In the following paragraphs we will inform you about the collection of the personal data while visiting our website. Personal data is defined as any information which refers to you personally, e.g. name, address, email-address, user behavior. We have taken comprehensive technical and operational safety precautions to protect your data against accidental or intentional manipulation, loss, or destruction or against access by unauthorized persons. Our security and protection methods are verified at regular intervals and adjusted to the technological progress.
1 Controller of the processing of personal data
2 How to contact our data processing controller
You can contact our responsible data protection controller via email at data-security[at]crossconsense.com or via our postal address with the addition “Data Processing Controller”.
3 Your rights
You have the following rights with regards to the processing of your personal data:
3.1 General rights
You have the right to obtain information about your data we have saved as well as a right to correction, deletion of this data, limitation of the processing, objecting to the processing and to data portability. To the extent that the use of your personal data is based on your consent you can revoke such consent with effect for the future.
3.2 Your rights with regards to your legitimate interests
According to Art. 21 paragraph 1 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 paragraph 1e GDPR (processing is necessary for the performance of a task carried out in the public interest) or point Art. 6 paragraph 1f GDPR (processing is necessary for the purposes of the legitimate interests) including profiling based on those provisions. In case of your objection we will not process your personal data unless we can provide compelling and legitimate reasons for processing which outweigh your interests, rights and freedoms or if the processing of personal data is necessary for us for the establishment, exercise or defence of legal claims.
3.3 Your rights with regards to direct marketing
If we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning such marketing, which includes profiling to the extent that it is related to such direct marketing, according to Art. 21 paragraph 2 GDPR.
In the event of your opposition to processing for the purpose of direct mail, we will no longer process your personal data for these purposes.
3.4 Your rights to an appeal to a supervisory authority
You also have the right to object directly to the responsible data protection authorities against our processing of your personal data.
4 Collection of personal data while visiting our website
If you only visit our website for information purposes, i.e. if you do not register or send us any data via our website we only process those data that your browser sends to our server. If you visit our website, we collect the following data that are technically necessary for us to display our website and to ensure stability and security. Legal basis for this is Art. 6 paragraph 1 f GDPR:
IP address, date and time of your inquiry, requested file (which individual pages you visited), access-method/ HTTP-statuscodes, volume of data transmitted, origin-website for the request, browser, operating system and language and version of the browser-software.
5 Contacting us via email or contact form
If you contact us via email or one of our contact forms we store the data you provide us (your email-address, your name and if necessary your company and telephone number) to be able to answer your inquiry. As far a we collect data through our forms that are not necessary for us to contact you, we mark them as optional. Such information shall serve to supplement requirements and help us to better perform the service you have requested. Notifications of this information is entirely given on a voluntary basis and with your consent, Art. 6 paragraph 1 a GDPR. As far as the provided information includes means of communication (such as email-address, phone-number) you also agree that we get in contact with you via the provided communication-channel to answer your enquiry. Of course, you can revoke your consent at any time with effect for the future.
We will delete all data relating to that enquiry if a storage is no longer necessary or we limit the processing if there are statutory retention obligations.
6.1 General information
With your consent in the terms of Art. 6 paragraph 1 a GDPR you can subscribe to our newsletter. The newsletter provides you periodically with information about our services and our offers. For registering to our newsletter, we are using the so-called double-opt-in process. That means that we send you an email to the provided email-address in which we ask you to confirm the subscription to our newsletter. If you do not confirm the subscription by clicking the link provided in the email within 24 hours, the given information is blocked and automatically deleted after one month.
When subscribing to our newsletter, we will store your IP address as well as the date and time you subscribed. The purpose of this proceeding is to verify your subscription and to investigate a possible unauthorized use of your personal data. After confirming your subscription, we store your personal data for purposes of sending you our newsletter. Legal basis is Art. 6 paragraph 1a GDPR.
You may cancel your subscription to the newsletter at any time. You can revoke your subscription by following the link in the footer of the newsletter or by contacting our data processing controller named above.
