Privacy Policy
Here you will find the data protection information of secupay AG.
Privacy Policy secupay AG
- 1. Privacy Policy secupay AG
- 2. Data controller responsible for processing
- 3. Contact details of the data protection officer
- 4. Collecting your data
- 5. Purposes and legal bases
- 5.1. Technical provision of secupay AG websites and secupay services
- 5.2. Provision of our services
- 5.3. Content Delivery Networks
- 5.4. Google Web Fonts (local hosting)
- 5.5. Real Cookie Banner
- 5.6. Web services
- 5.6.1. Google Analytics and Google Signals
- 5.6.2. Google Tag Manager
- 5.6.3. Google Ads
- 5.6.4 Google Ads Conversion-Tracking
- 5.6.5. DoubleClick
- 5.6.6. Google Photos
- 5.6.7. Google reCAPTCHA
- 5.6.8. Google Maps
- 5.6.9. Tracking-Pixel from Netzeffekt
- 5.6.10. Meta Pixel
- 5.8. Inquiries by email, contact form and phone
- 5.9. Your application with us
- 5.10. Use of our services and business communication
- 5.11. Exercising your rights as a data subject
- 5.12. Partner-Newsletter
- 5.13. Processing of your data in relation to events
- 6. Disclosure of personal data
- 7. Is there automated decision-making in individual cases (including profiling)?
- 8. Fraud Prevention with Device Fingerprinting
- 9. Time limits for storage
- 10. Your rights as a data subject
- 11. Protection of personal data
secupay AG (further referred to as „secupay AG‘“ or „wewe") takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and, in particular, the General Data Protection Regulation („GDPR") and German Federal Data Protection Act ("BDSG") as well as this Privacy Policy.
When you visit this website, various personal data is collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose.
secupay AG
Goethestrasse 6
01896 Pulsnitz
Phone +49 (0) 35955 7550-0
Email: [email protected]
Represented by the Executive Board Hans-Peter Weber, Katja Hartmann
As the controller, we determine the purposes and means for processing personal data described herein, alone or jointly with others.
If you have any questions and/or concerns regarding data protection, you can reach our data protection officer at the following contact details:
Frau Dominika Juszczyk
IBS data protection services and consulting GmbH
Zirkusweg 1
20359 Hamburg
Germany
Email: [email protected]
First, your data is collected by you providing it to us. This may be, for example, data that you enter in a contact form.
Other data is collected automatically or after your consent when you visit the website via our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
5. Purposes and legal bases
The processing occurs, for the purpose of providing our websites on the basis of an overriding legitimate interest in accordance with Art. 6(1)(f) GDPR. Our legitimate interests are the provision of technically necessary and expressly requested digital services, ensuring the security and trouble-free operation of our IT systems, and the assertion, exercise and defence of legal claims.
When you visit our websites, we collect pseudonymized connection data required to display the requested web pages (e.g. IP address, referrer URL, target page, timestamp) and store this data in connection logs (server log files) on the web server.
In addition, we store pseudonymized information in your browser in certain cases (cookies or local storage) insofar as this is necessary to display our websites or to enable necessary functions on our websites (technically necessary services or cookies) such as cookies that are necessary to carry out the electronic communication process or to provide certain functions that you have requested (e.g. for the shopping cart function). The storage of information in your terminal device or the access to information stored there is absolutely necessary in these cases according to § 25 Abs. 2 Nr. 2 TDDDG German Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei digitalen Diensten "TDDDG") in order to provide you with the expressly requested digital service.
If you use a contact form provided by us, we collect the data you enter, at the least, the information marked as mandatory. The transmission to the web server is encrypted via https (SSL) and then sent to us by email. In any communication by email, in addition to entered data (message content), connection data (e.g. IP address, mail client, timestamp) and metadata (e.g. size of transmitted data) as well as attachments containing personal data, if applicable, are processed. Emails are always checked for unwanted content (e.g. viruses, spam) through technical means in our IT systems.
You must provide this data without this constituting any legal or contractual obligation. A visit to our websites is not possible or only possible with restrictions without the provision of this information.
We process personal data that we receive from you in the course of a business initiation or business relationship in order to carry out our services, the execution of your orders, as well as all activities necessary for the operation and administration of a financial transfer service provider (Art. 6(1)(b) GDPR.)
Insofar as it is necessary for the provision of our services, we process data received from other companies or other third parties (e. g. infoscore GmbH) in a permissible manner. In addition, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e. g. debtor directories, land registers, commercial and association registers, the press and other media).
Relevant personal data may include in particular:
- Personal data (name, date of birth, place of birth, nationality and similar data)
- Contact details (address, email address, telephone number and similar data)
- Legitimation data (identification, registration and comparable data)
- Current accounts and credit card data
- Information about your financial situation (creditworthiness data including scoring, i.e. data for assessing credit risk)
- Data on the use of telemedia offered by us (e. g. time of access to our websites, apps or newsletters, clicked pages of us or entries and comparable data)
To provide our website and certain services and features, we use what are known as Content Delivery Networks ("CDN"), which are connected to our website and provide content such as files, images and scripts. It is technically necessary for the external CDN servers to process your IP address and browser-based information to establish a connection between the servers and provide the content.
