Data Protection

Introduction

With the following privacy policy, we would like to inform you about the types of personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our web pages, in mobile applications and within external online sites, such as our social media profiles (collectively referred to as "online offer").

As of: August 15, 2019

Contents

Person Responsible

Andreas Niegsch | CROSSROADS MANAGEMENT
Wulreiching 1
94571 Schaufling

Authorized persons: Andreas Niegsch

E-mail address: interim@crossroads.management

Imprint: https://crossroads.management/impressum/

Processing overview

The following summary summarizes the types of data processed and the purposes of their processing as well as referring to the individuals concerned.

Types of processed data

  • Inventory data (e.g., names, addresses)

  • Content data (e.g., text input, photographs, videos)

  • Contact information (e.g., e-mail, phone numbers)

  • Meta / communication data (e.g., device information, IP addresses)

  • Usage data (e.g., websites visited, interest in content, access times)

  • Contract data (e.g., subject matter, term, customer category)

  • Payment data (e.g., bank details, bills, payment history)

Categories of affected persons

  • Business and contractual partners

  • Interested persons

  • Communication partner.

  • Users (e.g., website visitors, online service users)

Processing purposes

  • Providing our online offer and user-friendliness.

  • Office and organisational procedures.

  • Direct marketing (for example by e-mail or post).

  • Interest based and behavioural marketing

  • Contact requests and communication.

  • Profiling (creation of user profiles).

  • Re-marketing.

  • Tracking (e.g., interest(s) / behavioural profiling, use of cookies)

  • Contractual services and service.

  • Management and answering of inquiries.

Relevant legal bases

In the following, we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations may apply in your home or country of residence.

  • Consent (Article 6(1) point (a) of the GDPR) – The data subject has consented to the processing of personal data relating to him for a specific purpose or several specific purposes.

  • Performance of the contract and pre-contractual inquiries (Article 6(1) point (b) of the GDPR) – The processing is necessary for the performance of a contract of which the data subject is a party or for the performance of pre-contractual measures, at the request of the data subject respectively.

  • Legal obligation (Article 6(1) point (c) of the GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.

  • Legitimate interests (Article 6 (1) point (f) of the GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject protecting personal security Data require, outweigh.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Bundesdatenschutzgesetz - BDSG). In particular, the BDSG contains special rules on the right of access, the right of cancellation, the right to object, the processing of special categories of personal data, processing for other purposes and for transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.

Security measures

We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, implementation costs as well as the nature, scope, circumstances and purposes of the processing, the different probabilities of occurrence and the extent of the threat to the rights and freedoms of individuals to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection, through technology design and privacy-friendly default settings.

Shortening of the IP address: When possible for us or if the storage of the IP address is not necessary, we will shorten or have your IP address shortened. In the case of the shortening of the IP address, also referred to as "IP masking", the last octet, ie the last two numbers of an IP address, are deleted (the IP address in this context is an Internet connection through the online access provider individually assigned identifier). With the shortening of the IP address, the identification of a person based on their IP address should be prevented or made much more difficult.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You will recognize such encrypted connections with the prefix https:// in the address bar of your browser.

Use of cookies

"Cookies" are small files that are stored on users' devices. Using cookies, different information can be stored. The indications may be e.g. language settings on a web page, the login status, a shopping cart, or the location where a video was viewed.

Cookies are generally also used when the interests of a user or his behavior (for example, viewing specific content, use of functions, etc.) are stored on individual websites in a user profile. Such profiles serve to provide users with e.g. View content that matches your potential interests. This method is also referred to as "tracking," that is, tracking the potential interests of users. The term "cookies" also includes other technologies that perform the same functions as cookies (for example, when user information is stored using pseudonymous online identifiers, also known as "user IDs").

If we use cookies or "tracking" technologies, we will inform you separately in our privacy policy.

Information about legal bases : On which legal basis we process your personal data with the help of cookies, depends on whether we ask you for a consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the informed consent. Otherwise, the data processed by means of cookies will be processed on the basis of our legitimate interests (for example, in the course of a business operation of our online offer and its improvement) or, if the use of cookies is required, in order to fulfill our contractual obligations.

Withdrawal and opposition (opt-out) : Regardless of whether the processing is based on a consent or legal permission, you have at any time the possibility to revoke a given consent or to object to the processing of your data by cookie technologies (collectively referred to as " Opt-out ").

You may initially declare your disagreement through the settings of your browser, for example by disabling the use of cookies (which may also limit the functionality of our online offer).

An objection to the use of cookies for online marketing purposes can be made through a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/ or generally explained on http://optout.aboutads.info.

Processing of cookie data on the basis of a consent: Before we process or have a third party process data within the scope of the use of cookies, we ask the users for an always revocable consent. Before consent has been given, cookies may be used that are necessary for the operation of our online offer. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.

  • Types of data processed : usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).

