Data Privacy Statement

This privacy policy is based on the terminology of the GDPR. For your convenience, we would like to explain some crucial terms in this context in more detail:

Personal Data
Personal data is any information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller.

Processing
Processing means any operation or set of operations which is performed upon personal data, whether by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Recipient

A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, for example, a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients.

Third Party

A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

Consent

Consent means any freely given indication of the data subject's wishes in an informed and unambiguous manner for the specific case in the form of a declaration or other unambiguous, affirmative action by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

We may obtain personal information in the following ways:

You can provide information (e.g., contact details) about yourself on our website.

By using our website, data is automatically collected and generated.

To the extent we maintain presences on social and professional networks, we may receive data from you through them (e.g., if you contact us through a social or professional network or respond to any of our content shared there).

In the following, we provide you with an overview of the personal data we process. For this purpose, we explain to what extent, for what purposes, and on what legal basis we process personal data. We also indicate – if available – which third-party providers we use to receive your data. Finally, we inform you whether a third-country transfer occurs in the third-party provider's respective processing.
The provision of your personal data information is always voluntary. However, it may be that the respective functionality only works with providing your information (e.g., contact form).
We will not disclose your personal data to third parties without your consent unless this is permitted by law (e.g., because it is necessary for the performance of the contract).

Insofar as no specific storage period is specified within this data protection notice, the data processed by us will be erased in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other permissions cease to apply (e.g. if the purpose for processing this data has ceased to apply or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data and access to, the input of, disclosure of, assurance of availability of, and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. 

We consider the protection of personal data as early as the development or selection of hardware, software, and processes per the principle of data protection through technology design and data protection-friendly default settings.

During our processing of personal data, the data may be transferred to or disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

-

5.5.1.1 Scope of Processing:

For the provision of our website, we use storage space, computing capacity, and software that we rent from a corresponding server provider (web host). These services also include the sending, receiving, and storage of e-mails. In addition, when you visit our website, data is automatically processed that your browser transmits to our server. This general data and information is stored in the server's log files (in so-called "server log files"). The following data may be collected:

• Browser type and browser version
• Browser type and browser version
• Browser type and browser version
• Browser type and browser version
• Browser type and browser version

5.5.1.2 Purporse of Processing:

In the usage of this data and information, we do not draw any conclusions about your person. The purposes we pursue include in particular:

• Provision of our website
• Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems)
• Provision of contractual services
• Customer service
• Provision of e-mail communication and contact
• Ensuring a smooth connection of the website,
• Clarification of acts of abuse or fraud, 
• problem analysis in the network, and
• Evaluation of system security and stability

5.5.1.3 Legal Basis for Processing

The legal basis for data processing is our legitimate interest within the meaning of Art. 6 (1) f GDPR. We have an overriding legitimate interest in providing a website and being able to offer our services in a technically flawless manner.

5.5.1.4 Storage Period

The log files are stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is necessary for evidentiary purposes will be retained until the matter has been finally clarified.

5.5.1.4 Recipients of Personal Data

We use the server Netifly:

VeraSafe United Kingdom Ltd.

37 Albert Embankment London SE1 7TL

United Kingdom

5.5.2.1 General Information

We use cookies on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our site. Information is stored in the cookie that is related to the specific end device used.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

When you visit our website or a sub-website for the first time, and it contains cookies, you will be shown "data protection settings". Here,  you will be informed about the individual cookies that we use. You can find out about each individual cookie concerning the processing company, the purpose of the data processing, the data collected, the legal basis, and the storage period. In addition, you can allow us to use non-essential cookies and reverse this decision thereon. 

If you have closed the cookie banner, you can open it again by clicking on the icon in the lower left-hand area of the website.

In legal terms, a distinction must be made between essential and non-essential cookies.

5.5.2.2 Essential Cookies

We use essential cookies. These are cookies that are technically necessary to provide all the functions of our website. The legal basis for data processing is in accordance with Art. 6 (1) f GDPR. We have an overriding legitimate interest in being able to offer our service in a technically flawless manner. The legal basis for using cookies vis-à-vis our contractual partners who use services contractually owed by us via our website is Art. 6 (1) b GDPR, the provision of our contractual services.