Insofar as CDN connections are part of a function for the provision of the website or the use of technically necessary web technologies, the purposes and legal bases are identical to the respective technically necessary web technology.
If CDN connections are part of a technically non-essential web service based on your prior consent, the purposes and legal basis are identical to the respective non-essential web technology.
We do not store any information about the connection between our website and the CDN servers. More information about unpkg and Cloudflare's Privacy Policy can be found at unpkg.com as well as cloudflare.com/de-de/privacypolicy/.
This site uses what are known as web fonts for the uniform display of fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The Google Fonts are installed locally.
No connection to Google servers takes place. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://policies. google.com/privacy?hl=en.
The processing occurs, for the purpose of obtaining, managing and proving your consent to the use of non-essential cookies and web services on the basis of an overriding legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interests are the verifiability of compliance with legal requirements according to Art. 5(2) GDPR and the assertion, exercise and defence of legal claims.
When you visit our websites, you can give or subsequently change consent to the web services via an additional interface (Consent Manager). In doing so, we process pseudonymous information (e.g. IP address, timestamp) via the Real Cookie Banner and store your consent in your browser (cookie/local storage) to ensure that only services you have consented to are used. Provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling.
The storage of information in your end device or the access to information stored there is strictly necessary in these cases according to § 25 Abs. 2 Nr. 2 TDDDG in order to provide you with the expressly requested digital service.
You can see an overview of managed cookies and website services at the top of this page "Cookies settings" .
You must provide this data without this constituting any legal or contractual obligation. A visit to our websites is not possible or only possible with restrictions without the provision of this information.
The processing is carried out for the purpose of statistically evaluating the interaction of website visitors, for integrating content from other websites as well as for advertising purposes and marketing activities on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Pursuant to Article 7(3) GDPR. , you have the right to withdraw any consent you have given for the processing of your personal data at any time with effect for the future. The lawfulness of processing based on your consent pursuant to Art. 6 (1) (a) GDPR or Art. 9(2)(a) GDPR remains unaffected until withdrawal. Please note that if you do not consent to the use of cookies and/or web services, you may not be able to use certain functions of this website, or only to a limited extent.
If you give us your consent to individual or all web services via the Real Cookie banner, we collect pseudonymous information (e.g. IP address, timestamp) and store it in your browser (cookie/local storage). Subsequently, the third-party providers we use gain access to this data in order to provide the requested web services.
The storage of information in your terminal device or the access to information stored there takes place in these cases in accordance with § 25(1) TDDDG on the basis of your consent.
You are neither legally nor contractually obliged to provide this data. It is generally possible to visit our website without providing this information.
We use the following web services in the Real Cookie Banner, depending on the category:
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Google Analytics allows the website operator to analyze the behaviour of website visitors. In this context, the website operator receives various usage data, such as page impressions, duration of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to augment the data sets it collects and employs machine learning technologies in its data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
We have enabled Google Signals in Google Analytics. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, Google Signal's visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymized statistics on the user behaviour of our users. We have concluded an order processing contract with Google. The transfer of personal data to Google is based on the adequacy decision (Data Privacy Framework).
The use of this service is based on your consent according to Art. 6 (1) (a) GDPR and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used for administering and utilizing the tools integrated via it. However, Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States. The transfer of personal data to Google is based on the adequacy decision (Data Privacy Framework).
The legal basis is your consent according to Art. 6 (1) point a GDPR. You can withdraw your consent at any time.
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited. Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As a website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to our advertisements being shown and how many ads resulted in corresponding clicks.
The use of this service is based on your consent according to Art. 6 (1) (a) GDPR and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.
Your data may also be transferred to Google's parent company in the United States. The transfer of personal data to Google is based on the adequacy decision (Data Privacy Framework).
On our website, we use Google Ads conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland (‘Google’). We use the Google Ads service to draw attention to our attractive offers with the help of advertising material on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. Our aim in doing so is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.
The conversion tracking cookie is set when a user clicks on an ad delivered by Google. These cookies usually expire after 30 days and are not used for personal identification. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page. Each Google Ads advertiser has a different cookie. This means that cookies cannot be tracked across the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
The legal basis for the processing of your data as described above is your consent in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future.
When you use Google Ads, personal data is transmitted to the servers of Google LLC. in the USA. Personal data is transmitted to Google on the basis of the adequacy decision (‘Data Privacy Framework’).
You can find more information about Google's data protection policy at the following Internet address: google.de/policies/privacy/
This website contains components from DoubleClick, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). DoubleClick transfers your data to the DoubleClick server with every impression, click or other activity. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick places a cookie on your IT system. Among other things, the cookie is used to place and display user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie is used to avoid multiple insertions of the same advertisement.
Each time you access one of the individual pages of this website, which is operated by us and on which a DoubleClick component has been integrated, the internet browser on your IT system is prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. As part of this technical process, Google obtains knowledge of data that Google also uses to create commission statements. A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional pseudonymised identification numbers. Among other things, Google can see that you have clicked on certain links on our website.
These processing operations are carried out exclusively with the express consent of the user in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision in accordance with Art. 45 GDPR, so that personal data may be transferred without further guarantees or additional measures.
