§ 1 Information regarding the collection of personal data
(1) Below we inform you about the collecting of personal data upon utilisation of our website. Personal data area any and all data that can be attributed to you personally, i.e., for example, name, address, e-mail addresses, user behaviour.
(2) Controller in accordance with Art. 4 Par. 7 EU General Data Protection Regulation (GDPR) is the firm Cardisio GmbH, managing directors Meik Baumeister, The Squaire 12, 60549 Frankfurt am Main, Germany, firstname.lastname@example.org (see our Impressum). You can reach our data protection officer at email@example.com or at our postal address with the addition “the Data Protection Officer”.
(3) When you are establishing contact with us via e-mail or via a contact form, we store the data you have communicated to us (your e-mail address; where applicable, your name and your phone number) to respond to your questions. We delete the data incurred in this context once its storage is no longer necessary, or we restrict the processing if statutory storage obligations exist.
(4) If we rely on contracted service providers for select functions of our offer, of if we want to use your data for advertising purposes, we will inform you below in detail about the respective processes.
§ 2 Legal basis for the processing of personal data
(1) To the extent that we obtain a declaration of consent of the data subject for the processing operations of personal data, Art. 6 Par. 1 Lit. a of the EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data.
(2) In case of the processing of personal data that is required for the fulfilment of a contract to which the data subject is a contractual party, Art. 6 Par. 1 Lit. b GDPR serves as legal basis. This shall also apply to processing operations that are necessary for the carrying out of pre-contractual measures.
(3) To the extent that a processing of personal data is required for the fulfilment of a contractual obligation that our company is subject to, Art. 6 Par. 1 Lit. c GDPR serves as legal basis.
(4) In case vital interests of the data subject or of another natural person make a processing of personal data necessary, Art. 6 Par. 1 Lit. d GDPR serves as legal basis.
(5) If the processing is necessary for maintaining a legitimate interest of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 Par. 1 Lit. f GDPR serves as legal basis for the processing.
§ 3 Data erasure and duration of storage
Your personal data will be erased or restricted as soon as the purpose of storage no longer exists. A storage can, furthermore, be performed if this is provided for by the European or national legislatures in rules, laws, or other regulations under European Union law applicable to the Controller. A restriction or erasure of the data is also performed if a storage period prescribed by the specified standards expires unless a necessity exists for further storage of the data for conclusion or fulfilment of a contract.
§ 4 Your rights
(1) You have the following rights towards us with respect to the personal data concerning you:
– Right to be provided with information,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to the processing,
– Right to data portability.
(2) You, furthermore, have the right to lodge a complaint with a supervisory data protection authority regarding our processing of your personal data.
§ 5 Collection of personal data in case of a visit to our website
(1) In case of a merely informational utilisation of the website, i.e., if you do not register with us or transmit information to us otherwise, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data that is technically required to display our website to you and that ensures stability and security (the legal basis is Art. 6 Par. 1 S. 1 Lit. f GDPR):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status / HTTP status code
– Respective volume of data transmitted
– Website from which the request comes
– Operating system and its user interface
– Language and version of the browser software.
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. In case of collection of the data for provision of the website, this is the case once the respective session has ended.
(2) In addition to the aforementioned data, cookies are stored on your computer upon your utilisation of our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using through which the authority that is setting the cookie (in this case us) is provided with certain information. Cookies cannot execute programs nor transfer viruses to your computer. They serve for making the Internet presence more user-friendly and effective, overall.
a) This website uses the following types of cookies, the scope and function of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c).
b) Transient cookies are deleted automatically when you close the browser. These include, in particular, the session cookies. These store a so-called session ID with which different requests by your browser can be linked to the joint session. This way, your computer can be recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are deleted automatically after a specified period of time that can differ from cookie to cookie. You can delete cookies at any time in the security or privacy settings of your browser.
d) You can configure your browser settings according to your preferences and, for example, reject the acceptance of third party cookies or all cookies. We would like to point out to you that you may not be able to use all functions of this website as a result.
§ 6 Additional function and offers of our website
(1) In addition to the purely informational utilisation of our website, we also offer various services you may use, if interested. Typically, you have to provide additional personal data for this which we use for providing the respective service and to which the aforementioned principles regarding data processing apply.
(2) In part, we utilise external service providers for the processing of your data. These were carefully selected and contracted by us, are bound by our directions and are inspected at regular intervals.
(3) Furthermore, we may pass your personal data on to third parties if we offer participations in campaigns, prize games, conclusions of contracts or similar services jointly with partners. You will receive more detailed information regarding this upon providing your personal data as well as in the description of the offer below.
(4) If our service providers or partners are headquartered in a state outside the European Economic Area (EEA), we inform you of the consequence of this circumstance in the description of the offer.
§ 7 Objection to or withdrawal of consent to the processing of your data
(1) If you have provided your consent to the processing of your data, you may withdraw it at any time. Such a withdrawal has an impact on the permissibility of the processing of your personal data once you have pronounced it towards us.
(2) If we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is, in particular, not necessary for the fulfilment of a contract with you, which is indicated by us in each case in the following description of the functions. When exercising such an objection, we kindly request presentation of reasons why your personal data should not be processed as done by us. In case of your justified objection, we will check the facts of the matter and will either cease and/or adjust the data processing or indicate to you’re the compelling legitimate grounds based on which we continue the processing.
