Privacy Policy of revenue cloud solutions GmbH

We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of revenue cloud solutions GmbH. The use of the Internet pages of revenue cloud solutions GmbH is generally possible without any indication of personal data. However, if a data subject wants to make use of special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to revenue cloud solutions GmbH. By means of this privacy policy, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects of their rights.

As the controller responsible for processing, revenue cloud solutions GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.

1. Definitions

The privacy policy of revenue cloud solutions GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use the following terms, among others:

a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This includes collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing, or destroying data.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, public authority, agency, or another body to whom the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

revenue cloud solutions GmbH
Im unteren Angel 17
7652 Offenburg
Germany

Phone: +49 (0) 781 9605239910
Email: support@happyhotel.io
Website: www.happyhotel.io

3. Cookies


The websites of revenue cloud solutions GmbH use cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Many websites and servers use cookies. Numerous cookies contain what is called a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain different cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

By using cookies, revenue cloud solutions GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting.

Through the use of cookies, the information and offers on our website can be optimized with the user in mind. As already mentioned, cookies allow us to recognize the users of our website. The purpose of this recognition is to make it easier for users to utilize our website. For example, the user of a website that uses cookies does not have to enter access data again each time the website is visited, because this is taken over by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can, at any time, prevent the setting of cookies through our website by means of a corresponding setting in the Internet browser used, and may thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

4. Provision of the Website and Creation of Log Files

Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

  1. Information about the browser type and version used
  2. The user's operating system
  3. The user's internet service provider
  4. The user's IP address
  5. Date and time of access
  6. Websites from which the user's system accessed our website
  7. Websites accessed by the user's system via our website

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

Legal Basis for Data Processing
The legal basis for the temporary storage of the data and log files is Article 6(1)(f) GDPR.

Purpose of Data Processing
Temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the user's IP address must be stored for the duration of the session. Storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us to optimize the website and ensure the security of our information technology systems. These purposes also represent our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.

Duration of Storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for providing the website, this occurs when the respective session ends. In the case of storage in log files, this occurs no later than seven days after collection. Further storage is possible. In this case, the users’ IP addresses are deleted or anonymized so that the accessing client can no longer be assigned.

Objection and Removal OptionThe collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website. Therefore, there is no option for the user to object.

5. Registration with happyhotel


1. Description and Scope of Data Processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input form, transmitted to us, and stored. The data is not passed on to third parties.
The following data is collected during the registration process:
• Email address
• IP address and time of registration
• Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Legal Basis for Data Processing
The legal basis for the processing of the data is Art. 6(1)(a) GDPR, provided that the user has given their consent.
If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the data processing is Art. 6(1)(b) GDPR.

3. Purpose of Data Processing
The registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.

Duration of Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
For data collected during the registration process for the fulfillment of a contract or for pre-contractual measures, this is the case when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contracting party in order to comply with contractual or legal obligations.

Right to Object and Right to Erasure
As a user, you have the option to cancel your registration at any time. You can also request that the data stored about you be changed at any time.
If the data is required for the fulfillment of a contract or the implementation of pre-contractual measures, early deletion is only possible if no contractual or legal obligations prevent deletion.

Right of Access
You may request confirmation from the data controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you can request access to the following information from the data controller:
(1) the purposes for which the personal data is being processed


(2) die Kategorien von personenbezogenen Daten, welche verarbeitet werden
(3) die Empfänger bzw. die Kategorien von Empfängern, gegenüber denen die Sie betreffenden personenbezogenen Daten offengelegt wurden oder noch offengelegt werden
(4) die geplante Dauer der Speicherung der Sie betreffenden
personenbezogenen Daten oder, falls konkrete Angaben hierzu nicht möglich sind, Kriterien für die Festlegung der Speicherdauer
(5) das Bestehen eines Rechts auf Berichtigung oder Löschung der Sie
betreffenden personenbezogenen Daten, eines Rechts auf Einschränkung der Verarbeitung durch den Verantwortlichen oder eines Widerspruchsrechts gegen die Verarbeitung
(6) das Bestehen eines Beschwerderechts bei einer Aufsichtsbehörde
(7) alle verfügbaren Informationen über die Herkunft der Daten, wenn die personenbezogenen Daten nicht bei der betroffenen Person erhoben werden
(8) das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling gemäß Art. 22 Abs. 1 und 4 DSGVO und – zumindest in diesen Fällen – aussagekräftige Informationen über die involvierte Logik sowie die Tragweite und die angestrebten Auswirkungen einer derartigen Verarbeitung für die betroffene Person Ihnen steht das Recht zu, Auskunft darüber zu verlangen, ob die Sie betreffenden personenbezogenen Daten in ein Drittland oder an eine internationale Organisation übermittelt werden. In diesem Zusammenhang können Sie verlangen, über die geeigneten Garantien gem. Art. 46 DSGVO im Zusammenhang mit der Übermittlung unterrichtet zu werden.

  1. Right to Rectification
    You have the right to request the rectification and/or completion of personal data concerning you from the controller if the processed personal data is incorrect or incomplete. The controller must make the correction without undue delay.
  2. Right to Restriction of Processing
    You may request the restriction of the processing of your personal data under the following conditions:
    (1) If you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
    (2) The processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use;
    (3) The controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims; or
    (4) If you have objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
  3. Where the processing of personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
  4. If the restriction of processing has been imposed under the above conditions, you will be informed by the controller before the restriction is lifted.
  5. Right to Erasurea) Obligation to eraseYou have the right to request from the controller the immediate erasure of personal data concerning you, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
    1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
    2. You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
    3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
    4. The personal data concerning you has been unlawfully processed.
    5. The erasure of your personal data is required to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
    6. The personal data concerning you was collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
    b) Information to third partiesIf the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, they shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, such personal data.c) ExceptionsThe right to erasure does not apply to the extent that processing is necessary:
    1. For exercising the right of freedom of expression and information;
    2. For compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    3. For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
    4. For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing;

    5. For the establishment, exercise or defense of legal claimsRight to be informed
  6. If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about those recipients by the controller.Right to data portabilityYou have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, where:
    1. The processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
    2. The processing is carried out by automated means.
    In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  7. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.The controller shall no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.You may exercise your right to object in the context of the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

Right to Withdraw Data Protection Consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:Such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

  1. Is necessary for entering into, or performance of, a contract between you and the controller;
  2. Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. Is based on your explicit consent.
  4. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

6. Subscription to Our Newsletter

On the website of revenue cloud solutions GmbH, users are given the opportunity to subscribe to the company's newsletter. The personal data transmitted to the controller when the newsletter is ordered is determined by the input form used for this purpose.

Revenue cloud solutions GmbH informs its customers and business partners regularly via newsletter about the company's offers. The newsletter of our company can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation email will be sent to the e-mail address entered by a data subject for the first time for newsletter delivery using the double opt-in procedure. This confirmation email serves to verify whether the owner of the e-mail address as the data subject has authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace the (potential) misuse of the e-mail address of a data subject at a later date and therefore serves the legal protection of the controller.

Use of Data Collected During Newsletter Registration

The personal data collected during the registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers may be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, such as in the event of changes to the newsletter offering or changes in technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties.

The subscription to our newsletter can be canceled by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the purpose of sending the newsletter, can be revoked at any time. A corresponding link for the purpose of withdrawing consent is included in every newsletter. Furthermore, it is also possible to unsubscribe from the newsletter at any time directly on the website of the controller or to inform the controller of this in another way.

7. Newsletter Tracking

The newsletters of revenue cloud solutions GmbH contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails that are sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns.

Based on the embedded tracking pixel, revenue cloud solutions GmbH can see if and when an email was opened by a data subject and which links in the email were accessed by the data subject.

Such personal data collected via the tracking pixels contained in the newsletters is stored and evaluated by the controller in order to optimize the newsletter dispatch and to better adapt the content of future newsletters to the interests of the data subject. These personal data will not be disclosed to third parties.

Data subjects are entitled at any time to revoke the separate consent given via the double opt-in procedure. After a revocation, these personal data will be deleted by the controller. Unsubscribing from the newsletter is automatically interpreted by revenue cloud solutions GmbH as a revocation.

8. Contact Option via the Website

The website of revenue cloud solutions GmbH contains information that enables a quick electronic contact to our company and direct communication with us, as required by law. This also includes a general address for electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data voluntarily transmitted by the data subject will be automatically stored.

Such personal data transmitted voluntarily by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

9. Comment Function in the Blog on the Website

Revenue cloud solutions GmbH offers users the opportunity to leave individual comments on specific blog posts on the blog hosted on the controller’s website. A blog is a web-based, usually publicly accessible portal in which one or more people—called bloggers or web bloggers—can post articles or express thoughts in so-called blog posts. Blog posts can usually be commented on by third parties.

