred to our newsletter service provider, mailingwork GmbH, Birkenweg 7, D-09569 Oederan, Germany, to send our newsletter, assess and analyze the user behavior of newsletter recipients and manage subscriptions. This data is only used for sending our newsletter. mailingwork complies with all legal data protection requirements. mailingwork is a German company that only processes data on German servers. We concluded a processing agreement with mailingwork that includes adequate guarantees of data security and grants us the right to issue instructions for data processing. mailingwork’s privacy policy is available at: mailingwork.de/datenschutz

Purpose of Data Processing
We collect and process the user’s email address to send our newsletter. We use this email address for marketing purposes. We record the user’s IP address and of the time and date on which the user clicks on the confirmation link in the double opt-in email to comply with our legal obligations to provide evidence of our obtainment of explicit consent. We collect other personal data as part of the subscription process to prevent misuse of our services and of the user’s email address. We document unsubscriptions from our newsletter for up to 3 years as evidence of consent and to defend against potential claims.

Legal Basis for Data Processing
The legal basis for processing data after you subscribe to our newsletter is your consent in accordance with Article 6(1)(a) of the GDPR. If you previously purchased similar goods or services, the legal basis for processing your data for our newsletter is Section 7(3) of the German Act Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb (UWG)]. The legal basis for storing your IP address and the time and date of when you clicked on the confirmation link in the double opt-in email and for potential further storage of up to 3 years after you unsubscribe from our newsletter is our legitimate interests under Article 6(1)(f) of the GDPR which consist of having evidence of your consent and defending ourselves against corresponding claims.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected. We will store your email address for as long as you subscribe to our newsletter.

Unsubscribed email addresses and related personal data that we collected when you consented to our newsletter may be stored for up 3 years on the basis of our legitimate interests in providing evidence of your consent. This data is only processed for the purpose of defending against potential claims. Erasure may be requested at any time if the original consent is confirmed.

Other personal data collected as part of the subscription process will normally be erased after 7 days.

Objection and Erasure Option
You may unsubscribe from our newsletter free of charge and informally at any time. To do so, every newsletter includes an unsubscribe link that also allows you to withdraw your consent to the storage of personal data collected during the subscription process.

 

Data Processed for Our Media Mailing List

You may subscribe to our free newsletter on our website or by submitting a request. When you subscribe to our newsletter, the following data from the input field will be transmitted to us:

  • Your email address (mandatory)
  • Your first and last name (optional)
  • Your medium (optional)
     

The following data will also be collected when you subscribe to our newsletter (opt-in evidence):

  • Your IP address
  • Time and date of your subscription
     

This prevents misuse of our services and of your email address and enables us to comply with our legal obligations to provide evidence that your email address actually opted in, i.e., explicitly consented to receiving our press releases.

Subscriptions to our media mailing list use the so-called double opt-in procedure. This means that, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent subscriptions using others’ email addresses. When you click on the link to confirm your subscription, your IP address and the time and date on which you clicked on the link will be recorded. We process this data to comply with our legal obligations to provide evidence that your email address actually opted in, i. e., explicitly consented to being added to our media mailing list.

Your consent to processing this data will be requested and this Privacy Policy will be noted during the subscription process.

Use of the Mailingwork Newsletter Service
Personal data is transferred to our newsletter service provider, mailingwork GmbH, Birkenweg 7, D-09569 Oederan, Germany, to send our media mails, assess and analyze the user behavior of newsletter recipients and manage subscriptions. This data is only used for sending our media mails. mailingwork complies with all legal data protection requirements. mailingwork is a German company that only processes data on German servers. We concluded a processing agreement with mailingwork that includes adequate guarantees of data security and grants us the right to issue instructions for data processing. Mailingwork’s privacy policy is available at: mailingwork.de/datenschutz

Purpose of Data Processing
We collect and process the user’s email address to send our press releases. We use this email address for marketing purposes. We document unsubscriptions from our newsletter for up to 3 years as evidence of consent and to defend against potential claims.

Legal Basis for Data Processing
The legal basis for processing data after you subscribe to our media mailing list is your consent in accordance with Article 6(1)(a) of the GDPR.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected. We will store your email address for as long as you subscribe to our media mailing list.

