Data Protection

The protection of your personal data is a top priority for us. Our Data Protection Terms (Website) informs you about the type, extent and purpose of the collection, processing and use of your personal data on our website. You can also review or download our Standard Contractual Clauses, our IT Security Guideline and our List of Subcontractual Processors.

Website Data Protection Information

Thank you for your interest and visit to our website. The following serves to inform you about the handling of your data in accordance with Article 13 General Data Protection Regulation (GDPR).

 

Data controller

The person or office specified in the imprint is the controller in charge of the data processing described hereafter.

 

Usage data

When you visit one of our web pages, our web server will temporarily analyze so-called usage data contained in a log file for statistical purposes and to improve the quality of our web pages. The logged data consists of:

  • the name and address of the requested contents
  • the date and time of the access
  • the data volume transferred
  • the access status (content transmitted, content not found)
  • the description of your web browser and operating system
  • the referral link, which specifies the page from which you came to our website
  • the IP address of the accessing computer

 

Storage of your IP address for security purposes

We also store the complete IP address transmitted by your browser for the duration of one year for the limited purpose of identifying, mitigating and rectifying attacks on our web pages. Your IP address will be deleted or anonymized after the one-year period has expired. The legal basis is Article 6 (1 lit. f) GDPR.

 

Data security

We have implemented technical and organizational measures to protect your data as good as possible against unauthorized access. Our websites use encryption technologies. Your data will be encrypted using TLS encryption technology before it is transmitted from your computer to our server and vice versa. You can verify the encryption by looking for the closed padlock symbol in your browser’s status bar and an address than begins with "https://".

 

Cookies

Our web pages use cookies. Cookies are small text files that are stored on your computer and contain readable data. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies that are stored for longer than a single session.

Cookies that are strictly necessary for the operation of our website may contain information on certain settings. They may also be necessary for user navigation, security and layout purposes. We use these cookies on the legal basis of Section 25 (2 no. 2) TTDSG.

We also use cookies for analysis, tracking and advertising purposes. The use of these cookies is based on Section 25 (1) TTDSG (consent). Further information on the cookies used on your website can be found in our Cookies Statement.

You can adjust the settings of your browser so that you are alerted each time a cookie is placed on your computer. This assures a transparent use of cookies. You can also use your browser settings to delete cookies and prevent the placement of new cookies. Please note that this may result in difficulties displaying our website and some functions may no longer be available for technical reasons.

 

Third-party tracking technologies for analysis purposes

We use web analysis tools in order to provide a website layout that caters to the requirements of our users. The web analysis tools used on our website allow for the generation of usage profiles that are compiled on the basis of pseudonyms. This is done by storing permanent cookies on your user device and reading their contents, which allows us to recognize and count return visitors.

If you have used our banner to declare your consent, the data processing is based on your declaration of consent (Section 25 (1) TTDSG, Article 6 (1 lit. a) GDPR). You may revoke your declaration of consent at any time. To revoke your consent, simply click on the link “cookie settings” in the footer of our web page, amend your consent in the new window showing the Cookie Statement, and save your new settings by clicking on the relevant button.

The third-party providers we work with for analysis purposes are specified below. The respective providers make these web analysis tools available to us in the capacity of contract data processors pursuant to Article 28 GDPR. In as far as this entails the processing of data outside the EU or EEA, please take note that there is a risk of public authorities accessing the data for security and surveillance purposes without giving you prior notice or legal remedies. In cases where you have consented to us using a provider in an unsafe third country, the data is transmitted to such third country on the basis of Article 49 (1 lit. a) GDPR.
 

Provider

Service/function

Adequate data protection level

Google LLC (USA)
Google Ireland Limited (Ireland)

Google Analytics

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

Google LLC (USA)
Google Ireland Limited (Ireland)

Google Optimize (functions for A/B and website testing)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

Microsoft Corporation (USA)
Microsoft Ireland Operations Limited (Ireland)

Clarity

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

Hotjar Ltd. (Malta)

Hotjar

Processing exclusively within EU/EEA

Impartner Inc.
(USA)

Use of the partner portal, user usage data

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

 

Third-party tracking technologies for advertising purposes

We use cross-device tracking technologies in order to serve you with targeted advertising on other Internet pages and to determine the effectiveness of our own advertising measures.

If you have used our banner to declare consent, the data processing is based on your declaration of consent. Your consent is voluntary and you may revoke your consent at any time.

