DATA PROTECTION ADVISORY

Protecting your data and preserving your privacy is of utmost importance to us. For this reason, we have established security and data protection provisions that ensure the greatest possible protection of your data.

We guarantee compliance with statutory data protection provisions. All employees of the company are bound by these provisions.

Below, we would like to explain which data we process when and for what purpose and on what legal basis. We would like to explain to you how the services we offer work and how the protection of your personal data is guaranteed

Pursuant to Article 4 no. 1 GDPR personal data means any information relating to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be identified directly or indirectly. Further information on this can be found in Article 4 no. 1 GDPR.

This data privacy policy can be accessed, saved and printed out at any time at (https://www.rundstedt.de/).

Insofar as we cite our legitimate interest (Article 6(1)(f) GDPR) as the basis of legality, you have a right to object in accordance with Article 21 GDPR.

Pursuant to Article 21 GDPR you have the right to object to the processing of personal data at any time. We will then no longer process the personal data for direct marketing purposes or any related profiling.

Nor do we process your personal data for other purposes following an objection, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purposes of asserting, exercising or defending legal claims (for instance, see Article 21(1) GDPR, so-called “limited right to object”). In this case, you must give reasons for the objection based on your particular situation.

You may also object to the processing of your personal data for reasons arising from your particular situation, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest (see Article 21(6) GDPR).

We will also draw your attention to the right to object separately in the individual sections (e.g. with the notice “You have a right to object”), if this right exists. There you will also find further information on how to exercise your right to object.

In order to keep the following data privacy policy concise, we refer to information and data privacy policies found on external websites (see also the section “External Links” in this data privacy policy) at various points in the document. We make every effort to keep the links listed in this data privacy policy up-to-date. Nevertheless, since the web pages are being updated constantly, we cannot rule out links not functioning correctly. If you notice such a link, we would be pleased if you let us know so that we can include the current link.

1) Controller

The controller of processing personal data within the meaning of Article 4 no. 7 GDPR is:

v. Rundstedt & Partner GmbH
Bleichstraße 20
40211 Düsseldorf
service@rundstedt.de

2)  Contact for data protection

If you have any questions regarding the processing of your personal data, as well as your rights regarding data protection, please contact:

Klarissa Peters
v. Rundstedt & Partner GmbH
Eschersheimer Landstraße 14
60322 Frankfurt am Main
Germany
Tel. +49 (0)69 6199 641
datenschutz@rundstedt.de

3)  Log files

Every time you visit our website, we automatically collect data and information from your device’s system and store it in so-called server log files. This data is information that relates to an identified or identifiable natural person (here: website visitor). The data is automatically transferred by your browser when you visit our website. This includes the following information:

  • The time you visited our website (request to the server of the host provider),
  • URL of the website from which you visited our website,
  • The operating system you are using,
  • Type and version of the browser you are using,
  • IP address of your computer.

The purpose of this processing is to make our website accessible from your device and to enable our website to be displayed correctly on your device or in your browser. Furthermore, the data helps us to optimise our website and to ensure the security of our systems. This data is not evaluated for marketing purposes.

The legal basis for processing is Article 6(1)(f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your terminal. The latter requires in particular the processing of your IP address.

“The information processed shall be kept only for as long as is necessary for the purpose for which it was collected or as required by law. The recipient of the data is our server host, which is working for us within the scope of a commissioned data processing agreement"

Right to object

You have a right to object. You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).
 

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data may mean that you cannot use our website or use it to its full extent.

4) Cookies
We use cookies on our website. Cookies are text files that are stored on your device to make using a website more convenient. Cookies can be used to store inputs and settings on a website so that you do not have to enter them again each time you visit a website again. Cookies contain a so-called cookie ID, which makes it possible to identify the device in which the cookie was stored. Specifically, we use the following types of cookies:

  • Cookies, which contain a randomly generated, concrete identification number that makes you or your device identifiable during your visit to our website. These cookies are automatically deleted at the end of your visit.
  • Cookies, which contain a randomly generated, concrete identification number that identifies you or your device on our website. These cookies are usually deleted automatically after one year. You can also find out the exact storage period via your browser by having the cookies displayed.