Unsubscribed email addresses and related personal data that we collected when you consented to be added to our media mailing list may be stored for up 3 years on the basis of our legitimate interests in providing evidence of your consent. This data is only processed for the purpose of defending against potential claims. Erasure may be requested at any time if the original consent is confirmed.

Objection and Erasure Option
You may unsubscribe from our media mailing list free of charge and informally at any time. To do so, every press release includes an unsubscribe link that also allows you to withdraw your consent to the storage of personal data collected during the subscription process.

 

Contacting Us by E-Mail, Fax or Telephone

You may contact us in several ways. Our email address, telephone number and fax number are provided on our website. However, even when you send us an email, call us or send us a fax, we will necessarily process at least the transmitted personal data that is stored by us or our systems.

Your personal data will not be transferred to third parties and will only be used to process our conversation.

Purpose of Data Processing
Personal data that is transmitted by email, fax or telephone is processed by us to process your inquiry. We need your email address, fax number or telephone number to reply. This represents our legitimate interests in processing this data.

Legal Basis for Data Processing
The legal basis for processing this data with your consent, which may be viewed as part of our communication, is Article 6(1)(a) of the GDPR and, otherwise, our legitimate interests under Article 6(1)(f) of the GDPR in processing this data. If you contact us with the intention of concluding a contract, Article 6(1)(b) of the GDPR (steps prior to entering into a contract) will serve as an additional legal basis for processing your data.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected.

For personal data sent by email, this applies when the conversation with you ends and we waited 3 months to see if we need to refer to your inquiry or the details of your communication again. A conversation ends when the circumstances make it evident that the matter has been settled.

Fax data is stored separately from print data in the fax machine’s memory. After printing out a fax, this memory is freed up again for the next fax to be received and saved. After being printed, parts of a fax may remain in the device’s memory temporarily until it is overridden by the next received fax. Normally, data is therefore erased automatically after approx. 1-2 weeks. If you send us a computer fax, we will receive your fax as an email and our email provisions will apply.

For incoming and outgoing calls, your telephone number or your name/company registered with your telephone service provider and the time and date of your call will be saved on our telephone system in a so-called circular buffer which overrides the oldest data with new data. Normally, data will therefore be erased from our telephone system automatically after approx. 3-4 months.

Communication may be subject to storage obligations under commercial or tax law which will then have priority (see “Data Erasure and Storage Periods” above).

Objection and Erasure Option
You may withdraw your consent to processing your personal data or object to further processing of your data for purposes of legitimate interests (see “Right to Object to Processing for Purposes of Legitimate Interests” under C of this Privacy Policy) at any time. However, the conversation then cannot be continued. We allow withdrawing consent and objecting to further data processing by sending us an informal message (e.g., email). In this case, all personal data that was stored when you contacted us will be erased.

B. Scope of Processing Personal Data on Our Website

We only collect and use personal data of our website’s users where necessary for providing a functional website and our content and services. We only collect and use personal data of our users with their consent. Exceptions apply in cases where prior consent cannot be obtained for objective reasons and/or processing this data is permitted by law.

 

Providing Our Website and Creating Log Files

Whenever our website is accessed, our system automatically collects data and information for technical reasons. This data and information are stored in our server’s log files and include the:

  • Time and date of access
  • URL (address) of the referring website (referrer)
  • Websites accessed by the user’s system via our website
  • User’s screen resolution
  • Retrieved file(s) and successful retrieval report
  • Volume of transmitted data
  • User’s Internet service provider
  • Browser, browser type, browser version, browser engine, and engine version
  • Operating system, operating system version, operating system type
  • User’s anonymized IP address
     

This data is processed separately from other data and not with other personal data of the user and cannot be used by us to identify a specific person.

Purpose of Data Processing
Data must be temporarily processed by the system to provide the content of our website to the user’s computer. This requires the user’s IP address to be stored for the duration of the session. This data is stored in log files to ensure the functionality of our website. In addition, this data allows us to optimize our offer and website, ensure the security of our IT systems and is not processed for marketing purposes.

Legal Basis for Data Processing
Data is temporarily stored in log files on the legal basis of Article 6(1)(f) of the GDPR. Our overriding legitimate interests in processing this data consist of the above-stated purposes.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected. If we collect your data to provide our website, your data will be erased when your session ends. Data stored in log files will be erased, at the latest, after 7 days. However, longer storage may be possible. In this case, your IP address will be erased or masked to prevent identification of the requesting client.