5.5.2.3 Non-essential Cookies

We also use non-essential cookies (e.g., analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behaviour on our website and to improve our services. The legal basis for the data processing is your consent, according to Art. 6 (1) a GDPR. The cookies are only set after you have consented via our cookie banner.

5.5.2.4 Storage Period

Concerning the storage period, a distinction is made between the following types of cookies:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g., browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Likewise, user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information on the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

5.5.3.1 Scope of Processing

In order to be able to present you with information regarding cookies in the form of the "privacy settings", we use a cookie banner on our website. With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. Amongst others, the following can be processed:

• Usage data (e.g., websites visited, time of access).
• Meta and communication data (e.g. IP address)

5.5.3.2 Purpose of Processing

We process your personal data for the following purposes:

• Informing the user about the cookies we use
• Enabling you to consent to cookies that are not technically necessary

5.5.3.3 Legal Basis for Processing

The legal basis for the use of the cookie banner is Art. 6 (1) f GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to comply with our duty to provide information regarding cookies.

5.5.3.4 Storage Period

The cookie banner stores preferences until you reset or adjust them.

5.5.3.5 Recipients of Personal Data

On our website, we use the cookie banner of the provider Cookiebot. The provider is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: Cookiebot). Further information on data processing by Cookiebot can be found here: Cookiebot | Privacy Policy 

5.5.4.1 General information

You have the possibility to contact us by e-mail, telephone, chatbot, or other communication channels.

In the course of contacting you and responding to your inquiry, we process the following personal data, among others:

• Name
• Email
• Telephone number
• Date and time of the inquiry
•  Name of your company
• IP address
• Other personal data that you provide to us in the course of contacting us

5.5.4.2 Purpose of Processing

We process your data to respond to your inquiry and other matters arising from it.

5.5.4.3 Legal Basis for Processing

If your inquiry is based in connection with pre-contractual measures or with an existing contract with us, the legal basis is the performance of the contract and the implementation of pre-contractual measures according to Art. 6 (1) b GDPR.

If your request is independent of contractual or pre-contractual measures, the legal basis for responding to your request pursuant to Art. 6 (1) f GDPR is our overriding legitimate interest in answering your request and responding to the contact you initiated.

5.5.4.4 Storage Period

We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected, and there are no statutory retention obligations to the contrary. In the context of contact inquiries that have not led to a contractual relationship, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed.

5.5.4.5 Recipients of Personal Data

We use Netlify to provide our contact form. The provider is Netlify Inc. Within the scope of processing via Netlify, data may be transmitted to the USA (Netlify Inc.). The security of the transmission is secured by standard contractual clauses. Further information on data protection can be found at: Privacy Policy (netlify.com)

We use HubSpot to manage your data, e-mail communication, and address management. The provider is HubSpot Inc. Within the scope of processing via HubSpot, data may be transmitted to the USA (HubSpot Inc.). The security of the transmission is secured by standard contractual clauses. For more information on data protection, see: HubSpot Privacy Policy

We also use Gmail to send emails. Within the scope of processing via Google, data may be transmitted to the USA (Google Inc.). The security of the transmission is secured by standard contractual clauses. Further information on data protection can be found at: Privacy Policy - Privacy Policy & Terms of Use - Google

For contacting us via our chat, we use the solution from Intercom. You can find more information under point 5.5.9.2 in this statement.

5.5.5.1 Scope of Processing

If you would like to receive information about our new products and services, we may inform you via newsletters, provided that you consent to receive newsletters.

You can withdraw your consent to receive our newsletters at any time by clicking on the unsubscribe link in the emails. Your personal data will then be removed from the distribution list.

Our newsletters contain so-called tracking links that enable us to analyse the behaviour of newsletter recipients. For example, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. This enables us to statistically evaluate the success or failure of online marketing campaigns. The personal data collected through the tracking links are stored and analysed by us to optimise the newsletter distribution and to better adapt the content of future newsletters to your interests.

