Privacy Notice regarding the website of CyberForum e.V.

In the following, you will find information about what personal data we process, for what purpose, on what basis, and for how long.

Overview / Table of Contents

You will find the following information in our data privacy notices: 

A. Our contact details and general information about data processing by us

  • Name and contact details of the responsible party (controller)
  • Contact details of the data protection officer
  • Legal bases for the processing of personal data
  • Data deletion and storage duration
  • Our sources of personal data
  • Specific categories, purposes, and legal bases for the processing of personal data
  • Recipients or categories of recipients of personal data
  • Data processing for the distribution of the newsletter
  • Contact options via e-mail, fax, and telephone

B. Scope of processing of personal data through our website

  • Provision of the website and creation of log files
  • Member login on the website
  • Guest login on the website
  • Data transmission to PayPal when paying via Seminaut
  • Contact through the contact forms
  • Use of cookies
  • Use of own plugins for error detection and correction
  • Use of the Google Analytics analysis tool
  • Use of the Google Maps service
  • Use of the Facebook "Like" plugin
  • Use of the Twitter "Tweet" button
  • Use of the Google+ social plugin
  • Use of the XING "Share" button
  • Use of the LinkedIn "Share" button
  • Use of the AddThis analysis tool
  • Use of YouTube videos on the website
  • Website encryption
  • Transfer of personal data to a third country (non-EU state)

C. Your rights as a data subject

  • The right to be informed
  • The right of rectification
  • The right to deletion
  • Right of objection to processing on the grounds of legitimate interest
  • Right of revocation in the case of consent-based data processing
  • The right to restrict processing
  • The right to information
  • The right to data portability
  • The right of objection in the case of processing on the grounds of legitimate interest
  • Right of revocation in the case of consent-based data processing
  • Automated decision-making including profiling
  • Voluntary provision of data
  • The right to lodge a complaint with a supervisory authority

A. Our contact details and general information on the processing of personal data by us

Name and contact details of the responsible party

The party responsible for the collection and use of personal data, within the meaning of data protection law, is

CyberForum e.V.
Haid-und-Neu-Straße 18
76131 Karlsruhe, Germany 

Phone: 0721.602 897-0
Fax: 0721.602 897-99
E-mail: info@cyberforum.de
Website: www.cyberforum.de

District Court Mannheim VR 102587
VAT No.: DE262851312 

Board of Directors:
Matthias Hornberger (Chairman), Hubert Meier, Michael Kaiser, Ralf Schneider, Dirk Fox, Markus Hennig, Martin Hubschneider

Managing Director:
David Hermanns 

Further information about the CyberForum can be taken from the imprint of our homepage under https://www.cyberforum.de/en/footer/imprint/ 

Contact details of the data protection officer of the responsible party 

The person appointed as the data protection officer for the aforementioned responsible party is: 

External Data Protection Officer
Thomas Heimhalt
DATENSCHUTZ perfect GbR
Wilhelm-Kolb-Straße 1a
76187 Karlsruhe, Germany

Phone 0721 5315879
Fax 0721 5315880
E-mail t.heimhalt@datenschutz-perfect.de

t.heimhalt@datenschutz-perfect.deFurther information about certificates and further training courses can be found on www.datenschutz-perfect.de in the "ABOUT US" section.

Legal bases for the processing of personal data

The following generally applies to the processing of personal data by us:

  • Insofar as we have obtained your consent for the processing of personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
  • In the processing of personal data, which is necessary for the fulfilment of a contract with you, Art. 6(1)(b) GDPR serves as the legal basis. This also applies if the processing is required to perform pre-contractual measures.
  • Insofar as processing personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6(a)(c) GDPR serves as the legal basis.
  • In the event that the vital interests of you or another natural person require a processing of personal data, Art. 6(a)(d) GDPR serves as the legal basis.
  • If processing is necessary to safeguard our legitimate interest or those of a third party and if your interests, fundamental rights, and freedoms do not outweigh the first-mentioned interest, Art. 6(1)(f) GDPR applies as the legal basis for processing. 

Data deletion and storage duration

We generally delete or block personal data as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which we, as the responsible party, are subject. Blocking or erasing of data will also be carried out if a storage deadline prescribed by the aforementioned standards expires, unless further data storage is necessary for concluding or performing a contract.

In concrete terms, this means that:

If we process the personal data on the basis of consent to data processing (Art. 6(1)(a) General Data Protection Regulation, in short: GDPR), the processing ends with your revocation, unless there is another legal reason for processing the data, which is the case if we are still entitled to process your data at the time of revocation for the purpose of contract fulfilment or if the data processing is necessary to protect our legitimate interests (cf. in each case below).

If we process the data in exceptional cases on the basis of our justified interests (Art. 6 (1)(f) GDPR) within the scope of a previously assessed situation, we store these data until the justified interest no longer exists, the assessment leads to a different outcome, or you have filed an effective objection in accordance with Art. 21 GDPR (see the highlighted "Information on the special right to objection" under C.).

If we process the data for the fulfilment of the contract, we store them until the contract is conclusively fulfilled and processed and no more claims can be asserted from the contract, i.e. until the occurrence of the statute of limitations. The general limitation period according to § 195 BGB [German Civil Code] is three (3) years. However, certain claims – such as claims for damages – become statute-barred after 30 years (cf. § 197 BGB). We will store the personal data for longer than this period if there is a legitimate reason to assume that it is relevant in individual cases. The aforementioned limitation periods commence at the end of the year (i.e. 31/12) in which the claim arose and the claimant becomes aware of the circumstances giving rise to the claim, and the person of the liable party becomes aware thereof or should become aware thereof without gross negligence.

We would like to point out that we are also subject to statutory retention obligations for tax and accounting reasons. These oblige us to store certain data, which might include personal data, for a period of six (6) to ten (10) years as proof of our accounting. These retention periods take precedence over the aforementioned deletion obligations. The retention periods also commence at the end of the respective year, i.e. on 31/12.

Source of personal data

The personal data processed by us originates primarily from the data subjects themselves, for example in the following cases:

  • if when using our website, you transmit information such as your IP address to our web server via your web browser and device (for example a PC, a smartphone, a tablet, or a notebook);
  • if interested parties request information material or an offer from us;
  • if customers place an order with us or conclude a contract with us;
  • if, as a member of our association, you are informed about our association and its activities and possibilities, and consent to the publication of your company data;
  • if press representatives request information material, press releases, statements, etc;
  • if suppliers supply us with goods as agreed or render services for us, and similar circumstances.

Only in very exceptional cases can the personal data processed by us also be provided by third parties, for example if a person acts on behalf of a third party. 

