Information according to the EU General Data Protection Regulation (EU GDPR)

1. Name and contact details of the responsible body and the company data protection officer

The responsible party within the meaning of Art. 4 No. 7 EU GDPR is

Verband der Vereine Creditreform e.V.
Hammfelddamm 13
D-41460 Neuss
Tel: +49 2131 109-0
Fax: +49 2131 109-8000
creditreform@verband.creditreform.de 

Data Protection Officer

You can contact our data protection officer at

Verband der Vereine Creditreform e.V.
Datenschutzbeauftragter
Tel: +49 2131 109-0
Fax: +49 2131 109-8000
E-Mail: Datenschutz@verband.creditreform.de  

2. Categories of processed personal data

The Creditreform information database stores details of names, company names, addresses, professional activities, financial circumstances, any liabilities, information on payment behaviour or negative characteristics such as insolvency information and debtor register entries.

3. Purposes of data processing

Creditreform processes the data for various purposes:

Creditreform processes data for the purpose of providing information about the creditworthiness of the persons/companies requested. Within the framework of the statutory provisions, some of the data stored in the economic database is also used to supply other company databases (e.g. www.firmeneintrag.creditreform.de), including for the purposes of dialogue marketing and for updating, validating and enriching address databases, as well as for producing corresponding data carriers.
If Creditreform, as a debt collection agency, processes a claim against you as a debtor, the necessary data will also be processed in the Creditreform debt collection area.

4. Legal basis for data processing

The legal basis for data processing for credit reporting purposes and for data processing for direct marketing and marketing is Article 6(1)(f) of the EU GDPR. Information may only be disclosed if a customer has demonstrated a legitimate interest in knowing the information. Legitimate interests in the aforementioned sense may include: credit decisions, business initiation, shareholdings, claims, credit checks, insurance contracts, overdue claims, enforcement information.
The legal basis for receivables management is Article 6(1)(b) and (f) of the EU GDPR.

5. Source of data

The information and address marketing data is partly sourced from publicly accessible sources such as public registers, the internet, the press and other media. Some of the data is collected directly from the data subjects. Data may also be taken from the area of receivables management.

6. Categories of recipients of personal data

Creditreform's customers include credit institutions, leasing companies, insurance companies, telecommunications companies, debt management companies, mail order, wholesale and retail companies, as well as other companies that deliver goods or provide services against invoice, both in Germany and abroad.
If data is transferred to countries outside the EU, this is done on the basis of the so-called standard contractual clauses, which you can view or request to be sent to you at the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE 

7. Duration of data storage

In the area of the Creditreform information database and in the area of direct advertising and marketing, the data is stored for as long as it is necessary to fulfil the purpose of storage. As a rule, the data is required for an initial storage period of three years. After this period, a check is carried out to determine whether storage is still necessary; if not, the data is deleted on the exact date. In the case of the completion of a matter, the data is deleted on the exact date three years after completion. Entries in the debtor register are deleted on the exact date in accordance with Section 882e of the German Code of Civil Procedure (ZPO) after three years from the date of the registration order. Further details can be found in the ‘Rules of Conduct for the Review and Deletion Periods of Personal Data by German Credit Agencies’ drawn up by the association ‘Die Wirtschaftsauskunfteien e.V.’, which can be found at the following link:
https://cdn.website-editor.net/96dce389751a4dd4a8108607b15e857b/files/uploaded/240517_CoC_DW_FINAL.pdf
In the debt collection area, the data is stored for as long as it is necessary for the fulfilment of the debt collection mandate.

Complaints regarding the deletion periods in a business information report can also be addressed to the arbitration board of the association ‘Business information agencies’ at:

TIGGES DCO GmbH
-Complaints about business information agencies-
Zollhof 8, 40221 Düsseldorf
Phone:+49211819982-70
E-Mail: beschwerde-auskunfteien@tigges-dco.de
Online: www.tigges-dco.de/ueberwachungsstelle

8. Rights of persons concerned

Every data subject has the right to information from Creditreform in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR and the right to restriction of processing in accordance with Art. 18 GDPR. If you have given your consent to the processing of the data stored by us, you have the right to revoke this consent at any time. The revocation does not affect the lawfulness of the processing of your data based on your consent until such revocation.
You may lodge a complaint about our processing of your data with the data protection commissioner responsible for your federal state.The transmission of your data to us is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obliged to provide us with the requested data. If you do not provide us with your data, this may make it difficult or impossible for your lender or supplier to assess your creditworthiness, which in turn may result in you being denied credit or advance payment by the supplier.