Within the scope of the newsletter distribution, we process the following personal data, among others:

• E-mail address
• First and last name
• Organisation
• Preferred language
• Metadata (e.g., device information, IP address, date and time of subscription)
• Interaction with the newsletter

5.5.5.2 Purpose of Processing

We process your personal data for the following purposes:

• Newsletter distribution: implementation of marketing measures
• Newsletter tracking: measuring success

5.5.5.3 Legal Basis of Processing

The legal basis for sending our newsletter is your consent in accordance with Art. 6 (1) a GDPR. You can revoke your consent at any time with effect for the future. The legal basis for newsletter tracking is, in accordance with Art. 6 (1) f GDPR, our legitimate interest in knowing whether our newsletter meets your interests and expectations.

5.5.5.4 Recipients of Personal Data

We use Mailchimp for the purpose of sending newsletters and newsletter tracking. Mailchimp is a company from the USA. Our contractual partner is The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Within the scope of processing via Mailchimp, data may be transmitted to the USA (The Rocket Science Group, LLC). The security of transmission is secured via standard contractual clauses. You can find more information here: Global Privacy Statement | Intuit

5.5.6.1 General Information

You can request various marketing documents, such as a case study or a product demonstration, on our website.

In the course of your request, we process the following personal data, among others:

• Name
• e-mail address
• Your telephone number
• Date and time of the request
• Name of the company
•  Other personal data you provide to us in the course of contacting us

5.5.6.2 Purpose of Processing

We process your data to provide you with marketing materials and to conduct demonstrations of our product.

5.5.6.3 Legal Basis of Processing

If your request is based in connection with pre-contractual measures or with an existing contract with us, the legal basis is the performance of the contract and the implementation of pre-contractual measures according to Art. 6 (1) b GDPR.

The legal basis for sending marketing documents is your given consent, according to Art. 6 (1) a GDPR. You can revoke your consent at any time with effect for the future.

5.5.6.4 Storage Period

We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected, and there are no statutory retention obligations to the contrary. In the context of contact inquiries that have not led to a contractual relationship, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed.

5.5.6.5 Recipients of Personal Data

We use Netlify to provide our contact form. The provider is Netlify Inc. Within the scope of processing via Netlify, data may be transmitted to the USA (Netlify Inc.). The security of the transmission is secured by standard contractual clauses. Further information on data protection can be found at: Privacy Policy (netlify.com)

We use HubSpot to manage your data, e-mail communication, and address management. The provider is HubSpot Inc. Within the scope of processing via HubSpot, data may be transmitted to the USA (HubSpot Inc.). The security of the transmission is secured by standard contractual clauses. For more information on data protection, see: HubSpot Privacy Policy

We also use Gmail to send emails. Within the scope of processing via Google, data may be transmitted to the USA (Google Inc.). The security of the transmission is secured by standard contractual clauses. Further information on data protection can be found at: Privacy Policy - Privacy Policy & Terms of Use - Google

5.5.7.1 General Information

We also offer you the opportunity to apply for job vacancies and send us your application online.

As part of the application process, we process the following personal data:

• Master data (e.g., first and last name, address). 
• Contact data (e.g., e-mail address, telephone number) 
• Application data (e.g., cover letter, curriculum vitae, certificates, and other supporting documents).

5.5.7.2 Purpose of Processing

The purpose of the processing is to carry out the application procedure.

5.5.7.3 Legal Basis of Processing

The legal basis for the processing of personal data is the performance of the contract and the implementation of pre-contractual measures according to Art. 6 para. 1 lit. b, Art. 88 (1) GDPR in conjunction with Section 26 para. 1 Federal Data Protection Act (BDSG).

If we obtain your consent (e.g., for inclusion in our applicant pool), this constitutes the legal basis for data processing in accordance with Art. 6 (1) a GDPR.

5.5.7.4 Storage Period

If an employment relationship is established after the completion of the application process, the personal data provided may be processed further. Otherwise, we generally retain the data for six months after the end of the application process. We then delete all personal data. Longer storage is possible if we include the personal data in our applicant pool after obtaining your consent.

5.5.7.5 Recipients of personal data

We use Personio as our personnel management tool. The contractual partner is Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 Munich, Germany. Further information on data protection can be found here: Personio | Privacy Policy

5.5.8.1 General Information

We maintain presences in social networks to communicate with you and to be able to inform you about our services.