In particular, we set the following cookies:

 

Cookie Provider/service Expiration time Description
_ga Google Analytics 2 years Used for statistical recording by Google Analytics.
_gat Google Analytics 10 minutes When traffic is high, this cookie limits the data collected by Google Analytics.
_gid Google Analytics 1 day User identification
_pelocale provenexpert.com 30 days Determines the preferred language of the visitor. Allows the website to set the preferred language when the visitor revisits the site.
cookieconsent_status Cookie consent 1 year Storage of the user input for the cookie banner.
PE_SESSION provenexpert.com Session Collects information about visitor behaviour on several websites. This information is used on the website to optimise the relevance of advertising.
registerlocale provenexpert.com 1 day Determines the preferred language of the visitor. Allows the website to set the preferred language when the visitor revisits the site.

All stored cookies and further information about them can also be displayed at any time via your browser.

The purpose of this processing is to make it easier for you to use our website and to offer the possibility of saving settings.

You can edit your cookie settings via this link: Manage cookie settings

The legal basis for processing is Article 6(1)(f) GDPR. We have a legitimate interest in presenting you with a website that stores your personal settings and makes your visit to our website easier.

Right to object

You have a right to object.

In your browser settings you can restrict or completely prevent cookies from being stored. You can also arrange for the automatic deletion of cookies when closing the browser window. You can find how to delete cookies in the most common browsers and change the cookie settings here:

Google Chrome: Website
Mozilla Firefox: Website
Apple Safari: Website
Microsoft Internet Explorer: Website

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data may mean that you cannot use our website or use it to its full extent.

Other services used by us also use cookies. We refer to the use of cookies separately for the individual services.

5) Information about Google services
On our website we use various services of Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You will find more detailed information on the specific Google services that we use on this website in the rest of the data privacy policy.

By integrating Google services, Google may collect information (including personal data) and process it. The possibility of Google also transferring the information to a server in a third country cannot be ruled out.

As is evident from Google’s Privacy Shield certification (to be found at www.privacyshield.gov/list under the search term “Google”), Google has undertaken to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework regarding the collection, use and storage of personal data from EU member states and Switzerland respectively. Google, including Google LLC and its wholly-owned U.S. subsidiaries, has certified that it adheres to the Privacy Shield Principles. Further information can be found at www.google.de/policies/privacy/frameworks/.

We cannot on our own influence which data Google actually collects and processes. However, Google states that the following information (including personal data) may be processed among others:

  • Log data (in particular the IP address)
  •  Locational information
  • Unique application numbers
  • Cookies and similar technologies

If you are signed in to your Google account, Google may add the processed information to your account and treat it as personal information, depending on your account settings, see www.google.de/policies/privacy/partners/ in particular.  

Google states the following, among other things:
“We may combine personal information from one service with information and personal information from other Google services. This makes it easier for you to share content with friends and acquaintances, for example. Depending on your account settings, your activities on other websites and apps may be linked to your personal information in order to improve Google services and advertising displayed by Google.” (https://www.google.com/intl/de/policies/privacy/index.html)
You can prevent this information from being added directly by signing out of your Google account, or by using the appropriate account settings in your Google account. Furthermore, you may refuse the use of cookies – if Google stores any – by selecting the appropriate settings on your browser; however, we would point out that in this case the full functionality of this website might not be available.
How to delete cookies in the most common browsers is explained in section “4) Cookies”.

You can find more information in Google’s data privacy policy, which you can download here:

  • developers.google.com/terms/
  • www.google.com/policies/privacy/

You can find information about Google’s privacy settings at privacy.google.com/take-control.html

6) Use of Google Analytics
On our website we use Google Analytics, a web analytics service provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Furthermore we use the “Google-Optimize” tool in addition to Google Analytics.

