I. Name and address of the person responsible

The responsible person in terms of the basic data protection regulation and other national data protection laws of the member states and other data protection regulations is the:

C3 Germany GmbH
represented by the Managing Director David Vollmar

Am Hofgarten 4
53113 Bonn
Germany

Phone (09:00 – 18:00 CET): +49 228 926858-0
Fax:  +49 228 926858-28
E-Mail: info@c3germany.com
Website: https://c3germany.com


II. General information on data processing

1. The scope of processing of personal data
As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (DSGVO) serves as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 letter b FADP serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.

In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d FADP serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

3. Data erasure and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.


III. Provision of the website and creation of log files

1. Description and scope of data processing

Whenever our website is called up, our system automatically collects data and information from the computer system of the calling computer.

 The following data is collected:

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.

Every time our website is accessed, software used by us is checked to see whether there is any suspicion that someone is attempting to access or manipulate our server area without authorization.

If this suspicion is confirmed, the data is stored indefinitely in order to ward off future hacker attacks.

If this is not the case, the data in log files will be deleted after seven days at the latest.

5. Possibility of opposition and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.


IV. Use of cookies

1. Description and scope of data processing

(a) General

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behavior or display advertisements.

When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

We also use cookies on our website, which enable an analysis of the surfing behaviour of the users.

In this way the following data can be transmitted:

The user data collected in this way is made anonymous by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

b) Consent and options against the use of cookies

When accessing our website, users are informed by an info banner about the use of cookies for analysis purposes and are referred to this data protection declaration.

In the cookie settings of our website you have the possibility to give your voluntary consent to the use of cookies for analysis and marketing cookies individually or in general and to revoke this consent at any time for the future. Technically necessary cookies cannot be rejected.

If you do not wish the use of certain cookies or cookies in general, you can instead prevent their storage on your terminal device by making the appropriate settings in your terminal device and/or Internet browser.

You can select “do not accept cookies” in your Internet browser settings. Please refer to the help function of your Internet browser for the procedures for managing and deleting cookies in your Internet browser settings. You can also block all cookies using free Internet browser add-ons such as “Adblock Plus” (adblockplus.org/en) in combination with the “EasyPrivacy” list (easylist.to) or “Ghostery” (ghostery.com).

You can delete stored cookies at any time in the system settings of your terminal device and/or Internet browser.

Please note that the functionality and range of functions of our offer may be limited if you block cookies or do not consent to the setting of cookies.

(c) Services used and third-party providers

aa) Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”). Google Analytics uses cookies to identify the frequency of use of certain areas of our website and preferences. The information generated by the cookie about your use of our website (including your abbreviated IP address) is transferred to a Google server in the USA and stored there. Google will use this information on our behalf and on the basis of a contract for order processing in order to evaluate your use of our website, to compile reports on website activities for us and to provide further services associated with the use of services and the Internet.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union (EU) or in other states that are parties to the Agreement on the European Economic Area (EEA). Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by your internet browser is not merged with other Google data.

If you do not want Google Analytics to analyse and measure your reach, you can deactivate the use of Google Analytics cookies by means of an internet browser add-on as an alternative to the options described in section V. I. b). You can download this add-on here: http://tools.google.com/dlpage/gaoptout?hl=de. In doing so, a so-called “opt-out” information is stored on your end device, which serves to assign your deactivation of Google Analytics. Please note that such “opt-out” information only leads to a deactivation of Google Analytics for the end device and the respective internet browser from which it was set. You may also need to set it again if you delete cookies from your device. As an alternative to the browser add-on, e.g. on mobile devices, you can also prevent Google Analytics from collecting the information by clicking on the following link javascript:gaOptout((xxx);. An “opt-out cookie” will then be set to prevent the future collection of your data. The opt-out cookie only applies to the Internet browser used when setting it and only to our website and is stored on your terminal device. If you delete the cookies in the Internet browser, you will have to set the opt-out cookie again. Google is certified under the EU-US Privacy Shield.

Further information on Google’s use of data, setting and objection possibilities can be found on Google’s web pages under the following links:

bb) Google Web Fonts

This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support web fonts, a default font is used by your computer.

For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/.

(cc) Google Maps

On our website we also use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. By using this service, our location will be displayed to you and any approach will be made easier.

Already when you call up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to servers of Google and stored there. This may also result in a transmission to the servers of Google LLC. in the USA. This happens regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as user profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of Google’s legitimate interest in the display of personalised advertising, market research and/or the needs-based design of Google websites. You have a right of objection to the creation of these user profiles, whereby you must contact Google to exercise this right.

In the event that personal data is transferred to Google LLC. with headquarters in the USA, Google LLC. has certified itself for the us-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

If you do not agree with the future transmission of your data to Google in the context of the use of Google Maps, there is also the possibility to completely deactivate the web service of Google Maps by switching off the application JavaScript in your browser. Google Maps and thus the map display on this website cannot then be used.

You can view Google’s terms of use at https://www.google.de/intl/de/policies/terms/regional.html. The additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.

Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/

(dd) Linkedin

Furthermore, we use the LinkedIn page to communicate with the users active there and to inform about news about our company. The LinkedIn service is provided by the LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland).

When using the social networks, personal data of users and visitors of our appearances in the social networks are processed by the operators of the social networks. Your personal data can also be processed by the operators across websites, for example by setting and reading cookies and/or pixels, for analysis and advertising purposes. The corresponding processing of your personal data is the responsibility of the provider (for further details, please refer to the operator’s data protection regulations linked below). We would like to point out that user data may be processed outside the area of the European Union (EU). The processing of personal data outside the EU involves fundamental risks with regard to the enforcement of the rights of the persons concerned and the maintenance of the general protection goals of data protection. However, LinkedIn Corporation (parent company of LinkedIn Ireland Unlimited Company) has agreed to comply with the terms of the EU-US Privacy Shield and has committed itself to comply with EU data protection standards: (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

If you communicate with us via LinkedIn or write a comment, we will process the information you provide and the details of your profile made available to us in order to answer your enquiry in the context of our legitimate interest (Art. 6 para. 1 lit. f DSGVO).