  • Affected persons: users (e.g., website visitors, online service users)

  • Legal basis : Consent (Article 6 (1) point (a) of the GDPR), Legitimate interests (Article 6 (1) point (f) of the GDPR).

Commercial and business services

We process data of our contract and business partners, e.g. Customers and prospects (collectively referred to as "contractors") in the context of contractual and comparable legal relationships and related measures and in the context of communication with the contractors (or pre-contractual), for example, to answer inquiries.

We process this data in order to fulfill our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization. Within the scope of the applicable law, we only pass on the data of the contracting parties to third parties insofar as this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the contractual partners (e.g., to participating telecommunications, transport and other auxiliary services as well as subcontractors , Banks, tax and legal advisers, payment service providers or tax authorities). About other forms of processing, e.g. For purposes of marketing, the contracting parties are informed in the context of this privacy policy.

What data is required for the above purposes, we will inform contractors or in the context of data collection, e.g. in online forms, the data will highlighted by special markings (for example colors) or symbols (for example asterisks or the like), or in person.

We delete the data after expiration of legal warranty and comparable obligations, i.e., basically after expiration of 4 years, unless the data are stored in a customer account, e.g., as long as they have to be kept for legal reasons of archiving (e.g. for tax purposes usually 10 years). Data that has been disclosed to us as part of an order by the contractor, we delete according to the specifications of the contract, in principle after the end of the contract.

As long as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Further information on commercial services: We process the data of our customers as well as clients (hereinafter referred to uniformly as "customers") in order to select, purchase or commission the services or works as well as their related activities as well as their payment and delivery To allow execution or provision.

The required information is marked as such within the scope of the order, order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations.

  • Types of data processed : inventory data (e.g., names, addresses), payment data (e.g., bank details, bills, payment history), contact information (e.g., e-mail, telephone numbers), contract data (e.g., subject matter, term, customer category).

  • Affected persons : prospective customers, business and contractual partners.

  • Processing purposes : contractual services and services, contact requests and communications, office and organizational procedures, administration and response to inquiries.

  • Legal basis : fulfillment of the contract and pre-contractual inquiries (Article 6(1) point (b) of the GDPR), legal obligation (Article 6(1) point (c) of the GDPR), legitimate interests (Article 6(1) point (f) of the GDPR).

Contact

When contacting us (for example via contact form, e-mail, telephone or via social media), the details of the requesting persons are processed to the extent necessary to answer the contact requests and any requested action.

Responding to the contact requests in the context of contractual or pre-contractual relationships is to fulfill our contractual obligations or to answer (pre) contractual requests and otherwise on the basis of legitimate interests in answering the requests.

  • Types of data processed : inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text input, photographs, videos).

  • Affected Persons: communication partners.

  • Processing purposes: contact requests and communication.

  • Legal basis : performance of the contract and pre-contractual inquiries (Article 6 (1) point (a) of the GDPR), entitled interests (Article 6 (1) point (f) of the GDPR).

Provision of the online offer and web hosting

To provide our online offer safely and efficiently, we use the services of one or more web hosting providers whose servers (or servers managed by them) can access the online offer. For these purposes, we may use infrastructure and platform services, computing capacity, storage and database services, as well as security and technical maintenance services.

The data processed in the provision of the hosting offer may include all information relating to the use and communication of the users of our online offer. This includes, on a regular basis, the IP address necessary to deliver the content of online content to browsers, and all submissions made within our online offer or web pages.

E-mail delivery and hosting: The web hosting services we use also include the sending, receiving and saving of e-mails. For these purposes the addresses of the recipients as well as sender as well as further information concerning the e-mail dispatch (for example the participating providers) as well as the contents of the respective e-mails are processed. The aforementioned data may also be processed for purposes of SPAM detection. We ask you to note that e-mails on the Internet are generally not encrypted. As a rule, e-mails are encrypted on the transport route, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore take no responsibility for the transmission of emails between the sender and the reception on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The server log files can contain the address and name of the retrieved web pages and files, the date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP address. Addresses and the requesting provider belong.

The server log files can be used for security purposes, for example, to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and second, to ensure the utilization of the servers and their stability.

  • Types of data processed: content data (e.g., text input, photographs, videos), usage data (e.g., visited web pages, interest in content, access times), meta / communication data (e.g., device information, IP addresses).

  • Affected persons: users (e.g., website visitors, online service users)

  • Legal basis: legitimate interests (Article 6(1) point (f) of the GDPR).

Presence in social networks

We maintain online presence within social networks to communicate with or provide information about our users.

We point out that data of the users outside the area of the European Union can be processed. This may result in risks to users because, e.g. the enforcement of user rights could be made more difficult. With respect to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they are committed to respecting EU privacy standards.

