Data Protection Policy

Thank-you for visiting one of the websites of the Haufe Group. The protection of your personal data is very important to us. We would like to inform you in this privacy policy about the handling of your personal data and about your rights when visiting our websites.

I. Who are we and how can you get in touch with us?

We, the

Haufe Service Center GmbH
A company of the Haufe Group
Munzinger Strasse 9
79111 Freiburg, Germany
E-Mail: service@haufe.de

is the body responsible for the protection of your data. Our data protection officer Raik Mickler will be happy to assist you. Should you have questions about data handling, your rights or about the privacy policy. You can contact him at dsb@haufe-lexware.com.

II. What data is processed when visiting our websites?

We wish to inform you here about the data collected during your visit to our websites, for which purposes they are processed, on what legal basis the handling of your data takes place, what options you yourself have in controlling the collection and handling of the data and when data will be deleted.

 

A. Log-Files

Data collected

Upon visiting our websites, the following data is automatically transmitted by your browser:

  • your IP address
  • the website from which you are forwarded
  • websites, which you visit via our pages
  • the pages you look at as well as
  • what time you look at them
  • the name of your internet service provider
  • your browser type and its version
  • the operating system of your device
  • the date and duration of your visit.

Purposes of data processing:

The temporary storage of this data is necessary to enable delivery of the website to your computer and to ensure the functionality of the website. With the help of this data, we also gain statistical knowledge about how our websites are used. In addition, we collect the data in order to be able to track and prevent prohibited access to the web server, the misuse of the web pages and for ensuring the security of our information technology systems.

Legal basis:

We store this data temporarily on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

Duration of storage and control options:

Data is deleted if it is no longer required for fulfilling its purpose. Log files are deleted at the latest after 90 days.

 

B. General information about cookies and targeting technologies

Data collected:

When visiting our websites, so-called cookies are set. These are small text files, which are stored on your device. As a rule, cookies are assembled using a sequence of characters, the so-called cookie ID, with which your browser can be identified when calling up our websites again.

In addition, we use small elements of code, so-called tags, which we use to measure the behavior of our users and the success of advertising activities.

Depending on the type of cookies or tags various data is collected and then pseudonymized.

We use both our own cookies as well as cookies from other providers (third-party cookies). These third-party cookies are described below in section II C.

Purposes of data processing:

Technically necessary cookies enable the technical functionality of the website. Some features of our websites cannot be made available without the use of cookies.

Functionality cookies are designed to make our websites more user-friendly and to provide certain functionalities, such as cross-site shopping cart viewing, displaying the number of items in your shopping cart and how to save your credentials, so you can re-access them when returning to one of our websites.

Analysis cookies and tags enable us to generate aggregated statistics, such as the number of views, which areas of the web pages are most frequently viewed as well as location and the average duration of site visits. This allows us to improve the quality of our websites and content.

Advertising cookies and re-targeting technologies enable us to individually adapt the offers and the information we display. This will allow us to make our websites more interesting and to engage you on other websites with personalized, interest-based advertising.

Legal basis:

We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest lies in ensuring the functioning of our websites and their optimal usability.

We use analysis cookies and advertising cookies as well as tags and re targeting technologies based on legitimate interests (Article 6, paragraph 1 f GDPR, recital 47). Our legitimate interest lies in optimally tailoring our websites to the interests of our customers.

Duration of storage and control options:

Some of the cookies we use are automatically deleted after closing the browser (so-called session cookies). Others remain permanently on your device and allow us to recognize your browser (so-called persistent cookies).

You have full control over the use of cookies and can delete cookies in your browser, disable the storage of cookies altogether or select to accept certain cookies. Please use the help function of your browser to find out how to change these settings. This may limit the functionality of our websites.

 

C. Third-party cookie and tracking technologies

Adform:

Data collected:

Effective 23.11.2018, we will be using solutions and technologies of Adform Germany GmbH, Großer Burstah 50-52, 20457 Hamburg, for a period of one week.
Adform deploys cookies to create cross-page user profiles for evaluating the success and modulation of advertising campaigns. Cookie IDs and Order IDs are processed. The Order ID can be associated by us with a specific order.

Purposes of data processing:

The service collects information on user behaviour for evaluating the success and control of advertising campaigns as well as the control of personalised advertising.

Legal basis:

We store this data temporarily on the basis of legitimate interests (Art. 6 para. 1 f GDPR). Our legitimate interest is to achieve the purposes described above.

Duration of storage and control options:

The data is stored by Adform for up to 13 months. If you do not wish to participate in conversion tracking, the Adform cookie may be deactivated via your browser at https://site.adform.com/privacy-policy/

Transfer to Third countries:

Data may be transferred to the USA, Singapore, Belarus and Norway.

Econda/Econda ARP:

Data collected:

We use solutions and technologies of econda GmbH, Eisenlohrstraße 43, 76135 Karlsruhe, Germany („Econda“). Econda uses cookies to create cross-site pseudonymized user profiles. Data is collected, which allows the recognition of your browser. Your IP address is blurred immediately upon receipt to prevent any direct association with user profiles.
Econda ARP (NBO) is used for the personalized product recommendation. The recording and playback takes place anonymously without personal reference.

Purposes of data processing:

We use Econda for the appropriate design and optimization of our websites.

Legal basis:

We use Econda if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Econda stores this data and it is deleted on a regular basis.

You can prevent the collection and handling of data by Econda by setting it accordingly in your browser or via this .

Plista:

Data collected:

We use the services of plista GmbH, Torstraße 33-35, 10119 Berlin through the agency Burda Media on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and economic operation of our online offering in the sense of Art. 6 Para. 1 lit. f. of the GDPR).
Plista is a tool that is employed in the provision of recommendation technology. Plista compares the interests of visitors to the website with each other and recommends favourites to other visitors with similar interests. Recommendations are generally made anonymously – this means that evaluations and click data are employed in an algorithm, while third parties are not able to either view or read out the information base. To enable plista to deliver to website visitors recommendations that fall within their respective areas of interest, plista merges the evaluation and click data into a user profile, which it then subjects to analysis. Plista requires anonymous data in order to provide this service. Anonymous data provides information on web pages retrieved, clicks made by a visitor to a website, and his reading habits; it is not personally identifiable.