Objection and Erasure Option
Data must be collected and stored in log files to provide and operate our website. The user has no right to object. However, the user may stop using our website and thereby prevent further collection of the stated data at any time.

 

Processed Application Data

You may also submit an application directly on our website. How data of applicants is processed is explained on the separate page, Bewerberdatenverarbeitung.

 

Contacting Us via Contact Form and Email

Our website offers contact forms which may be used to contact us electronically about various matters. If you contact us via a contact form, the data you enter into the input fields will be transmitted to and stored by us in encrypted form. This data will then be processed for the matter specified in the contact form.

You may use our contact form to contact us at any time. The requested information is stated on the form. Mandatory fields are marked with an asterisk. The data we request in mandatory fields is necessary for processing your inquiry.

Our website also provides a separate contact form for companies. The requested information is stated on the form. Mandatory fields are marked with an asterisk. The data we request in mandatory fields is necessary for processing your inquiry.

Our website also allows self-reports to be obtained via our webform. To verify your identity, we require you date of birth and other information necessary for processing your self-report inquiry. We must ensure in advance that you are authorized to obtain the self-report. The data you provide to us will be stored on our database and processed and then forwarded to our consumer service department for further processing.

When you send us a message/an inquiry, the following data will also be stored:

  • Your IP address
  • Time and date of submission

Alternatively, you may contact us at our stated email address. In this case, the personal data transmitted with your email will be stored.

Your personal data will not be transferred to third parties and will only be used to process and respond to your inquiry.

Purpose of Data Processing
Personal data entered into an input screen is processed to process and respond to your inquiry. If you contact us, we also have legitimate interests in processing this data. Other personal data processed as part of the submission process is necessary for preventing misuse of our contact form and ensuring the security of our IT systems.

Legal Basis for Data Processing
The legal basis for processing your data is our legitimate interests under Article 6(1)(f) of the GDPR. Our legitimate interests consist of processing your data to process and, if necessary, respond to your inquiry or message. If you contact us to conclude a contract, Article 6(1)(b) of the GDPR (steps prior to entering into a contract) will serve as an additional legal basis for processing your data. The legal basis for processing other personal data that is processed as part of the submission procedure is our legitimate interest under Article 6(1)(f) of the GDPR in preventing misuse of our contact form and ensuring the security of our IT systems.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected. Personal data that is submitted via the input screen of our contact form or transmitted with your email will be erased when the conversation with you ends. The conversation will end when the circumstances make it evident that the matter has been settled. Our communication may be subject to storage obligations under commercial or tax law which will then have priority (see “Data Erasure and Storage Periods” above). Additional personal data collected as part of the submission process will be erased, at the latest, after 7 days.

Objection and Erasure Option
You may object to further processing of your data at any time for purposes of legitimate interests (see “Right to Object to Processing for Purposes of Legitimate interests” under C). However, the conversation then cannot be continued. To object to further data processing, you may send us an informal message (e.g., email). In this case, all personal data that was stored when you contacted us will be erased.

 

Cookies Used by Us and Third-Party Providers

Purpose of Data Processing

Technically-necessary cookies are used to make the website easier to use for users. Certain functions of our website that require the user’s browser to be recognized when switching between pages cannot be offered without cookies. The user data collected through technically-necessary cookies is not used for profiling.

Analysis cookies are used to improve the quality and content of our website. This shows us how our website is used and allows us to optimize our offer.

Legal Basis for Data Processing
The legal basis for processing personal data using cookies is Article 6(1)(f) of the GDPR, i.e., our legitimate interests. Our legitimate interests consist of the above-stated purposes. With the user’s consent, the legal basis for processing personal data using cookies for analysis purposes is Article 6(1)(a) of the GDPR or, otherwise, our legitimate interests under Article 6(1)(f) of the GDPR for the above-stated purposes.

Storage Period
Certain cookies used by us will be deleted when your browser session ends, i.e., when you close your browser (so-called session cookies). Other cookies will remain on your device and enable use or other (third-party) service providers to recognize your device during your next visit (persistent cookies).

We also store data collected for purposes of our legitimate interests until these no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C). Whether our legitimate interests continue to apply is checked regularly, at least annually. Our interests especially no longer apply if the data is no longer sufficiently relevant for the assessment and statistics of the use of our website. This will be assumed, at the latest, after 3 years.