Please note, that we track your user behavior when sending our newsletter. To be able to do this our newsletter-emails include so-called web-beacons or tracking pixels, that are stored on our website. For the tracking we link the data and the web-beacons with your email-address and your ID. The links provided in the newsletter also include this ID. With the data obtained we create a user profile to better fit the newsletter to your individual interest. In doing so we capture which link you select when you are reading our newsletter and can then conclude on your personal interests. You can refuse the tracking by selecting the link which is given in each newsletter-email. After you have unsubscribed from our newsletter we store your data only statistically and anonymously.
Such tracking is also not possible if you deactivate the display of pictures in your email-application by default. In this case our newsletter is not displayed completely, and you cannot use all functions. If you allow your email-application manually to display the pictures the tracking described above is performed.
6.3 Newsletter by MailChimp
We use MailChimp to send our newsletter to our subscribers. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Ste 404 Atlanta, GA 30318.
When you registered for our newsletter your provided data is sent to MailChimp and stored there. The data is not given to any Third Party. After your subscription to our newsletter you will receive an email from us via MailChimp to verify your subscription (double-opt-in process).
MailChimp offers numerous options to analyze how the newsletter is opened and used. These analyses are group-related and are not used by us for an individual analysis.
Further information about Mail Chimp and the data protection offered by MailChimp can be found at: http://mailchimp.com/legal/privacy/
7 Job applications
You can apply for a job in our company via email. We electronically collect and process your application data for the purpose of completing the application process and we will not give your data to a Third Party. Please be aware that non-encrypted emails cannot be transferred in a secure way.
If you applied for a specific job and this is already occupied or when we think that you may suit better for another job within our company, we will forward your application internally. Please tell us in advance if you do not want us to forward your application in our company.
Your personal data is deleted after the completion of the application process (after 6 months as a maximum) if you have not given your explicit consent that the data might be kept longer or if your application results in the conclusion of an employment contract. Legal basis is Art. 6 paragraph 1 a, b and f GDPR as well as § 26 BDSG (Bundesdatenschutzgesetz).
8 User Reviews and Comments in the CrossConsense Forum
Customers of CrossConsense have the opportunity to register for our forum and create a user account. For the registration we collect and store the following data:
– First name
– User name
– temporary password (will be changed by you in the registration process)
In order to be registered for the forum it is mandatory to provide the aforementioned data.
We use the so-called double-opt-in procedure for registration. Your registration is not complete until you have confirmed your registration by clicking on the link contained in the confirmation email sent to you for this purpose (the subject of the email is: CrossConsense Password Reset and by clicking on the link you will be linked to a page where you can reset your password for the forum). If your confirmation is not received within 7 days, your registration will be automatically deleted from our database.
After registration by setting a new password, you will receive a personal, password-protected access and can view and manage the data you have stored. Registration is voluntary but may be required to use our services.
If you use our portal, we store the data you provide for the time of your use of the portal, unless you delete them before. All information can be managed and changed in the protected user area. The legal basis is Article 6 Para. (1) (a), (b) and (f) GDPR. Our legitimate interest lies in any legal defense we may have to mount.
Our website makes use of so-called cookies in order to recognize repeat use of our website by the same user/internet connection subscriber. Cookies are small text files that your internet browser downloads and stores on your computer. Cookies can not execute programs and cannot send a virus to your computer. They are used to improve our website and services.
To an extent, however, these cookies also pass along information used to automatically recognize you. Recognition occurs through an IP address saved to the cookies. The information thereby obtained is used to improve our services and to expedite your access to the website.
Our website is using the following cookies. In the following, the functionality and extent of these cookies is described.
9.1 Transient Cookies
A transient cookie, sometimes called a session cookie (or session ID), is a small file that contains information about a user that disappears when the user’s browser is closed. A transient cookie is not stored on your hard drive but is only stored in temporary memory that is erased when the browser is closed.
9.2 Persistent Cookies
Persistent cookie, also called a permanent cookie, or a stored cookie, is a cookie that is stored on a user’s hard drive until it expires (persistent cookies are set with expiration dates) or until you delete the cookie in the security settings of your browser.
9.3 Flash Cookies
Flash cookies used are not detected by your browser but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not want the processing of Flash Cookies, you will need to install a corresponding add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox (https://addons.mozilla.org/en-US/firefox/addon/clear-flash-cookies/) or Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. In addition, we recommend that you regularly delete your cookies and delete the browser history manually.