Purposes of data processing:

Plista anonymously collects information for controlling advertising campaigns and measuring their success.

Legal basis:

Processing is on the basis of a legitimate interest.

Storage period:

Data is stored for no longer than 12 months. Means of prohibiting processing (opting out):
https://www.plista.com/de/about/opt-out/

Transfer to third countries:

None, however it may be possible through subcontractors of Plista.

Facebook:

Facebook-Pixel and Facebook Custom Audience (Remarketing)

Data collected:

On our website we deploy the so-called „Facebook pixel“ of the company „Facebook“ (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). The Facebook pixel enables us to classify the visitors to our website into specific target groups in order to be able to display corresponding advertisements („ads“) on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked, pixel IDs if applicable and other features) cannot be viewed by us, but can only be used within the scope of the display of certain advertisements. Within the scope of using the Facebook pixel code, so-called cookies are also used.

If you have a Facebook account and are signed in, your visit to this website will be associated with your Facebook user account.

We also partly utilise the remarketing function „Custom Audiences“ of the company „Facebook“. This enables users of the Site to display interest-based ads („Facebook Ads“) when visiting Facebook or other websites that also use this method. In this respect, we pursue your interest in displaying advertisements that correspond to your interests in order to make our website more appealing to you.

In order to exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no control over the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our website or clicked on an advertisement from us. If you are registered with a „Facebook“ service, „Facebook“ may assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to trace and store your IP address and other identification features.

Insofar as you have consented to this, we may forward your telephone number or e-mail address to „Facebook“ in order to be able to display advertisements corresponding to your interests.

  • To find out how Facebook pixel is deployed for advertising campaigns, please visit https://www.facebook.com/business/learn/facebook-ads-pixel.
  • For more information about Facebook’s privacy policy, please visit https://www.facebook.com/policy.php.
  • For more information about Facebook’s data processing practices, please visit https://www.facebook.com/about/privacy.

Purposes of data processing:

We employ these functions in order to be able to provide you with advertising offers corresponding to your interests.

Legal basis:

We process your data on the basis that you have consented to this or that we have a legitimate interest in processing the data pursuant to Art. 6 para. 1, sentence 1 (a) and (f) GDPR.

Storage duration and control options:

We store your data as long as we require it for the respective purpose (display of interest-based advertising) or provided you have not objected to the storage of your data or revoked your consent.

  • The deactivation of the function „Facebook Custom Audiences“ is possible [here link to opt-out] for logged in users at https://www.facebook.com/settings/?tab=ads#_.
  • You can adjust your ad settings in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged in to Facebook.

Google:

Data collected:

Google Analytics: Our websites use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). Google Analytics uses cookies on your device that allow us to evaluate your use of our websites. Google collects, for example, data to uniquely identify your browser, information about when and how often you visited our websites, how long you have been on our websites, and how you interacted with our websites (more information can be found here [https://policies.google.com/technologies/types?hl=en]).

We have augmented Google Analytics with the code „get._anonymizeIP();“. This results in Google shortening your IP address and enabling anonymous evaluation. The shortening of IP addresses takes place within the EU or the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US to be shortened there. The IP address sent to Google Analytics will not be merged with other Google data. The data determined with the help of cookies is usually transmitted to and stored on a Google server in the USA. Compliance with data protection standards and your rights is ensured through certification by Google under the EU-US Privacy Shield. Google only transmits data to third parties as long as consent has been given, it is required for legal reasons or third parties process this data on behalf of Google.

Google Remarketing and Double Click: We use Google Remarketing and Google Double Click. This technology uses cookies to evaluate how you use our website and to allow your browser to be recognized when you visit websites belonging to the Google advertising network. In addition to the Google Analytics cookies, the Google Analytics tracking code uses so-called DoubleClick cookies for this purpose. These collect data as to which third party websites on the Google display network you visited and which ads you clicked on. In addition, data from first-party cookies (e.g. Google Analytics cookies) and third-party cookies (e.g. Google cookie for display preferences) are linked. This allows us to evaluate the display of advertisements and your interaction with these ads.

Google AdWords Conversion Tracking: We use Google AdWords conversion tracking. With the aid of this technology, cookies are set when you interact with one of our ads, e.g. by clicking on it. Cookies help analyze what happens after you interact with an ad, such as whether you’ve purchased our product, viewed it from a mobile phone, downloaded our app, or signed up for a newsletter.

Google Tag Manager: The Google Tag Manager helps us set and manage tags. Your data is not collected and stored by this service.

Google reCAPTCHA: We use Google’s reCAPTCHA service on some forms. With this, Google collects certain data to determine whether a person or machine is accessing our web pages, e.g. your IP address, your screen and window resolution, the language set in your browser, the time zone you are in, the user agent of the browser and installed browser plug-ins. We have augmented Google Analytics with the code „get._anonymizeIP();“. This will cause Google to shorten your IP address. For more information on the shortening of your IP address, see the above explanation on Google Analytics.

Google Signals: In parts we also use the function Signals of Google Inc.’s. Google Signals recognizes single users across different devices (so called Cross Device Tracking). As a result we receive anonymized data in report form. The reports show patterns in user behavior.

The function is only activated, if you

  1. have a Google account,
  2. are logged in to this Google account while using the according Haufe Group websites,
  3. and have activated the option ‘Ads personalization’ in your Google account’s Ads Settings.

In case you do not want us to use Google Signals with your data you need to deactivate ‘Ads personalization’ in your Google Account.

Purposes of data processing:

Google Analytics: Google uses on our behalf the data collected through Google Analytics to evaluate the use of our websites, to compile reports on website activity and to provide other services related to website activity and internet usage.

Google Remarketing and Double Click: We use this technology to show you interest-based ads on other Google network sites. The advertisements refer to content that you have previously viewed on our websites.

Google AdWords Conversion Tracking: We use this technology to improve our offer.

Google Tag Manager: We use this service to create, display and manage tags on our website.

Google reCAPTCHA: We use this service to protect our technical systems by distinguishing whether an entry in one of our web forms is made by a human being or improperly via automation/by a machine.