If a data subject leaves a comment on the blog published on this website, the comments left by the data subject, the time of comment entry, and the chosen user name (pseudonym) are stored and published. In addition, the IP address assigned by the Internet Service Provider (ISP) to the data subject is logged.

This IP address is stored for security reasons and in case the data subject violates the rights of third parties or posts unlawful content through a comment. Therefore, the storage of this personal data is in the legitimate interest of the controller so that the controller can exonerate themselves if necessary in the event of a legal violation. There is no transfer of this collected personal data to third parties unless such a transfer is required by law or is necessary for legal defense by the controller.

10. Routine Erasure and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or as provided by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

12. Data Protection Provisions Regarding the Use of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an online meeting place operated on the internet—a virtual community that generally allows users to communicate and interact with each other in a virtual space. A social network may serve as a platform for sharing opinions and experiences or enable the online community to provide personal or business-related information. Facebook allows users of the social network to create private profiles, upload photos, and connect via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller of the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time an individual page of this website operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated is accessed, the internet browser on the data subject’s IT system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be found at:
https://developers.facebook.com/docs/plugins/?locale=de_DE

As part of this technical process, Facebook becomes aware of which specific subpage of our website is being visited by the data subject.

If the data subject is simultaneously logged into Facebook, Facebook detects with each visit to our website—and for the entire duration of the visit—which specific subpage of our website the data subject is visiting. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated on our website, such as the “Like” button, or leaves a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook receives information via the Facebook component whenever a data subject visits our website and is simultaneously logged in to Facebook at the time of accessing our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of this information to Facebook is not desired by the data subject, the data subject can prevent the transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains what settings Facebook offers to protect the privacy of the data subject. In addition, various applications are available that allow the user to suppress data transmission to Facebook. Such applications can be used by the data subject to prevent data transmission to Facebook.

13. Data Protection Provisions Regarding the Use of Google Analytics (with Anonymization Function)

The controller has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and evaluation of data about the behavior of visitors to websites. A web analytics service collects, among other things, data about which website a data subject came from (the so-called referrer), which subpages were accessed, or how often and for how long a subpage was viewed. Web analytics is mainly used to optimize a website and to perform a cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. Through this addition, the IP address of the data subject's internet connection is shortened and anonymized by Google if the access to our website comes from a member state of the European Union or another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data and information collected, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. The purpose of setting the cookie is to enable Google to analyze the use of our website. With each visit to one of the individual pages of this website operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the data subject’s IT system is automatically prompted by the respective Google Analytics component to transmit data to Google for online analysis. As part of this technical process, Google gains knowledge of personal data, such as the data subject’s IP address, which Google uses, among other things, to trace the origin of visitors and clicks, and subsequently to enable commission settlements.

Further information and Google’s applicable privacy policies can be found at
https://www.google.de/intl/de/policies/privacy/
and at
http://www.google.com/analytics/terms/de.html.
Google Analytics is explained in more detail at
https://www.google.com/intl/de_de/analytics/.

14. Data Protection Provisions Regarding the Use of Google AdWords

The controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google's search engine results and within the Google advertising network. Google AdWords enables an advertiser to define specific keywords in advance, by which an ad will only be displayed in Google's search engine results when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on relevant web pages using an automated algorithm that considers the previously defined keywords.

The operating company for the Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying interest-relevant advertising on third-party websites and in the search engine results of the Google search engine, as well as placing third-party advertising on our website.

If a data subject arrives on our website via a Google ad, a so-called conversion cookie is placed by Google on the data subject’s IT system. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. As long as the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, for example, a shopping cart page in an online store system, were accessed on our website. Through the conversion cookie, both we and Google can track whether a data subject who came to our website via an AdWords ad generated a sale—i.e., whether they completed or abandoned a purchase.

The data and information collected through the use of the conversion cookie are used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords advertisements – in other words, to determine the success or failure of the respective AdWords advertisement and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the data subject.

The conversion cookie stores personal information, such as the web pages visited by the data subject. Each time our web pages are visited, personal data, including the IP address of the internet connection used by the data subject, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States. Google may disclose this personal data collected via the technical process to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by adjusting the settings of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from placing a conversion cookie on the data subject’s IT system. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from each internet browser they use and make the desired settings there.