Objection and Erasure Option
Cookies are placed on and transmitted to our website by your computer. This gives you full control over the use of cookies. By changing the settings of your browser, you may disable or limit cookies. Stored cookies may be deleted at any time, including automatically. Activating such “Do Not Track” settings on your browser will be understood as your objection to the further collection and use of your personal data. Please note: if you disable cookies on our website, you may not be able to fully use all of our website’s functions.

 

Use of etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time by clicking on the slider. The objection has no disadvantageous consequences. If no slider is displayed, the data collection is already prevented by other blocking means.

Further information on data protection with etracker can be found here.

 

Use of Google Tag Manager

The Google Tag Manager is a solution from Google with which companies can manage website tags via an interface. The Google Tag Manager is a cookieless domain that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We would like to point this out separately. The Google Tag Manager does not access this data. The processing companies are: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland,

The service uses technologies such as cookies and pixels that are placed in the browser. In doing so, only aggregated data for triggering tags is collected through the use of the service. The legal basis for the processing of the data is Art. 6 para. 1 s. 1 lit. f DS-GVO. The data will be deleted after the purposes have been fulfilled.

 

Use of Google Ads and Google Conversion Tracking

This website uses Google Ads. Ads is an online advertising platform of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

When using Google Ads, we apply so-called conversion tracking. When you click on an ad displayed by Google, a conversion tracking cookie will be placed on your device. Cookies are small text files placed by your browser on your computer. These cookies are not used to personally identify users. If you visit certain pages of our website before the cookie expires, Google and we will learn if you click on an ad and were forwarded to this page.

Every Google Ads customer receives a different cookie. These cookies cannot be tracked through websites of Ads customers.

For more information about Google Ads and Google Conversion Tracking, please see Google’s Privacy Policy: https://www.google.de/policies/privacy/.

Purpose of Data Processing
Information obtained through the conversion cookie is used to prepare conversion statistics for us. We will learn the total number of users who clicked on our ads and were forwarded to our website. We do not receive information that could be used to personally identify users. We only use the information provided to us to analyze and optimize our marketing.

Legal Basis for Data Processing
 “Conversion cookies” are placed on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in analyzing user behavior to optimize our online offer and our ads.

Storage Period
Cookies placed by Google will expire after 30 days.

We also store data collected for purposes of our legitimate interests until these no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C). Whether our legitimate interests continue to apply is checked regularly, at least annually. Our interests especially no longer apply if the data is no longer sufficiently relevant for the assessment and statistics of the use of our website. This will be assumed, at the latest, after 3 years.

Objection and Erasure Option
You may disable or limit cookies through your browser settings. Stored cookies may be deleted at any time, including automatically. Please note that, if you disable cookies on our website, you may not be able to fully use all of our website’s functions. To opt out of tracking, you may object to this use by disabling the Google Conversion Tracking cookie in your user settings. You will then not be included in our conversion tracking statistics.

 

Use of the “BoniBot” Chatbot

To improve availability for and communication with users and prospective customers, our website uses the chatbot “BoniBot” of Dr. Schengber & Friends GmbH, Schorlemerstr. 12-14, D-48143 Münster, Germany, (DSAF).

For more information about data protection by DSAF, please see: https://botcamp.ai/datenschutz/ (German)

We concluded a processing agreement with DSAF that provides sufficient guarantees of legally-compliant and secure data processing.

The chatbot software used on this website applies machine learning to better understand and respond to user input. Input is therefore sent to and assessed on external servers. This is necessary for the chatbot function. The chatbot does not request or require personal data. Users therefore cannot be identified if they do not enter personal data. Entered non-personal data is used for learning purposes and stored for training purposes. This represents a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. When you use the chatbot, your IP address will be recorded by the system.

Purpose of Data Processing
We use the chatbot to respond to user inquiries on our website quickly and reliably and improve user-friendliness and availability. We also use the chatbot for our advertising and marketing interests to contact prospective customers better and more quickly. We collect your IP address to distinguish you from other visitors and chatters and to prevent the same user from opening several chats simultaneously. You may enter additional data into the chat window freely for the purpose of your inquiry.

Legal Basis for Data Processing
The legal basis for processing personal data is Article 6(1)(f) of the GDPR. Our legitimate interest in processing this data consists of the above-stated purposes and processing your inquiry.