Furthermore, the data of the users within social networks is usually processed for market research and advertising purposes. Thus, e.g. Based on the user behavior and the resulting interests of users’ usage profiles are created. The usage profiles may in turn be used to e.g. To place advertisements inside and outside the networks that are allegedly in the interests of users. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities of opting out (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. Device information, IP addresses).

  • Affected persons: users (e.g., website visitors, online service users)

  • Processing purposes: contact requests and communication, tracking (e.g., interest / behavioral profiling, use of cookies), re-marketing.

  • Legal basis: legitimate interests (Article 6(1) point (f) of the GDPR).

Services and service providers used:

Plugins and embedded functions as well as content

We incorporate functionality and content into our online offering sourced from their respective vendors' servers (hereafter referred to as "third party vendors"). These may be, for example, graphics, videos or social media buttons and posts (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We endeavor to use only those content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and the operating system, websites to be referenced, time of visit, and other information regarding the use of our online offer.

Notes on the legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the consent. Otherwise, users' data will be processed based on our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. device information, IP addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos).

  • Affected persons: users (e.g., website visitors, online service users), communication partners.

  • Processing purposes: provision of our online offer and user-friendliness, contractual services and services, contact inquiries and communication, direct marketing (eg by e-mail or post), tracking (eg interest / behavioral profiling, use of cookies), interest-based and behavioral marketing, profiling (creation of user profiles).

  • Legal basis: consent (Article 6(1) point (a) of the GDPR), legitimate interests (Article 6(1) point (f) of the GDPR).

Services and service providers used:

Deletion of data

The data processed by us will be deleted in accordance with legal requirements as soon as their consent for processing is revoked or other authorizations cease to exist (for example, if the purpose of the processing of this data has ceased to apply or if they are not necessary for the purpose).

Unless the data is deleted because it is necessary for other and legitimate purposes, its processing is limited to these purposes. That is, the data is locked and not processed for other purposes. This applies, for example for data that must be retained for commercial or tax law reasons or that is required to be stored in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data may also be provided in the context of the individual data protection notices of this privacy policy.

Modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the Privacy Policy as soon as the changes to the data processing we make require it. We will notify you as soon as the changes require your participation (e.g. consent) or any other individual notification is required.

Rights of the data subjects

As DSPRO interested parties, you are entitled to various rights, in particular from Articles 15 to 18 and 21 DS-GVO:

  • Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you which, on the basis of Article 6(1) points (e) and (f) of the GDPR takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
  • Withdrawal of consent: You have the right to revoke granted consent at any time.
  • Right to information: You have the right to request a confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copying of the data in accordance with legal requirements.
  • Right to correction: You have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you in accordance with the legal requirements.
  • Right to deletion and limitation of processing: You have the right, in accordance with the statutory provisions, to demand that data relating to you be deleted immediately, or, alternatively, to demand a restriction of the processing of the data in accordance with the statutory provisions.
  • Right to Data Portability: You have the right to receive data relating to you that you have provided to us in accordance with legal requirements in a structured, common and machine-readable format or to request their transmission to another person in charge.
  • Complaint to the supervisory authority: You also have the right, in accordance with the legal requirements, to a supervisory authority, in particular in the Member State of your usual place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

Definitions

This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Article 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended above all to aid understanding. The terms are sorted alphabetically.

  • Interest-Based and Behavioral Marketing: interest and/or behavioral marketing is when potential interests of users in ads and other content are defined as accurately as possible. This is done on the basis of information about their pre-behavior (for example, finding and staying with certain websites, buying behavior or interaction with other users), which are stored in a so-called profile. As a rule, cookies are used for these purposes.
  • Personal data: "personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or to one or more special features, are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
  • Profiling: "profiling" refers to any type of automated processing of personal data that involves the use of such personal information to identify certain personal aspects pertaining to a natural person (depending on the nature of the profiling, this includes information relating to that person) Age, gender, location data and movement data, interaction with web pages and their content, shopping behavior, social interactions with other people), to analyze or to predict (e.g., the interests in particular content or products, the click behavior on a web page or the whereabouts). For profiling purposes, cookies and web beacons are often used.
  • Re-marketing: "re-marketing" or "retargeting" is used when e.g. for advertising purposes, it is noted which products a user has been interested in on a web page in order to provide the user on another web page(s) with these products, e.g. in advertisements, so the products are better remembered.
  • Tracking: "tracking" is when the behavior of users across multiple online offers can be traced. As a rule, with regard to the online offers used, behavioral and interest information is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be sent e.g. be used to show users ads that are likely to match their interests.
  • Person responsible: "person responsible" means the natural or legal person, public authority, institution or other body which, alone or together with others, decides on the purposes and means of processing personal data.
  • Processing: "processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term covers a wide range and covers practically every handling of data, be it collection, evaluation, storage, transfer or deletion.

Translation of the legal text created with Datenschutz-Generator.de by Dr. jur. Thomas Schwenke