Google Analytics uses “cookies”; these are text files which are stored on your device and enable the analysis of the websites you visited. Google Analytics also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on websites. The information generated by cookies and web beacons about the use of our website (including the users’ IP address) will be transferred to a Google server, probably in the U.S. or other third countries, and stored there. This information may be shared by Google with Google’s contractual partners.

For information about Google’s existing Privacy Shield certification and other relevant data about Google’s data processing in connection with your use of Google services, please refer to section “5) Information about Google services” in this data privacy policy.
The following data types are processed by Google:

  • Online identifiers (including cookie identifiers)
  • IP address (only anonymised)
  • Device identifiers

In addition, you can find more detailed information on the information processed at www.google.com/intl/de/policies/privacy/ under “Data we receive as a result of you using our services”, and at privacy.google.com/businesses/adsservices/.

We use Google Analytics solely with activated IP anonymisation (“anonymize IP”). In this manner, your IP address is abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

Furthermore, we have concluded a processing agreement with Google for the use of Google Analytics and Google Optimize (Article 28 GDPR). Google processes the data on our behalf for the purpose of evaluating your use of the website, compiling reports on website activities for us and providing us with other services related to website and internet use. If necessary, Google may transfer this information to third parties to the extent that this is prescribed by law or where third parties process the data on Google’s behalf.

Through the integration of Google Analytics, we aim to analyse user behaviour on our website and be able to react to it. This enables us to continuously improve our offer. We use Google Optimize to understand the effect of adjustments to our website on our users and to constantly optimise our website. For this purpose, users are presented with different versions of our website and various criteria are defined (e.g. determining whether a section can be found based on the click behaviour of users). We are only presented with statistics, it is not possible for us to draw conclusions about a single person based on these statistics. 

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. Our legitimate interest in this is based on the great benefit that the functions described above have for our offer. The statistical evaluation of user behaviour enables us in particular to react and optimise our offer in line with the interests of our customers.

As part of commissioned data processing Google is entitled to engage subcontractors. A list of these subcontractors can be found at privacy.google.com/businesses/subprocessors/ .
 
 

Right to object

You have a right to object. For this purpose, you can prevent Google from processing your data by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout

You can also prevent data being captured by Google Analytics by clicking the following link. An opt-out cookie is then set which prevents your data being captured the next time you visit this website: Disable Google Analytics.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, we would like to point out that in this case the full functionality of this website might not be available.
How to delete cookies in the most common browsers and how to change the cookie settings is explained in section “4.) Cookies”.

Die verarbeiteten Informationen werden für 12 Monate gespeichert und nach Ablauf dieser Aufbewahrungsdauer automatisch gelöscht.

Weitere Informationen zum Datenumgang im Zusammenhang mit Google Analytics entnehmen Sie bitte der Datenschutzerklärung von Google:

https://support.google.com/analytics/answer/6004245?hl=en 

Die Bereitstellung der personenbezogenen Daten ist weder gesetzlich noch vertraglich vorgeschrieben und auch nicht für einen Vertragsabschluss erforderlich. Sie sind auch nicht verpflichtet, die personenbezogenen Daten bereitzustellen. Die Nichtbereitstellung hätte jedoch unter Umständen zur Folge, dass Sie unsere Webseite nicht bzw. nicht vollumfänglich nutzen können.

6.1) Using the Google Tag Manager
We use the Google Tag Manager. The Google Tag Manager is a solution that allows us to manage website tags through a single interface. The tool itself is a cookie-less domain and does not collect any personal data. It triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

7)  Use of retargeting and remarketing
This website uses the “Google Analytics Remarketing” tool of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”).This tool is used to present interest-based advertisements to visitors of the website within the Google advertising network. Retargeting or remarketing is the term used to describe technologies in which users who have previously visited a website are shown suitable advertising even after they have left the website. For this purpose, it is necessary to recognise users beyond our own website. For this purpose, the relevant service providers use cookies and take your previous usage behaviour into account. If a user sees personalised advertising, it is matched to the previously collected data about him/her. For this personalised advertising, it is not necessary for the user to be identified beyond recognition. We do not merge the data used for retargeting or remarketing with other data.