How does tracking work?

When you visit our web pages, the third-party providers specified below may access return visitor data stored by your browser or user device (e.g. a so-called browser fingerprint), analyze your IP address, store or read return visitor identifiers on your user device (e.g. cookies), or gain access to individual tracking pixels.

The third-party providers may use the individual identifiers to recognize your user device when you visit other Internet pages. We may instruct the third-party providers to serve you with advertising content that relates to the pages you have visited on our website.

What does cross-device tracking mean?

If you have used your personal user data to log in to your account with a third-party provider, the respective return visitor identifiers from different browsers and user devices may be linked with each other. If, for example, the third-party provider has generated a separate identifier for your laptop, desktop PC or smartphone, these identifiers may be linked with each other as soon as you use your user account data to access the service provided by the third-party provider. This enables the third-party provider to manage our advertising campaigns across different user devices.

Which third-party providers are used in this context?

The third-party providers we work with for advertising purposes are specified below. Insofar this entails the processing of data outside the EU or EEA, please take note of the risk that public authorities may access the data for security and surveillance purposes without giving you prior notice or legal remedies. In cases where you have consented to us using a provider in an unsafe third country, the data is transmitted to such third country on the basis of Article 49 (1 lit. a) GDPR.
 

Provider

Service/function

Adequate data protection level

Google LLC (USA)
Google Ireland Limited (Ireland)

Google Ads

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

Microsoft Corporation (USA)

Microsoft Ads

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

Meta Platforms, Inc (USA)
Meta Platforms Ireland Ltd (Ireland)

Meta Pixel

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

Twitter Inc. (USA)
Twitter International Company (Ireland)

Twitter Ads

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

LinkedIn Corporation (USA)
LinkedIn Ireland Unlimited Company (Ireland)

LinkedIn Insight Tag

Retargeting

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

 

Embedded videos

Our websites feature embedded videos that are not stored on our servers. These videos will only be displayed to you if you have declared your prior consent via our banner. This means that accessing one of our web pages with embedded videos will not automatically load any third-party contents.

Third-party content will be loaded subsequently and only after you have granted your consent. The third-party provider will then receive the information that you have accessed our page together with the respectively technically necessary usage data. The third-party provider will then also be able to implement tracking technologies. Please note that the further processing of data by the third-party provider is then out of our sphere of control.

If you have used our banner to grant consent, the data processing is based on your declaration of consent (Section 25 (1) TTDSG, Article 6 (1 lit. a) GDPR). You may revoke your declaration of consent at any time. To revoke consent, simply click on the link “cookie settings” in the footer of our web page, amend your consent in the new window containing the Cookie Statement, and save your new settings by clicking on the relevant button.

Please note that the embedding of many videos will lead to the processing of your data outside the EU or EEA. In some countries, this may entail the risk of public authorities accessing your data for security and surveillance purposes without informing you or offering legal remedies. In cases where you have consented to us using a provider in an unsafe third country, the data is transmitted to an unsafe third country on the basis of Article 49 (1 lit. a) GDPR.
 

Provider

Service/function

Adequate data protection level

Google LLC (USA)
Google Ireland Limited(Ireland)

YouTube

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

Vimeo.com, Inc. (USA)

Vimeo

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

 

Inclusion of other technical third-party content and functions

The presentation of our website uses the technical functions and contents from third-party providers specified below. Accessing our web pages will subsequently load contents from third-party providers for these functions and contents. The third-party provider will then receive the information that you have accessed our page together with the respectively technically necessary usage data. The further processing of data by the third-party provider is then out of our sphere of control.

If you have used our banner to grant consent, the data processing is essentially based on your declaration of consent (Section 25 (1) TTDSG, Article 6 (1 lit. a) GDPR). You may revoke your declaration of consent at any time. To revoke consent, simply click on the link “cookie settings” in the footer of our web page, amend your consent in the new window containing the Cookie Statement, and save your new settings by clicking on the relevant button.

The data processing may in certain cases also server the purpose of safeguarding our legitimate interests and is based on Article 6 (1 lit. f) GDPR. Our interest is manifest in the provision of our web pages and the safe operation of our IT systems. The list below informs you of the specific data processing that serves the safeguarding of our legitimate interests.