Further information and Google’s applicable privacy policy can be found at:
https://www.google.de/intl/de/policies/privacy/

15. Privacy Policy on the Use of HubSpot

We use HubSpot on this website for our online marketing activities.
HubSpot is a software company from the USA with a branch office in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

HubSpot is an integrated software solution that allows us to cover various aspects of our online marketing. These include, among others:

  • Email marketing (newsletters and automated mailings, e.g., for providing downloads)
  • Social media publishing and reporting
  • Reporting (e.g., traffic sources, accesses, etc.)
  • Contact management (e.g., user segmentation and CRM)
  • Landing pages and contact forms

Our registration service enables visitors to our website to learn more about our company, download content, and provide their contact information and other demographic data. This information, along with the contents of our website, is stored on servers of our software partner HubSpot. It may be used by us to get in contact with visitors to our website and to determine which services of our company are of interest to them. All information collected by us is subject to this privacy policy. We use all collected information exclusively to optimize our marketing efforts.

The legal basis for the use of HubSpot's services is Art. 6(1)(f) GDPR – legitimate interest. Our legitimate interest in using this service lies in optimizing our marketing activities and improving the quality of our services on the website.

HubSpot is certified under the conditions of the “EU-U.S. Privacy Shield Framework” and is subject to TRUSTe’s Privacy Seal and the “U.S.-Swiss Safe Harbor” Framework.

For more information on data protection, please refer to HubSpot’s privacy policy and terms of use at the following links:

16. Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party—such as processing operations required for the delivery of goods or the provision of any other service—then the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as inquiries about our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data, or other vital information had to be disclosed to a doctor, hospital, or third party. In such cases, the processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override that interest. Such processing operations are particularly permissible because they have been specifically recognized by the European legislator. The legislator considered that a legitimate interest could exist if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).

17. Legitimate Interests Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit and well-being of all our employees and shareholders.

18. Duration for Which Personal Data Is Stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of this period, the corresponding data is routinely deleted, provided it is no longer required for the fulfillment of a contract or the initiation of a contract.

19. Legal or Contractual Requirements to Provide Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide Data
We inform you that the provision of personal data may be required by law (e.g., tax regulations) or may also result from contractual arrangements (e.g., information about the contracting party). Sometimes, it may be necessary for the conclusion of a contract that a data subject provides us with personal data which we then need to process.

For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded with the data subject.

Before providing personal data, the data subject must contact our data protection officer. Our data protection officer will clarify on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what consequences the failure to provide the personal data would have.

20. Handling of Applicant Data
We offer you the opportunity to apply to us (e.g., by mail or via an online application form). Below, we inform you about the scope, purpose, and use of the personal data collected from you during the application process. We assure you that the collection, processing, and use of your data will be carried out in accordance with applicable data protection regulations and all other legal provisions, and that your data will be treated with strict confidentiality.

Scope and Purpose of Data Collection
If you submit a job application to us, we process the associated personal data (e.g., contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary for the decision on establishing an employment relationship. The legal basis for this is Section 26 of the new German Federal Data Protection Act (BDSG-neu) (initiation of an employment relationship), and Article 6(1)(b) GDPR (general initiation of a contract).
Your personal data will be shared within our company only with persons involved in processing your application.

If your application is successful, the data you submitted will be stored in our data processing systems based on Section 26 BDSG-neu and Article 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

Retention Period of the Data
If we are unable to offer you a position, you reject a job offer, or you withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Article 6(1)(f) GDPR) for up to 6 months after the conclusion of the application process (rejection or withdrawal of the application).

After this period, the data will be deleted and any physical application documents will be destroyed. The retention serves particularly as evidence in the event of a legal dispute. If it is apparent that the data will be required beyond the six-month period (e.g., due to a pending or threatened legal dispute), deletion will only take place once the purpose for further retention no longer applies.

Longer retention may also take place if you have given your explicit consent (Article 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the Applicant Pool
If we are unable to offer you a position, we may consider including you in our applicant pool. If you are included, all documents and details from your application will be stored in the applicant pool so that we can contact you in case of suitable job openings.
Inclusion in the applicant pool is based solely on your explicit consent (Art. 6(1)(a) GDPR). Giving consent is voluntary and unrelated to the ongoing application process. You may revoke your consent at any time. In such cases, the data will be permanently deleted from the applicant pool unless legal retention requirements apply.
Data stored in the applicant pool will be permanently deleted no later than two years after consent was given.

Existence of Automated Decision-Making
As a responsible company, we do not engage in automated decision-making or profiling.