Specific categories, purposes, and legal bases for the processing of personal data

We process the following categories of personal data: 

  • users of our website;
  • interested parties;
  • member of the press;
  • members;
  • customers; as well as
  • suppliers.

Depending on the category of data concerned, we process personal data for the following purposes and on the basis of the respective legal substantiation provided by the General Data Protection Regulation (GDPR):

User data: Data from users of our website are collected and processed by us on an anonymous basis. It is not possible for us to assign these data to a specific person. The IP address will only be processed anonymously. If, in exceptional cases, personal data are affected, we process them to protect our legitimate interests on the basis of Art. 6(1)(f) GDPR. In this context, our legitimate interests are our interest in the security and integrity of our website and the data on our web server (in particular to detect faults and errors as well as the tracking of unauthorised access), as well as marketing interests and interests in statistical surveys (to improve our website and our services and offers). After a careful assessment, we have come to the conclusion that data processing is necessary to safeguard the aforementioned justified interests and that your interests or fundamental rights and freedoms, which require the protection of personal data, do not outweigh them.

Data of interest parties/data of press representatives: If we process data of parties interested in our services or data of press representatives, this only takes place if you enter these data in an input field or provide these by e-mail as you submit your request to us. These entries are not mandatory. We then process these data exclusively to handle your request. The processing of these data, voluntarily transmitted to us for the purpose of providing information about our services, takes place as pre-contractual processing in accordance with Art. 6(1)(b) GDPR and/or on the basis of the consent transmitted by you to us in accordance with Art. 6(1)(a) GDPR.

Customer data: We process the data of our customers to perform a contract pursuant to Art. 6 (1)(b) GDPR and/or on the basis of a granted consent in accordance with Art. 6(1)(a) GDPR. This also applies to processing procedures that are necessary to carry out pre-contractual measures (e.g. to prepare an offer and conduct negotiations).

Member data: We process the data of our members for management and administration purposes related to our association, member support, as well as for the fulfilment of statutory purposes to which the association is subject pursuant to Art. 6(1)(b) GDPR (this also applies to processing processes that are necessary to admit a new member, e.g. after a request for new membership has been submitted/to process the membership application) and/or on the basis of a legitimate interest of the association pursuant to Art. 6(1)(f) GDPR if the association has a legitimate interest in certain data processing and the interests or fundamental rights and freedoms of the member do not outweigh these interests.

Supplier data/data of business partners: We process the data of our suppliers and business partners for contract performance pursuant to Art. 6 (1)(b) GDPR and/or on the basis of a granted consent in accordance with Art. 6(1)(a) GDPR. This also applies to processing procedures that are necessary to carry out pre-contractual measures (e.g. to prepare an offer and conduct negotiations).

Recipients or categories of recipients of personal data

Your personal data will only be passed on or otherwise transferred to third parties if this is necessary for the purpose of contract processing (e.g. to manage and support your membership or an order) or for billing purposes (e.g. to process a payment transaction for the purchase of goods or services), if there is a legitimate interest in the transfer and your interests or fundamental rights and freedoms do not outweigh this interest, or if you have given your prior, valid consent.

Categories of recipients might be:

  • Service providers (publishers, printers, workshops organisers, congresses, conferences, etc.)
  • Shipping service providers, suppliers
  • Payment service providers, banks

Data processing for the distribution of the newsletter  

 It is possible to subscribe to our free newsletter through our website or on request. The data from the contact form are transmitted to us when you subscribe to the newsletter. These data only include the e-mail address, which is necessary to send you the newsletter.

You can also specify the type of newsletter you would like to receive when subscribing. Our newsletters cover various topics and areas of focus. In order to distribute the newsletter and to meet your wishes, we store the type of newsletter requested by you together with your e-mail address.

When subscribing for the newsletter, the following data are additionally collected:

  • your IP address as well as
  • the date and time of your subscription.

This serves to prevent misuse of the services or your e-mail address.

During the subscription process, your consent is obtained for processing data and reference is made to this privacy policy.

Subscription to our newsletter takes place using a process known as double opt-in. The means that you will receive an email requesting confirmation of your subscription. The confirmation is required to ensure that no one else can subscribe using your email address. By clicking on the link to confirm your subscription, data are collected on your IP address and the exact moment (date and time) of the click. This data processing serves to fulfil our legal duty to prove that an opt-in, i.e. express consent to the receipt of the newsletter, has actually been given from the particular e-mail address.

Purpose of data processing: The collection and processing of the user's e-mail address is necessary to distribute the newsletter. We use the e-mail address for advertising purposes.
The collection of the IP address and the moment of clicking on the confirmation link in the double-opt-in e-mail serves to fulfil our legal duty to provide proof of obtaining express consent.
The collection of other personal data as part of the subscription process ensures the prevention of misuse of the services or of the used email address.
Storage might take place beyond the cancellation of the newsletter for up to three years, for the purpose of providing proof of a previously given consent and to defend against possible claims.

Legal basis for data processing: Legal basis for processing the data after subscription for the newsletter by the user is your consent pursuant to Art. 6(1)(a) GDPR.
The legal basis for storing the IP address and the time and date of clicking on the confirmation link in the double-opt-in e-mail, and for possible further storage for up to three years after your cancellation of the newsletter, is our justified interest pursuant to Art. 6(1)(f) GDPR. In this case, the justified interest lies in the ability to prove that you have provided your prior consent and to defend against claims derived from this.

Duration of storage: The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
We may store the e-mail addresses that have been unsubscribed, together with the data collected upon confirmation of consent to receive the newsletter, for up to three years on the basis of our legitimate interests, before we delete them in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of a possible defence against claims. An individual request for deletion can be expressed at any time, provided that, at the same time, the existence of prior consent is confirmed.
The other personal data collected during the subscription process will generally be deleted after a period of seven days.

Objection and erasure option: The subscription to the newsletter can be cancelled at any time, informally and free of charge. For this purpose, a corresponding link can be found in every newsletter.
This also allows for withdrawal of consent to the storage of personal data collected during the subscription process.
Please also take note of the additional possibilities and information regarding our distribution provider MailChimp in the following paragraphs.

Use of the "MailChimp" distribution service

The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, US.

The e-mail addresses of our newsletter recipients, as well as their further data described in the context of this newsletter notice, are stored on the servers of MailChimp in the US. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use these data along with its own information to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for business purposes, in order to determine from which countries the recipients originate. However, MailChimp does not use the recipient data of our newsletter to approach recipients directly, nor do they pass the information on to third parties.

MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and thus commits itself to comply with EU data protection regulations. Furthermore, we have concluded an "order processing contract" with MailChimp. This is a contract in which MailChimp undertakes to protect our users' data, to process it on our behalf in accordance with our data protection regulations, and, in particular, not to pass it on to third parties.