Right of objection

The data stored by us is processed for compelling reasons worthy of protection relating to creditor and credit protection, which regularly outweigh your interests, rights and freedoms, or serves to assert, exercise or defend legal claims. You may only object to the processing of your data for reasons arising from a special situation that applies to you and must be proven. If such special reasons are proven to exist, the data will no longer be processed. If your data is processed for advertising and marketing purposes, you have the right to object to this at any time. Your data will then no longer be processed for this purpose.

Information according to the EU General Data Protection Regulation (information for applicants regarding data processing)

As part of the application process, it is essential for us to store and process your personal data. We would like to inform you about the purpose and nature of this processing. With this information letter, we are fulfilling our obligations under data protection law, in particular within the meaning of Article 13 of the General Data Protection Regulation (GDPR).

1. Name and contact details of the responsible body and the company data protection officer

The responsible party within the meaning of Art. 4 No. 7 EU GDPR is

Verband der Vereine Creditreform e.V.
Hammfelddamm 13
D-41460 Neuss
Tel: +49 2131 109-0
Fax: +49 2131 109-8000

creditreform@verband.creditreform.de

Data protection officer

You can contact our data protection officer at

Verband der Vereine Creditreform e.V.
Datenschutzbeauftragter
Tel: +49 2131 109-0
Fax: +49 2131 109-8000

Datenschutz@verband.creditreform.de 

2. Categories of processed personal data

For the purpose of processing applicant data, we process the following data from you: title, surname, first name, date of birth, email address, telephone number, address, bank details (if applicable) and identity documents, references and reference data.

3. Purposes of data processing

We process your personal data in our application system exclusively for the purposes necessary to ensure the effective and correct execution of the application process. This also includes data that is added during the application process, e.g. data based on queries or documents submitted at a later date. We also process your personal data for verification purposes and in relation to any subsequent legal disputes.

4. Legal basis for data processing

Any processing of personal data by Verband der Vereine Creditreform e.V. requires a legal basis. Processing is carried out on the basis of consent (Art. 6(1)(a) GDPR) and on the basis of Art. 6(1)(f) GDPR, insofar as processing is necessary to safeguard the legitimate interests of the controller or a third party and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. For the purpose of carrying out the application process and deciding on the establishment of an employment relationship, processing is also carried out on the basis of Section 26(1) sentence 1 of the Federal Data Protection Act (BDSG).

5. Categories of recipients of personal data

No disclosure of data

Applications will only be reviewed for positions at Verband der Vereine Creditreform e.V. For open positions outside of Verband der Vereine Creditreform e.V. but within the Creditreform Group, you are requested to apply directly to the relevant company. Data will only be passed on to other companies in the Creditreform Group with your express consent.

Your personal data will not be passed on to external third parties without your consent. In order to assess your documents, they will be forwarded to the relevant contact persons in the respective department to which the application is addressed. 

6. Duration of data storage / data deletion

The data will be stored for as long as necessary to complete the application process. Once the data is no longer required, it will be deleted. For verification purposes and in view of any subsequent legal disputes, data relating to rejected applicants will be deleted no later than six months after the end of the application process. Your data may only be stored for longer with your express consent.

7. Rights of affected persons

Every data subject has the right to information from Creditreform in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR and the right to restriction of processing in accordance with Art. 18 GDPR.

If you have given your consent to the processing of the data stored by us, you have the right to revoke this consent at any time. The revocation does not affect the legality of the processing of your data based on your consent until such revocation.

You may lodge a complaint about our processing of your data with the data protection commissioner responsible for your federal state.

If the processing is based on an overriding legitimate interest, you may object to the processing of data for the purpose of applicant data management at any time. The data will then no longer be processed for this purpose. You also have the right to object to data processing for direct marketing purposes. This also applies to profiling, insofar as it is related to direct marketing. 

8. Changes to the privacy policy

We reserve the right to change this privacy policy. We therefore recommend that you visit our privacy policy regularly. The privacy policy is current as of 10.10.2023.

Further general information about visiting our website

General information

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. 