If you visit one of our pages maintained there, we may be responsible with the provider of the respective platform within the meaning of Article 26 of the GDPR with regard to the processing operations triggered thereby, which concern personal data.

According to our knowledge, the following data, among others, are processed within the scope of the processing operations:

• Inventory data (e.g., first and last name, address, age, gender).
• Content data (e.g., texts, photographs, videos)
• Usage data (e.g., visits to websites, interests)
• Metadata (e.g., device information, IP address).

This usage data is often processed in social and professional networks for advertising purposes or to analyse user behaviour by the providers without us being able to influence this. In addition, the providers often create usage profiles based on which user-based advertising can subsequently be placed inside and outside the network. Cookies are often used for this purpose, or the usage behaviour is directly assigned to your own member profile of the network (if you are logged in here). In addition, we use the user data to communicate with you via the respective network and to provide you with information. If you interact with our company profile in the respective network (e.g., visit our company profile, comment, or "like" something), there is a possibility that your user profile, including the personal data, will be made public.

Information on processing your data in social and professional networks and the possibility of using your right of objection or revocation (opt-out) are listed below. 

5.5.8.2 Purpose of Processing

We process your personal data for the following purposes:

Public relations and marketing purposes, i.e., we inform you about our services and offers, among other things, and communicate with you.

5.5.8.3 Legal Basis of Processing

The legal basis for our public relations work, and the marketing purposes pursued with it is your consent in accordance with Art. 6 (1) a GDPR.

5.5.8.4 Storage Period

In principle, your data will be stored by the respective provider of the network and not directly by us. We store your activities and personal data published on our website until the purpose of the processing no longer applies, or your consent has been revoked, provided that there are no storage obligations to the contrary.

5.5.8.5 Recipients of Personal Data

We maintain presences in the following social and professional networks.

5.5.9.1 General Information

Within our online offer, we use content or service offers of third parties based on your consent within the meaning of Art. 6 (1) a. GDPR content or service offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").

This always requires that the third-party providers of this content are aware of the user's IP address, as without the IP address, they would not be able to send the content to their browser. The IP address is, therefore, necessary to display this content. We endeavour only to use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit, and other information on the usage of our online offer, as well as being linked to such information from other sources.

5.5.9.2 Intercom

We use Intercom, a messenger and communication platform, on our website. The provider is Intercom Inc, 55 2nd Street, 4th Floor, San Francisco, California 94105, USA (hereinafter: Intercom). With Intercom, users can send messages via live chat, email, SMS, or even push messages. For this to be possible, contact information about users must be synchronised with Intercom via an interface. We use Intercom on the basis of legitimate interests (Art. 6 (1) f GDPR). Our legitimate interest is to optimally tailor our website to the interests of our clients. Further information on data processing by Intercom can be found here: Intercom | Privacy Policy  

In this section, we inform you about your rights with regard to the processing of your data. The exact scope of the right mentioned in each case can be found in the corresponding article of the GDPR. If you wish to exercise any of your rights, please contact us via email (dsb@secjur.com).

You have the right to request confirmation from us as to whether personal data concerning you is being processed by us.

You have the right to access the personal data we have stored about you free of charge at any time and to receive a copy of this data in accordance with the statutory provisions.

You have the right to request that inaccurate personal data concerning you be rectified. Furthermore, taking into account the processing's purposes, you have the right to request the completion of incomplete personal data.

You have the right to demand that personal data concerning you be erased immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not required.

You have the right to demand that we restrict processing if one of the legal requirements is met.

You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on consent according to Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract according to Art. 6 (1) b GDPR and the processing is carried out with the aid of automated procedures unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

In addition, when exercising your right to data portability according to Art. 20 (1) GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out based on data processing in the public interest according to Article 6 (1) e GDPR or based on our legitimate interest according to Article 6 (1) f GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing serves the assertion, exercise, or defense of legal claims.

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

This privacy notice is currently valid and has the following status: July 2023.

If we further develop our website and our offers or if legal or regulatory requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.