You can view the privacy policy of DoubleClick by Google at: google.com/intl/de/policies/.
We use the Google Photos service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store images embedded on our homepage.
Embedding is the integration of a specific external content (text, video or image data) provided by another website (Google Photos) and then displayed on your own website (our website). An embedding code is used for embedding. If we have integrated an embedding code, the external content from Google Photos is displayed by default as soon as one of our webpages is visited.
Your IP address is transmitted to Google via the technical implementation of the embedding code, which enables the display of images from Google Photos. Furthermore, Google Photos records our website, the type of browser used, the browser language, the time and the length of access. In addition, Google may collect information about which of our subpages you have visited and which links you have clicked on, as well as other interactions you have carried out when visiting our site. This data can be stored and evaluated by Google Photos.
These processing operations are carried out exclusively with the granting of express consent in accordance with Art. 6 para. 1 lit. a DSGVO.
This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision in accordance with Art. 45 GDPR, so that personal data may be transferred without further guarantees or additional measures.
You can view Google's privacy policy at: google.com/policies/privacy/.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to verify whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behaviour of the website visitor based on various characteristics. This analysis begins as soon as the website visitor agrees to the use of Google reCAPTCHA. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. The storage and analysis of the data is based on Art. 6 (1) (a) GDPR. Your data may also be transferred to Google's parent company in the United States. The transfer of personal data to Google is based on the adequacy decision (Data Privacy Framework).
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The transfer of personal data to Google is based on the adequacy decision (Data Privacy Framework). The provider of this site has no influence on this data transmission. If Google Maps is enabled, Google may use Google Web Fonts for the purpose of uniform font display. When you access Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR . If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TDDDG. The consent can be withdrawn at any time.
A tracking process based on the cookie counting pixel from Netzeffekt GmbH is used on the website. The purpose is to measure leads and sales. This may involve processing your personal data such as order ID; user hash/click ID; IP address; device identifiers and browser information.
The use of this service is based on your consent according to Art. 6 (1) (a) GDPR and § 25 para. 1 TDDDG Your consent can be withdrawn at any time.
The website operator uses the visitor action pixel from Meta Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, to measure conversion. This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Meta advertisement. This allows the effectiveness of the meta ads to be evaluated for statistical and market research purposes and future advertising efforts to be optimised.
The data collected is anonymous to the operator of this website, so no conclusions can be drawn about the identity of the user. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Data Usage Policy. This allows Meta to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent according to Art. 6 (1) (a) GDPR. The consent can be withdrawn at any time.
Please refer to Meta's privacy policy for more information about protecting your privacy: https://www.facebook.com/about/privacy. Meta is certified according to the ‘EU-US Data Privacy Framework’ (DPF).
We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us or interact with our company's Facebook content, we collect your personal data. If you give us permission to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display suitable advertising to you. Furthermore, your data can be used to define target groups (lookalike audiences).
Meta processes this data as our processor. Details can be found in the Facebook user agreement: https://www.facebook.com/legal/terms/customaudience.
The use of this service is based on your consent according to Art. 6 (1) (a) GDPR. The consent can be withdrawn at any time.
The company is certified according to the ‘EU-US Data Privacy Framework’ (DPF).
We have integrated LinkedIn Ads into our website. LinkedIn Ads is a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, which displays targeted advertising to users. LinkedIn Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. LinkedIn Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of the advertising. Furthermore, LinkedIn Ads delivers targeted advertising based on behavioural profiles and geographic location.
We process data (including IP address, timestamp, URL and user agent) using LinkedIn Ads for the purpose of optimising our advertising campaigns and for marketing purposes based on your consent in accordance with Art. 6 (1) point a GDPR.
Your IP address and other identifiers such as your user agent are transmitted to the provider. In this case, your data is also passed on to the parent company, LinkedIn Corporation, based in the USA. The transfer of data to the USA is based on the European Commission's adequacy decision, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF).
The specific storage period is described in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy .
We use LinkedIn Analystics, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The service stores and processes information about your user behaviour on our website. To do this, the service uses cookies, among other things, which are stored locally in your web browser's cache on your device and which enable an analysis of your use of our website.
We use the service to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. LinkedIn Analytics enables us to collect statistical data about your visit to and use of our website and to provide us with corresponding aggregated statistics on this basis. The service also allows us to display interest-specific and relevant offers and recommendations after you have informed yourself about certain services, information and offers on the website.
As a rule, IP address, device information, browser information, referrer URL and timestamp are collected and processed. In this case, your data will also be passed on to the parent company – LinkedIn Corporation, based in the USA. The transfer of data to the USA is based on the European Commission's adequacy decision.
LinkedIn Ads is activated on the basis of your consent in accordance with Art. 6 (1) point a GDPR .
The data are erased as soon as they are no longer required for the purpose for which they were collected. You can also prevent the storage of cookies generated by this service by making the appropriate settings in your web browser. Please note that if you do this, you may not be able to use all the features of our website.
Please refer to the LinkedIn privacy policy for more information about how LinkedIn collects and uses data at https://www.linkedin.com/legal/privacy-policy .
Our website embeds videos from YouTube and YouTube plug-ins. The provider of the ‘YouTube Images’ service is YouTube LLC, a subsidiary of Google Ireland Limited (‘Google’). When you visit a website that has a YouTube video embedded in it, data is transferred to a Google server and stored there.
This does not happen automatically, but only if the user actively clicks on the video. Only through this conscious action is data about the behaviour when using YouTube transmitted to Google and processed by Google.
If you have a Google user account and are registered, Google can associate the visit with your user account. Google stores these data as user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about their activities on our website. You have the right to object to the creation of these user profiles. To do so, please contact Google directly.
We use YouTube in order to present various videos on our website. You should be able to watch the videos directly on our website. The data is processed on the basis of Art. 6 (1) (a) GDPR. This serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose.
The provision of personal data is not required by law or by a contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide personal data. Not providing the data may mean that you are unable to use our website or are unable to use it to its full extent.
If you wish to prevent data transfer, you cannot use this YouTube function. Regardless of this, we recommend that you regularly log out of your social network user account after using it, especially before activating embedded content, as this will prevent you from being assigned to your profile with the respective provider.
Google is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision in accordance with Art. 45 GDPR , so that personal data may be transferred without further guarantees or additional measures.
We use YouTube NoCookie on our website. This is a code and URL provided by YouTube LLC (‘YouTube’) that allows us to integrate videos without tracking cookies. YouTube LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a website that has a YouTube video embedded in it, data is transferred to a Google server and stored there.
If you have a Google user account and are registered, Google can thus assign the visit to your user account. Google stores these data as user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its websites. This type of analysis is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To do so, please contact Google directly.
By integrating YouTube NoCookie, we pursue the purpose of enabling the playback of videos without tracking cookies. No data is passed on to third parties, but to Google. The processing of the data is based on Art. 6 (1) (a) GDPRThis regulation serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose.
The provision of personal data is not required by law or by a contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. Not providing the data may mean that you are unable to use our website or are unable to use it to its full extent.
Our website uses Mouseflow, provided by Mouseflow ApS, Flæsketorvet 68, 1711 Copenhagen, Denmark. Mouseflow is a web analytics tool that provides detailed insights into the behaviour of website visitors. It records clicks, mouse movements and scrolling activities to analyse how users interact with the website.
Mouseflow collects information including the IP address (in anonymised form), device type, browser, operating system, pages visited and interactions on the website. Keystrokes are not recorded.
We have concluded a data processing agreement with Mouseflow to ensure that the data collected is processed in compliance with data protection regulations.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Your data may also be transferred to Mouseflow's parent company in the United States. The transfer of personal data is based on the adequacy decision. Mouseflow, Inc. is certified under the Data Privacy Framework.
You are neither legally nor contractually obliged to provide this data. It is generally possible to visit our website without providing this information.
The processing occurs, for the purpose of providing our fan pages on social networks (company pages) as well as for marketing purposes on the basis of an overriding legitimate interest in accordance with Art. 6(1)(f) GDPR. Our legitimate interests are the support of the social media platforms as well as the presentation of our business activities and the implementation of marketing activities.
If you visit our company page on one of the following social media platforms, we determine the purposes and means together with the platform operators. In terms of data protection, we are joint controllers according to Art. 26 GDPR.
We have set a link to the respective pages of social networks. No further data exchange takes place with these pages on our website. When the social media element is active, a direct connection is established between your end device and the provider. The provider thereby receives information about your visit to this website. Insofar as consent has been obtained, the above service is used on the basis of Art. 6 (1) (a) GDPR and § 25 TDDDG. The consent can be withdrawn at any time.
We use funnel.io, a marketing data hub that allows us to better analyze, report and aggregate your interactions with our social media.
You are under no legal or contractual obligation to provide us with this information. The use of social networks is independent of the provision of your data, however, contacting us or visiting our profile is not possible without the social network provider providing us with this data.
Our fan page on Facebook is provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta).
When you visit our fan page, together with Meta, we process information about you that you provide through your visit (e.g. user name, comments, messages) as well as what are known as page insights (statistical analysis of your visit). The processing by Facebook that takes place after the forwarding is not part of being a joint data controller.
When you visit our page on Facebook, we process the following data:
- Your username,
- Comments you post on our page,
- Messages you write to us via Facebook or Instagram,
- Page Insights (page visits, post volume, country/city our visitor is from, gender statistics).
You can find more information about Page Insights here.
For the processing of personal data with Page Insights on Facebook and Instagram, the purposes and means of the processing are determined jointly with Meta, so that we are joint controllers according to our agreement (page controller Addendum) ("Joint Responsibility Agreement").
Further information on data protection at Meta can be found here abgerufen werden.
Contacting the data protection officer is possible via this form: https://www.facebook.com/help/contact/540977946302970
Your information may also be transferred to Meta's parent company in the United States. The transfer of personal data to Meta is based on the adequacy decision (Data Privacy Framework).
Functions of the Twitter service are integrated into this website. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
If you are logged into your account and visit our profile, Twitter can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, through cookies that are stored on your terminal device or through the collection of your IP address.
Our social media presence on Twitter is designed to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
You can independently adjust your privacy settings on Twitter in your user account. To do so, click on the following link and log in: https://twitter.com/personalization.
Your information may also be transferred to Twitter's parent company in the United States. The transfer of personal data to Twitter is based on the adequacy decision (Data Privacy Framework).
If you, as a registered user, access our profile on the social network "LinkedIn", follow us or interact with us (e.g. message, comment), LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") processes personal data to provide us with aggregated information ("Page Insights"). No information is provided that allows us to track an individual user’s behaviour.
For the processing of personal data for the purpose of providing site insights, we and LinkedIn are joint controllers according to Art. 26 GDPR. For more information about the processing of your personal data as a joint controller, please visit the following external link directly from LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum.
In addition, if you as a registered user interact with our profile or posts shared by us (e.g., read, follow, comment) or we access your profile, LinkedIn processes your information as an independent controller (operation of the social network) and shares with us all information that is necessary for the operation of the social network according to LinkedIn's terms of use.
In this case, we collect user data (e.g., name, location), qualification data (e.g., occupation, position, education), and communication data (e.g., message content) directly from you or through the use of LinkedIn's social network. If you interact with our advertising to download a white paper, we also collect data such as your name, email address and company name. We use this data to contact you regarding our products and services. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be withdrawn at any time. Art. 6 (1) (a) GDPR. The consent can be withdrawn at any time.
For more information about LinkedIn's processing of personal data, please visit the following external link: https://linkedin.com/legal/privacy-policy.
Your data may also be transferred to LinkedIn's parent company – Microsoft Corporation, in the United States. The transfer of personal data to Microsoft is based on the adequacy decision (Data Privacy Framework).
If, as a registered user, you call up our profile on the social network "XING", follow us or interact with us (e.g. message, comment), or we call up your profile, New Work SE, Am Strandkai 1, 20457 Hamburg ("XINGXING") processes your information as an independent controller (operation of the social network) and shares with us all information that is required to operate the social network in accordance with XING's terms of use.
In this case, we collect user data (e.g. name, location), qualification data (e.g. occupation, position, training) and communication data (e.g. message content) directly from you or by using the XING social network.
For more information on the processing of personal data by XING, please refer to the following external link: https://privacy.xing.com/de/datenschutzerklaerung/druckversion.
Our YouTube channel is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The transfer of personal data to Google is based on the adequacy decision.
Google operates YouTube as the data controller in terms of data protection. When you view, subscribe, comment, or react to our channel or individual videos, Google collects information about you that you provide through your visit (e.g., username, comments, subscriptions, likes, dislikes to our videos). Google analyzes your response and behaviour in relation to our channel and videos and provides us with statistical information in anonymized form via YouTube Analytics. The provision of this analysis data is carried out by Google as the processor within the meaning of Art. 28 GDPR.
This website also embeds videos from YouTube.
We use YouTube in extended data protection mode. According to YouTube, this mode causes YouTube not to store information about visitors to this website before they watch the video. The transfer of data to YouTube partners, on the other hand, is not necessarily excluded by the extended data protection mode. So, regardless of whether you watch a video, YouTube connects to the Google Double Click network.
As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
The basis is consent in accordance with Art. 6 (1) (a) GDPR and § 25 TDDDG. The consent can be withdrawn at any time.
For more information about privacy at YouTube, please see their Privacy Policy at: https://policies. google.com/privacy?hl=en.
If you send us inquiries by email, telephone or contact form, we will store your data for the purpose of processing the inquiry and in case of follow-up questions. We do not disclose this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; the consent can be revoked at any time.
The data collected from you will remain with us until you request us to erase it, withdraw your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
To contact us, you are neither contractually nor legally obligated to provide the data. However, the processing of the request is not possible without the communication of certain data about your person (mandatory fields), so that the contact cannot be made without providing this information.
Processing for the purpose of carrying out application procedures is carried out to decide on establishing an employment relationship and, after the employment relationship has been established, for its implementation in accordance with § 26(1) German Data Protection Law Bundesdatenschutzgesetz “BDSG”).
In addition, if an application is rejected, processing may be carried out to safeguard overriding legitimate interests in accordance with Art. 6(1)(f) GDPR . Our legitimate interest is the assertion, exercise or defence of legal claims
Insofar as you expressly agree in the case of an unsolicited application or a rejection of the application to store and consider it for a later date, the processing will be based on your consent according to Art. 6 (1) (a) GDPR. Pursuant to Article 7(3) GDPR. you have the right to withdraw consent you have given for the processing of your personal data at any time. The lawfulness of processing based on your consent pursuant to Art. 6 (1) (a) GDPR or Art. 9(2)(a) GDPR remains unaffected until withdrawal.
When you apply to us, we collect all of your personal data that you provide to us as part of the application. We may also receive your data from our recruitment agency - VentureLink Partners GmbH. You can apply on your own initiative or on the basis of a job advertisement published by us. Subsequently, we process your personal data in the application process in order to invite you to a personal interview, if applicable, and to decide on establishing an employment relationship. When you use one of our contact forms to apply, we collect the data you enter.
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interestsArt. 6(1)(f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data is deleted and the physical application documents are destroyed. The storage serves, in particular, evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the expiration of the 6-month period (e.g. due to an impending or pending legal dispute), the data will only be erased when the purpose for continued storage no longer applies.