You can view MailChimp's privacy policy here.

Statistical data collection and analysis

The newsletters contain a web beacon, a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. During the download, technical information, such as your browser and operating system, as well as your IP address and the time of the download, are collected. This information is used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses), or download times.
Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked on. Although this information technically allows the tracking of individual newsletter recipients, we and MailChimp are not interested in monitoring the behaviour of individual users. Data analysis is rather used to recognise patterns in the reading behaviour of our users and to adapt content accordingly or send different content according to the interests of our users.

Online access and data management 

There are cases in which we direct the newsletter recipients to the web pages of MailChimp. For example, if our newsletters contain a link with which the newsletter recipients can view the newsletters online (e.g. in case of display problems in the e-mail program). Furthermore, newsletter recipients can subsequently correct their data, e.g. e-mail address. Likewise, the privacy policy of MailChimp is only available on their site.

In this context, we point out that cookies are used on the websites of MailChimp and thus personal data are processed by MailChimp, its partners, and service providers (e.g. Google Analytics). We do not have any control whatsoever on this data collection. Further information can be found in the privacy policy of MailChimp.

In addition, we would like to draw your attention to the possibilities of objecting to the collection of data for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area).

Contact options via e-mail, fax, and telephone

You can contact us via various channels. Please have a look at our website to find our e-mail address, telephone number, and fax number. If you write us an e-mail, call us, or send us a fax we will inevitably process your personal data as well. At the very least, the personal data transmitted by e-mail, fax, or your telephone are stored by us or our systems.

These data will not be disclosed to third parties in this context. The data are used exclusively for processing the conversation.

Purposes of data processing: The processing of personal data with transmission by e-mail, fax, or telephone serves to process your contact and your request. We absolutely need your e-mail address, your fax number, or your telephone number to be able to answer in the first place. This is also the legitimate interest in the processing of the data.

Legal basis for data processing: Legal basis for the processing of data in the case of a consent that can be deduced from you contacting us, Art. 6(1)(a) GDPR and, otherwise, our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

If the contact or your request is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6(1)(b) GDPR (implementation of pre-contractual measures).

Duration of storage: The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected.

For the personal data sent by e-mail, this is the case when the conversation with you has ended and after expiry of a waiting period of 3 months during which we assess whether or not we need to access your request or the details of the communication again. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Fax data are stored separately from print data in the machine memory of the fax machine. After the fax has been printed, the occupied memory space is released again so that the next fax can be received and stored there. Parts of the fax may temporarily remain in the machine memory after printing until they are overwritten by the next received fax. Normally, this leads to an automatic deletion of the data after 1-2 weeks. In the case of a computer fax, we will receive your fax as an e-mail and the information on e-mail processing apply accordingly.

In the case of an incoming or outgoing telephone call, your telephone number or your name/company name stored with your telephone provider, as well as the date and time of the call, are stored in our telephone system in a so-called ring buffer, which overwrites the oldest data with new data. As a rule, this leads to automatic deletion of the data in the telephone system after approx. 3-4 months.

Objection and erasure option: You have the possibility to revoke your consent to the processing of personal data or to object to further data processing based on justified interest at any time (cf. the reference to the special right of objection under C. of this data privacy notice). It will not be possible to continue the conversation in this case.

The revocation of consent or the objection to further data processing can be expressed informally (e.g. by e-mail).

All personal data stored in the course of contacting us will be deleted as a result.

B. Scope of processing of personal data through our website

We collect and use personal data of users of our website only to the extent necessary to provide a functional website as well as our content and services. The collection and use of our users' personal data, in principle, only takes place with the user's consent. An exception applies in those cases where prior consent cannot be obtained for legal or circumstantial reasons and/or if the processing of the data is permitted by law.

Provision of the website and creation of log files

For technical reasons, our system (web server) automatically collects data and information each time you visit our website. These are stored in the log files of the server. These are:

·         error when accessing content (error.log; time stamp and type of error message);

·         date and time of access;

·         URL (address) of the referring website (referrer);

·         the websites accessed by the user's system via our website;

·         the screen resolution of the user;

·         retrieved file(s) and notification about the success of the retrieval;

·         data quantity sent;

·         the user's Internet service provider;

·         browser, browser type and version, browser engine, and engine version;

·         operating system, operating system version, operating system type, as well as

·         the anonymised IP address and the Internet service provider of the user.

These data are processed separately from other data. These data are not processed together with other personal data of the user. It is not possible for us to assign these data to a specific person.

Purpose of data processing: The temporary processing of the data by the system is necessary to enable delivery of our website content to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.

The data are stored in log files to ensure the website's functionality. The data are additionally used to optimise our offer and the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.

Legal basis of data processing: The temporary storage of data and log files takes place on the legal basis of Art. 6(1)(f) GDPR. Our outweighing legitimate interest in this data processing lies in the aforementioned purposes.

Duration of storage: The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended. Should any data be stored in log files, these will be in after seven days at the latest. Further storage is possible. In this case, the user's IP addresses will be deleted or distorted, so that assignment of the accessing client will no longer be possible.

Objection and deletion possibility: The collection of data for the provision of the website and storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no option to object on the part of the user. However, the user may terminate the use of the website at any time and thus prevent the further collection of the aforementioned data.

Member login on the website

On our website, we offer members the opportunity to register in a protected member area by entering their personal access data. After acceptance as a member, our members will receive the access data by e-mail to the e-mail address specified during the membership application.

For registration, the access data are entered into an input mask and transmitted to us, as well as processed by us, for the purpose of verification of the access data and for the release of access to the member area. These data shall not be transferred to third parties.

The use of our own plugins within the member area, for error detection and troubleshooting purposes, is described separately in this data privacy notice.

If a member posts content on the website within the member area (i.e. a new

news contribution, event, or job offer), we will automatically receive an e-mail notifying us of this change. This takes place to prevent misuse, since the data content of the member are directly available on our website and this is the only way to control the posted content. This e-mail also serves to fulfil our statutory purposes and tasks. If a member, for example, posts a vacancy with specific requirements, and we know a candidate who meets those requirements and is looking for a job, we can bring member companies and applicants together.

To log in to the member area, the membership number and password must be entered. The member's e-mail address together with the password stored with us can alternatively be used.

In a similar way, it is possible that our members can receive and use limited access to the member area for their employees.

All data transmissions mentioned are encrypted.

Purposes of data processing: The registration of the user serves to provide certain content and services on our website, which are only intended for members of the association. This also includes an individual public profile, which each member can create and edit him/herself.

The e-mail notification of changes serves to prevent misuse and to ensure the security and integrity of our information technology systems.

Legal basis for data processing: The legal basis for processing the data is the consent given by the member in accordance with Art. 6(1)(a) GDPR.

The legal basis for data processing with regard to the automated information mail sent to us is our legitimate interest pursuant to Art. 6(1)(f) GDPR, which is based on the aforementioned purposes.

Duration of storage: The data are stored as long as no revocation by the member is expressed or until the membership is terminated.

Revocation and erasure option: You have the option to cancel the registration for the member area at any time by revoking your consent. You can express this revocation by notifying us. You can also edit, delete, supplement, and change the data stored about you at any time.

Guest login on the website

It is possible for non-members to register on the website to receive access data, which will then enable faster registration for our events.

For this purpose, we collect your e-mail address and a password of your choice when you register. Optionally, you can provide us with further information (title, first name, surname, telephone number, company role, company, address data such as street, house number, postcode, city, and country). These data help us to identify you and to register you directly for the events, to include you in the list of participants, etc.

All data that you provide during registration will be pre-filled in the future whenever you register, which considerably simplifies and expedites registration for you.

By sending your data, you express your consent to the associated data collection. You will be informed of the declaration of consent through the send button.

Purposes of data processing:  Registration is used to collect registration data for CyberForum events to speed up and simplify the registration process.

Legal basis for data processing: The legal basis for processing the data is the consent given by you in accordance with Art. 6(1)(a) GDPR.

Duration of storage: The data are stored for as long as no revocation is expressed.

Revocation and erasure option: You have the option to cancel the registration at any time by revoking your consent. You can express this revocation by notifying us.

Data processing for payment via Seminaut

If you would like to register for an event on our website, the registration – and, in the case of a paid event, payment – is made directly via external content of the website www.seminaut.de (Seminaut / operated by CyberForum Service GmbH and hosted by platform operator ALPHA-Q GmbH in Karlsruhe) on our website.

Purposes of data processing: With mere registration without payment, the data are processed via the web portal operated by CyberForum Service GmbH in order to create and manage the list of participants for the respective event and to ensure that the maximum number of participants is not exceeded.

Seminaut's booking system also makes it possible to initiate a payment transaction. If the event for which you wish to register is subject to a fee, we will pass on the payment data collected for this purpose to the credit institution or the selected payment service provider for processing of the payment if you do not wish to pay in advance by bank transfer or by SEPA direct debit.

Legal basis for data processing: The legal basis for data processing is our legitimate interest in data processing pursuant to Art. 6 (1)(f) GDPR.

If your registration – also for free events – afterwards results in the conclusion of a contract, an additional legal basis for the processing is Art. 6 (1)(b) GDPR (contract performance).

Duration of storage: The data will be deleted after the event is concluded and a maximum waiting period of 4 weeks has elapsed. Unless you have otherwise allowed us to further process your data beyond this period by giving your consent to receive further information, e.g. by subscribing to our newsletter or similar.

Revocation and erasure option: You can prevent data processing by not registering for our events. You can prevent data processing for handling payments through PayPal by choosing another payment method.

Payment via PayPal: If payment is offered via PayPal, credit card via PayPal, direct debit via PayPal, or "Purchase on account" via PayPal, we will forward your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" via PayPal. PayPal uses the result of the credit check with respect to the statistical probability of debt default for the purpose of deciding on providing the respective payment method. The credit information may contain probability values ​​(so-called score values). When score values are ​​included in the results of the credit check, they are based on a scientifically established mathematical and statistical method. Among others, address data are included in the calculation of the score values.

PayPal also collects these data itself if you have already created an account there. In this case, you have to sign in to the payment service provider during the ordering process with your login.

For further information on data protection, including on the credit agencies used, please refer to the privacy policy of PayPal: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

Contact via contact form

Contact forms are available on our website, which can be used to get in touch with us electronically for various areas and topics. If a user makes use of this option, the data entered in the input screen will be sent to us and stored. The subsequent data processing is in principle based on the respective topic related to the contact form. If you register for an event, the data collection and data processing serves the registration and the handling of the event by us.

This applies, for example, to filling vacancies for specific occupations. Here, we collect the following data:

·         first name;

·         family name;

·         e-mail address;

·         region of training place (KA, BAD, or RA);

·         data, as far as these are contained in the application documents sent to us;

·         remarks (free text field).

All details are provided on an optional basis.

We also use a contact form for apprenticeship placement in general. Here, we collect the following data:

·         first name;

·         family name;

·         e-mail address;

·         region of training place (KA, BAD, or RA);

·         data, as far as these are contained in the application documents sent to us;

·         vocational trade;

·         remarks (free text field).

Here, too, all details are provided on an optional basis.

We also use a contact form for enquiries about our talent factory. Here, we collect the following data:

·         selection (company, trainee);

·         vocational trade;

·         first name;

·         family name;

·         e-mail address;

·         other information (free text field).

All details are provided on an optional basis.

This also applies to the contact option under "Open IT". We collect these data from you:

·         first name;

·         family name;

·         telephone number;

·         e-mail address;

·         data, as far as these are contained in the documents sent to us (curriculum vitae, etc.).

All information except last name and e-mail address is provided on an optional basis.

We also use a contact form in the area "Finish IT". Here, we collect the following data:

·         first name;

·         family name;

·         e-mail address;

·         data, as far as these are contained in the documents sent to us (curriculum vitae, etc.);

·         remarks (free text field).

All information except last name, family name, and e-mail address is provided on an optional basis.

We also use a contact form for the "Specialist pool". Here, we collect the following data:

·         first name;

·         family name;

·         telephone number;

·         e-mail address.

Here, all information is mandatory.

There is also a contact form included in the section "Job exchange". Here, we collect the following data:

·         e-mail address.

It is obliged to provide an e-mail address.

In the section "Founder/CyberLab", there is a contact form through which the following data are collected:

·         first name;

·         family name;

·         telephone number;

·         e-mail address.

Here, all information is mandatory.

In the area "TeamUp", there is another contact form, through which these data are collected:

·         first name;

·         family name;

·         e-mail address;

·         street,

·         postcode, city;

·         photo;

·         statement (free text field),

·         selection field "Have business idea (yes/no)";

·         details of the business idea (free text field);

·         own focus (free text field);

·         I am looking for a partner with skills in [focus of partners] (free text field).

Note: If you wish to participate in TeamUp and send your data to us, you also agree that the data collected in this way will be printed and exhibited during the event as part of our "TeamUp" event format, so that other participants can contact you in a targeted manner.

If you wish to become a member, please fill in the membership application on our website. It contains many questions that – insofar as they are mandatory (the mandatory fields are visibly marked as such) – are absolutely necessary for the proper admission and administration of members.