Google Signals: We are using the technology to recognize users across different devices. Thus we are able to present you interest based advertisements.

YouTube: We use YouTube to embed product videos on our websites.

Legal basis:

We use the described Google products if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

We use Google reCAPTCHA on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest is to prevent the misuse of our forms and to protect our technical systems.

Duration of storage and control options:

The data collected via the Google features is stored and then deleted on a regular basis.

You can prevent the storage of cookies via an appropriate setting in your browser.

You can also prevent Google from collecting and processing data by downloading and installing the browser add-on, which is available via the following link [https://tools.google.com/dlpage/gaoptout?hl=en].

Google Dynamic Remarketing and Double Click as well as Google AdWords Conversion Tracking:

This may limit the functionality of our websites.

For more information, see the Google Privacy Policy. https://policies.google.com/privacy?hl=en&gl=de].

INFOnline:

Data collected:

Our website uses the measuring method („SZMnG“) from INFOnline GmbH (https://www.INFOnline.de) to determine statistical indicators on the use of our offers. The aim of this measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior – based on a uniform standard procedure – and thus to obtain comparable values ​​across the market. For all digital offers, which are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – http://www.ivw.eu) or participate in the studies of the Arbeitsgemeinschaft Online-Forschung e.V. (AGOF – http://www.agof.de), user statistics on range of coverage are regularly processed by the GOF and the Arbeitsgemeinschaft Media-Analyse e.V. (agma – http://www.agma-mmc.de) and published as a number of „Unique Users“ and by the IVW with the number of “Page Impressions” and “Visits”. These ranges and statistics can be viewed on the respective websites.

1. Legal basis for processing
Measurement by means of the SZMnG measuring method from INFOnline GmbH is carried out with legitimate interest in accordance with article 6, paragraph 1, recital f) GDPR. The purpose of the processing of personal data is the production of statistics and the creation of user categories. The statistics are used to understand and prove the use of our offer. The user categories form the basis for an interest-oriented alignment of advertising material and advertising measures. A usage measurement, which ensures comparability with other market participants, is essential for the marketing of this website. Our legitimate interest stems from the economic usability of the findings resulting from the statistics and user categories as well as the market value of our website – also in direct comparison with website of other parties – which can be determined from the statistics. In addition, we have a legitimate interest in making the anonymized data of INFOnline, AGOF and IVW available for the purposes of market research (AGOF, agma) and for statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in providing the anonymized data of INFOnline for the further development and provision of advertising material in accordance with visitor’s interests.

2. Type of data
INFOnline GmbH collects the following data, which, according to EU-GDPR, contains the following personal details:

  • IP address: Each device for transmitting data on the internet requires a unique address, the so-called IP address. The temporary storage of the IP address is technically necessary due to way in which the internet works. The IP addresses are shortened by 1 byte before any processing and are only used anonymously. There is no storage or further processing of the non-shortened IP addresses.
  • A randomly generated client identifier: range of coverage processing alternatively uses either a cookie with the identifier „ioam.com“, a „Local Storage Object“ or a signature created from various automatically transmitted information from your browser to recognize computer systems. This identifier is unique to a browser as long as the cookie or Local Storage Object is not deleted. A measurement of the data and subsequent assignment to the respective Client Identifier is therefore also possible if you access further websites, which also use the measuring method („SZMnG“) from INFOnline GmbH. The validity of the cookie is limited to a maximum of 1 year.

3. Use of data

 

The measurement procedure of INFOnline GmbH, which is used on this website, determines usage data. This is done to collect the performance values ​​of page impressions, visits and clients and to determine further key indicators (e.g. qualified clients). In addition, the measured data is used as follows:
· A so-called geo-localization, i.e. the assignment of a website visit to the location of that visit, takes place exclusively on the basis of the anonymized IP address and only on federal state / regional level. There is no possibility to draw conclusions as to the precise location of the user based upon the data provided.
· The usage data of a technical client (e.g. a browser on a device) is merged across web pages and stored in a database.
This information is used to estimate social- demographic data (age and gender) and passed on to the service providers of AGOF for further range processing. As part of the AGOF study, social characteristics are estimated on the basis of a random sample and divided into the following categories: age, gender, nationality, occupation, marital status, size of household, household income, place of residence, internet usage, online interests, location of use, user type.

4. Duration of data storage

INFOnline GmbH does not store the complete IP address. The shortened IP address is stored for a maximum of 60 days. The usage data in connection with the unique identifier are stored for a maximum of 6 months.

5. Forwarding of data

The IP address as well as the shortened IP address are not forwarded to any other party. For the creation of the AGOF study, data with client identifiers is forwarded to the following service providers of the AGOF:
· Kantar Deutschland GmbH (https://www.tns-infratest.com/)
· Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
· Interrogare GmbH (https://www.interrogare.de/)

LinkedIn Insights Tag:

Data collected:

On this website we use the LinkedIn Insight Tag. The LinkedIn Insight Tag creates a LinkedIn „Browser Cookie“, which collects the following data:
· IP address,
· time stamp,
· page Activities,
· demographic data from LinkedIn, if the user is an active LinkedIn user.

Purposes of data processing:

We process your data to rate campaigns and gather information about website visitors who may have reached us through our LinkedIn campaigns.

Legal basis:

We process your data because you have consented to this or because we have a legitimate interest in processing the data, Art. 6 para. 1 sentence 1 lit. a. and f EU-GDPR.

Storage duration and control options:

We save your data as long as we need them for the respective purpose (campaign evaluation), as long as you have not objected to the storage of your data or have revoked your consent.
The collected data is encrypted. More information can be found here. Here you will find the LinkedIn privacy policy, as well the LinkedIn Opt-Out.

Microsoft:

Data collected:

Bing Universal Event Tracking: We use Bing Universal Event Tracking („UET“), a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA („Microsoft“). Should you access our web pages through advertisements on Bing ads then a cookie is placed on your computer. In addition, a UET tag is integrated on our websites. This is a code used to store pseudonymized data about the use of the website in connection with the cookie. In combination with the pseudonymized data through the cookie, the tag tracks what actions you carry out on our websites after having clicked on a Bing ad. The items recorded are, amongst others, the amount of time that has been spent on the website, which areas of the website were accessed and via which advertisement you arrived at the website. In addition, Microsoft can track your usage behavior across multiple electronic devices through cross-device tracking. The information collected is transmitted to a Microsoft server in the United States. Microsoft is certified under the EU-US Privacy Shield.