We use these technologies to place advertisements on Google and other websites. We use third-party providers to place advertisements. Among other things, we use offers from Google, which enables the automatic display of products of interest to the Internet user. This function is implemented using cookies. For more information about this technology, please see the Google Privacy Policy at https://policies.google.com/privacy?hl=en. The installation of cookies for Google Remarketing and Google AdWords Conversion Tracking can be prevented by adjusting the respective browser software by visiting the website http://www.google.com/policies/privacy/ads/  and changing the relevant setting. You can also find further information on cookies under point 4) Cookies.

8) Use of Google Maps
We use Google Maps on our website. Google Maps is a service of Google Inc.("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The Google-Maps plug-in is integrated by embedding the service on our website by means of a so-called “iFrame”. When loading this iFrame, Google may collect information (including personal data) and process it. The possibility of Google also transferring the information to a server in a third country cannot be ruled out.

For information about Google’s existing Privacy Shield certification and other relevant data about Google’s data processing in connection with your use of Google services, please refer to section “5) Information about Google services” in this data privacy policy.

For our part, we do not collect any data when you use Google Maps via our website.

Through the integration of Google Maps, we aim to be able to show you our address and provide you with further information for travelling to our offices. We can also present locations to you through this integration of Google Maps, with you not being limited to individual map sections and being able to independently research distances etc.

The legal basis for the processing of personal data described here is Article 6(1) f GDPR. Our necessary legitimate interest in this lies in the great benefit that Google Maps offers. Through the integration, we do not have to show the directions to the respective places by means of maps or the like, but enable each user to plan his or her own journey. Google also has a legitimate interest in the collected (personal) data in order to improve its own services.
 

Right to object

You have a right to object. You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data may mean that you cannot use our website or use it to its full extent.

9) Userlike chat
You have the possibility of getting in contact with employees of our company in a live chat. You can enter your request in the chat window provided and thus communicate with our staff in real time.

We use the chat plug-in Userlike on our website for this purpose. Userlike is a service of Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany, +49 (0)221 6306 0024, which also provides this service.

Userlike UG uses Amazon Web Services, in particular the Amazon Cloudfront service as a content delivery network of Amazon Web Services, Inc. 410 Terry Avenue North, Seattle WA 98109, in the context of providing the chat service. This means that the Userlike chat plug-in runs on Amazon Web Services servers and your information is also shared with them.

The possibility of Amazon Web Services also transferring the information to a server in a third country, which does not belong to the EU, cannot be ruled out.

As is evident from the Privacy Shield certification of Amazon.com, Inc. (to be found at www.privacyshield.gov/list under the search term “Amazon”), Amazon.com, Inc. and its subsidiary Amazon Web Services, Inc. have committed to complying with the EU-US Privacy Shield Framework published by the US Department of Commerce and the Swiss-US Privacy Shield Framework regarding the collection, use and storage of personal data from EU member states and Switzerland respectively. Amazon.com, Inc. including its subsidiary Amazon Web Services, Inc. has certified that it adheres to the Privacy Shield Principles. For more information, see https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/?nc1=h_ls.

The Userlike chat plug-in is integrated on our site by loading an appropriate Java Script.

The following data is collected when using the chat function:

  • IP address
  • Time
  • Information resulting from the chat itself

Please note that the amount of personal data collected during the chat process also depends on the data you yourself disclose during the chat process.

We operate the chat exclusively in the so-called “privacy mode”. This means that no further data is collected (such as IP address, user agent, referrer and page views), except for the aforementioned data.

We also do not use the “Live Preview” or “Identity Request” functions of Userlike.

The chat history is stored for a period of 30 days, after which time the chat history is deleted.

The remaining data will be deleted as soon as it is no longer required for the purpose for which it was collected, at the latest after 30 days.