(3) You may, of course, object at any time to the processing of your personal data for the purposes of advertising and data analysis. You may inform us of your objection to advertising at the above contact data.
§ 8 Utilisation of Google Analytics
(1) This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files that are stored on your computer, and which allow for an analysis of your utilisation of the website. The information that the cookie generates about your utilisation of this website is generally transferred to and stored on a server operated by Google in the USA. In case of an active IP anonymization, your IP address will be shortened first by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. Only in exceptional circumstances will the complete IP address be transferred to a server of Google in the USA and then shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities and for providing other services relating to website utilisation and internet usage to the operator of the website.
(2) The IP address transmitted by your browser as part of “Google Analytics” is not combined with other data of Google.
(3) You can prevent the storage of the cookies through an appropriate setting in your browser software; we would, however, like to point out that in this case it may not be possible to make full use of all functions on this website. You can, furthermore, prevent the recording of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website is using Google Analytics with the “_anonymizeIp()” extension. As a result, IP addresses are processed in a shortened form so that a correlation with individual persons can be excluded. To the extent that the data collected regarding you feature a relation to your person, said relation is therefore immediately excluded and the personal data thereby deleted immediately.
(5) We use Google Analytics to be able to analyse and regularly improve the utilisation of our website. Via the statistics gained, we can improve our offer and design it more interestingly for you as the user. For exceptional cases in which personal data is transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the usage of Google Analytics is Art. 6 Par. 1 S.1 Lit. f GDPR.
§9 Use of Facebook Remarketing
We use the “Custom Audiences” remarketing function from Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; “Facebook”) on our website.
The purpose of the application is to target visitors to the website with interest-based advertising on the social network Facebook.
For this purpose, the Facebook remarketing tag was implemented on the website. This tag is used to establish a direct connection to the Facebook servers when you visit the website. This transmits to the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. If you visit the social network Facebook, you will then be shown personalized, interest-based Facebook ads.
Your data may be transmitted to the USA. Facebook has certified itself according to the US-EU data protection agreement “Privacy Shield” and is thus obliged to comply with European data protection guidelines.
You can disable the Custom Audiences remarketing feature here.
You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy in Facebook’s data protection information at https://www.facebook.com/about/privacy/.
§10 Use of Hotjar
We use Hotjar to better understand the needs of our users and to optimize the offer and experience on this website. Hotjar’s technology gives us a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and don’t like, etc.) and this helps us tailor our offering to our users’ feedback to align Hotjar works with cookies and other technologies to collect data about the behavior of our users and their end devices, in particular the IP address of the device (is only recorded and stored in anonymous form while you are using the website), screen size, device type (unique device identifiers). ), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
For more information, see the ‘about Hotjar‘ section on Hotjar’s help page.
§ 11 Integration of Google Web Fonts
(1) On this website we use the offer of Google Web Fonts. As a result, when you access the website, your browser will load the required web fonts into your browser cache so that text and fonts can be displayed correctly.
(2) In order to be able to load the required data, your browser must establish a connection to the Google servers. This gives Google knowledge that this website was accessed via your IP address. If your browser does not support web fonts, a standard font will be displayed. The legal basis for the use of Google Web Fonts is Art. 6 Para. 1 S.1 lit f GDPR.
(3) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider’s data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 12 Integration of Bootstrap CDN
(1) On this website, the Java Script code from LLC. NetDNA, 3575, Cahuenga Blvd Suite 630, Los Angeles, CA 90068, USA (hereinafter Bootstrap CDN). If Java Script is activated in your browser and you have not installed and activated a Java Script blocker, your browser will transmit personal data to Bootstrap CDN within the meaning of Section 5 of this declaration. The legal basis for the use of Bootstrap CDN is Art. 6 Para. 1 S.1 lit f GDPR.
(2) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider’s data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.maxcdn.com/legal/. Bootstrap CDN also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
§ 13 Integration of Cloudflare CDN
(1) The Java Script code from Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA (hereinafter Cloudflare CDN) is loaded on this website. If Java Script is activated in your browser and you have not installed and activated a Java Script blocker, your browser will transmit personal data to Cloudflare CDN within the meaning of Section 5 of this declaration. The legal basis for using Cloudflare CDN is Art. 6 Para. 1 S.1 lit f GDPR.
(2) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider’s data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.cloudflare.com/security-policy/. Cloudflare CDN also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 14 Use of social media plug-ins
(1) We currently use the following social media plug-ins: LinkedIn. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under § 5 of this declaration will be transmitted. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
(2) We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
(5) For further information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.
(6) Address of the respective plug-in providers and URL with their privacy notices:
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
§ 15 Use of LinkedIn Insight Tag
(1) This website uses LinkedIn Insight Tag, a web analytics service provided by LinkedIn Inc (“LinkedIn”). LinkedIn Insight Tag uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a LinkedIn server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by LinkedIn within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a LinkedIn server in the USA and shortened there. On behalf of the operator of this website, LinkedIn will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of LinkedIn Insight Tag will not be merged with other data from LinkedIn.
(4) We use LinkedIn Insight Tag to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. A standard contractual clause exists for the exceptional cases in which personal data is transferred to the USA. The legal basis for the use of LinkedIn Insight Tag is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(5) Information of the third-party provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy