Privacy Policy

Scope

This Privacy Policy explains to users (hereinafter: “you”) the type, scope and purpose of the collection and use of personal data (hereinafter: “data”) by the responsible provider on this website (hereinafter: “Website”) and the data protection claims and rights to which you are entitled within the meaning of the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). We therefore ask you to take note of this Privacy Policy and, if necessary, to print it out or save it.

Handling and protecting of personal data

Personal data is information that can be used to identify a person directly or to make them identifiable, i.e. generally information that can be traced back to a person. This includes, for example, the name, e-mail address or telephone number. But personal data may also include data about preferences, hobbies, memberships or which websites someone viewed.

In the following, we will inform you about the type, scope and purpose of the collection, processing and use of personal data. You can access this information at any time on our website.

• General information on data protection, data processing operations and data subject rights that apply to all data processing operations can be found in Part A of this Privacy Policy below.
• In connection with the website, visitor data exchanged between their Internet-enabled devices and the server operated by the provider, as well as data communicated in the context of the use of the website, are processed. Details can be found under Part B of this Privacy Policy.

A. General information on data protection and rights of data subjects.

I. Who is responsible for data processing and who can you contact if you have any questions?

The responsibility within the meaning of the GDPR and other national data protection laws of the member states, as well as other provisions of data protection laws lies with:

MultiBase GmbH
Rudolf-Diesel-Straße 5
82205 Gilching | Deutschland

Tel.: +49 (8105) 27 75-0

Fax: +49 (8105) 27 75-25

www.multibase.de

Sitz der Gesellschaft ist Gilching.

Geschäftsführer: Feliks Golenko

USt-ID DE129422241
HRB 95 351

Hereinafter also: “we” or “MultiBase”

Your trust is important to us. Therefore we would like to answer your questions regarding the processing of your personal data at any time. If you have any questions that are not answered by this data protection declaration or if you would like more detailed information on data protection with us or on a specific point, please do not hesitate to contact us at any time:

E-Mail: info@multibase.de
Tel.: +49 (8105) 27 75-0

You can reach our data protection officer at:

Dipl.-Inform.(FH) Andreas Niekerke
Holder of the certified university degree in corporate data protection
Andreas Niekerke <niekerke@sansec.de>

II. What rights do you have with regard to your data?

If personal data is processed by you, you are a “data subject” as defined in the GDPR, which means that you may be entitled to the rights described below.

Upon request, we will inform you as soon as possible and in writing whether and which of your personal data we have stored  (Art. 15 GDPR). If, despite our efforts to ensure that the data is correct and up to date, incorrect data is stored, it will be corrected by us upon request (Art. 16 GDPR). In addition to this right to correction, you may also have the right to block and delete the personal data collected by us (Art. 17 GDPR). However, it is possible that we may not be able to comply immediately with every request for deletion for legal reasons, above all due to tax or commercial law regulations, or for reasons of smooth contract processing. In addition, you have the right to request that we transfer the data to you as a structured, common and machine-readable format or, upon your request, forward it to a third party (Art. 20 GDPR).

You may object to the use of your data for the future, i.e. for purposes other than the execution of the contract or processing in our legitimate interest (Art. 21 GDPR). If you have given us your consent for processing of your data, this may be revoked with effect for the future. You also have the right to demand only a restriction on the use of data for certain purposes (Art. 18 GDPR).

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, workplace or place of presumed infringement, if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR in connection with § 19 BDSG). A list of data protection officers oft he supervisory authorities of the federal states of Germany and their contact details can be found at the following link:

www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you are of the opinion that we violate German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for our registered office:

Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision “BayLDA”)
Promenade 27,
91522 Ansbach,
E-Mail: poststelle@lda.bayern.de

III. Which data is processed and from which sources does this data originate?

1. Origin of personal data

We basically process data that we receive directly from the persons affected as part of a business initiation or in the course of the business relationship. In addition, we process – to the extent necessary for the provision of our services or the fulfilment of a contract with you – data that we have received from other companies in our group of companies or partner companies or from locally responsible companies integrated into our sales system with which we have a long-term business relationship.

In individual cases, we also process data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have taken, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media).

Via our website, we process data that we receive during your visit to the website or that you actively communicate to us when using the website, e.g. when using our contact form. Other data is automatically collected by our IT systems when you visit the website. These are in particular technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website. Details can be found under Part B of this Privacy Policy.

2. Categories of personal data

Among the personal data that we regularly process are personal master data and contact data such as: First name and surname, address, e-mail address, telephone number, fax, date of birth, position in the company, etc.

In addition, we also process the following other personal data, depending on the order/service:

• Information about the type and content of our business relationship, such as contract data, order data, sales and document data, customer and supplier history, consulting documents
• Advertising and sales data
• Documentation data (e.g. consultation protocols, data from service meetings or support cases)
• Information from your electronic interaction with us (e.g. IP address, log-in data),
• other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),
• the documentation of declarations of consent

IV. For what purposes and on what legal basis will the data be processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in their respective valid versions, in particular on the following legal bases:

1. Fulfilment of (pre-)contractual obligations (Art. 6 sect. 1lit.b GDPR)

Personal data is processed on the basis of Art. 6 sect. 1 lit. b GDPR in order to fulfil MultiBase’s contractual obligations, in particular in connection with the sale and distribution of our goods and services, as well as all activities customary in the industry for the operation or administration of MultiBase (e.g. customer administration). The data may also be processed on a pre-contractual level as part of a business relationship with MultiBase or in the course of other contractual relationships with MultiBase.

For example, Art. 6 sect. 1 lit. b GDPR, is the legal basis in the following cases:

• Creating and maintaining a customer account or a vendor account
• Recording of customer/prospect files and maintaining our customer/prospect database
• Sending of information
• Offering and selling MultiBase products
• Offering and implementing our services (e.g. training, consulting and support services)

Details on the purpose of these data processing operations can be found in the respective contract documents and terms and conditions.

2. Legitimate interests (Art. 6 sect. 1 lit. f GDPR)

On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract, in order to safeguard the legitimate interests of MultiBase or third parties. This is permissible, unless your interests or fundamental rights and freedoms that require the protection of personal data prevail. For example, data processing to safeguard legitimate interests is carried out in the following cases:

• Transmission of data to affiliated companies and partner companies
• Lawyers to collect claims and/or enforce them in court
• enforcement of other legal claims and defence in legal disputes
• Advertising or marketing
• Market and opinion surveys
• Measures taken to manage business and to develop our services further
• Maintaining databases on customers/prospects or service providers to improve our offering
• Carrying out a risk assessment (due diligence) in the contect of any company restructuring or a company acquisition or sale
• Ensuring the IT security and IT operations of our company

3. Fulfilment of legal obligations (Art. 6 sect. 1 lit.c GDPR)

The processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. those of the German Commercial Code (Handelsgesetzbuch) or of the German Tax Code (Abgabenordnung).

4. Consent (Art. 6 sect. 1 lit.a GDPR)

If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. Any declaration of consent, e.g. for the sending of a newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the contact data listed under A. Point I. Please note that processing which took place before the revocation is not affected by the revocation and under certain circumstances data processing may continue to be possible at least partially based on another legal provision.

V. Who receives my data?

At MultiBase, those employees or organizational units will receive your data who need the information to fulfill our contractual and legal obligations or to process or pursue our legitimate interests .

Your data will be forwarded to companies for the purpose of initiating or processing a contractual relationship (e.g. provision of a service or sale of goods) pursuant to Art. 6 sect. 1 S. 1 lit. b GDPR or – depending on the nature of the specific contractual relationship – as well as on the basis of our legitimate interests pursuant to Art. 6 sect. 1 S.1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or for contract processing. This applies to the following recipients or categories of recipients:

• Affiliated companies and partner companies
• Advertising partner
• Insurances
• Banks
• IT service provider (e.g. e-mail service provider, web hosting company)
• Communication provider (telephone provider, fax provider)
• Shipping and logistics service providers
• Auditors
• Tax and legal advisors

If we use a service provider for order processing activities in accordance with Art. 28 GDPR, we will nevertheless remain responsible for the protection of your data. Insofar as required by law, processors are contractually obliged by means of an Data Processing Agreement to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data to the extent that they need the data to fulfil their respective services.

Your data will only be transferred to government institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you instruct us to do so.

VI. How long will my data be stored?

Your personal data will only be used for the purpose for which you have provided them to us or for the processing of which you have given your consent and will be stored until this specific purpose has been fulfilled. After completion of the respective purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in accordance with tax and commercial law in particular). However, the data will be deleted at the latest after expiry of all periods, unless you have expressly consented to a further or different use. You may also assert rights during the retention periods, such as blocking your data. See A. Point II.

Your data will be deleted or blocked by us as soon as the purpose of storage no longer applies or you request us to delete it.

In general, we process – in particular store – your data only until the end of the business relationship or until the expiry of the applicable warranty, guarantee and limitation periods. For example, the limitation period according to §§ 195 ff. of the German Civil Code (BGB) is usually three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes for which the data is required as evidence.

We are also subject to statutory documentation and storage periods (e.g. from the German Commercial Code (e.g. § 257 HGB), the German Money Laundering Act or the German Tax Code (e.g. § 147 AO)). The time limits specified there for storage or documentation are between two and ten years. For example, even after termination of a contract with you, we would have to store your data for a further period of time until completion of a tax audit of the last calendar year in which you were our customer.

VII. Is personal data transferred to a third country?

As part of our processing activities, in certain business transactions or areas of activity, personal data may also take place at locations in so-called third countries outside the EU or the EEA, which the EU Commission has not yet certified to have an adequate level of data protection, for example in the USA. If such data transfer should become necessary in individual cases, this will, after your information, only take place on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your express consent.

B. Use of our services

The use of our website is basically possible without providing personal data. Basically, we process personal data of our users, as far as this is necessary for the provision of a functional website or of our contents and services. If personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis and with your express consent for the stated purpose. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

MultiBase takes adequate technical and organizational security measures to protect your personal data from loss and misuse. The data you enter is automatically encrypted using SSL (Sockets Layer Protocol), just as our entire website is encrypted using SSL. SSL is the industry standard for the transfer of confidential data via the Internet.

I. Operation of the website / access data / server log files

1. Description and scope of data processing

We (or our webspace provider) automatically collect and store in so-called server log files information that your Internet browser (via a PC or mobile device) to us. These are among other things:

• Browser type/version
• Operating system used
• External IP address of the accessing computer or network
• Refferer URL if applicable (the address from which the call originated)
• Date and time of the server request
• Message as to whether the call was successful
• Name of the retrieved file
• Quantity of data sent

An allocation of this data to a specific person is not possible for us. This data will not be merged with other data sources.

2. Legal basis of data processing

Multibase uses the log data only for statistical evaluations for the purpose of operation, security and optimisation of the website. However, Multibase reserves the right to check the log data if there are concrete indications of justified suspicion of illegal use.

3. Purpose of data processing

The temporary storage of the IP address  is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files takes place in order to ensure the functionality of the website. In addition, the data will be used to optimize the offer and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes will not take place in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 sect. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to accomplish the purpose for which it was collected. In case of a collection of data for the operation of the website, this will happen when the respective session has ended.

If the data is stored in log files, it will be deleted after seven days at the latest. Nevertheless, a longer storage of log files is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the user accessing the website is no longer possible.

5. Right to object and possibility of removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

II. Use of Cookies

1. Description and scope of data processing

Our website uses cookies and collects, processes and uses information on your use of the website. Cookies are text files with a characteristic character sequence which are stored in the Internet browser or by the Internet browser on the computer system of the user and which enable the browser to be uniquely identified when the website is loaded again. If a user opens a website, a cookie can be stored on the user’s operating system. A cookie contains a characteristic string of characters. The use of these cookies helps to make this website more user-friendly, effective and secure. When you visit this site, the data you enter is stored exclusively in a cookie on your computer. In this case, data will only be transmitted to the servers of our offer if a request to load the website is made.

Some cookies are deleted after the end of the browser session when your browser is closed (so-called “Session Cookies“). These cookies are technically necessary, e.g. to log-in to the website and also remain logged in across pages while visiting our website.

Other cookies remain on your device for a specified period and enable us to recognize your browser on your next visit (so-called „Persistent Cookies“ or „Protocol Cookies“). The purpose of using these cookies is to provide you with optimal user guidance, to “recognize” you and to provide you varied website and new content when you repeatedly use it.

Cookies from partner companies or third parties may be used, for example, to collect information for advertising, customized content or statistics (“Third Party Cookies“). Unless we identify cookies as originating from third parties, the cookies originate from our website (“First Party Cookies“).

Flash Cookies are stored on your computer as data elements of web pages if they are operated with Adobe Flash. Flash cookies have no time limit.

The following cookies are used on our website and the following data is transmitted and stored:

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 sect. 1 lit. f GDPR, unless we obtain your consent for specific cookies within the meaning of Art. 6 sect. 1 lit. a GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of the website for the user and to make it more attractive. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a change of the web pages. Please refer to the table above for details on the purpose of our cookies.

4. Duration of Storage, Right to object and possibility of removal

Please refer to the table above for details on the duration of storage of our cookies.

Cookies are stored on the user’s computer and forwarded to our website. Therefore, you as a user have full control over the use of cookies. In general, the use of the website is also possible without cookies. You can disable the storage of cookies in your browser, restrict it to certain websites or configure your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from the hard disk of your PC at any time (folder: “Cookies”). However, you should note that the rejection of function-related cookies might dissable the functionality of our website, or might enable you to use the website only to a limited extent; because certain functions are only available if and to the extent that the use of function-related cookies is approved.

You have the right to withdraw your consent to the storage of cookies at any time with effect for the future. Therefore, please click the following link:

[cookies_revoke]

III. Online presences on social networks and platforms

a.) Description of data processing

We maintain further online presences within social networks and platforms (LinkedIn, XING) (hereinafter also “SN”) and link to them from our website. By clicking on the respective buttons (recognizable by the respective logos of the social networks or platforms) you will be forwarded to the respective online presence. The purpose of these online presences is to communicate with active customers, interested parties and users and to inform them about our services.

When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Since this use takes place outside of our websites or online presence, we have no influence on this unless otherwise stated below. However, we would like to point out that when using the SN to which we link, data can also be processed by them in the USA and may also be processed by the respective operators of the SN for market research and advertising purposes, which may include the creation of usage profiles. If you are logged in to the respective SN, they could also store on your device their cookies, which record that you are using our website, along with additional information on your usage behavior. To make it easier for you to find information on the data processing and objection options of the respective operators of the SN, we refer to the end of this section III to the data privacy statements and information provided by the operators of the respective SN.

b.) Legal basis and purpose of data processing

Unless otherwise stated in our privacy policy, we process user data on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR with regards effectively informing users and communicating with them within social networks and platforms (e.g., when users write posts on our online presence or send us messages about the respective online presence).

c.) Duration of storage / options for objection and removal

For information on the duration of data storage by the respective SN, please see the privacy policies of the respective SN.

If you are a member of one of the SNs on which we maintain an online presence and do not want the SN to collect data about you through our offer and to link it to your data at the SN, you must log out of your SN before visiting our offer. For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information provided by the providers linked below.

We would like to point out that requests for information and the assertion of user rights are also most effective if directed to the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.

Details are given in the list below.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland, („LinkedIn“)

Data privacy statement: https://www.linkedin.com/legal/privacy-policy

Option to object:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland („XING“)

Data privacy statement/ option to object:  https://privacy.xing.com/de/datenschutzerklaerung

IV. Links to websites of other providers

For your information, our offer may contain links that refer to the pages of third parties. For example, we refer you to the providers iTunes and Android for the possibility of subscribing to our podcasts.

If you are forwarded via links from our website to other websites, please inform yourself  about the respective handling of your data on the respective third party websites.

The data controller (Multibase) has no influence on the content and design of the website of third-party providers. The statements in this data protection declaration therefore do not apply to third-party providers to whose services or content we provide links.

V. Active use of our website

1. Information request, contact form and e-mail contact

a.) Description and scope of data processing

On our website, contact forms are made available which can be used for electronic contact. Furthermore, on the subpages related to specific services, there might be the possibility to request additional informations on this subject, to leave specific messages on this subject, together with an optional callback request. If a user makes use of this option, the data entered in the respective input mask will be transmitted to us and stored. At the time the message is sent, the data specified directly in the form will be stored.

Alternatively, you can contact us via our e-mail address. In this case, the personal data of the user transmitted together with the e-mail will be stored.

In this context, data will not be passed on to third parties unless it is necessary to pursue our claims or legitimate interests (Art. 6 ect. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 sect. 1 lit. c GDPR). The data will be used exclusively for the processing of the conversation.

b.) Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail or our contact form is Art. 6 sect. 1 lit. f GDPR. If the purpose of the e-mail contact is to establish a contract, the additional legal basis for the processing is Art. 6 sect. 1 lit. b GDPR.

c.) Purpose of data processing

The processing of the personal data from our contact forms serves us exclusively for the purpose of handling the request for contact. If you contact us by e-mail, this is also the necessary legitimate interest for the processing of the related data.

The other personal data processed during the sending process help us to prevent misuse of the contact form and to ensure the security of our information technology systems.

d.) Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. With regard to the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be assumed based on the circumstances that the matter in question has been conclusively clarified and that no legal requirements require longer storage.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

e.) Right to object and possibility of removal

The user has the option of withdrawing his or her consent to the processing of personal data, at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In this case, it will not be possible to continue the conversation.

In this case, all personal data that was stored in the course of making contact will be deleted, provided that no legal requirements require continued storage.

f.) Security Notice E-Mail

We would like to point out that data transmission over the Internet (e.g., when communicating by e-mail) can have security gaps that are beyond our control. A complete protection of the data against access by third parties to the contents of unencrypted email is not possible. We therefore strongly recommend that you encrypt your emails containing confidential and/or personal data and in particular also tax matters, e.g., by using the S/MIME standard.

2. Newsletter and Newsletter-Service-Provider

a.) Description of data processing

We would like to inform you regularly about our services and news via e-mail or other electronic notifications (hereinafter referred to as “Newsletter“) regarding products, services, web products, innovations or news in our company. We need your e-mail address and your name for this purpose. In the respective newsletter registration forms, further information may be requested in order to provide you with personalised content tailored to your interests.

You can subscribe to our newsletters by using the corresponding function of a subscription form to subscribe to our newsletter, or during a registration process by ticking a checkbox (“Opt-in“). We offer the possibility to register for our (where appropriate topic-specific) newsletters on our website or within the context of registration process or order interfaces. The details of the respective contents of the newsletters are specifically described in the respective registration form. These descriptions are decisive for your consent.

Following your (online) subscription, you will receive an e-mail from us asking you to confirm your newsletter subscription (double opt-in procedure). This confirmation is necessary to prevent someone else from misusing your e-mail address to subscribe to our newsletter. Only with activation of the hyperlink sent in the e-mail your e-mail address will be activated for sending the newsletter.

For verification purposes, the registration date will be stored next to your e-mail address and name for the newsletter dispatch (“Timestamp“).

We use the Active Campaign software from the US provider Active Campaign LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, USA (“Active Campaign”) (hereinafter: “Active Campaign”) to send our newsletters. We use Active Campaign to organize the dispatch of newsletters and to analyze newsletter campaigns. Active Campaign uses cookies for its analysis activities. When you open an email sent with Infusionsoft, a file contained in the email (a so-called web beacon) connects to the Active Campaign servers in the USA. This allows us to determine if a newsletter message has been opened and which links, if any, were clicked on (so-called “reach measurement”). In addition, technical information (e.g., time of access, IP address, browser type and operating system) and the contact details required for our newsletter dispatch are stored on Active Campaign servers in the USA. The technical information collected is used exclusively for statistical analysis of newsletter campaigns. You can view the data protection provisions of Active Campaign here: https://keap.com/legal/privacy-policy; https://keap.com/legal/data-protection-faq

b.) Legal basis and purpose of the data processing / recipient of the data

The legal basis for the dispatch of newsletters is the consent given by you as the recipient pursuant to (Art. 6 sect. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 sect. 2 no. 3 UWG (German Act against Unfair Competition (Gesetz gegen unlauteren Wettbewerb)), or if consent pursuant to § 7 sect. 3 UWG is not required for established customers, on the basis of our legitimate interest in direct marketing measures pursuant to Art. 6 sect. 1 lit. f GDPR in conjunction with § 7 sect. 3 UWG.

The logging of the registration procedure is based on our legitimate interests pursuant to Art. 6 sect. 1 lit. f GDPR in a secure and well-targeted newsletter system that corresponds both to our business sales interests and to the expectations and needs of the recipients, as well as to the verifiability of the consents given.

The analysis of our newsletters – subject to the consent of the users – is based on our legitimate interests in the organisational and technical improvement of our newsletter campaigns in order to be able to offer our users secure and attractive newsletters.

Active Campaign is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and data processing agreement closed with Keap pursuant to Art. 28 sect. 3 sentence 1 GDPR.

We have entered into the so-called EU standard contract clauses with Active Campaign, whereby Active Campaign guarantees to comply with the European data protection level when processing data for Infusionsoft in the USA.

c.) Duration of Storage, Right to object and possibility of removal

You can object to the dispatch of the Newsletter at any time or revoke your consent to receive our Newsletters in whole or in part. You will find a unsubscribe link at the end of each Newsletter. You can also contact us directly (see imprint for contact details).

By unsubscribing the newsletter our business communication is not affected. Your data will be stored by us for the purpose of contract performance, providing support and other services, updating software or registering for events. In addition, we reserve the right to store the necessary data until the statutory limitation periods have expired in order to provide evidence of a legally compliant newsletter mailing.

For technical reasons, a separate objection to the performance measurement and campaign analysis of our newsletter is not possible. If you do not want to be analyzed by Infusionsoft, you must unsubscribe from the newsletter. You may avoid the collection of your data by Infusionsoft by installing a deactivation add-on for your web browser. You may prevent the collection of data by Infusionsoft by installing an appropriate blocker add-on for your browser.

VI. Trainings, courses, seminars, or other events („Events“)

1. Registration for our digital Events

a.) Description of the data processing
Registration forms are available on our website with which you can register for our current digital Events. If a user makes use of this option, the data entered in the respective input mask will be transmitted to us and saved after clicking on the “Register now” button.
We process the information from the respective input forms (binding information is marked with the addition *), usually:

• Salutation*
• First name*
• Last name*
• Company
• Telephone number
• Email*
• Consent to our newsletter *

We use the Active Campaign service of the provider Active Campaign LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, USA (“Active Campaign”) to manage the registrations for an Event and to send e-mails related to the Event to the participants, which enables us to automate the registration process in a simple and user-friendly manner by means of interfaces to the applications and tools described below.

Since Active Campaign’s IT system is located in the USA, the login data from the input forms is transferred to the USA and processed there. To ensure that the data transmitted by us is handled appropriately, we have concluded an order processing agreement with Active Campaign in accordance with Art. 28 GDPR including the EU standard contractual clauses on data transfer to third countries. Further information on the handling of personal data by Active Campaign can be found at:https://www.activecampaign.com/legal/privacy-policy.

Via Active Campaign, the registration data received is forwarded to Zoom Video Communications Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113 USA (hereinafter: “Zoom”), whose online video communication service we use to hold our digital Events so that the participants of the Event can also be registered there as authorized participants for our Event. We have concluded an order processing agreement with Zoom in accordance with Art. 28 GDPR, according to which the data provided by us may only be processed according to our instructions. In addition, we have concluded the EU standard contractual clauses with Zoom, with which Zoom guarantees the protection of data transmitted to the USA in accordance with the GDPR requirements.

For the aforementioned automatic forwarding, we again use the “Zapier” automation plug-in from Zapier Inc. as an interface. Market St. # 62411, CA 94104-5401, San Francisco, California, USA (hereinafter referred to as “Zapier”). Zapier collect the information that is required so that Zoom can access the data contained in Active Campaign as well as IP address, API key, access token, user identifier, password, integration configuration, API logs (“Login Data”). Zapier saves this Login Data as well as information on the send date, link configuration, names of the service providers involved in order to enable the link and exchange between Zoom and ActiveCampaign. For this purpose, Zapier stores cookies on the respective end device of the participant. Data is transferred to Zapier servers in the USA. We have concluded a contract with Zapier for the processing of data on our behalf in accordance with Art. 28 GDPR and the EU standard contractual clauses for transmission to recipients outside the EU (https://cdn.zapier.com/storage/files/46ac3128100f09a5eeda6ceb7bdb61aa.pdf). Further information on data protection at Zapier is available at https://zapier.com/privacy. Information on Zoom can be found at https://zoom.us/de-de/privacy.html#_Toc44414841.