The purpose of the processing of personal data is to process contact inquiries and to be able to get in touch with the inquirer in order to respond to the request. In particular, the purpose of the live chat is to process contact requests immediately without long waiting times.

You can find more information at https://www.userlike.com/en/terms under the point Live Chat.

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. Our legitimate interest lies in increasing the quality of support and assistance to our customers. The integration of the Userlike live chat and the associated data collection immediately simplifies and accelerates communication with the users.

Right to object

You have a right to object. You can prevent the execution of Userlike specific Java Script as well as the transmission of personal data by installing and activating a Java Script Blocker or by deactivating Java Script in your browser.

However, general deactivation of Java Script could result in the contents on this website (and on other websites) not being displayed correctly.

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data (e.g. by deactivating Java Script) may mean that you cannot use our website or use it to its full extent.

10) Newsletter and knowledge base (Evalanche)
a ) General information
On our website you have the possibility of registering for our newsletter. The newsletter is tailored to your individual interests.

In our knowledge base you have the possibility of requesting various content such as checklists, guides, e-books and white papers, all of which require registration. After you have registered for the content, you can access the download.

If you sign up for our free webinars, registration is also required. After signing up for the webinar, you will receive the access data and, if necessary, further information for participation in the webinar.

Our newsletter and our other content are sent with the newsletter service Evalanche. Evalanche is a service of SC-Networks GmbH, Enzianstr. 2, 82319 Starnberg, Germany, telephone: +49 (0)8151 555 160, fax: +49 (0)8151 555 1629, e-mail: info@sc-networks.com, website: www.sc-networks.com. Within the framework of a commissioned data processing agreement Evalanche processes your personal data on our behalf and according to our instructions.

Evalanche is a member of the Certified Senders Alliance (https://certified-senders.org/de/teilnehmer/ ). In addition, SC-Networks GmbH holds various other certificates regarding data and IT security, e.g. from TÜV SÜD, TÜV Hessen in compliance with ISO/IEC 27001:2013 and is a member of the TeleTrust-Initiative “IT-Security made in Germany”, a competence network supported by the Federal Association for IT Security e.V. For more details on certifications and memberships, please visit www.sc-networks.de/produkt/zertifikate/ .

In addition, the login data is also transferred to our CRM system. Our CRM system is technically provided by our service provider itdesign (itdesign GmbH, Friedrichstraße 12, 72072 Tübingen, Germany). Within the framework of a commissioned data processing agreement itdesign processes your personal data on our behalf and according to our instructions.

b) Sign up/registration
If you sign up for our newsletter or a webinar or if you download any of our content, we process the following mandatory information from you, in particular:

  • E-mail address

In addition, we process further voluntary information from you (e.g. your name), if you provide it, as well as various other information, such as object and profile reference, date and time, IP address, action type (registration, update, permission change) and the metadata of the action.

In order to be able to display the proof of consent and cancellation in a legally compliant manner, we keep the following data for each user profile, which is generated via an Evalanche web form with an e-mail address confirmed by double opt-in procedure, for the events “registration/change”, “confirmation of the link” and “cancellation of the newsletter”:

  • Date and time
  • IP address

c) Statistical evaluation
With the help of the Evalanche service we analyse the success and effectiveness of our newsletter (campaigns) as well as our download and webinar offer. In doing so, we especially evaluate, for example, whether and when you open the e-mails sent to you, whether and which links you click or how you otherwise handle the e-mails.

For this purpose, for statistical surveys and to build interest profiles, Evalanche sets and stores cookies. This information is processed on a personal basis. Furthermore, the e-mails sent contain so-called web beacons, also called tracking pixels. These are one-pixel image files that link to our website and thus enable us to evaluate your user behaviour. This is done by collecting web beacons that are assigned to your e-mail address and linked to your own ID. Links contained in the newsletter also contain this ID. With the data thus obtained, we create a user profile in order to provide you with the newsletter tailored to your interests.

d) Basis of lawfulness
By signing up for the newsletter, for our webinars and by downloading our content, you expressly consent to the processing of your personal data (Article 6(1)(a) GDPR).