Please note that the embedding of third-party content and functions will lead to your data being processed outside the EU or EEA. In some countries, this may entail the risk of public authorities accessing your data for security and surveillance purposes without informing you or offering legal remedies. In cases where you have consented to us using a provider in an unsafe third country, the data is transmitted to an unsafe third country on the basis of Article 49 (1 lit. a) GDPR.
 

Provider

Service/function

Adequate data protection level

Legal basis for processing the data

Amazon Web Services, Inc (USA)
Amazon Web Services EMEA SARL (Luxembourg)

Amazon CloudFront (Content Delivery Network)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. f) GDPR

Cloudflare, Inc. (USA)

Cloudflare (Content Delivery Network)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. f) GDPR

Google LLC (USA)
Google Ireland Limited (Ireland)

Google Tag Manager (provision of the tag management system)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. f) GDPR

Google LLC (USA)
Google Ireland Limited (Ireland)

Photos

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. a) GDPR

Act-On Software, Inc (USA)

Act-On (supports our marketing and sales processes by means of automated marketing)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. f) GDPR Revocation is not possible.

G2.com, Inc. (USA)

G2Crowd (provision of a software rating form)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. a) GDPR

Capterra, Inc. (USA)

Capterra (provision of a software rating form)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. a) GDPR

Oktopost Technologies, Inc. (USA)

Oktopost (provision of a social media management platform)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. a) GDPR

Liidio Oy (Finland)

Leadfeeder (provision of a software for lead generation)

Processing exclusively within EU/EEA

The data is processed on the basis of Article 6 (1 lit. a) GDPR

Unbounce Marketing Solutions Inc. (Canada)

Unbounce (Provision of landing pages)

Adequacy decision pursuant to Article 45 (1) GDPR

The data is processed on the basis of Article 6 (1 lit. a) GDPR

PartnerStack Inc. (USA)

PartnerStack (affiliate program)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR. The data transmission is also based on Article 49 (1 lit. a) GDPR

The data is processed on the basis of Article 6 (1 lit. a) GDPR

 

Contact Forms

You may contact is at any time by using our contact forms. Using these contact forms requires you to disclose your data in the fields marked as mandatory. We will use this data on the legal basis of Article 6 (1 lit. f) GDPR for responding to your inquiry.

The disclosure of any further details is voluntary. These details are provided on a voluntary basis and are not a mandatory requirement when contacting us. Any data disclosed to us voluntarily will be processed on the basis of your declaration of consent.

The data will only be processed for the purpose of responding to your inquiry. We will delete your data once they are no longer needed and their deletion is not opposed by a statutory data retention obligation.

You may object at any time against the processing of your data submitted via the contact form on the basis of Article 6 (1 lit. f) GDPR. You also have the right to at any time revoke your consent to the processing of data provided on a voluntary basis. Please send your revocation notice to the email address specified in the imprint.

 

White papers/Flyers/Brochures 

Our website offers you the option of downloading reports and guidelines related to financial planning and reporting (white papers). Before you can download a white paper, flyer (brochure), or report, we require you to provide us with the data marked as mandatory fields and a declaration of consent to receive our newsletter. We will use this data for the purpose of making the requested white papers available to you and sending you our newsletter.

The legal basis for the processing of data in this context is Article 6 (1 lit. a) GDPR (your consent). You may revoke your consent at any time with prospective effect. You may conveniently submit your revocation notice by using the unsubscribe link contained in each copy of our newsletter.

 

Product demonstration

Our website gives you the option of requesting an appointment for a presentation of our software. A request for a product demonstration requires you to provide us with the data in the field marked as mandatory (your name, email address, telephone number, company name). We will use this data on the legal basis of Article 6 (1 lit. b and f) GDPR for responding to your inquiry.

The disclosure of any further details is voluntary. These details are provided on a voluntary basis and are not a mandatory requirement when requesting a product demonstration. Any data disclosed to us voluntarily will be processed on the basis of your declaration of consent.

The data will only be processed for the purpose of offering you a product demonstration We will delete your data once they are no longer needed and their deletion is not opposed by a statutory data retention obligation.

You may object at any time against the processing of your data submitted via the contact form on the basis of Article 6 (1 lit. f) GDPR. You also have the right to at any time revoke your consent to the processing of data provided on a voluntary basis. Please send your revocation notice to the email address specified in the imprint.