After receiving the registration data, Zoom will send an email with registration and Login Data for Zoom to the Event for which the participant has registered with us. Via Active Campaign, the participants receive another email with information about the Event and, if necessary, alternatives in the case of hindrance at the time of the Event and confirmation of registration.

b.) Legal basis and purpose of data processing

The legal basis for the processing of the data that is sent in the course of sending an electronic registration is due to the intended conclusion of a contract Art. 6 para. 1 lit. b GDPR, otherwise Art. 6 para. 1 lit. f GDPR. If you give your consent to receive our newsletter, Art. 6 para. 1 lit. a GDPR is the legal basis for processing the data required for this. For details on sending the newsletter, please refer to No. V. 2 above.

We process and use the data collected in this way for the purpose of processing registrations, planning, and holding the respective Events. Further details on the legal and organizational framework can be found in the respective underlying conditions of participation.

c.) Duration of storage / options for objection and removal

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the registration input mask, this is usually the case when the respective Event has ended.

In this case, all personal data that was stored in the course of making contact will be deleted, provided that no legal requirements require continued storage.

2. Implementation of our digital Events

a.) Description of the data processing

At the date and time of the digital Event specified by us, participants can log in on the Zoom platform using their Login Data. If the user calls up the “Zoom” website, “Zoom” as the provider is responsible for the data processing. Accessing the website is only required to use “Zoom” to download the software for using “Zoom”. “Zoom” can also be used if the respective meeting ID and Login Data for the meeting are entered directly in the “Zoom” app. If participants do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which is also provided on the “Zoom” website.
Zoom processes the following data as part of the implementation of a digital Event:

• User information: first name, last name, email address, password
• Metadata: topic and description of the Event, participant IP addresses, device/hardware information
• When dialing in with the phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
• Text, audio, and video data: Participants have the option of using the chat, question, or survey functions in an online meeting. In this respect, the text entries made by the participants are processed in order to display them on the Zoom platform as part of the digital Event. In order to enable the display of video and the playback of audio, the data from the microphone of the terminal device and from any video camera on the terminal device of the participants will be processed during the Event. Participants can switch off or mute the camera or microphone themselves at any time using the “Zoom” applications. In this case, no corresponding data will be processed by Zoom.
• For recordings of the Event: MP4 file of the video, audio, and presentation recordings, M4A file of the audio recordings, text file of the online meeting chat.

If we record Events, we will inform you transparently in advance and – if necessary – ask for your consent. The fact that the meeting is being recorded is also displayed in the “Zoom” app. Additional information on data processing by Zoom can be found at https://zoom.us/de-de/privacy.html#_Toc44414841.

For the purpose of follow-up to the Event, we also collect the questions asked by participants. This is only done in order to answer after the Event further questions that cannot be answered immediately or not completely.

After the digital Event, Zoom sends to our software tool Active Campaign the information which of the registered participants actually took part in the Event or not. The interface of the “Integromat” plug-in from Integromat LLC, 16192 Coastal Highway, Lewes, Delaware 19958 USA, offered in the EU by Integromat sro, Novákových 1954/20a, 180 00 Prague 8, Czech Republic, is used for this data transfer between the applications. Integromat only uses the participant’s data for the technical processing of the transfer of participant data from Zoom and for entering the data in Active Campaign, where it is processed for comparison with the original registrations and does not pass it on to third parties. The following data is processed in the service: user ID, first and last name, email address, IP address, API key, access token, integration configuration, API logs. For this purpose, Integromat stores cookies on the respective end device of the participant. We have concluded an order processing agreement with Integromat in accordance with Art. 28 GDPR. Further information on data protection at Integromat can be found at https://support.integromat.com/hc/en-us/articles/360001988174.

After the Event, we use Active Campaign to send an email with the recording of the digital Event to all registered participants.