It may be stored for a longer period if you have given corresponding consent (Art. 6 (1) (a) GDPR) or if legal storage obligations oppose the erasure.
In the event that you have consented to the processing of your personal data by our affiliated companies, we will share your data with hp.weber GmbH & Co. POS-cash KG and/or secucard GmbH.
The processing for the purpose of providing our services and business communication is carried out for the purpose of fulfilling the contract in accordance Art. 6(1(b) GDPR, for the fulfilment of legal obligations according to Art. 6(1)(c) GDPR as well as for the exercise of overriding legitimate interests according to Art. 6(1)(f) GDPR. Our legitimate interests are the fulfilment of the contract and the assertion, exercise and defence of legal claims. If you are already a customer of ours, we also have a legitimate interest in sending you promotional communications for our own similar products, provided that you have not objected to the use of your data. In addition, the processing can also take place in certain cases, about which we will provide separate information, on the basis of your consent in accordance with Art. 6 (1) (a) GDPR or Art. 9(2)(a) GDPR (e.g. if you give your consent in return for downloading a free white paper).
If you conclude a contract directly with us as a natural person, we collect all personal data required to establish, perform or terminate the contract. This also applies if you negotiate or conclude a contractual agreement on behalf of another natural person or legal entity.
Insofar as we do not collect the data directly from you, we receive information about your person (name, position), contact data (e.g. email, telephone) and contractual data (e.g. performance obligations) from third parties whom you have named as contact persons or persons responsible for establishing, implementing or terminating the contractual agreement.
For performing the contract, managing the customer relationship, processing requests and providing documentation and billing of services, we process the personal data to the extent necessary. In addition, we process this data to enable appropriate risk management as well as controlling and compliance with other legal requirements (e.g. commercial and tax law) as a legal entity.
As a legal entity, we are obliged to comply with various legal regulations, in particular commercial and tax law. In addition, our activities may also require us to take measures to combat money laundering, to ensure IT security for critical infrastructure, or to assist in audits as a material outsourcing for the purposes of financial supervision.
You are not legally or contractually obligated to provide the personal data. However, without the information requested from us, the use of our services is not possible or only possible to a limited extent.
The processing is carried out for the purpose of guaranteeing data subject rights on the basis of the fulfilment of legal obligations according to Art. 6(1)(c) GDPR as well as for the exercise of overriding legitimate interests according to Art. 6(1)(f) GDPR. Our legitimate interest is the assertion, exercise and defence of legal claims.
When you contact us to exercise your rights as a data subject, we will collect from you any personal data that you provide to us as part of the request. Alternatively, we may receive the data from third parties if you have instructed someone to assert your rights on your behalf (e.g., deputy, attorney, guardian) or have contacted other agencies in advance (e.g., data protection officer).
We process this data to ensure your identity, to verify the applicability of the respective rights, to implement your rights and to communicate with you.
There is no legal or contractual obligation for you to provide your data. However, without the provision of certain information that enables us to identify you or to implement your rights, it will not be possible to process your request, or only to a limited extent.
We would like to keep you up to date with important news by e-mail. As a secupay partner, you will receive exclusive sales know-how once a month, as well as tips and offers for sales support. We only want to send you information if you really want to receive it. This is why you need to register on our website to receive the newsletter. We collect your first name and e-mail address as well as the date and time of registration together with the separate confirmation e-mail. Furthermore, we collect technical information (e.g. time of access, IP address, browser type and operating system).
We use Mailchimp - a cloud-based tool for newsletter management provided by Intuit Inc. based in the USA. We have entered into a data processing agreement with Mailchimp. Mailchimp is certified under the "EU-US Data Privacy Framework". The "Data Privacy Framework" is an agreement between the EU and the USA, which is intended to ensure compliance with European data protection standards in the USA. MailChimp enables us, among other things, to send newsletters and analyze information such as opening frequencies and clicks in the email. Your data is stored on MailChimp's servers in the USA.
Your data will be stored by us until you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. business communication by e-mail) will not be affected by unsubscribing.
The processing is carried out for the purpose of registration and sending the newsletter by e-mail as well as an analysis for the newsletter on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR. In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw any consent you have given for the processing of your personal data at any time. This also applies if you do not want Mailchimp to analyze your data. We provide a link for this purpose in every newsletter e-mail. The lawfulness of processing based on your consent in accordance with Art. 6 para. 1 lit. a GDPR remains unaffected until you withdraw your consent.
You are neither contractually nor legally obliged to provide the data. However, it is not possible to register for and receive the newsletter without providing the aforementioned personal data.
If you provide us with your contact details in person at trade fairs and similar events, we will collect them in order to keep in touch with you. If you are invited to an event by us, we process your data (name, e-mail address and other data that you provide to us yourself) for participant management, marketing and event documentation. Audio, photo and video recordings may also be made in some cases.
The legal basis for data processing in the context of enquiries about cooperation with us is art. 6 para. 1 lit. b. GDPR. GDPR, the implementation of pre-contractual measures based on your enquiry. Audio, photo and video recordings are only made if you have expressly given your consent (Art. 6 para. 1 lit. a GDPR). In all other cases, we have a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (participant administration).