 

Booking of appointments

We use Microsoft Bookings and Demodesk to facilitate online bookings of appointments. Microsoft Bookings is a service provided by Microsoft Ireland Operations Limited, Demodesk is a service provided by Demodesk GmbH. We have entered into a contract data processing agreement with Microsoft and Demodesk that assures the safe processing of your data.

These service assist us in streamlining our appointment planning and implementing set appointments. The data processing in this context takes place on the basis of Article 6 (1 lit. f) GDBR (balancing of interests on the basis of our interest in optimizing the scheduling of appointments and responding to inquiries from external persons).

 

Online seminars

We use GoTo Webinar for video conferencing and the implementation of online seminars. The service is provided by GoTo Technologies Ireland Unlimited Company with registered office in Ireland in the capacity of our contract data processor. If you attend an online seminar, we will use GoTo Webinar to process user data (name, email address, profile picture), communication contents (text, audio and video data, for recordings the MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of all online meeting chats), as well as meeting meta data (topic, description, device information, IP address). In order to allow the delivery of video and audio content, the data from the microphone and/or video camera on your user device will be processed while an online meeting is taking place. You may deactivate or mute the camera and/or microphone at any time by changing the settings of the provider’s online meeting software.

The legal basis of the described data processing is Article 6 (1 lit. b) GDPR (performance of a contract, delivery of a seminar) in conjunction with Article 6 (1 lit. f) GDPR (safeguarding of legitimate interests on the basis of our interest in facilitating and promoting the collaboration between seminar participants). Any recording of online seminars is based on Article 6 (1 lit. a) GDPR (consent).

 

Events

We use XING Events for the delivery of events, including online registration, payment processing, admission management and event marketing. The service is provided to us by New Work SE with registered office in Hamburg. When you register for an event, New Work SE will collect the participant data (name, address, email address, company name, position) and transmit the data to us as the event organizer. More information on the processing of data in this context can be found in the data protection statement of New Work SE: https://privacy.xing.com/en/privacy-policy.

The legal basis of the described data processing is Article 6 (1 lit. b) GDPR (performance of a contract, delivery of an event) in conjunction with Article 6 (1 lit. f) GDPR (safeguarding of legitimate interests on the basis of our interest in the efficient organization and delivery of events).

 

Customer portal/partner portal

We offer our customers and partners the option of using our services via a personal user account. You are required to register before you can use the customer and/or partner portal.

The registration will only collect the data that is necessary to open a user account for you. The data processing is based on Article 6 (1 lit. b) GDPR and on the basis of Article 6 (1 lit. f) GDPR and serves our interest in making the services and information related to the limited-access area available to you.

Any other data collected by us will be marked as voluntary and are collected on the basis of your consent pursuant to Article 6 (1 lit. a) GDPR.

The data provided at the time of registration will be processed for the purpose of opening your personal user accounts, to perform obligations from a contractual relationship between us, and to respond to your inquires.

 

Newsletters

Our website offers you the option of subscribing to our newsletter. Please note that subscription to our newsletter requires you to disclose certain data (your email address is mandatory).

We will only send our newsletter to you if you have expressly granted us your consent. When you subscribe to the newsletter, you will receive a confirmation email at the email address provided by you (double opt-in). You may revoke your declaration of consent at any time. You may conveniently submit your revocation notice by using the unsubscribe link contained in each copy of our newsletter.

In addition to the data specified above, the subscription to our newsletter will result in the processing of further data that may be necessary for us to verify your newsletter subscription. This may include storage of your complete IP address at the time of newsletter subscription or conformation as well as a copy of our confirmation email. The data is in this case processed on the basis of Article 6 (1 lit. f) GDPR in our interest to establish the lawfulness of our newsletter dispatch.

When you subscribe to our newsletter, we also ask you to consent to newsletter tracking in subsequent newsletter emails. Provided you have granted your consent, our future newsletters will include individual tracking pixels that allow us to determine when you have downloaded and/or opened the newsletter message and to individualize the links contained in the newsletter for the purpose of analyzing if and when you have clicked on a link. You may revoke your consent by using the unsubscribe link contained in our newsletter email.

 

Press mailing list

Our website allows you to register for our press mailing list. Please note that inclusion in our press mailing list requires you to disclose certain data (your email address is mandatory).

You will only be included in our press mailing list and receive press releases if you have granted your prior consent. Consent can be declared at the time you request to be added to the press mailing list. You may revoke your consent at any time with prospective effect.

