We explain how we handle your personal data in this privacy policy. The applicable data protection law, in particular the General Data Protection Regulation (GDPR), applies. With the exception of the service providers and third-party providers that we name in this privacy policy, we do not pass on any data to third parties. If you have any questions, please do not hesitate to contact us.

Person responsible

Responsible for data processing is
DIGIaccess GmbH
Quarzstr. 4
51371 Leverkusen

General information

Provision of data

As a rule, there is no legal or contractual requirement to provide personal data in order to use our website. If the provision of data is necessary for the conclusion of a contract or if the user is obliged to provide personal data, we will inform you of this fact and the consequences of not providing it in this data protection declaration.

Data transfer to third countries

We may use service providers and third-party providers based in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place on the basis of an adequacy decision by the European Commission (Art. 45 GDPR) or we have provided appropriate safeguards to ensure data protection (Art. 46 GDPR). If there is an adequacy decision by the European Commission for the transfer of data to a third country, we will make reference to this in this privacy policy. In all other respects, users can obtain a copy of the appropriate guarantees from us if they are not already included in the data protection declarations of the service providers or third-party providers.

Automated decision making

If we carry out automated decision-making, including profiling, we will inform you in this privacy policy about this fact, the logic involved and the scope and intended effects of such processing. Otherwise, automated decision-making does not take place.

Processing for other purposes

Data is generally only processed for the purposes for which it was collected. If, in exceptional cases, they are to be processed for other purposes, we will inform you of these other purposes prior to further processing and provide all other relevant information (Art. 13 (3) GDPR).

Data processing when accessing the website

Each time our website is accessed, the user’s browser transmits various data. The following data is processed for the duration of the visit to the website and stored in log files even after the connection has ended:

  • Browser type and version used
  • Operating system
  • Pages and files accessed
  • Amount of data transferred
  • Date and time of retrieval
  • Provider of the user
  • IP address
  • Referrer URL

The processing of this data is necessary in order to be able to deliver the website to the user and to optimize it for their end device. Storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks).

The legal basis for processing is Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the provision of the website and the improvement of website security. Log files are automatically deleted after 30 days.

Cookies, tracking pixels and mobile identifiers

We use technologies on our website to recognize the end device used. These may be cookies, tracking pixels and/or mobile identifiers.

The recognition of an end device can generally take place for different purposes. It may be necessary to provide functions of our website, for example to make a shopping cart available. In addition, the aforementioned technologies can be used to track the behavior of users on the site, for example for advertising purposes. We describe which technologies we use in detail and for what purposes separately in this privacy policy.

For a better understanding, we explain below in general terms how cookies, tracking pixels and mobile identifiers work:

  • Cookies are small text files that contain certain information and are stored on the user’s end device. In most cases, this is an identification number that is assigned to an end device (cookie ID).
  • A tracking pixel is a transparent graphic file that is integrated into a page and enables log file analysis.
  • A mobile identifier is a unique number (mobile ID) that is stored on a mobile device and can be read via a website.

Cookies may be necessary for our website to function properly. The legal basis for the use of such cookies is Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the provision of the functions of our website.

We use cookies that are not required for the operation of our website in order to make our offer more user-friendly or to be able to track the use of our website. The legal basis here depends on whether the user’s consent must be obtained or whether we can rely on a legitimate interest. Users can revoke their consent at any time by changing the settings in their browser.

The user can prevent and object to the processing of data using cookies by making the appropriate settings in their browser. In the event of an objection, not all functions of our website may be available. We provide separate information about other options for objecting to the processing of personal data using cookies in this privacy policy. If necessary, we provide links with which an objection can be declared. These are labeled “Opt-Out”.

Contact us

If contact is made, we process the user’s details, date and time for the purpose of processing the inquiry, including any follow-up questions.

We use the CRM system Zoho CRM to manage customer relationships. Provider: Zoho Corporation B.V., Hoogoorddreef 15, 1101 BA, Amsterdam, Netherlands.

Zoho CRM privacy policy

The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in responding to our users’ inquiries. An additional legal basis is Art. 6(1)(1)(b) GDPR if the processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract.

The data will be deleted as soon as the request, including any follow-up questions, has been answered. We check at regular intervals, but at least every two years, whether data collected in connection with contacts must be deleted.

Newsletter

Users have the option of registering for newsletters on our website. We process the data entered during registration in order to send a confirmation email to the user’s email address. After confirmation, we process the data in order to be able to send newsletters. For the purpose of personalization, we may also process the user’s name if the user has provided it.

Upon registration, the date and time as well as the user’s IP address are stored in order to be able to prove registration. We continue to process this data after deregistration for verification purposes and delete it after three years at the end of the year.

To improve our content, we measure how successful our newsletters are, for example how often they are opened by users and which links are clicked. Emails contain a tracking pixel for this purpose. We do not track the activities of individual users.

The legal basis for the processing is the consent of the user in accordance with Art. 6 para. 1 subpara. 1 letter a) GDPR. Otherwise, the processing is carried out in accordance with Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interests are the sending of newsletters, the personalized approach to the user and the proof that the user has registered for the newsletter.

Registration for a user account

Users can register for our services on our website. In this context, we process the data entered during registration. We have the e-mail address confirmed by sending a link (double opt-in) in order to prevent misuse of the registration function. We also process the date and time and the user’s IP address for this purpose. For verification purposes, we also process the date, time and IP address of the user when they click on the confirmation link.

The data will be deleted when the user account is deleted after three years at the end of the year, unless a longer statutory retention period applies.

The legal basis for processing is Art. 6(1)(1)(a) GDPR, insofar as we obtain the user’s consent. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is based on Art. 6 para. 1 subpara. 1 letter b) GDPR. Otherwise, the legal basis is Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest is to provide users with access to our offer requiring registration, to protect us from misuse of the registration function and to be able to prove proper registration. After deletion of the user account, our legitimate interest also lies in the defense against possible claims.

Job applications

When users apply for a job, we process personal data for the purpose of the application process. In addition to the data transmitted by the user, we process other data that is generated in the course of the application process (e.g. during an interview). If we include data in an applicant pool, this is only done on the basis of the user’s prior consent. In this case, the data will be processed beyond the end of the application process so that contact can be made in the event of suitable vacancies.

Applicant data will be deleted three months after completion of the application process. In the case of inclusion in an applicant pool, the data will be stored for a maximum of two years unless consent is revoked beforehand.

The legal basis for the processing is Art. 6 para. 1 subpara. 1 letter b) GDPR. If consent has been given for inclusion in an applicant pool, the processing is based on Art. 6 para. 1 subpara. 1 letter a) GDPR. After completion of the application process, processing is based on Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the defense against possible claims under the General Equal Treatment Act.

Orders and payment processing

When an order is placed in our online store, we process the data provided when the order is placed, e.g. name, bank details or payment data, in order to process the order. We only pass on payment data to our payment service providers if this is necessary to process the payment.

The legal basis for the processing of order data is Art. 6(1)(1)(b) GDPR. If the user stores their order data in a user account, the legal basis is Article 6(1)(1)(a) GDPR. Otherwise, the processing is based on Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the processing of repayments and the pursuit of claims.

Order and payment data are deleted as soon as they are no longer required for the processing of the order, including the reversal of the payment (e.g. due to a revocation or withdrawal from the contract) and the processing of warranty cases, and no statutory retention obligations exist. In the event that the user has stored their order data in their user account for a repeat order, the data will be deleted together with the user account if it is not required for the processing of a specific order.

Other third-party services

Zoho SalesIQ

When you visit our website, anonymized usage data is collected using the ZOHO service SalesIQ (https://zoho.eu/salesiq). SalesIQ uses so-called “cookies”, which enable our website to be analyzed. You can prevent this “tracking” by making the appropriate settings in your browser.
We store this data exclusively for statistical purposes. The IP addresses are shortened by the last digits in order to guarantee anonymity.

Zoho Page Sense

When you visit our website, anonymized usage data is collected using the ZOHO service PageSense (https://zoho.eu/pagesense). Page Sense only records visits and clicks on our website completely anonymously. No conclusions can be drawn about individual visitors. PageSense merely enables us to check the general use of our website in the form of a heat map and, as a result, to display important content to you in the right place on the individual web pages. No usage data or personal data is collected or stored.

Facebook Pixel

We use Facebook Pixel for online marketing purposes. Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

With the Facebook pixel, we can display interest-based advertising via Facebook based on the use of our website. For this purpose, a cookie is set on the user’s end device, which can be used to assign the use of an identification number. In addition, other advertising-relevant user data such as browser information, device information, the pages visited, the time of the visit and referring URLs are processed. We only receive summarized results from Facebook, which we can use to understand how successful our advertising measures are. We use Facebook Pixel without advanced matching.

Users can object to the collection and use of information for interest-based advertising by Facebook on the following pages: http://www.aboutads.info/choices and http://www.youronlinechoices.eu

Insofar as we obtain the user’s consent, the processing of data takes place on the legal basis of Art. 6 para. 1 subpara. 1 letter a) GDPR. Otherwise, it is based on Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest is to be able to show users advertising that is relevant to them.

When using Facebook Pixel, we and Facebook are joint controllers within the meaning of Art. 26 GDPR. We have therefore entered into an agreement with Facebook that specifies who fulfills which obligations under the GDPR. According to this agreement, we are responsible for providing information on the joint processing of personal data in accordance with Art. 13 and 14 GDPR. It has been agreed between us and Facebook that Facebook is responsible for enabling the rights under Articles 15 to 20 GDPR with regard to the personal data stored by Facebook after joint processing.

The agreement on joint responsibility can be accessed here: https://www.facebook.com/legal/controller_addendum

Information on how Facebook processes personal data, the information in accordance with Art. 13 GDPR, including the legal basis on which Facebook relies, and the options for users to exercise their Facebook rights, can be found in Facebook’s privacy policy.

Privacy policy of Facebook Pixel without matching

jsDelivr

We use the content delivery network (CDN) jsDelivr. Provider: Prospect One.io, Krolewska 65a, Krakow, Malopolskie 30-081, Poland.

Content is loaded from CDN servers. In order for a connection to be established, it is technically necessary to transmit the user’s IP address.

The legal basis for processing is Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in improving the speed and availability of our website.

Privacy policy of jsDelivr

Facebook social plugins

We integrate content and buttons of the social network Facebook via a plugin on our website. Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

In order to load content from Facebook, it is technically necessary to transmit the user’s IP address to the company. If the user is logged in to Facebook, the visit to a page can be assigned to the account.

Insofar as we obtain the user’s consent, the processing of data takes place on the legal basis of Art. 6 para. 1 subpara. 1 letter a) GDPR. Otherwise, it is based on Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest in the integration of Facebook content and buttons lies in the user-friendly design of our website.

Privacy policy of Facebook social plugins

Leadinfo

We use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This recognizes visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to evaluate user behavior on our website and processes domains from form entries (e.g. “leadinfo.com”) in order to correlate IP addresses with companies and improve services. Further information can be found at www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. If you opt out, your data will no longer be collected by Leadinfo.”

YouTube

We integrate videos from YouTube. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. We use the extended data protection mode so that YouTube does not track user behavior unless the user watches the video. In order to provide videos, it is technically necessary to transmit the user’s IP address to YouTube.

YouTube is used on the legal basis of Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in improving the user experience of our website and displaying content that is of interest to our users.

You can object to personalized advertising by Google at any time by exercising the following opt-out.

Opt-Out

YouTube privacy policy

Google Tag Manager

We use Google Tag Manager to manage our website tags. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

The Tag Manager is a cookieless domain that triggers tags from various providers, which in turn collect data. The Google Tag Manager does not access this data. In order to trigger tags, it is technically necessary to transmit the user’s IP address to Google.

The Google Tag Manager is used on the legal basis of Article 6(1)(1)(f) GDPR. Our legitimate interest lies in the simplified management of the third-party services we use.

Privacy policy of Google Tag Manager

Google Maps

We use Google Maps to display geographical maps. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. It is technically necessary to transmit the user’s IP address to Google. In addition, the company sets various cookies to identify the user and display personalized advertising.

Insofar as we obtain the user’s consent, the processing of data takes place on the legal basis of Art. 6 para. 1 subpara. 1 letter a) GDPR. Otherwise, it is based on Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the user-friendly design of our website.

We have concluded a joint responsibility agreement with Google.

Opt-Out

Privacy policy of Google Maps

Google Fonts

We use Google Fonts on our website. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Fonts are loaded from the Google server. In order to establish a connection to the server, it is technically necessary to transmit the user’s IP address.

The legal basis for processing is Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the reduction of loading times and a uniform presentation on different end devices.

Privacy policy of Google Fonts

Google Analytics

We use Google Analytics to analyze the use of our website. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

A cookie is set on the end device in order to track the user’s activities on the website. We use Google Analytics with the anonymize IP extension. The user’s IP address is automatically truncated before it is transmitted to servers in the USA. Among other things, the approximate geographical location, end device, screen resolution, browser and pages visited, including the length of stay, are analyzed.

Insofar as we obtain the user’s consent, the processing of data takes place on the legal basis of Art. 6 para. 1 subpara. 1 letter a) GDPR. Otherwise, it is based on Art. 6 para. 1 subpara. 1 letter f) GDPR. Our legitimate interest lies in the optimization of our website, the improvement of our offers and online marketing.

The data collected by Google Analytics is automatically deleted after 14 months.

Opt-Out

Privacy policy of Google Analytics

Profiles in social networks

We are present in one or more social networks. In detail, these are: LinkedIn, Xing, Facebook, Twitter or Instagram. When you contact us, we process personal data as described above under Contacting us.

The providers of social networks process data in accordance with their privacy policies, which can be accessed here:

If a user is logged in with their account, the activities on our profile in the respective social network may be assigned to them. This can be done across devices and possibly even without logging in, for example using cookies or mobile identifiers. The social network providers use the collected data to create pseudonymized user profiles, which they can use in particular to display personalized advertising.

Rights of data subjects

If the user’s personal data is processed, the user is a data subject within the meaning of the GDPR. Data subjects have the following rights:

Right of access: The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her is being processed. If personal data are processed, the data subject has the right to free information and a copy of the personal data that are the subject of the processing.

Right to rectification: The data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data.

Right to erasure: The data subject has the right to obtain the erasure of personal data concerning him or her without undue delay in accordance with the statutory provisions.

Right to restriction of processing: The data subject shall have the right to obtain restriction of processing of personal data concerning him or her in accordance with the law.

Right to data portability: The data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format or to request transmission to another controller.

Right to object: The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent: The data subject has the right to withdraw consent at any time.

Right to lodge a complaint: The data subject has the right to lodge a complaint with a supervisory authority.

Status of the privacy policy: November 17, 2020