Mandatory fields are:

·         Providing an e-mail address to allow us to contact you;

·         providing bank details (IBAN) and consent for the SEPA direct debit process to withdraw membership contributions;

·         the number of employees, since the amount of the membership fee depends on it.

In the member area, each member can additionally enter further information on the company's promotional presentation on the CyberForum member pages in a so-called member interview (e.g. self-portrait of the member company, the interview partner, etc.). Photos can also be uploaded here, also on a purely voluntary basis. By uploading, the member assures that he/she owns the necessary rights to these photos and indemnifies the CyberForum against third-party claims relating hereto.

Further information provided in this context is:

·         first name;

·         family name;

·         company of the interview partner;

·         position of the interview partner;

·         interests of the interview partner regarding the offers of the CyberForum;

·         e-mail address.

Except for the specification of interests, these are mandatory fields, as this is the only way the interview can fulfil its purpose of gaining sufficient insight into the member company. However, the information itself can be entered and transmitted purely voluntarily.

Finally, press representatives in the press distribution list can contact us. For this purpose, we collect the following data:

·         first name;

·         family name;

·         e-mail address;

·         telephone number;

·         medium, publication;

·         department;

·         function (free text field);

·         topic of interest (IT, economy, etc.);

All details are provided on an optional basis.

The transmission of data is SSL-encrypted.

The following data are also stored at the time the message is sent:

·         your IP address;

·         date and time of sending;

likewise, for the purpose of determining and, if necessary, correcting delivery problems, information on the success or failure of delivery is stored together with the recipient's e-mail address and deleted immediately after determining successful sending.

During the sending process, your consent is obtained for processing data and reference is made to our legitimate interest in data processing. You will be informed again about the data processing and reference is made to this data privacy notice.

These data will not be disclosed to third parties in this context.

Purposes of data processing: The processing of personal data from the input mask serves to check and process your request and to facilitate further contact between us that may follow, when registering for an event and also for the registration and processing of the event. We require the data requested to check your request and – if necessary – be able to respond adequately. This is also the legitimate interest in the processing of the data.

The other personal data processed during the sending process help prevent misuse of the contact form and to ensure the security of our information technology systems.

As part of the membership application, we collect and process the data for the purpose of membership administration and support.

Furthermore, we process the data for the purpose of determining multiple no-shows in spite of prior registration (NoShow).

Legal Basis for Data Processing: The legal basis for the processing of data, if the user's consent to this has been obtained, is Art. 6(1)(a) GDPR and, otherwise, our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

If the contact or your request is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6(1)(b) GDPR (implementation of pre-contractual measures).

Data processing for membership administration is carried out in accordance with Art. 6(1)(b) GDPR (contract performance).

The further processing of data to determine multiple no-shows (see the purposes away) takes place on the basis of our legitimate interest pursuant to Art. 6(2)(f) GDPR, as this allows us to specifically exclude participants from further applications (in favour of the other interested parties who might otherwise be prevented from participating) or address these applicants in order to prevent future no-shows to the greatest possible extent.

Duration of storage: The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected.

For the personal data from the contact form input screen and the data that was sent by e-mail, this is the case when the respective conversation with you has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.

In the case of members, the purpose ends with the end of membership and the statute of limitations for any claims arising therefrom.

The data processing with regard to the no-shows (see above) takes place for members over the entire duration of the membership and in all other respects over a period of 5 years. This allows us to actually fulfil the purposes mentioned and is beneficial to all members and parties interested in attending events, as applicants who fail to appear are confronted and/or excluded from further participation.

Objection and erasure option: You have the possibility to revoke your consent to the processing of personal data or to object to further data processing based on justified interests at any time (cf. the reference to the special right of objection specified above). It will not be possible to continue the conversation in this case.

The revocation of consent or the objection to further data processing can be expressed informally (e.g. by e-mail).

All personal data stored in the course of contacting us will be deleted as a result.

By terminating your membership, you also terminate the further data processing that takes place for the purpose of member administration.

Use of cookies
We use so-called cookies when accessing certain pages. These are small text files that are stored on the user's device (PC, smartphone, tablet, etc.). If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

In addition, cookies from third parties may be used. If this is the case, we will inform you separately in this data privacy notice in the sections on the respective third-party tools (such as analysis tools, plugins, etc.).

We use cookies to make our website more user-friendly and to ensure the security and integrity of the website. Some elements of our website require that the requesting browser can be identified even after changing pages. The following data are stored and transmitted in the cookies:

·         log-in information;

·         information on the reproduction of reported errors in the member area (for example, the following is logged: The browser of which registered user has sent which data to our web server and from which IP address).

When accessing our website, the user is informed on the use of cookies for analytical purposes and his/her consent to the processing of personal data used in this context is obtained. Reference is also made to this privacy notice in this context.

Purpose of data processing: The purpose of the use of technically necessary cookies is to enable the use of websites within the login area for the users. Some features of our website will not be available without the use of cookies. In this case, it is necessary that the browser is recognised even after changing the page.

With regard to the reproduction of errors in the member area, the purpose is to be able to trace reported errors and remedy them for the benefit of all users/members. Particularly in member profiles, which members can edit themselves, such errors can occur and these could not be traced without logging activities.

The user data collected by technically necessary cookies shall not be used to create user profiles.

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.
The legal basis for processing personal data by using cookies for analytical purposes, if the user's consent to this has been obtained, is Art. 6(1)(a) GDPR.

Duration of storage: Some of the cookies we use are erased after the browser session, that is, after you close your browser (known as session cookies). Other cookies remain on your device and enable us and our partner companies to recognise your browser on your next visit (persistent cookies).

Objection and erasure option: Cookies are stored on your computer and transmitted from there to our site. As a user, you therefore have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. This "do-not-track" setting of your browser informs us of your objection to the further collection and use of your personal data. Please note: If cookies are deactivated for our website, it may no longer be possible to use all of the website's features.

Use of own plugins for error detection and correction

We also use our own plugins on our website, which process certain user data exclusively for the purposes of error detection and troubleshooting.

Contact forms section

Here, we store the result of the dispatch together with the e-mail address to which the e-mail

has been sent.

Time and again, delivery problems occur with e-mails. The data storage enables us to

find out whether a problem occurred and, ideally, to resolve it and to determine

whether this is due to an error on our part.

Members area

Members have the possibility to create and edit their own profiles on our site. During the processing of profiles, it regularly occurs that members report errors to us and that we cannot successfully determine the nature of the error. For this reason, we collect the individual profile editing steps together with the data of the respective member in order to be able to trace error messages and correct errors.