Bing Webmaster Tools: The Bing Webmaster Tools from Microsoft store cookies and so-called beacons on your computer. Beacons or pixels are small invisible graphics that can be used to detect if a webpage has been accessed.

Purposes of data processing:

Bing Universal Event Tracking: UET allows us to track your activity on our websites when you visit them via advertisements from Bing Ads and enable us to improve our offer. Cross-device tracking allows Microsoft to show personalized ads.

Bing Webmaster Tools: Microsoft can provide its Bing services and optimize search results with the help of this tool.

Legal basis:

We use the described Google products if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Data is stored by Microsoft for a maximum of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. As a result, the functionality of the web pages may be restricted. You can disable cross-device tracking at the following link [https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB].

For more information on Bing analytics services, visit the Bing Ads website [https://help.bingads.microsoft.com/#apex/3/en/53056/2 ]. For more information about privacy at Microsoft and Bing, see the Microsoft Privacy Policy [ https://privacy.microsoft.com/en-us/privacystatement].

Oracle:

Data collected:

Eloqua: We use the service Eloqua from the supplier ORACLE Germany BV & Co. KG, Riesstrasse 25, 80992 Munich, Germany. Eloqua sets a permanent cookie on your browser on the respective registration website.

AddThis: We use the AddThis Plugin of Oracle America, Inc. („Oracle“), 500 Oracle Parkway, Redwood Shores, CA 94065, USA. („AddThis“). When you launch a website using the AddThis plug-in, a cookie is set that pseudonymized data such as your IP address, surfing behavior, how often you use AddThis, and sends your location to Oracle in the United States. Oracle is certified under the EU-US Privacy Shield.

Purposes of data processing:

Eloqua: We use Eloqua to analyze the use of our web pages, so that we are able to continuously improve them.

AddThis: The plugin allows you to use and share interesting content from our websites.

Legal basis:

Eloqua: We use Eloqua if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

AddThis: We use AddThis if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Eloqua: Eloqua stores this data and it is deleted on a regular basis. You can prevent the collection and processing of data by Eloqua via an appropriate setting in your browser or via this link [https://www.oracle.com/de/legal/privacy/privacy-choices.html].

For more information, see the Oracle Privacy Notice [https://www.oracle.com/de/legal/privacy/privacy-policy.html].

AddThis: AddThis stores your data and deletes it on a regular basis. You can prevent the collection and processing of data by AddThis via an appropriate setting in your browser or via this link [http://www.addthis.com/privacy/opt-out].

For more information, see the AddThis Privacy Notice [http://www.addthis.com/privacy].

Social Plugins:

Data collected:

We use social plugins from the following social networks:

  • Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA („Facebook“).
  • Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (Twitter).

When you visit a web page that contains such a plugin, your browser establishes a direct connection to the servers of the respective social network. This integration supplies the social network with data on which website you have visited, even if you do not own a user profile or aren’t currently logged in. If you are logged in, Facebook can assign the visit to your Facebook account. If you interact with the plugins, the corresponding information is transmitted to the social network and stored there. Your IP address is saved in shortened form. The data is transmitted from your browser directly to a server of the social network in the USA and stored there.

Purposes of data processing:

The social plugins allow you to share content of the websites in social networks.

Legal basis:

We use social plugins if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

You can prevent the collection and processing of data by the social networks via an appropriate setting in your browser.

If you do not wish for the social networks to directly match the data collected through our websites to your user profile, you must log out before visiting our websites. Further information can be found in the Privacy Policy of Facebook [https://www.facebook.com/about/privacy], Twitter [https://twitter.com/en/privacy].

D. Wingify

Data collected:

Our web pages deploy the Visual Website Optimizer, an A/B test tool/web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (hereinafter „Wingify“). Wingify deploys cookies to analyse your use of our Web sites. The information generated by the cookie about your use of this website and your IP address is transferred to a Wingify server in India and stored there. Further information on the cookies used can be found by clicking on this link [https://vwo.com/knowledge/what-are-the-cookies-stored-by-vwo/].

Purpose of Data Processing:

On our instructions, Wingify uses this information to evaluate your use of the website and to optimise our web pages based on this information.

Legal Basis:

We only use Wingify if you have agreed to it. We obtain your consent when you access our web pages using the cookie banner at the bottom of the web pages.

Storage duration and control options:

Wingify stores your data, which will be deleted regularly. You can prevent or delete the storage of cookies by adjusting your browser settings accordingly. You can also object to the collection by Wingify of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data in its entirety via the following link [https://vwo.com/opt-out/].

E. WordPress

Data collected:

With respect to certain websites we use the Open-Source content management system „WordPress“, as well as plugins. Plugins are function-related extensions of the „WordPress“ software. The use of these plugins may result in the processing of personal data, such as the IP address of your connection.

Partially, some third-party cookie and tracking technologies are utilised. Here the above and II B. stated principles shall apply without restrictions.

Purposes of data processing:

We use plugins in particular for the following purposes:

  • For the protection against abusive comments („Spam“)
  • To find faulty links
  • To improve the loading speed of our mobile websites
  • Insofar as plug-ins are used for cookie and tracking technologies from third parties, the statement of purposes given under B. shall apply.

Legal basis:

We deploy WordPress and the plugins used in each case based on legitimate interest. Our legitimate interest is to achieve the purposes stated above.

We use third-party cookie and tracking technologies for plug-ins, provided you have consented to them. You may withdraw your consent at any time in accordance with the procedures described above.

Storage time and control options:

We store your data for as long as we need it for the specific processing purpose.

You can prevent the collection and processing of data by social networks by adjusting your browser settings accordingly.

If you do not want social networks to match the data collected through our websites directly with your user profile, you must log out before visiting our websites.

Transfers to third countries:

We deploy, among others, the service provider Salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) for the administration of your data.