In a first step, you enter the mandatory data (e.g. e-mail address) and agree to the processing of your personal data by activating the box provided for this purpose. The sign up form is provided by Evalanche, thus letting your data be transferred directly to Evalanche. In a second step, you will then automatically receive an e-mail with a confirmation or activation link, which you must also confirm or activate. In this way we ensure that the e-mail address entered on our website also belongs to you. If the confirmation or activation link is not used, the corresponding e-mail address will not receive any further e-mails from us and the data entered will be deleted.

The purpose of collecting and processing the user's e-mail address is to be able to deliver the requested information. The collection and processing of further personal data within the scope of the sign up process is intended to prevent misuse of our information offer or the e-mail address used. Furthermore, the processing described above serves the purpose of enabling us to prove that you have given your consent. The purpose of processing your personal data by our CRM system is to be able to address you as a customer and use the information for marketing purposes.

The purpose of processing cookie and measurement data is to create an individual newsletter tailored to the interests of the recipient and to track the success and reach of our newsletters.

The legal basis for the processing of further personal data as well as the processing of your personal data within the framework of our CRM system is our legitimate interest in accordance with Article 6(1)(f) GDPR. We have a legitimate interest in being able to prove that you have given your consent. Furthermore, we have a legitimate interest in preventing or being able to prove misuse of our information offer
 

Your rights

1. Right of cancellation

Right of cancellation

You have the right to withdraw your consent at any time without this affecting the lawfulness of processing completed on the basis of your consent up to the point of withdrawal. You can send or notify us of your withdrawal of consent at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

You can also exercise your consent simply by clicking on the unsubscribe link provided in our newsletter. You will find the link in the footer at the end of our newsletter.

2. Right to object

If the processing of your data is not covered by the consent (especially log files), you have the right to object.

Right to object

You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your registration data will therefore only be stored as long as the subscription to the newsletter is active. The tracking and cookie data is deleted after 24 months.

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data would mean that we would not be able to provide you with a newsletter, download content or webinar access.

11) Inxmail
a ) General information
We use the “Inxmail” service for our event notifications. Inxmail is a service of Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, e-mail: info@inxmail.de.
Within the framework of a commissioned data processing agreement Inxmail processes your personal data on our behalf and according to our instructions.

(b) Sign up/registration
If you sign up for our event newsletter, we will process the following mandatory data from you, in particular:

  • E-mail address
  • Location

In addition, we process further voluntary information from you (e.g. your name), if you provide it, as well as various other information, such as date and time and IP address.
In order to be able to display the proof of consent and cancellation in a legally compliant manner, we keep the following data for each user profile for the events “registration/change”, “confirmation of the link” and “cancellation of the event newsletter”:

  • Date and time
  • P address

c) Statistical evaluation of the event newsletter
Using the Inxmail service, we analyse the success and effectiveness of our event invitations anonymously for statistical purposes.

(d) Basis of lawfulness
By signing up for the event newsletter, you expressly consent to the processing of your personal data (Article 6(1)(a) GDPR).

In a first step, you enter the mandatory data (e.g. e-mail address) and agree to the processing of your personal data by activating the box provided for this purpose. The sign up form is provided by Inxmail, thus letting your data be transferred directly to Inxmail. In a second step, you will then automatically receive an e-mail with a confirmation or activation link, which you must also confirm or activate. In this way we ensure that the e-mail address entered on our website also belongs to you. If the confirmation or activation link is not used, the corresponding e-mail address will not receive any further e-mails from us and the data entered will be deleted.

The user’s e-mail address and location are collected and processed in order to be able to deliver the event newsletter and to present events from the user’s vicinity. The collection and processing of further personal data within the scope of the sign up process is intended to prevent misuse of our event newsletter or the e-mail address used. Furthermore, the processing described above serves the purpose of enabling us to prove that you have given your consent.