Since data are often copied into description fields when editing the member profiles that cannot be inserted there, the analysis of the entries into these description fields is saved in order to understand the reason for the error messages and to be able to assist members with these errors.

Purpose of data processing:  These data processing operations are performed solely for the purpose of error detection and correction.

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Duration of storage: We delete the log files as soon as it becomes apparent to us that further storage is not necessary, i.e. if the corresponding delivery message was successful or if the profile has successfully been processed in the member area.

In all other respects, we store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the assessment leads to a different outcome, or if you have effectively filed an objection in accordance with Art. 21 DSGVO (cf. the highlighted "Information on the special right to objection" under C.).

Objection and erasure option: Cookies are stored on your computer and transmitted from there to our site. As a user, you therefore have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. This "do-not-track" setting of your browser informs us of your objection to the further collection and use of your personal data. Please note: If cookies are deactivated for our website, it may no longer be possible to use all of the website's features.

Use of the Google Analytics analysis tool

This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google"). Google Analytics uses so-called "cookies", which are text files stored on your computer that enable the analysis of the way in which you use the website.

Please note that on this website, Google Analytics has been extended by the code "anonymizeIp" in order to ensure an anonymous collection of IP addresses (called IP masking). In case IP anonymisation is activated on this website, your IP address will first be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area. The full IP address will be sent to a Google server in the US and truncated there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activity, and to provide the website operator with other services related to website activity and internet usage. The IP address provided by your browser as part of Google Analytics will not be combined with other data from Google.

You can find more detailed information on Google's Terms of Use and Privacy Policy at www.google.com/analytics/terms/us.html or at  https://policies.google.com/privacy?hl=en.

Purpose of data processing: The analysis tool and analysis cookies are used to improve the quality of our website and its content. We learn how the website is used and enables us to constantly optimise our offer. The personal data generated by the cookie about your use of the website will usually be transmitted to and stored on a Google server in the US.

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes. Google Inc. has joined the "EU-US Privacy Shield", so that data transmission to the US is permitted.

Duration of storage: Cookies are stored on the user's computer and transmitted to our website; thus, as a user, you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features.

Objection and erasure option: You can prevent cookies from being stored by selecting the appropriate settings in your browser. However, we wish to point out that, by doing so, you may not be able to enjoy the full functionality of this website. Furthermore, you can prevent the data generated by the cookie and relating to the usage of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plugin available on the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set that prevents the future collection of your data when you visit this site:
<a href=“javascript:gaOptout()“>
Disable Google Analytics</a>

Use of Google Maps

This website uses Google Maps, a map service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google") to display an interactive map. By using Google Maps, information about your use of the website (including the IP address) may be transmitted to a Google server in the US and stored there.

Google may also pass on the information collected through Maps to third parties insofar as this is required by law or as far as third parties may process the data on Google's behalf. Google will not under any circumstances associate your IP address with any other data held by Google. However, it would be technically possible for Google to identify at least individual users based on the data collected. It is possible that personal data and personal profiles of users of the Google website could be processed for other purposes. We have no influence over this.

Purpose of data processing: Google Maps is used to improve the quality of our website and its content and to provide you with a simple, useful, and well-known map service for orientation, to display our company headquarters, to plan your journey, etc.

Legal basis for data processing: The legal basis for processing personal data using Google Maps is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes. Google Inc. has joined the "EU-US Privacy Shield", so that data transmission to the US is permitted.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code and as such prevent data storage. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

In all other respects, we store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the assessment leads to a different outcome, or if you have effectively filed an objection in accordance with Art. 21 DSGVO (cf. the highlighted "Information on the special right to objection" under C.). A regular review takes place at least once a year to assess whether the legitimate interest still exists. We in particular no longer have an interest to storage if the data no longer have sufficient relevance with regard to the (statistic) evaluation of website use, which can be assumed to take place after three years at the latest.

Objection and erasure option: You have the option to easily deactivate the Google Maps service and thus prevent data transfer to Google. To do so, deactivate JavaScript in your browser.
To prevent the execution of JavaScript code in general, you can also install a JavaScript blocker such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).

Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

The privacy policy and terms of use for Google products and specifically for Google Maps can be found at https://policies.google.com/technologies/product-privacy?hl=de

Use of the Facebook plugin

Our website also contains so-called social plug-ins, which are small software programs of the social network Facebook. These are exclusively operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, US ("Facebook"). You can recognise these plugins on our website by the Facebook logo or the addition of the "Like" button.

When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers in the US, which in turn transmits the content of the plugin to your browser and integrates it into the website.

In this way, the fact that you have visited our website is forwarded to Facebook. If you are logged on to your personal Facebook account when visiting our site, Facebook can assign the visit to your account. By interacting with plug-ins, e.g. by clicking the so-called "Like" button or leaving a comment, this information is transmitted directly to Facebook and stored there.

If you want to prevent such data transmission, you must log out of your Facebook account before visiting our website. In this case, however, certain data, such as your IP address, the time and date of the click, your browser used, etc., will still be transmitted to Facebook. Logging out simply prevents the data from being assigned to a specific Facebook account.

Purpose of data processing:  The Facebook plugin is used to enable direct feedback ("Like") or direct sharing of our contributions and information ("Share") and thus to serve our advertising and marketing interests.

To find out more about the purpose and scope of data collection by Facebook, their further processing and use of your data as well as your rights in this respect and Facebook account settings options for protecting your privacy, please refer to the Facebook data protection policy (http://facebook.com/privacy/explanation.php).

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

Objection and erasure option:   If you do not want Facebook to be able to associate your Facebook account with our site, please log out of your Facebook account and block the execution of script content from Facebook in your browser, e.g. using the script blockers on  www.noscript.net or  www.ghostery.com .

Use of the Twitter "Tweet" button

Our website uses the "Tweet" button of the social network Twitter, which is operated by Twitter Inc. 750 Folsom Street, Suite 600, San Francisco, CA 94107, US ("Twitter"). The "Tweet" button can be recognised by the dark blue bird.

When you visit one of our websites containing such a button, your browser establishes a direct connection to Twitter's servers. The content of the "Tweet" button is transmitted directly from Twitter to your browser and integrated into your Twitter message. We have no influence on the scope and content of the data that Twitter collects using this button. To the best of our knowledge, only your IP address and the URL of the page you are sharing will be transmitted when you use the Twitter button, but not for other purposes than displaying the buttons used. Interactions, especially the clicking of a "Retweet" button, will also be forwarded to Twitter.

Purpose of data processing: The Twitter plugin is used for the purpose of providing direct feedback or direct sharing of our contributions and information ("Tweet") and thus for our advertising and marketing interests.