Should you wish to obtain information about the processing of your personal data in connection with social media services or to assert your rights as a data subject in this context, we would like to point out that you have the possibility to address your request directly to the service provider. If you wish to assert your request for information or other rights against us, we will gladly forward your request to the service provider, as the service provider has access to the corresponding user data and can take measures in accordance with your user rights.

Information on data protection in the context of using LinkedIn and opt-out options can be found under the following link:

Privacy policy: https://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out ((LINK EINFÜGEN))

(ee) Lead Forensics

For marketing and optimization purposes, products and services of the company Lead Forensics (https://www.leadforensics.com) are used on this website. Lead Forensics’ headquarters are located at Communication House 26 York Street, London, W1U 6PZ United Kingdom.

Lead Forensics collects details of your organization including phone number, web address, SIC code, a description of the company. Lead Forensics will show you the actual history of your visit to this website, including all pages that were visited and viewed by you and how long you spent on this site. Under no circumstances will the data be used to personally identify an individual visitor. If IP addresses are collected, they are anonymised immediately after collection. On behalf of the operator of this website, Lead Forensics will use the collected information to evaluate your visit to the website, to compile reports on website activities and to provide further services to the website operator in connection with the use of the website and the internet.

If you do not agree to this, you can object to the collection, processing and storage of your data at any time with effect for the future by clicking on the following link: lfwebproxy.westeurope.cloudapp.azure.com ((xxx))

2. Legal basis for the data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.

3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.

The user data collected through technically necessary cookies is not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies enable us to find out how the website is used and thus to constantly optimise our offer.

These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all the functions of the website to their full extent.


V. Contact form and e-mail contact

1. description and scope of data processing

On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored.

At the time the message is sent, the following data is also stored:

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy.

Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

2. Services used and third-party providers

a) Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is done by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

Data processing is carried out on the basis of Art. 6 para. 1 letter f DSGVO. The website operator has a legitimate interest in protecting his web offers from abusive automated spying and from SPAM.

For more information about Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html

b) WeTransfer:

We also use the WeTransfer service for transferring files over the Internet. The provider of this service is WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, The Netherlands; website: https://wetransfer.com; privacy policy: https://wetransfer.com/legal/privacy.

2. Legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Par. 1 letter f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of the data processing

The processing of the personal data from the input mask serves us only for the processing of the establishment of contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of opposition and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time.

All personal data stored in the course of the initial contact will be deleted in this case. In such a case the conversation cannot be continued.


VI. Newsletter

1. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the respective input mask is transmitted to us.

In addition, the following data is collected during registration:

IP address of the calling computer

Date and time of registration

For the processing of the data, your consent will be obtained during the registration process and reference will be made to this data protection declaration.

In connection with the data processing for the dispatch of newsletters, the data will not be passed on to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for the data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO, if the user has given his consent.

3. Purpose of the data processing

The collection of the user’s e-mail address is used to send the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process are usually deleted after a period of seven days.

5. Possibility of opposition and removal

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter.

This also enables the revocation of the consent to store personal data collected during the registration process.

VIII. Personal data of business partners

1. description and scope of data processing

Personal data that you transmit to us in the course of contract negotiations or the conclusion of contracts will be stored and processed by us.

In the course of our cooperation with business partners, we process personal data of end users and contact persons at customers, prospective customers, sales partners, suppliers and partners (each a “business partner”):

2. Legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a and b DSGVO, provided the user has given his consent.

3. Purpose of the data processing

We process personal data for the following purposes:

4. Duration of storage

Your data will be deleted at the latest at the end of the calendar year following the termination of the contractual relationship, unless there are special reasons to the contrary in individual cases. Insofar as customers have raised objections to the amount of the service fees charged, the billing data may be stored until the objections have been finally clarified.

Furthermore, the data may be stored for a period of two years, provided that this is necessary for the handling of complaints and for the proper execution of the contractual relationship. In addition, the deletion of inventory data and accounting data may be omitted if this is required by legal regulations or the pursuit of claims.

Accordingly, we only store your personal data for as long as is necessary to achieve the respective purpose or as required by law. After the respective purpose / storage period has expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

5. Possibility of opposition and removal

The collection of data for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject is absolutely necessary for the proper performance of the contract. There is therefore no possibility of objection on your part.


VII. Rights of the data subject

If personal data are processed by you, you are the data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible:

1. Right of information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

In the event of such processing, you may request the following information from the data controller:

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.

2. Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.

3. Right to restrict processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right of cancellation

a) Duty to delete

You may request the controller to delete the personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies

  1. 1 DSGVO.

b) Information to third parties

If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

(c) Exceptions

The right of cancellation does not exist insofar as the processing is necessary

  1. 2 lit. h and i and Art. 9 para. 3 DSGVO;

5. Right to information

If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

They have the right to be informed of these recipients by the person responsible.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that

  1. 1 letter b DSGVO and

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one person responsible to another, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

7. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 letter e or f FADP; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection of your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You may exercise your right of objection in connection with the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

9. Automated case-by-case decision including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g DPA applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

In the cases referred to in points 1 and 3, the responsible person shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, which shall include at least the right to have recourse to the intervention of the responsible person, to present his point of view and to appeal against the decision.

10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.

The supervisory authority responsible for us is

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf

Phone: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de

Status: Bonn, 01.06.2020, v1.1

C3 Germany GmbH