You can generally use our website without providing any personal information. Where personal information (such as your name, address or email address) is collected on our website, this is always done on a voluntary basis as far as possible. 

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties. 

Plugins from the social networks Facebook, Google, Twitter, Xing and LinkedIn are integrated into our pages. Please note the following sections on these plugins, which apply once you have activated the plugin at the bottom of the website. 

Server-Log-Files

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, and similar information. This information does not allow any conclusions to be drawn about your person. 

This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the Internet. It is processed in particular for the following purposes: 

• Ensuring that the website connects without any problems
• Ensuring that our website can be used smoothly
• Evaluating system security and stability
• For other administrative purposes.

The processing of your personal data is based on our legitimate interest in the aforementioned purposes for data collection. We do not use your data to draw conclusions about your person. The recipients of the data are only the responsible body and, if applicable, contract processors. 

We may statistically evaluate anonymous information of this kind in order to optimise our website based on the underlying technology.

Cookies

Some of the web pages use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. 

Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit. 

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functionality of this website may be restricted.

Registration/Set up account

When registering to use our personalised services, some personal data is collected, such as your name, address, contact and communication details such as your telephone number and email address. Once you have registered with us, you can access content and services that we only offer to registered users. Registered users also have the option of changing or deleting the data provided during registration at any time if necessary. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will be happy to correct or delete this data at your request, provided that there are no legal obligations to retain it. To contact us in this regard, please use the contact details provided at the end of this privacy policy.

By registering, you consent to the processing of your basic data for the specified purpose and also to our use of your contact details for our own advertising purposes, e.g. to offer you other Creditreform services. You may revoke your consent at any time. If you do so, your registration data will be deleted.

Newsletter-Data

If you would like to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information. 

You can revoke your consent to the storage of data, your e-mail address and its use for sending the newsletter at any time, for example via the ‘unsubscribe’ link in the newsletter.

Contact form and email contact

Our website features a contact form that can be used to contact us electronically. If you choose to use this option, the data entered in the input mask will be transmitted to us and stored. 

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored. 

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. You have the option of revoking your consent to store your data for this purpose at any time. If you make use of this option, your contact details will be deleted. 

Encryption

Creditreform uses technical and organisational security measures to protect your data managed by us against accidental or intentional manipulation, loss or destruction, or against access by unauthorised persons. All personal data that you entrust to us when visiting our website is transmitted to Creditreform in encrypted form. For this purpose, we use the recognised secure SSL procedure with encryption of up to 256 bits. Most browsers indicate whether the security protocol is supported by displaying a message or a lock symbol in the status bar.

Certificate with extended examination

Creditreform also uses an Extended Validation certificate in some places to emphasise the trustworthiness of this web application. Strict criteria are applied when issuing certificates with extended verification, and the applicant is subject to a thorough review. You can recognise the Extended Validation certificate by the additional field in the browser's address bar, which is partially coloured green.

Privacy policy for the use of Twitter

Our website incorporates functions of the Twitter service. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the ‘Re-Tweet’ function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter in the process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Twitter. Further information on this can be found in Twitter's privacy policy at twitter.com/privacy.

You can change your privacy settings on Twitter in your account settings at twitter.com/account/settings .

Privacy policy for the use of Xing

Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing Xing functions is accessed, a connection to Xing servers is established. To our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored or usage behaviour evaluated.

Further information on data protection and the Xing Share button can be found in Xing's privacy policy at https://www.xing.com/app/share?op=data_protection

Privacy policy for the use of LinkedIn

You will find plugins from the social network LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as ‘LinkedIn’) on our website. You can recognise LinkedIn plugins by the corresponding logo or the ‘Recommend’ button. Please note that when you visit our website, the plugin establishes a connection between your internet browser and the LinkedIn server. LinkedIn is thus informed that our website has been visited with your IP address. If you click on the LinkedIn ‘Recommend’ button while logged into your LinkedIn account, you have the option of linking content from our website to your LinkedIn profile page. This allows LinkedIn to associate your visit to our website with you or your user account. Please note that we have no knowledge of the content of the data transmitted or how it is used by LinkedIn.

Further details on data collection and your legal options and settings can be found on LinkedIn. These are available to you at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv 

Privacy policy for the use of Instagram

Our website incorporates features of the Instagram service. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram.
Further information on this can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/

Privacy policy for the use of YouTube

Our website uses plugins from the Google-operated site YouTube. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Further information on the handling of user data can be found in YouTube's privacy policy at https://www.google.de/intl/de/policies/privac

Use of Google reCAPTCHA

We use ‘Google reCAPTCHA’ (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).

reCAPTCHA is used to verify whether the data entered on our websites (e.g. in a contact form) is entered by a human or by an automated programme. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. reCAPTCHA evaluates various information for the analysis (e.g. IP address, length of time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM.

Further information on Google reCAPTCHA and Google's privacy policy can be found at the following links:  https://www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.

Use of Usercentrics

Usercentrics is a consent management tool that we use to obtain your consent to the use of cookies and to document your decision. For this purpose, we transmit data about your log file, the browser you are using and your cookie settings (yes or no, timestamp and data scope) to Usercentrics.

Online presence on social media

Based on our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR, we maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within the social networks and platforms, e.g. by posting on our online presences or sending us messages.

Facebook, Custom Audiences and Facebook marketing services

Within our online offering, we use the so-called ‘Facebook pixel’ from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’).

With the help of the Facebook pixel, Facebook is able to identify visitors to our online offering as a target group for the display of advertisements (so-called ‘Facebook ads’). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are determined based on the websites visited) that we transmit to Facebook (so-called ‘custom audiences’). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear intrusive. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called ‘conversion’).

Facebook processes data in accordance with Facebook's Data Use Policy. Accordingly, general information on the display of Facebook ads can be found in Facebook's Data Use Policy: https://www.facebook.com/policy.php. You can find specific information and details about the Facebook pixel and how it works in the Facebook help section: https://www.facebook.com/business/help/651294705016616.

You can object to the collection of data by the Facebook pixel and the use of your data for the display of Facebook ads. To set which types of advertisements are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can also disable cookies used for reach measurement and advertising purposes via the Network Advertising Initiative's deactivation page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website contradict (http://www.youronlinechoices.com/uk/your-ad-choices/) .

Privacy policy for the use of Facebook plugins (Like button)

Plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our pages. You can recognise the Facebook plugins by the Facebook logo or the ‘Like’ button on our page. An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook ‘Like’ button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Facebook. Further information on this can be found in Facebook's privacy policy at de-de.facebook.com/policy.php.

If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Facebook Social Plugins

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR), we use social plugins (‘plugins’) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and are recognisable by one of the Facebook logos (white ‘f’ on a blue tile, the terms ‘Like’, “Like” or a ‘thumbs up’ sign) or are marked with the addition ‘Facebook Social Plugin’. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

When a user accesses a feature of this online service that contains such a plugin, their device establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to the user's device and integrated into the online service. The processed data can be used to create user usage profiles. We therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform users according to our state of knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the relevant rights and settings options for protecting users' privacy, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online service and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Privacy policy for the use of Webtrekk (new name: Mapp)

We use technologies from Webtrekk GmbH, Boxhagener Str. 76-78, 10245 Berlin (www.webtrekk.de), for statistical analysis of our websites. Webtrekk has been part of the Mapp Digital group of companies since 2020. The Webtrekk software will continue to be marketed under the ‘Mapp’ brand. The data hosting location is (unchanged) in Germany.
With the help of Webtrekk (Mapp) services, we collect statistical data on the use of our website. The data is used for the continuous optimisation of our online offering. Webtrekk GmbH has been certified by TÜV Saarland in the area of data protection for the web controlling software used here. In particular, the collection and processing of tracking data was checked and certified for data protection compliance and data security.

When you use these websites, information transmitted by your browser is collected and evaluated. This is done using cookie technology and so-called pixels, which are integrated into every website.

The following data is collected:

• Request (file name of the requested file)
• Browser type/version
• Browser language
• Operating system used
• Internal resolution of the browser window
• Screen resolution
• Referrer URL
• IP address (collected anonymously and deleted immediately after use)
• Time of access
• Clicks
• Anonymised form content (e.g. whether a telephone number was provided or not).

Direct personal references are excluded at all times. The data collected in this way is used to create anonymous usage profiles that form the basis for web statistics. The data collected using Webtrekk technologies will not be used to personally identify visitors to these websites without the express consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym at any time.