In principle Data is processed in European data centres, data may also be transmitted to third countries such as the USA whilst undertaking maintenance and support measures. In order to ensure that your data is adequately protected in such cases, we have obligated the service provider Salesforce Inc. to adhere to a data protection level that complies with EU law, using the corresponding EU standard contractual clauses for the transfer of personal data to processors established in third countries.

F. 3Q SDN Video Hosting

Data collected:

We have integrated the SaaS 3Q SDN platform on our website to enable video content to be displayed. 3Q SDN is a platform for processing video material with all the attendant services. The operating company of 3Q SDN is 3Q GmbH, Kurfürstendamm 102 10711, Berlin.
3Q places a cookie on your browser. This provides 3Q with insights as to how extensively our video offering is used. The personal data transferred to 3Q generally consists of: IP address – time stamp – URL – user agent plus data necessary for recording statistics. The prevailing data protection provisions of 3Q can be obtained from
https://www.3qsdn.com/de/datenschutz_und_richtlinien.

Purposes of data processing:

The 3Q platform collects data on the use of the audio-visual content offered by the data controller . We use 3Q to supply you with our learning materials and thus to comply with our contractual fulfilment obligations.

Legal basis:

We use 3Q to provide your seminar content by video, as set out in our contract offer. Data is thus processed on the basis of the contract concluded between us, Art. 6 Para. 1 lit. b of the GDPR.

Storage period:

Your data is only stored for as long as is necessary to fulfil the purpose. In addition to this, you can prevent cookies from being placed on your browser by making the appropriate settings in your browser. We would point out to you, however, that this can lead to problems with displaying content and that you may not be able to avail yourself of all the functions available on our website.

III. What data is processed when registering for specific offers?

A. Hogan Assessments

We use the services of this third party in order to provide Hogan Assessments for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your securely encrypted raw data is hosted in the US (AT&T Internet Data Center, 11830 Webb Chapel R, Dallas, TX 75234 United States of America). The hosting company uses the data solely for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data. Hogan Assessment Systems is very careful to ensure that you as a participant have secure and reliable access to the online platform.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in the United States via an SSL-encrypted (128-bit) connection. Your answers to the questions are evaluated by means of defined evaluation algorithms. Your answers to the individual questions cannot be viewed by third parties at any time; your answers serve rather to make statistical statements in comparison to other people. Hogan reports are automatically generated within a few seconds and sent to Haufe Akademie. All test data is stored anonymously and securely in our data center for research purposes and any connection to the test participant cannot be subsequently established.

Hogan Assessment Systems guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. The test result is sent to the customers of the Haufe Akademie via a simple e-mail.

B. Profilingvalues

We use the services of this third party in order to provide profilingvalues for competence profiling. The data entered in the online form is processed securely by the provider and will not be accessible to any third party except the agency responsible for managing the test data. The hosting of your securely encrypted raw data takes place exclusively in Germany (ALL-INKL.COM, Neue Medien Münnich, Hauptstrasse 68, 02742 Friedersdorf, Germany). The hosting company uses the data solely for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data.

profilingvalues is very careful to ensure that you as a participant have secure and reliable access to the online platform.

Each time you access the contents of this website, the following data is stored:

  • name of the requested file
  • date and time of the request
  • transferred amount of data
  • error status
  • IP address of the requesting computer

The stored data is used exclusively for statistical purposes. The data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

Should there be the possibility of entering personal or business data (e-mail addresses, names, postal addresses) on our internet sites, the user discloses this information upon an entirely voluntary basis.

As you fill in the questionnaires, your data is sent via internet to a secure data center in Germany via an SSL-encrypted connection. Your answers to the questions and your ranked answers are evaluated by means of defined evaluation algorithms. Answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. profilingvalues ​​reports are generated automatically within a few seconds, so that the certified and authorized evaluation consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

proflingvalues guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. More information about the data center and the security certificates can be found at http://ssl.comodo.com. The test result is sent to the customers of the Haufe Akademie via e-mail.

C. LSI Analysis

We use the services of this third party in order to provide the LSI analysis for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your secure encrypted raw data is hosted solely in Switzerland. The hosting company uses the data only for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data. Life Performer AG is very careful to ensure that you as a participant have secure and reliable access to the online platform.

Each time you access the contents of this website, the following data is stored:

  • name of the requested file
  • date and time of the request
  • transferred amount of data
  • error status
  • IP address of the requesting computer

The stored data is used exclusively for statistical purposes. The data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in Switzerland via an SSL-encrypted connection. Your answers to the questions are evaluated by means of defined evaluation algorithms. Your answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. LSI analysis reports are generated automatically within a few seconds so that the certified and authorized consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

Life Performer AG guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. The test result is sent to the customers of the Haufe Akademie via e-mail.

D. Meaningful Occupation Assessment (MOA)

We use the services of this third-party provider for the provision of Meaningful Occupation Assessment for competence profiling (logo consult GmbH, Rosenweg 8, A-9232 Rosegg, Austria; Helmut Graf, Vincent Grote).

The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data.

The test data is stored and processed on servers of the company Hosteurope, based in Germany and France. Further details about the certifications (e.g. ISO 27001) and the data center locations can be viewed at

https://www.hosteurope.de/en/Host-Europe/Security/.

The company HGS Information Management GmbH, based in Weiz, Austria, is the immediate partner (provider) for the data test processing of the third-party logo consult GmbH. According to information provided by HGS Informationsmanagement, data is stored on a virtual server (Windows 2008) at Host Europe. Access to this data is restricted to HGS employees. The server is not exclusively available to the third party as an application; it is also operated as a mail server. The database is backed up daily. HGS employees have signed a non-disclosure agreement. Only the employees and Host Europe have access to the server, as well as mail applications via the protocols SMTP, POP3, IMAP, HTTP and their encrypted versions. The web application can only be accessed using the HTTPS encryption protocol. Various forms of access (login, document retrieval, changes) are not logged.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in Germany and France via an SSL-encrypted connection (see above).

Your answers to the questions are evaluated by means of defined evaluation algorithms. Your answers can never be viewed by third parties. The result report is generated automatically within a few seconds. The test data is stored securely in the data center for scientific research and documentation.

logo consult GmbH guarantees that the following personal data is processed in compliance with data protection requirements:

  • name, address: used for clear mapping
  • body size, weight, gender, age: used to calculate the body measurement index

All other personal information is provided on a voluntary basis.