 

Online job applications

Job candidates may use our website to submit their job applications online. Further information on the handling of your data during the application process can be found here.

 

Storage duration

In cases where the specific duration of storage has not been stated above, we will delete personal data once they are no longer needed and their deletion is not opposed to a statutory retention obligation.

 

Further contract data processors

We will disclose your data in the context of contract data processing pursuant to Article 28 GDPR to service providers who assist us in the operation of our web pages and the associated processes. This includes hosting providers. Our service providers are strictly bound by our instructions and contractually obliged to observe the data protection requirements.

Insofar as we have not already disclosed our contract data processors within the above data protection information, they are nominated in the following. We will provide information on an adequate level of data protection in cases where contract data processing entails the transmission of data to third countries outside of the EU or EEA.
 

Contract data processor

Purpose

Adequate data protection level

uvensys GmbH (Germany)

Web hosting and support

Processing exclusively within EU/EEA

Adacor Hosting GmbH (Germany)

Web hosting and support

Processing exclusively within EU/EEA

GoTo Technologies Ireland Unlimited Company (Ireland)

Provider of GoTo Webinar video conferencing service

Processing exclusively within EU/EEA

Zapier, Inc. (USA)

Provider of a software for the automation of work processes

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR.

Usercentrics A/S (Denmark)

Provider of a Consent Management Platform (CMP)

Processing exclusively within EU/EEA

Microsoft Ireland Operations Limited (Ireland)

Planning and administration of online appointments

Processing exclusively within EU/EEA

Personio GmbH (Germany)

Provider if a job candidate management system

Processing exclusively within EU/EEA

Impartner Inc. (USA)

Provider of a platform for partner relationship management (partner portal)

Standard data protection clauses pursuant to Article 46 (2 lit. c) GDPR.

Lamano GmbH & Co. KG

Implementation of surveys

Processing exclusively within EU/EEA

zenloop GmbH

Implementation of customer satisfaction surveys

Processing exclusively within EU/EEA

 

Your rights as a data subject

The GDPR gives all sata subjects certain rights in relation to the processing of their personal data.

Right to information (Article 15 GDPR)

You have the right to request a confirmation on whether we are processing any of your personal data. If we do process your personal data, you have the right to receive information on the personal data and the information specifically listed in Article 15 GDPR.

Right to data correction (Article 16 GDPR)

You have the right to demand any inaccurate personal data to be completed and any incomplete data to be completed without delay.

Right to data deletion (Article 17 GDPR)

You have the right to demand your personal data to be deleted if one of the reasons provided for in Article 17 GDPR applies to you.

Right to restrict data processing (Article 18 GDPR)

You have the right to demand the data processing to be restricted if one of the conditions provided for in Article 18 GDPR is met, e.g. if you have objected against the processing and in that case for the duration of the responsible person’s review of the matter.

Right to data portability (Article 20 GDPR)

If one of the cases specifically provided for in Article 20 GDPR applies to you, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to demand the data to be transferred to a third party.

Right to revoke consent (Article 7 GDPR)

Insofar as your data is processed on the basis of a declaration of consent, you may revoke your previously granted declaration of consent at any time in accordance with Art. 7 (3) GDPR. Please note that your revocation notice will only have prospective effect. It will not affect any data processing carried out prior to the revocation.

Right to object against data processing (Article 21 GDPR)

In cases where we collect data on the basis of Article 6 (1 lit. f) GDPR (data processing to safeguard legitimate interests) or on the basis of Article 6 (1 lit. e) GDPR (data processing for safeguarding public interests or to exercise public authority), you have the right to object against the data processing for reasons associated with your particular circumstances. We will then cease processing your personal data, unless there are demonstrable compelling and legitimate reasons for processing the data that prevail over your interests, rights and freedoms, or if the data processing serves the purpose of asserting, exercising or defending legal interests.

Right to complain with a supervisory authority (Article 77 GDPR)

Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection requirements. The right to lodge a complaint may in particular be exercised by complaining to a supervisory authority in the member state of your usual place of residence or the place of the alleged violation.

Exercising your rights

Unless outlined differently above, you may exercise your rights as a data subject by contacting the office specified in the imprint.

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with further information on data protection. He can be contacted as follows:

datenschutz nord GmbH
Berlin office
Kurfürstendamm 212
10719 Berlin, Germany office@datenschutz-nord.de

Please state the data controller specified in the imprint when contacting our data protection officer.