If your data is directly related to a contractual relationship following your enquiry, we will delete it after the contract period, otherwise after your enquiry has been dealt with, or restrict processing if there are statutory retention obligations. If data processing is based on your consent, your consent can be withdrawn at any time and your data will then be deleted in accordance with the statutory deletion periods. In all other cases, we delete your data when the purpose for data storage is no longer given.
We use an external provider with whom we have concluded an order processing contract to send invitations and manage participants.
At secupay AG, only those persons receive knowledge of personal data if they are responsible for the processing (e.g. administrators, clerks).
Certain activities are not carried out by ourselves, but by contracted service providers as processors according to Art. 28 GDPR . These are carefully selected by us, contractually bound and regularly reviewed.
In certain individual cases, we disclose personal data to third parties (e.g. legal advisors, auditors, data protection officers, authorities, courts, our affiliated companies) to the extent necessary for processing and legally permissible.
Transfers to recipients in third countries outside the EU/EEA or to international organizations only take place if this is necessary and legally permissible for the respective processing. In these cases, the transfer is made on the basis of an EU adequacy decision or, in the absence thereof, on the basis of agreed standard contractual clauses or binding internal data protection rules. To the extent that the aforementioned guarantees are not in place, the transfer to third countries outside the EU/EEA is based on an exception according to Art. 49(1) GDPR (explicit consent, performance of contract, assertion, exercise or defence of legal claims).
If necessary for the provision of our services, your data will be passed on to the following companies:
- Creditreform Boniversum GmbH
- Concardis GmbH
- infoscore Consumer Data GmbH, Baden-Baden
- Payone GmbH
- Transact elektronische Zahlungssysteme GmbH
- SIT Solution for IT-Payment GmbH
- HIT Hanseatische Inkasso-Treuhand GmbH
- Bluro GbR („Serverspot“)
- Professionals with an obligation to secrecy such as auditors, tax consultants and lawyers
- secucard GmbH
- hp.weber GmbH & Co. POS-cash KG
In the event that the purchase price claim has been assigned to secupay AG, the data may be passed on to the following companies for the purpose of enforcing the purchase price claim:
- Creditreform Dresden Aumüller KG
- Creditreform München Ganzmüller, Groher & Kollegen KG
When you use our payment services, we transmit your data (name, address and date of birth) for checking your creditworthiness and verifying your address to the associations Creditreform e. V., Hammfelddamm 13, 41460 Neuss, Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Creditreform München Ganzmüller, Groher & Kollegen KG, Machtlfinger Str. 13,81379 Munich and Creditreform Dresden Aumüller KG, Augsburger Str. 4,01309 Dresden.
The legal basis for these transfers is Art. 6 paragraph 1 Letter b of the General Data Protection Regulation.
Information on particularly sensitive data in accordance with Art. 9 General Data Protection Regulation is not processed.
For the purposes of fraud prevention and investigation, the data provided may be used to verify the existence of an atypical payment transaction. In principle, we have a legitimate interest in carrying out such a check. The legal basis for processing is Art. 6 Para. 1 lit. f GDPR.
Therefore we make use of the services of Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg ("Risk.Ident") when operating our services. Risk.Ident collects and processes data using cookies and other tracking technologies to determine the terminal used by the user and other data on the use of our services. The data is not assigned to a specific user. If IP addresses are collected by Risk.Ident, they are immediately encrypted.
The data is stored by Risk.Ident in a database for fraud prevention. Data transmitted by us to Risk.Ident on end devices, which have already been used to (attempted) commit fraud, are also stored in the database. In this respect, too, there is no allocation to specific users. When using our services, we retrieve a risk assessment from the Risk.Ident database to the user's terminal device. This risk assessment of the probability of an attempted fraud takes into account, among other things, whether the terminal device has dialed in via various service providers, whether the terminal device has a frequently changing geo-eference, how many transactions were made via the terminal device and whether a proxy onnection is used. The legal basis for processing is Art. 6 Para. 1 lit. f GDPR.
To ensure the principle of storage limitation according to Art. 5(1)(e) GDPR, we store personal data in a form that permits data subjects to be identified only for as long as is necessary for the respective legitimate purposes.
We have set the following storage periods:
- Server log files are stored for 1-30 days depending on the IT system and then automatically deleted;
- Technically necessary cookies are deleted after the end of a session (e.g. closing the browser) or after reaching the specified maximum age (max-age) or manually by the user in the browser;
- Nicht notwendige Cookies werden nach Ablauf des festgelegten Höchstalters (max-age) bzw. manuell durch den Nutzer im Browser gelöscht.
- Application documents of rejected applicants will be deleted 6 months after rejection without existing consent for permanent storage.
Personal data that must be retained due to commercial or tax regulations in accordance with § 147 AO (German Tax Act), § 257 HGB (German Commercial Code) will not be deleted before 6 years or 10 years have
passed. Further storage takes place for the assertion, exercise or defence of legal claims, e.g. in the case of
incomplete tax, audit or administrative proceedings.