The legal basis for the processing of further personal data is our legitimate interest in accordance with Article 6(1)(f) GDPR. We have a legitimate interest in being able to prove that you have given your consent. Furthermore, we have a legitimate interest in preventing or being able to prove misuse of our event newsletter.

Your rights:
1. Right of cancellation

Right of cancellation

You have the right to withdraw your consent at any time without this affecting the lawfulness of processing completed on the basis of your consent up to the point of withdrawal. You can send or notify us of your withdrawal of consent at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

You can also exercise your consent simply by clicking on the unsubscribe link provided in our event newsletter. You will find the link in the footer at the end of our event newsletter.

2. Right to object
If the processing of your data is not covered by the consent (especially log files), you have the right to object.

Right to object

You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your registration data will therefore only be stored as long as the subscription to the newsletter is active.

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data would mean that we would not be able to provide you with an event newsletter.

12) Using Adobe Connect/Webinaris
We offer various webinars on our website, which we conduct using Adobe Connect (“AC”). AC is a service or software from Adobe Systems Incorporated, 601 Townsend St., San Francisco, CA 94103, USA. Furthermore, on the Adobe website accessible from Germany, the subsidiary Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland is listed as being responsible for Europe.

AC is integrated via a corresponding interface from Adobe. Through the integration, Adobe collects information (including personal data) and processes it. The possibility of Adobe also transferring the information to a server in a third country (e.g. USA) cannot be ruled out.

As is evident from the Adobe Systems Incorporated Privacy Shield certification (available at www.privacyshield.gov/list under the search term “Adobe Systems Incorporated”), Adobe has undertaken to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework regarding the collection, use, and storage of personal data from EU member states and Switzerland, respectively. Adobe has certified that it adheres to the Privacy Shield Principles.
Within the framework of a commissioned data processing agreement Adobe processes your personal data on our behalf and according to our instructions. This may include the following data:

  • The name you provided,
  • Your IP address,
  • Type of browser and device,
  • Web page from which you arrived at an Adobe website,
  • Search terms entered into a search engine that led you to an Adobe website,
  • Use and navigation of websites and applications (collected by cookies and similar technologies or by Adobe servers when you are logged into the application or website),
  • Analysis of your content (such as activity logs and direct feedback from you) sent or received through an online feature of an Adobe application or website or stored on Adobe servers.

If you are signed in to your Adobe account, Adobe can add the processed information to your account.

You can prevent this information from being added directly by logging out of your Adobe account.

Further information can be found at https://www.adobe.com/privacy/policy.html 

Through the integration of AC we aim to be able to offer you various webinars.

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. Our legitimate interest in this lies in the great benefit that AC brings us. AC offers optimal performance and easy handling. Because the service is operated on external

servers, the latency of our website is not affected. Furthermore, we have a legitimate interest in being able to offer you professional webinars, in particular, to strengthen customer loyalty.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.
 

Right to object

You have a right to object. You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data may mean that you will not be able to contact us.

13) Contact form
On our website there is a contact form which you can use for electronic contact. If you contact us via this contact form, the data entered in the input fields will be processed by us.
This includes the following data as mandatory information:

  • E-mail address
  • Postcode, Town/City

Furthermore, you can add further data as voluntary information. This may simplify and speed up the processing of your request. The following data is potentially affected:

  • Salutation
  • Telephone
  • First name
  • Last name
  • Company
  • The information arising in each instance from the message text

Mandatory and voluntary information is treated equally by us. The mandatory information is necessary to be able to contact you and process your request.

Please note that the extent of the personal data collected in the contact form also depends on the data you yourself disclose in the message text of the contact form.

The purpose of the processing of personal data within the scope of the mandatory and voluntary information is to process the contact enquiry and to be able to contact the enquirer in order to respond to the request.

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. It is our legitimate interest to offer you the possibility to contact us at any time so that we can answer your questions.

The personal data are processed only as long as necessary for the provision of the function.

The recipient of the data is our server host, which is working for us within the scope of a commissioned data processing agreement.
 

Right to object

You have a right to object. You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data may mean that you will not be able to use our contact form.