For more information about the purpose and scope of data collection and the further processing and use of data by Twitter, as well as your rights and settings options for protecting your privacy, please see the Twitter privacy policy: https://twitter.com/privacy

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code and as such prevent data storage. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

Objection and erasure option: If you are a Twitter member and do not want Twitter to collect data about your visit to our website and link this to your account data stored on Twitter, you must log out of Twitter before visiting our website.
You can prevent the execution of the JavaScript code required for the tool by setting your browser software accordingly.
To prevent the execution of JavaScript code in general, you can also install a JavaScript blocker such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).

You can also change your Twitter privacy settings in your Twitter account settings at http://twitter.com/account/settings.

Use of the Google+ button "+1"

Our website uses the "+1" button of the social network Google Plus, which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google"). The plug-ins are identifiable by the "+1" on a white or coloured background.

If you access a page of our website that contains such a button, your browser establishes a direct connection with Google servers. The contents of the " +1" button are transmitted from Google directly to your browser, which integrates it into the website. We have no influence on the scope and content of the data that Google collects using this button. According to Google, no personal information is collected without clicking on the button. Such data, such as the IP address, are only collected and processed from logged-in members.

Purpose of data processing: The plugin is used for the purpose of providing direct feedback or direct sharing of our contributions and information on the social network Google+ and thus for our advertising and marketing interests.

For information about the purpose and scope of data collection and the further processing and use of the data by Google, as well as your rights and settings options for the protection of your privacy, please refer to Google's privacy policy regarding the "+1" button: http://www.google.com/intl/en/+/policy/+1button.html

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code and as such prevent data storage. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

Objection and erasure option:  If you are a Google Plus member and do not want Google to collect information about your use of our site and link to your membership information stored on Google, you must log out of Google Plus before visiting our site.

You can prevent the execution of the JavaScript code required for the tool by setting your browser software accordingly.
To prevent the execution of JavaScript code in general, you can also install a JavaScript blocker such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).

Use of the XING "Share" button

This website uses the "Share" button of the professional network XING, which is operated by XING SE, Dammtorstraße 30, D-20354 Hamburg, Germany.

When you access this website, a temporary connection is established via your browser to servers of XING SE ("XING") in order to provide the "XING share button" functions (in particular the calculation/display of the counter value). XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. No evaluation of your usage behaviour takes place via the use of cookies in connection with the "XING share button".

You can find the latest data protection information on the "XING share button" and additional information through this website: https://www.xing.com/app/share?op=data_protection

Purpose of data processing: The XING plugin is used for the purpose of providing direct feedback or direct sharing of our contributions and information on the social network XING and thus for our advertising and marketing interests.

For the purpose and scope of data collection and the further processing and use of the data by XING, as well as your rights and setting options for protecting your privacy, please refer to XING's data privacy information: https://www.xing.com/app/share?op=data_protection

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code and as such prevent data storage. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

Objection and erasure option: If you are an XING member and do not want XING to collect information about your use of our site and link to your membership information stored on XING, you must log out of XING before visiting our site.

You can prevent the execution of the JavaScript code required for the tool by setting your browser software accordingly.
To prevent the execution of JavaScript code in general, you can also install a JavaScript blocker such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).

Use of the LinkedIn "Share" button

Our pages include plug-ins from the LinkedIn social network, operated by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, US ("LinkedIn"). You can recognise the LinkedIn plugins by the LinkedIn logo or the "Recommend" button on our site. If you visit a website that contains such a button, a direct connection between your browser and the LinkedIn server is established via the plugin if you have previously approved the data transfer with a single click. This enables LinkedIn to receive the information that you have visited our website with your IP address.

If you click on the "Recommend" button while you are logged in to your LinkedIn account, you can link the content of our site to your LinkedIn profile. This allows LinkedIn to associate the visit to our site to your user account. Please note that, as the provider of this site, we have no knowledge of the content of the data transmitted to LinkedIn or of how LinkedIn uses these data.


Purpose of data processing: The LinkedIn plugin is used for the purpose of providing direct feedback or direct sharing of our contributions and information on the social network LinkedIn and thus for our advertising and marketing interests.

For details on data collection (purpose, scope, further processing, use), as well as on your rights and setting options, please see LinkedIn's privacy policy. This information is available at www.linkedin.com/static.

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code and as such prevent data storage. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

Objection and erasure option: If you are a LinkedIn member and do not want LinkedIn to collect information about your use of our site and link this to your membership information stored on LinkedIn, you must log out of LinkedIn before visiting our site.

You can prevent the execution of the JavaScript code required for the tool by setting your browser software accordingly.
To prevent the execution of JavaScript code in general, you can also install a JavaScript blocker such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).

Use of the AddThis analysis tool

On our site, the JavaScript code of the company AddThis 1595 Spring Hill Rd. Suite 300 Vienna, VA 22182, US is loaded. The company is a subsidiary of the Oracle Corporation, Redwood City, US. If you have JavaScript enabled on your browser and have not installed a JavaScript blocker, your browser may transmit personal data to AddThis.

Find out more about AddThis' data privacy policy here: http://www.addthis.com/privacy

Purpose of data processing: AddThis is used to improve the quality of our website and its content. We learn how the website is used and enables us to constantly optimise our offer.

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

In all other respects, we store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the assessment leads to a different outcome, or if you have effectively filed an objection in accordance with Art. 21 DSGVO (cf. the highlighted "Information on the special right to objection" under C.). A regular review takes place at least once a year to assess whether the legitimate interest still exists. We in particular no longer have an interest to storage if the data no longer have sufficient relevance with regard to the (statistic) evaluation of website use, which can be assumed to take place after three years at the latest.

Objection and elimination option: You can prevent the execution of the JavaScript code necessary for the tool by selecting the appropriate settings in your browser. However, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website.
To prevent the execution of JavaScript code in general, you can also install a JavaScript blocker such as the browser plug-in NoScript (e.g. www.noscript.net). Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

You can also use the following link to set an opt-out cookie. This means that AddThis no longer collects and processes personal data via the browser used by you: http://www.addthis.com/privacy/opt-out

Use of YouTube videos on our website

On our website, the JavaScript code from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, US (hereinafter "YouTube") is loaded. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, US. YouTube is an Internet video portal that allows users to post video clips and other users to view, rate, and comment on them free of charge. We use YouTube to embed videos on our website. If you have JavaScript enabled on your browser and have not installed a JavaScript blocker, your browser may transmit personal data to YouTube.

Every instance where access to a page on which a YouTube video is integrated takes place, the user's Internet browser automatically downloads the relevant video from YouTube and plays it back.