For further follow-up, documentation, and archiving, we move the Event data to our Pipedrive CRM system.

b.) Legal basis and purpose of data processing

Legal basis for data processing when holding our digital Event is Art. 6 para. 1 lit. b GDPR, insofar as the Events are carried out as part of a contractual relationship.

Insofar as we obtain your express consent in special situations, such as recordings, Art. 6 para. 1 lit. a GDPR is the legal basis.

If there is no contractual relationship or data processing is not required directly for the execution of the contract, the legal basis is Art. 6 Para. 1 lit. f GDPR. Here, too, we are interested in the effective implementation of our digital Events as well as in the presentation, validation, and post-processing of our Event. In particular, data on participation in our Events are used to enable us to bill and/or provide evidence of the provision of services to third parties as well as to enable us to control and manage our Events. In particular, this data is used to enable us to evaluate the utilization of our Events and thus to draw conclusions about the interests of the participants. With this knowledge, we can understand whether and in which areas future Events need to be adjusted or optimized.

c.) Duration of storage / options for objection and removal

If a participant is registered with “Zoom” as a user, reports on the Event (meeting metadata, data on dialing in, questions and answers in webinars, survey function in webinars) can be saved at “Zoom” for up to one month.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the Event, this is the case after the conclusion of an Event contract at the earliest when the respective Event service has been provided in full. As a rule, however, we also store contract-related data until the statutory warranty obligations have expired. In the case of a subsequent statutory archiving obligation, the data concerned will be deleted after the respective time limit.

VI. Management systems

1. Pipedrive

a.) Description of the data processing

We use the integrated management and marketing system “Pipedrive” in our company. Pipedrive is a web-based software solution from Pipedrive Inc, 460 Park Ave South, New York, NY 10016, USA, which is offered in Europe by Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. Pipedrive offers the following features:

• CRM (Customer Relation Management)
• CMS (content management system for websites and blogs)
• Contact forms
• Newsletter software
• Tracking and analysis

We use the functionalities of Pipedrive to manage user and customer data as well as to recognize and record new users on our website and to guide our users through automated sales processes. We use Pipedrive as a CRM system primarily to process and store contact data and to control and implement sales and marketing activities in connection with various functionalities of our offer. The information we enter is stored on Pipedrive servers. The data processed by Pipedrive can be used by us to obtain more detailed insights into the way in which our offers are used and how they are used, in order to contact customers and prospects or business partners and to determine which services our company offers them are interesting.

We have concluded an agreement with Pipedrive to process data on behalf of Art. 28 GDPR to ensure that our data is handled in accordance with data protection regulations. Pipedrive’s data protection information can be viewed at https://www.pipedrive.com/en/privacy. Further explanations on data protection at Pipedrive can be found under the following link: https://support.pipedrive.com/hc/de/articles/360000335129-Pipedrive-und-DSGVO.

b.) Legal basis and purpose of data processing

We use Pipedrive and all information recorded in Pipedrive on the basis of our legitimate interests in optimizing our internal administrative processes (efficient and fast processing of user inquiries, existing customer management, new customer business) as well as our marketing and in the analysis of the use of our online presence as well as its constant optimization and user-friendly design (Art. 6 para. 1 lit. f GDPR). We also use personal data on the same basis in order to be able to provide our users and customers with more targeted information. If we use Pipedrive to process communication in the context of establishing contact with the aim of concluding or executing a contract, the legal basis is Art. 6 Para. 1 lit. b GDPR.

c.) Duration of storage / options for objection and removal

Insofar as cookies are stored on the user’s computer in connection with Pipedrive and transmitted from there to our site, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. You can also use the cookie consent tool integrated on our website for this purpose. If cookies are deactivated on our website, as a result you may no longer be able to use all of the website’s features in full.

In addition, your data will be deleted from our CRM tool Pipedrive if the respective purpose of storage (e.g., processing an inquiry, termination of a customer relationship) no longer applies and there are no other conflicting legal exceptions. You can request information about the personal information stored about you at any time.

C. Miscallaneous

Due to the further development of our Website or our services, as well as due to changed legal or regulatory requirements, it may be necessary to amend this Privacy Policy. You can access the then current Privacy Policy on our website at any time and print it out, if necessary.