We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. The test result is sent to the customers of the Haufe Akademie via e-mail.

E. e:ffectivity

For the provision of e:ffectivity we use the services of a third party [www.e-ffectivity.biz; Martin Weiss, Johann-Sewerin Str. 3, 33330 Gütersloh, Germany]. Your data is transmitted securely to the provider and cannot be accessed by third parties except the staff involved.

The hosting of your secure data takes place exclusively in Germany (MBB GmbH, Marienbaumer Str. 152, 47665 Sonsbeck, Germany, www.domainbox.de). The system used and the providing web server are always up-to-date; all available security updates are regularly uploaded. Each time you access the contents of this website, the following data is stored:

  • name of the requested file
  • date and time of the request
  • transferred amount of data
  • error status
  • IP address of the requesting computer
  • user name

The data is passed neither fully nor in part to third parties. A comparison with other databases does not take place. You have the possibility to enter optional data within the framework of the internet offer. The disclosure of this data by the user takes place on an entirely voluntary basis.

F. INSIGHTS MDI®

We use the services of this third party in order to provide INSIGHTS MDI® for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your secure encrypted raw data is processed in the Netherlands (Interxion HQ, Tupolevlaan 24, 1119 NX Schiphol-Rijk, Netherlands). This ensures that the processing and storage of the data occurs exactly within the framework of European data protection law (is exactly the same as Dutch law).

INSIGHTS MDI® is very careful to ensure that you as a participant have secure and reliable access to the online platform.

All data entered via the European server will only be used for the purpose specified and agreed upon by you. We do not share information about you with third parties without your consent. Personal information entered for an analysis / report includes: e-mail address, gender (only for salutations in the report), position / job title and organization. The disclosure of this data by the user takes place on an entirely voluntary basis.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in the Netherlands via an SSL-encrypted connection (see above). Your answers to the questions and your ranked answers are evaluated by means of defined evaluation algorithms. Your answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. INSIGHTS MDI® reports are generated automatically within a few seconds so that the certified and authorized reporting consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

INSIGHTS MDI® guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. More information about the data center and the security certificates can be found at https://www.interxion.com/Locations/amsterdam/

.

G. Magh und Boppert GmbH (digital learning content)

For the provision of digital learning content, we use a learning platform from Magh und Boppert GmbH, Schulze-Delitzsch-Str. 8, 33100 Paderborn, Germany.

The following data is processed in the learning platform:

  • given name
  • surname
  • e-mail address
  • learning history (completed courses, participation in events, feedbacks, achieved certifications)

The company Magh and Boppert GmbH is able to access your data in case of support queries.

Furthermore, the data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

The hosting of your data is carried out exclusively in Germany on behalf of the Haufe Akademie by the following external data center service providers:

Hostserver GmbH for the learning platform https://mylearning.haufe-akademie.de (Hostserver GmbH, Biegenstr. 20, 35037 Marburg, Germany).

noris network AG for the learning platform https://lernwelt.haufe-akademie.de (noris network AG, Thomas-Mann-Str 16-20, 90471 Nuremberg, Germany).

H. Transfer Coaching

For the provision of transfer coaching we work together with freelance trainers. Once you have confirmed the booking of a transfer coaching we forward your registration and seminar data to the respective trainer so that he/she can make an appointment. The trainer, who is bound by a framework agreement to comply with the provisions of the BDSG (Bundesdatenschutzgesetz = German Federal Data Protection Act) as well as by a non-disclosure agreement, may only use this data for making an appointment and for performing the transfer coaching you have booked. This may include technical support services for the software and hardware used by the trainer. Within the scope of this service, you have the option of contacting the trainer by telephone or using web conferencing tools. The trainer carries the responsibility for both of these communication channels. Should you not agree with the use of web conferencing tools, please inform the trainer directly during your first talk.

I. Creation of open badges

Data collected:
Open Badges is a system of digital certificates or learning badges jointly developed by the Mozilla Foundation and the MacArthur Foundation. With respect to storage, we deploy solutions and technologies from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (AWS).
Collected data encompass in particular:

      • First name and surname of the badge recipient
      • E-mail address of the badge recipient
      • Seminar and Badge ID

IP address and timing of the user when retrieving a badge

Purposes of data processing:
We process these data in order to be able to create a badge for you and make it permanently available to you. The data is therefore essential for the allocation and permanent storage of badges as digital certificate equivalents for seminar graduates.

Legal basis:
We process the data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage duration and control options:
We store your data as long as you have an active account with us. If you delete this account or if the account is closed for any other reason, we will delete all existing data, as long as there are no legal or contractual retention periods preventing deletion.
In addition, you can revoke your consent at any time informally with effect for the future. In such case, we will also delete the relevant data promptly.

Transfers to third countries:
The data is generally processed in European data processing centres. Within the scope of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee an adequate protection of your data in these cases as well, we have obligated Amazon Web Services, using the corresponding EU standard contract clauses, to comply with a data protection level corresponding to EU law.

J. StackFuel GmbH

Data collected:

For the provision of digital learning content concerning data science trainings, we use a learning platform from StackFuel GmbH, Alte Schönhauser Str. 38, 10119 Berlin. The transmission and processing of the necessary data for the training is carried out safely. Stackfuel ensures for all secondary service providers through appropriate guarantees pursuant to Article 44 ff GDPR that your personal data are protected and that your rights of the person affected are fulfilled.

The secondary service providers are:
– Google https://policies.google.com/privacy?hl=de&gl=de
– Slack https://slack.com/intl/de-de/legal
– Pipedrive https://www.pipedrive.com/en/privacy
– LogmeIn https://www.logmeininc.com/de/legal/privacy
– Microsoft https://privacy.microsoft.com/de-de

In particular, collected data are:

      • First name and last name of the participant
      • E-mail address and telephone number of the participant
      • Seminar- ID

      Purposes of data processing:

      We process this data to perform online training in the learning platform of StackFuel. The data are therefore required for the implementation.