Data processing is carried out on the basis of Art. 6 (1) (a) GDPR.

Privacy policy for the use of Google Tag Manager

Google Tag Manager is a solution from Google that allows companies to manage website tags via an interface. Google Tag Manager is a cookie-free domain that does not collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. We hereby point this out separately. Google Tag Manager does not access this data.
The processing companies are: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. 
The service uses technologies such as cookies and pixels, which are placed in the browser. When using the service, only aggregated data is collected for triggering tags. The legal basis for the processing of the data is Art. 6 para. 1 s. 1 lit. f GDPR. The data will be deleted after the purposes have been fulfilled.

Privacy policy for the use of SalesWings

We use SalesWings to analyse the use of our website and to better understand the needs of our website visitors. SalesWings generates this information using cookies and other tracking technologies. The information and interests obtained by SalesWings are evaluated for marketing and sales purposes. To obtain this information, SalesWings evaluates user behaviour on our website and publicly available information such as social media profiles and makes it available to us. This information is not shared with third parties, but is stored on servers of other applications we use, such as CRM systems or email services.

The legal basis for the processing of the data is Art. 6 para. 1 s. 1 lit. a GDPR.

Privacy policy for the use of Mouseflow

Our website uses Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Mouseflow enables us to analyse user behaviour on our website anonymously in order to optimise user-friendliness and functionality.

Mouseflow randomly selects visitor sessions and creates heat maps and session recordings. Mouse movements, clicks, scrolling behaviour and interactions with the website can be recorded. All data collected is processed anonymously and cannot be traced back to individual persons.

The data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR, which you can give via our cookie banner. You can revoke your consent at any time via the cookie settings.

Data collected and storage:

• Anonymised IP address (last digits truncated)
• Device type, operating system and browser type
• Pages visited and length of stay
• Mouse movements, clicks and scrolling behaviour
• Interactions with forms (no entries are saved)
   

The data is stored for a maximum of 12 months and then automatically deleted.

Mouseflow processes data within the EU and is subject to the provisions of the General Data Protection Regulation (GDPR). No personal data is transferred to third countries.

For further information on data processing by Mouseflow, please visit the provider's privacy policy:

mouseflow.com/legal/privacy-policy/

Use of iAdvize (Live Chat)

We use ‘iAdvize’ on our website. The chat service is provided by iAdvize SAS, Bat B Le Berlingot, 9 rue Nina Simone, CS 14021, F-44040 NANTES CEDEX 1, France.

You can use the live chat feature on our homepage to contact our customer advisors directly so that we can offer you additional services if required. Our aim is to increase your satisfaction and optimise our website offering. For product-related content on our website, you can open the chat feature via a small window. A connection to our advisors will only be established once you have entered your message and clicked on ‘Send’. Data for the iAdvize service is stored on your computer via “local storage” or cookies. You can control local storage on your computer using the usual settings in your browser for cookie control. Data is only stored on iAdvize servers once you initiate communication with one of our advisors.

Further information can be found in iAdvize's privacy policy or in the Privacy Centre offered by iAdvize.

https://www.iadvize.com/en/iadvize-privacy-policy

https://privacy.iadvize.com/en/

Reference to the use of a security solution against cyber attacks

We use technical and organisational security measures as well as external security service providers to protect our IT systems and web services from unauthorised access, attacks and technical malfunctions. In doing so, system-related data such as IP addresses, time stamps and connection data may be processed. Processing is based on our legitimate interest in IT and network security in accordance with Art. 6(1)(f) GDPR.

Note on data transfer to the USA/third countries

When using Google tools, we transfer your truncated IP address to the United States. The data transfer is based on the EU standard contractual clauses provided by Google.
Furthermore, we cannot rule out the possibility that other service providers (e.g. Webtrekk/Mapp, Google services) may also transfer data to countries outside the EU under certain circumstances. Due to the laws of non-EU countries (e.g. under the Cloud Act in the USA), even if these agreements and regulations are in place, it is still possible that government agencies in particular may access your personal data without us or you being able to prevent, stop or control this. For these reasons, your consent to the use of cookies by the above-mentioned services also includes the purpose of data transfer to countries outside the EU.
Otherwise, we do not transfer your personal data, which you provide to us when using our website, to countries outside the EU or the EEA or to international organisations.