9.4 Prevention of Cookies
You can configure your browser according to your needs and e.g. refuse Third-Party-Cookies or all cookies. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.
9.5 Legal basis and duration of storage
The legal basis and the possible processing of personal data and their duration of storage vary and are explained in the following sections.
10 Website analysis
For purposes of analyzing and optimizing our websites, we use various services, which are listed below.
So, we can e.g. analyze how many people visit our site, what information is most in demand, and how people get access to our website. Among other things, we collect data from which website a person comes to visit our website (so-called referrers), which subpages of our website were visited or how often and for which length of stay a subpage was viewed.
This helps us to design and improve our offers in a user-friendly way. The data collected is not intended to personally identify individual users. Anonymous or at most pseudonymous data are collected. The legal basis for this is Art. 6 paragraph 1 f of the GDPR.
11 Use of Google Maps
Our website is using Google Maps for creating interactive maps or route descriptions.
Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about using this website including your IP-address might be sent to Google in the United States. If you visit a page of our website which includes Google Maps, your browser is building up a direct connection to Google’s servers. We do not have any influence on the extent of the data Google is collecting.
According to our information status at least those data are collected by Google:
Date and time of the visit of the website that includes Google Maps, URL of the visited, IP-address and, in case you are using the website as a route planning tool, also the entered starting position.
If you do not agree with this processing of your data, you may choose to deactivate the “Google Maps” service and thereby prevent the transfer of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use “Google Maps” or at least only to a limited extent.
12 Google reCAPTCHA
In order to protect input forms on our site, we use the “reCAPTCHA” service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”. By means of this service it can be distinguished whether the corresponding input is of human origin or is created improperly by automated machine processing. To our knowledge, the referrer URL, the IP address, the behaviour of the website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, user input behaviour and mouse movements in the “reCAPTCHA” checkbox are conveyed to “Google.”
Google uses the information obtained, among other things, to digitize books and other printed matter as well as to optimize services such as Google Street View and Google Maps (e.g. house number and street name recognition).
The IP address provided as part of “reCAPTCHA” is not merged with other data from Google unless you are logged into your Google Account at the time the “reCAPTCHA” plug-in is used. If you want to prevent this transmission and storage of data by “Google” about you and your behaviour on our website, you must log out of “Google” before you visit our site or before using the reCAPTCHA plug-in.
We use Vimeo to display videos on our website. This is a service of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, hereinafter referred to as “Vimeo.”
Some of the user data is processed on Vimeo servers in the USA. Through certification according to the EU-US Privacy Shield
Vimeo guarantees that it will follow the EU’s data protection regulations when processing data in the United States.
The legal basis for collecting and processing this information is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.
When you access a page on our website that has Vimeo embedded in it, a connection to Vimeo’s servers in the USA is established. For technical reasons, it is necessary for Vimeo to process your IP address. In addition, the date and time of your visit to our website will also be recorded.
If you are logged into Vimeo while visiting one of our webpages containing a Vimeo video, Vimeo will associate information about your interaction with our site to your Vimeo account. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your Vimeo user account accordingly.
For the purpose of functionality and usage analysis, Vimeo uses Google Analytics. Google Analytics stores cookies on your terminal device via your browser and transmits information about the use of those websites in which a Vimeo video is embedded to Google. It is possible that Google will process this information in the USA.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
The legal basis for collecting and processing this information is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website and in Vimeo’s legitimate interest in statistically analyzing user behavior for optimization and marketing purposes.
Vimeo offers further information about its data collection and processing as well your rights and your options for protecting your privacy at this link:
14 Data transfer
A transfer of your data to third parties will not take place, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the disclosure of your data.
External service providers and partner companies will only receive your data if this is necessary for processing your order. In these cases, however, the amount of data transmitted is limited to the minimum required.
As far as our service providers get into contact with your personal data, we ensure in the context of order processing according to Art. 28 GDPR, that those service providers with the provisions of data protection laws in the same way.
We attach great importance to processing your data within the EU / EEA. However, it may happen that we use service providers that process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection is provided to the recipient prior to the transmission of your personal data. This means that through EU standard contracts or an adequacy decision, such as the EU Privacy Shield, a level of data protection comparable to the standards within the EU is achieved.
15 Data security
We have taken comprehensive technical and operational safety precautions to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.