During this process, YouTube and Google are informed about which specific sub-page of our website is visited by users. If the user is logged in to YouTube at the same time, YouTube recognises which specific sub-page of our website the user visits by calling up a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the user.

YouTube and Google always receive information that the respective user has visited our website when the user is logged on to YouTube while accessing our website. This takes place regardless of whether the person concerned clicks on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website.

YouTube's privacy policy provides information about the collection, processing, and use of personal data by YouTube and Google and can be accessed here: https://policies.google.com/privacy?hl=en

Purpose of data processing: YouTube videos are embedded for the purpose of presenting multimedia content to the user through the website, thereby enhancing and improving the user experience on the website. This makes our website more attractive, which means that the use of YouTube also serves our marketing and advertising purposes.

Legal basis for data processing: The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR, i.e. our legitimate interest. Our legitimate interest lies in the aforementioned purposes.

Storage duration: As a user, you can decide, through your browser settings, on the execution of the JavaScript code required for the tool. By changing the settings in your Internet browser, you can disable or restrict the execution of JavaScript code. Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

Objection and erasure option:  You can prevent the execution of the JavaScript code necessary for the tool by selecting the appropriate settings in your browser. However, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website.
To prevent the execution of JavaScript code in general, you can also install a JavaScript blocker such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).

Note: If the execution of JavaScript is deactivated, it may not be possible to use all functions of the website to their full extent.

Website encryption

The website and all data transmissions that takes place through it are encrypted according to the SSL standard (HTTPS / TLS 1.2 AES-128, GCM, SHA-256).

Transfer of personal data to a third country (non-EU state)

We intend to transfer personal data to the United States of America (USA). The EU Commission has adopted an appropriateness resolution stating that personal data may be transferred to the US if the recipient has joined the "EU-US Privacy Shield". The personal data will therefore only be transmitted to recipients in the US who can prove that they have joined the EU-US Privacy Shield.

The intention refers specifically to the transmission of data to the following companies:

·         Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google") as provider of the web analysis tool Google Analytics, the map service Google Maps, and the social network Google+.

·         YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, US as the provider of an Internet video portal through which videos are integrated into our sites. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, US.

·         Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, US as the social network provider Facebook.

·         Twitter Inc. 750 Folsom Street, Suite 600, San Francisco, CA 94107, US as provider of the short message service Twitter.

·         LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, US as provider of the professional network LinkedIn.

·         Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, US as provider of the newsletter mailing tool MailChimp.

·         AddThis, 1595 Spring Hill Rd. Suite 300 Vienna, VA 22182, US as part of Oracle America, Inc. 500 Oracle Parkway, Redwood Shores, California 94065, US as provider of the AddThis tool.

These companies have joined the EU-US Privacy Shield and are subject to a level of data protection comparable to that of the EU. The transmission of data to these companies is therefore generally permissible. Furthermore, in the case of order processing, appropriate order contracts have been concluded with these companies to safeguard data security and our rights of instruction.

C. Rights of data subjects

If your personal data are processed, you are an affected person ("data subject") and you have the following rights with respect to us as the responsible party:

The right to be informed

You have the right to request confirmation from us, free of charge, as to whether we are processing personal data relating to you. If this is the case, then you have a right to information about these personal data and to further information as specified in Art. 15 GDPR. To this end, you can contact us by post or e-mail.

The right of rectification

You have the right to request the correction of your personal data without undue delay. You also have the right – taking into account the aforementioned processing purposes – to request the completion of incomplete personal data – also by means of a supplementary declaration. To this end, you can contact us by post or e-mail.

The right to deletion

You have the right to request the immediate deletion of your personal data if one of the conditions of Art. 17 GDPR applies. To this end, you can contact us by post or e-mail.

The right to restrict processing

You have the right to demand the restriction of processing from us if one of the conditions of Art. 18 GDPR applies. To this end, you can contact us by post or e-mail.

The right to information

If you have exercised your right to have the responsible party correct, delete, or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

It is your right to have the controller inform you about these recipients.

The right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, current, and machine-readable format, and you have the right to transmit these data to another controller without our interference, provided that the conditions specified in Art. 20 GDPR are met. To this end, you can contact us by post or e-mail.

The right of objection in the case of processing on the grounds of legitimate interest

If, by way of exception, we process personal data on the basis of Art. 6(1)(f) GDPR (i.e. for legitimate interests), you have the right to at all times, for reasons arising from your particular situation, object to the processing of your personal data by us. If we cannot prove any compelling legitimate grounds worthy of protection for further processing which outweigh your interests, rights, and freedoms, or if we process the respective data from you for the purpose of direct advertising, we will cease the processing of your data (cf. Art. 21 GDPR). To this end, you can contact us by post or e-mail.

A technical procedure that you use, e.g. a clear technical statement that your web browser transmits to us ("do-not-track" message), also constitutes objection in this respect.

Right of revocation in the case of consent-based data processing

You have the right to revoke your consent to the collection and use of personal data with effect for the future at any time. To this end, you can contact us by post or e-mail. The legality of the processing carried out on the basis of the consent until revocation is not affected.

Automated decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary to enter into or perform a contract between you and us if it is permitted by EU or member state law to which we are subject and if these regulations contain appropriate measures to protect your rights and freedoms and your legitimate interests or if this processing is made with your express consent.

Voluntary provision of data

If the provision of personal data is required by law or contract, we will always inform you hereof when collecting the data. In some cases, the data we collect are necessary to conclude a contract, i.e. if we are otherwise unable or insufficiently unable to fulfil our contractual obligations towards you. There is no obligation for you to provide these personal data. However, failure to do so might render it impossible for us to perform a service, action, measure, or the like as requested by you or that it is not possible to conclude a contract with you.

The right to lodge a complaint with a supervisory authority

You have the right to, at any time and without prejudice to any other rights, lodge a complaint with a data protection supervisor – in particular in the member state where you are residing, working, or in which the infringement is suspected to have taken place – if you believe that the processing of personal data concerning you is contrary to data protection law.

The responsible authority for us is: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Königstraße 10A, 70173 Stuttgart, Germany; website: www.baden-wuerttemberg.datenschutz.de 

Do you have questions about this data privacy notice, the processing procedures mentioned herein, or about your rights as a data subject?

External Data Protection Officer

Thomas Heimhalt
DATENSCHUTZ perfect GbR
Wilhelm-Kolb-Straße 1a
76187 Karlsruhe, Germany

Tel. ⇥ 0721 5315879
Fax ⇥ 0721 5315880
E-mail ⇥ datenschutz@netcup.deor m.oehler@datenschutz-perfect.de
Further information about certificates and further training at  www.datenschutz-perfect.de in the section "ABOUT US".

Our data privacy notice valid as of: 25/05/2018