Storage Period
The data and content of the chats will only be stored on DSAF’s servers for up to 3 months and may be manually erased by us earlier.

We also store data collected for purposes of our legitimate interests until these no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C). Whether our legitimate interests continue to apply is checked regularly, at least annually. Our interests especially no longer apply if the data is no longer sufficiently relevant for the assessment and statistics of the use of our website. This will be assumed, at the latest, after 3 years.

Objection and Erasure Option
You have the right to object to us, on grounds related to your particular situation, to the processing of personal data concerning you. If we cannot demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, we will no longer process your data (Article 21 of the GDPR). You may also contact us by mail or email. When you object, our conversation will end.

In this case, any personal data that was stored when you contacted us will be erased if we ascertain that contractual guarantee claims or liability claims are excluded or we have no claims against you. In all other cases, your data will be blocked and only accessible to our management and only for compliance with legal storage obligations or to defend against or exercise actual or potential claims until their expiration (see our information about storage periods above).

 

Encryption on Our Website

Our website and any related data transfers use SSL (HTTPS protocol / TLS) encryption. The encryption algorithm of our certificate has a key length of 2048 bit.

 

Transferring Personal Data to Third Countries (Outside of the EU)

We intend to transfer personal data to the United States of America (USA).

This intention specifically refers to data transmissions to the following company:

  • Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) 

 

In its Privacy Policy, Google Inc. guarantees compliance with EU standard contractual clauses which permit data transfers to the US.

 

C. Your Data Subject Rights

Where your personal data is processed, you are the “data subject” and entitled to the following rights against us, the controller:

 

Right of Access

You have the right to obtain confirmation from us free of charge as to whether or not we are processing personal data concerning you. In case of such processing, you may obtain access to this data and the information specified in Article 15 of the GDPR. You may contact us by mail or email to exercise this right.

 

Right to Rectification

You have the right to obtain from us rectification of inaccurate personal data concerning you. We will perform this rectification without undue delay. You also have the right to—taking into account the purposes of the processing—have incomplete personal data completed, including by providing a supplementary statement. You may contact us by mail or email to exercise this right.

 

Right to Erasure

You have the right to obtain from us erasure of personal data concerning you without undue delay where one of the grounds under Article 17 of the GDPR applies. You may contact us by mail or email to exercise this right.

 

Right to Restriction of Processing

You have the right to obtain restriction of processing of personal data concerning you where one of the grounds under Article 18 of the GDPR applies. You may contact us by mail or email to exercise this right.

 

Right to Notification

If you exercise the right to rectification, erasure or restriction of processing against the controller, the controller must communicate this rectification, erasure or restriction of processing to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller must also inform you about the recipients if requested by you.

 

Right to Data Portability

You have the right to receive in a structured, commonly used and machine-readable format the personal data concerning you that you provided to us and have the right to transmit this data to another controller without hindrance from us where one of the grounds under Article 20 of the GDPR applies. You may contact us by mail or email to exercise this right.

Right to Object to Processing for Purposes of Legitimate interests

Where we process personal data on the basis of Article 6(1)(f) of the GDPR (i.e., for purposes of legitimate interests), you have the right to object, on grounds relating your personal situation, at any time to processing of personal data concerning you. We will then no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or we process the personal data concerning you for direct marketing purposes (see Article 21 of the GDPR). You may contact us by mail or email to exercise this right.

Objection within the above meaning includes technical procedures, such as clear technical information transmitted by your browser (“Do Not Track” notice).

Right to Withdraw Consent

You have the right withdraw your consent to the collection and use of personal data at any time. You may contact us by mail or email to exercise this right. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

 

Automated Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern or similarly significantly affect you. Unless the decision is necessary for entering into or performance of a contract between you and us, is authorized by European Union or member state law to which we are subject and which also lays down suitable measures to safeguard your rights, freedoms and legitimate interests, or is based on your explicit consent, automated decision-making is not performed by us.

 

Freedom to Provide Data

When collecting data, we will note if personal data must be provided by law or contractually. Certain data collected by us may be necessary for entering into a contract if we are otherwise unable to comply or properly comply with our contractual obligations to you. You are not required to disclose personal data. However, non-disclosure may prevent us from performing or offering your desired service, action, measure, etc., or entering into a contract with you.

 

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement, if you consider the processing of your personal data to infringe data protection law.

Our Privacy Policy valid: October 20, 2022