      Legal basis:

      We process your data in order to be able to fulfil our contractual obligation to you (Art. 6 (1) (b) EU GDPR).

      Storage duration and control options:

      Fuel stores your data as long as you have completed your training, but no later than 30 days after completing your training. If you terminate or cancel a training, StackFuel deletes all available data, as far as deletion does not conflict with any statutory or contractual retention periods.

      K. EVA – evaluation tool

      Data collected:

      We use the analyses of EVA, which are generated from the reporting of the feedback sheets in order to obtain insights into the satisfaction of event participants. In addition to the location and speaker of the event data such as participant IDs and your answers from the questionnaire are collected.

      Purpose of data processing

      We use the results of the analyses for the purpose of continuous product improvement.

      Legal basis:

      We process the data in accordance with your consent. Art 6 para. 1 lit. a GDPR.

      Storage duration and control options:

      The data is stored in EVA for a period of six years, after which it is deleted.

      L. One-on-One Coaching

      Individual coaching is provided in cooperation with Haufe Advisory GmbH, a subsidiary of Haufe Akademie. In the first step, we provide the following data to Haufe Advisory GmbH:

        • First name and surname
        • Contact details
        • Packages booked

of/by the Orderer or Coachee (participant). The Coachee and the Orderer do not necessarily have to be the same person.

The Coachee then receives a link through which the Coachee is able to access the web pages of our processor, Haufe Advisory GmbH. Here, the Coachee presents his individual coaching request, which is then matched with appropriate coaches. To do this, our processor uses a questionnaire that has been filled by the Coachee. The aim is to allocate a suitable coach in accordance with your coaching requirements. In so doing, you may disclose data to us that falls within certain categories of personal data pursuant to Art. 9 Para. 1 GDPR. When performing the matching process, Haufe Advisory GmbH processes your data on our behalf in compliance with the European GDPR. For details, please see here. As a Coachee, you will be informed of the processing of your data once again before your specific enquiry is sent.

As a rule, one-on-one coaching is conducted virtually. The specific coaching is performed in coordination with the respective Coach using the means of communication offered by him. All communication channels are offered by the Coach on his own authority. Should you not agree with the use of certain means of communication (e.g. Internet, telephone, etc.), please inform the Coach immediately on making initial contact with him.

Purpose of data processing:

This data processing is necessary for the fulfilment of contractual obligations vis-a-vis the Client and for enabling matching of the Coachee with a suitable Coach.
Statements concerning particular categories of personal data (Art. 9 Para. 1 GDPR) are voluntary. Where personal data is required to enable suitable matching, it is of vital importance to the contractual performance and thus essential.

Legal basis:

We process your data in order to enable us to fulfil our contractual obligation towards you (Art. 6 Para.1 b EU-GDPR). In addition, we process your data for the purpose of legitimate interests (Art. 6 Para. 1 f EU-GDPR), to enable us to communicate similar interesting offers to you in the future.

Storage period:

The Coachee‘s personal data is stored for the duration of the business relationship and is deleted upon termination of the same, insofar as no legal or contractual retention periods oppose such deletion.

Processing in the context of matching:

Insofar as an employee of a Client has booked Coaching through the website provided by Haufe Advisory GmbH, Haufe Advisory GmbH functions as the processor for Haufe Service Center GmbH.

M. Haufe eAcademy:

Data collected:

When you open an account with us, we ask you to provide us with the following data: first name and surname, e-mail address, invoice address (company address and where appropriate an additional e-mail address to be used for invoicing), and your individual, freely selectable password. In addition, you may upload a profile photo – which is of course voluntary – which will then be visible in the application.

After registration, you will receive a verification e-mail from us that serves on the one hand to confirm your identity and on the other to enable invoicing. The verification link remains active for two weeks.

Purposes of data processing:

We process this data first of all to create your account, to enable you to access the services offered and to enable us to implement the contract. On the other hand, we also process this data to enable you to create an appealing profile.

Legal basis:

If we require your data for the purposes of implementing the contract with you and making our services available to you or to perform pre-contractual measures on the basis of an enquiry from you, data processing will be based on Art. 6 Para. 1 lit. b of the GDPR. If you give information voluntarily to complete your profile, data processing will be on the basis of Art. 6 Para. 1 lit. a of the GDPR.

Storage period and control options:

We store your data for as long as you operate an account on our platform. You can delete your profile yourself at any time. You can also download your data at any time as a zip file.

If you delete your account, all the data held for your account will be irrevocably deleted. This includes any courses already purchased or implemented.

You can delete a profile photo that you have provided voluntarily and that we have saved with your consent yourself at any time, by clicking on ‘Delete Photo ’ in your profile. This constitutes withdrawal of consent on the basis of Art. 7 Para. 3 of the GDPR.

Coaching

Data collected:

You may also book coaching sessions on our website. If you do this, we pass on your data (first name, surname, log-in e-mail address and the parameters of your individual course project) to your selected coach. You are also able to voluntarily provide a telephone number when you make the booking, which we will then also pass on to the coach. He/she will then contact you personally to discuss your communication preferences. This is something over which we have no influence. We process no further data in this context.

Purpose of data processing:

We process your data to enable us to offer you the booked coaching sessions and to enable communication to take place between you and your coach.

Legal basis:

The processing of this data is on the basis of the contractual performance, Art. 6 Para. 1 lit. b of the GDPR.

Storage period:

We store your data for the duration of the contract and subsequently delete it, provided there are no legal retention requirements that oppose its deletion.

IV. What data is processed when you contact us, order a newsletter, open a user account and purchase online products and services?

We wish to inform you below about the data which is collected and processed should you contact us, order a newsletter, open an account or purchase online products. We would also like to inform you as to what purpose and by whom they are handled, on which legal basis data processing takes place and when the data is deleted.

 

A. Making contact

Data collected:

We collect and process the information you provide us with, such as your contact details, your name and your request when you contact us through a contact form or by e-mail. All data you submit to us is encrypted.

Purposes of data processing:

Data processing is carried out by our customer service or service providers commissioned by us exclusively on the basis of processing your enquiry.