Personal data that we process for the assertion, exercise or defence of legal claims are generally deleted after 3 years (regular statute of limitations pursuant to § 195 BGB (German Civil Code) in certain cases (e.g. claims for damages), the statute of limitations is 10 years or 30 years from the date the claim arose pursuant to § 199 BGB, with the maximum storage period being 30 years from the date on which the act, breach of duty or other event that caused the damage occurred.
Under the conditions of Art. 15 GDPR , you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on your consent pursuant to Art. 15(1) GDPR, including a copy of your data according to Article 15(3) GDPRinsofar as the rights and freedoms of other persons are not affected. This includes trade secrets, intellectual property rights or copyrights.
The right to information can be restricted or refused in accordance with § 34 BDSG . In this case, we will inform you of the reasons for the rejection.
Under the conditions of Art. 16 GDPR you have the right to demand that we immediately correct any inaccurate personal data concerning you and, depending on the purpose of the processing, complete any incomplete data.
Unless this is impossible or involves a isproportionate effort, we will notify all recipients to whom we have disclosed your personal data of the correction. According to Art. 19(2) GDPR , you have the right to be informed about these recipients.
Under the conditions of Art. 17 GDPR you have the right to demand that we erase personal data concerning you without delay. We are obliged to erase your data if one of the reasons according to Article 17(1) GDPR applies.
If we have made data relating to you public and an obligation to erase it exists, we shall take appropriate measures in accordance with Article 17(2) GDPR to inform other data controllers if you have requested the erasure of all links to this data or of copies and replications.
Unless this is impossible or involves a disproportionate effort, we will notify all recipients to whom we have disclosed your personal data of the deletion. According to Art. 19(2) GDPR , you have the right to be informed about these recipients.
The right to erasure exists pursuant to Article 17(3) GDPR insofar as the processing of your personal data is necessary for the reasons stated therein. This applies in particular if the storage of your data is still required due to legal retention obligations (Art. 17 Abs. 3 lit. b DSGVO) or if your data is needed for the assertion, exercise or defence of legal claims (Art. 17(3)(e) GDPR).
The right to erasure exists pursuant to § 35(3) BDSG if the storage of your data is required due to statutory or contractual retention obligations. In addition, the right to erasure may also be restricted pursuant to § 35(1) BDSG . In this case, the processing of your data pursuant to Art. 18 GDPR is restricted.
Under the conditions of Art. 18 GDPR , you have the right to demand that we restrict processing if one of the conditions mentioned therein applies.
If the processing of your data has been restricted, your data will continue to be stored in accordance with Art. 18(2) GDPR , but will only be processed in a different way if you consent to this or if this is done to assert, exercise or defend legal claims, to protect the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.
If your data has been restricted, you will receive a notification before the restriction is lifted. Unless it is impossible or involves a disproportionate effort, we will notify all recipients to whom we have disclosed your personal data of the restriction. According to Art. 19(2) GDPR , you have the right to be informed about these recipients.
Under the conditions of Art. 20 GDPR , you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on your consent pursuant to Art. 6 (1) (a) GDPR or a contract pursuant to Art. 6(1(b) GDPR and the rights and freedoms of other natural persons are not affected.
Under the conditions of Art. 21 DSGVO haben Sie das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung Ihrer personenbezogenen Daten Widerspruch einzulegen, sofern diese auf der Grundlage unseres berechtigten Interesses gem. Art. 6(1)(f) GDPR erfolgt. Das Recht auf Widerspruch gem. Art. 21 Abs. 1 DSGVO gilt nicht, wenn wir nachweisen, dass wir schutzwürdige Gründe für die Verarbeitung haben, die Ihre Interessen, Rechte und Freiheiten überwiegen oder wenn die Verarbeitung zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich ist. Sie haben unabhängig davon gem. Art. 21 Abs. 2 DSGVO jederzeit das Recht, der Verarbeitung Ihrer Daten zum Zweck der Direktwerbung einschließlich Profiling in Verbindung mit Direktwerbung zu widersprechen. In diesem Fall verarbeiten wir Ihre Daten nicht mehr den Zweck der Direktwerbung.
If the processing of your personal data is based on your consent pursuant to Art. 6 (1) (a) GDPR you have the right to withdraw your consent at any time with effect for the future pursuant to Article 7(3) GDPR.
According to Article 22(1) GDPR you have the right not to be subject to a decision based solely on automated processing – including profiling – where this produces legal effects concerning you or similarly significantly affects you.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you consider that the processing of your personal data infringes the GDPR. You may contact any supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, including the supervisory authority responsible for us – Sächsische Datenschutz- und Transparenzbeauftragte, Devrientstraße 5, 01067 Dresden, https://www.datenschutz.sachsen.de/.
We have implemented a comprehensive information security programme that includes technical and organizational measures to secure and protect your information. In particular, we use the following security measures to help protect your personal information from unauthorized access, disclosure, use or alteration:
- Encryption of personal data
- You can recognize an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the lock symbol in your browser bar. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
- Storage of important information such as passwords after their encryption
- Countermeasures against hacker attacks
- Creation and implementation of the internal safety management plan
- Installation and operation of an access control system
- Measures to prevent the falsification or modification of access data
Nevertheless, due to ever-changing technology and other factors beyond our control, we cannot guarantee that communications between you and our servers will be free from unauthorized access by third parties or that we will not be affected by security breaches.