14) Making contact
You have the possibility to contact us by mail, telephone, fax or e-mail.

If you contact us by post, we can process, in particular, your address data (e.g. surname, first name, street, town/city, postcode), date and time of receiving the letter as well as such data resulting from your letter itself.

If you contact us by telephone, we can process your telephone number and, if necessary, in the course of the conversation on request your name, your e-mail address, the time of the call and details of your request.

If you contact us by fax, we can process, in particular, the fax number or the source identifier as well as the data resulting from the fax.

When you contact us by e-mail, your e-mail address, the time of the e-mail and the data resulting from the message text (and attachments if applicable) are processed.

The purpose of processing the above-mentioned data is to process the contact enquiry and to be able to contact the enquirer in order to respond to the request.

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. It is our legitimate interest to offer you the possibility to contact us at any time and to answer your questions.

The personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.
 

Right to object
You have a right to object. You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not legally required to provide your personal data to us. However, not providing your data may mean that you cannot use the opportunity to contact us or that we cannot contact you.

15)  Social networks & external links
In addition to this website, we also maintain profiles in various social media, which you can reach via the corresponding buttons on our website. If you visit such a profile, personal data may be transmitted to the provider of the social network. It is possible that in addition to the storage of the data you specifically entered in this social medium, further information may also be processed by the social network provider.

In addition, the social network provider may process the most important data of the computer system from which you visit it – for example, your IP address, the type of processor used and browser version including plug-ins.

If you are logged in with your personal user account on the respective network while visiting such a website, this network can assign the visit to this account.

The purpose and scope of data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the respective provisions of the respective controller, such as

16) Data security
We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. However, despite regular checks, complete protection against all risks is not possible.

17) Amending the data privacy policy
Changes in the law or changes in our internal processes may make it necessary to amend this data privacy policy.
In the event of such a change, we will inform you of this above the heading “Data Privacy Policy”.

18) Cancellation
You have the right to withdraw any consent you have given at any time with future effect, without affecting the lawfulness of the processing carried out on the basis of the consent up to the point of withdrawal.

19) Rights of the data subject
In principle, you have the following rights:

  • right of access (Art. 15 GDPR)
  • right of rectification (Article 16 GDPR)
  • right to object (Art. 21 GDPR)
  • right to erasure (Article 17 GDPR)
  • right to restrict processing (Article 18f. GDPR)
  • right to data transferability (Article 20 GDPR)

For enquiries of this kind, please contact datenschutz@rundstedt.de. Please note that in the case of such requests, we must ensure that the person making contact is indeed the data subject.

You have the right to appeal to a data protection supervisory authority, without prejudice to any other administrative or judicial remedy.

Automated decision making does not take place on our website.
 

20) In addition, for users of the myTURN app: Google Firebase (DB)
a.) Information storage

When using the myTURN app, the following information is stored. The data is transmitted in encrypted form to the servers of Google (Firebase). The user authentication runs separately from the storage of the data. During registration, a UserID is generated (token) with which the data is linked. The following data is collected for each user:

  • E-mail address (required)
  • Registration code (required)
  • Profile picture (optional)
  • Place of residence (optional)
  • Postcode (optional)
  • Profession (optional)
  • User-generated data (results and preliminary results of the lessons with time stamp)

b.) Purpose of processing:

  • Provision of the offer and its contents and functions.
  • Communication with users and answering contact requests
  • Reach measurement & marketing
  • Security measures

c.) Google Analytics
Within the app, Google Analytics is used for optimisation. For further information, see points 5) and 6) above. The sending of push notifications is controlled via Google Cloud Messaging.
 

Right of cancellation
 

You have the right to withdraw your consent at any time without this affecting the lawfulness of processing completed on the basis of your consent up to the point of withdrawal. You can send or notify us of your withdrawal of consent at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

Right to object

You have a right to object. You can send or notify us of your objection at any time (e.g. by sending an e-mail to datenschutz@rundstedt.de).

For the rights of data subjects, see point 18)