Legal basis:

We process your data for the implementation of pre-contractual and contractual measures, which are based on your request (Article 6, paragraph 1 b GDPR)

Duration of storage:

We store your data for as long as we need it for the specific purpose, for guarantee purposes or for fulfilling legal retention periods.

 

B. Seminar registration

 

Data collected:

We collect and process data provided by you in the course of seminar registration, for example your contact details, such as your name and address as well as information pertaining to the booked course subject, location, period and, if applicable, other circumstances of the respective seminar.

Purposes of data processing:

We process your data in order to be able to provide you with the corresponding seminar and, if necessary, to be able to send you promotional offers for similar seminars and products in the future.

Legal basis:

We process your data in order to fulfil our contractual obligation towards you (Art. 6 para. 1 (b) GDPR). In addition, we process your data on the basis of legitimate interest (Art. 6 para. 1 (f) GDPR) in order to be able to submit similar interesting offers to you in the future.

Storage duration:

We store your data for as long as required for the specific processing purpose, to ensure compliance with statutory retention periods.

C. Customer surveys

Data collected:

For the purpose of online surveys, we use the services of the provider Netigate Deutschland GmbH, Untermainkai 27-28, 60329 Frankfurt am Main, Germany. Netigate processes on our behalf the information provided by users solely for the purpose of surveys. If personal data is requested, such as names or e-mail addresses, then these are made anonymous, as is the IP address of the user. If further such personal data is requested during a survey (e.g. name, address, company etc.) then we specifically point out during the survey that entering this information for statistical purposes is entirely voluntary on behalf of the user.

Purposes of data processing:

We use Netigate for the appropriate design and optimization of our websites.

Legal basis:

Netigate is used when you complete an according questionnaire. When submitting your answers, you give your consent.

Duration of storage:

Surveys containing personal data are deleted automatically after a period of 6 months.

D. Newsletter

Data collected:

We collect and process the information you provide, such as your name and e-mail address, when you subscribe to our newsletter.

Newsletters containing Eloqua technologies use tracking technologies. These technologies are used to collect data on whether our emails are opened and which links you click on.

Purposes of data processing:

We process the data in order to send you the newsletter.

We use the data collected through Eloqua to find out which topics are of interest to you. We then use this information to improve the e-mails we send you and the services we provide as well as connecting them to existing tracking or profiling information.

Legal basis:

After registering for a topical newsletter, we process your data with your consent to inform you via electronic mail about the selected topics and also to advertise them. We work according to the double-opt-in principle, i.e. if you order a topical newsletter on our website, we will send you a confirmation e-mail with a registration link. It is only once you have clicked on this link that you are registered on our newsletter list.

We use Eloqua only with your consent.

If we have received your e-mail address in conjunction with the sale of a product, we use it to provide you with information on similar products on the basis of legitimate interests (Article 6 f GDPR). Our legitimate interest lies in advertising our products and services directly to you.

Duration of storage:

We store your data for as long as we need it for its specific purpose.

E. Raffles, free catalogues, magazines and trade fair tickets

Data collected:

If you take part in one of our prize raffles or request our free catalogues, magazines or trade fair tickets from us, we collect and process the data provided by you via our online contact forms provided for this purpose, such as your name and address datails.

Purpose of Data Processing:

We process the data provided by you in order to allocate the prize to the respective raffle and to be able to send you the prize or the requested free catalogue, magazine or trade fair ticket. If necessary, we will use your data to send you offers in line with your interests.

Legal basis:

We process your data on the basis of legitimate interest (Art. 6 para. 1 (f) GDPR) or because you have consented to the corresponding processing of your data (Art. 6 para. 1 (a) GDPR).

Duration of storage:

We store your data for as long as required with respect to the specific processing purpose.

V. What rights do you have and how can you use them?

 

A. Revocation of consent

You may revoke any consent given for the processing of your personal data at any time with effect for the future. Please note that the revocation does not affect the legality of previous data processing and that it does not extend to such data processing, for which there is a legal reason for permission and which, therefore, can be processed without your consent.

 

B. Further rights for the party concerned

According to Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR) and, if legal prerequisites are met, you are entitled to the following:

Disclosure:

You may at any time demand that we disclose to you the personal data belonging to you that we handle as well as how it is processed and request that we provide you with a copy of the personal data stored (Article 15 GDPR).

Correction:

You may demand the correction of incorrect personal data and completion of incomplete personal data (Article 16 GDPR).

Deletion:

Regarding deletion of your personal data: Please note, that excluded from deletion is any data that we require for processing and fulfilling contracts, for the assertion, exercise and defense of legal claims and data for which statutory, regulatory or contractual retention requirements exist (Article 17 GDPR).

Restriction of use:

Under certain circumstances you may demand that we limit the processing of data, for example, if you are of the opinion that your data is incorrect, if processing it is illegal or you have filed an objection to the further processing of your data. This means that without your consent, your data may be processed only to a very limited extent, e.g. for the assertion, exercise and defense of legal claims or for the protection of the rights of other natural and legal persons (Article 18 GDPR).

Objection to processing of data:

You have the option at any time to object to the use of data for direct marketing purposes. In addition, if you have special reasons, you may at any time object to the data processing that takes place on the basis of a legitimate interest (Article 21 GDPR).

Data portability:

You have the right to receive a copy of any data you have provided to us and that we handle on the basis of your consent or to fulfil the contract. This is provided in a standard, machine-readable format and, as long as it is technically feasible, you may request direct transmission of this data to third parties (Article 20 GDPR).

C. Contact methods

You can exercise your rights through the following contact channels:

Haufe Group
Mr. Raik Mickler
Data Protection Officer
Munzinger Strasse 9
79111 Freiburg, Germany
E-Mail: dsb@haufe-lexware.com

You may withdraw your consent for the processing of data using cookies and tracking technologies via the appropriate settings in your browser or via the opt-out possibilities described in detail in section II C.

You may withdraw your consent for receiving newsletters at any time by clicking on the corresponding link in each newsletter.

D. Right of complaint to a regulatory authority

If, for example, you are of the opinion that our handling of data is unlawful or that we have not granted you your rights as described above to the necessary extent then you have the right to lodge a complaint with the responsible data protection regulatory body.

Version: October, 15th 2019