Data Privacy Policy

In the following paragraphs we will inform you about the collection of the personal data while visiting our website. Personal data is defined as any information which refers to you personally, e.g. name, address, email-address, user behavior. We have taken comprehensive technical and operational safety precautions to protect your data against accidental or intentional manipulation, loss, or destruction or against access by unauthorized persons. Our security and protection methods are verified at regular intervals and adjusted to the technological progress.

1 Controller of the processing of personal data

Controller according to Art. 4 paragraph 7 EU-General Data Protection Regulation (GDPR) is the CrossConsense GmbH & Co. KG, contact[at]crossconsense.de (compare our imprint).

2 How to contact our data processing controller

You can contact our responsible data protection controller via email at data-security[at]crossconsense.com or via our postal address with the addition “Data Processing Controller”.

3 Your rights

You have the following rights with regards to the processing of your personal data:

3.1 General rights

You have the right to obtain information about your data we have saved as well as a right to correction, deletion of this data, limitation of the processing, objecting to the processing and to data portability. To the extent that the use of your personal data is based on your consent you can revoke such consent with effect for the future.

3.2 Your rights with regards to your legitimate interests

According to Art. 21 paragraph 1 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 paragraph 1e GDPR (processing is necessary for the performance of a task carried out in the public interest) or point Art. 6 paragraph 1f GDPR (processing is necessary for the purposes of the legitimate interests) including profiling based on those provisions. In case of your objection we will not process your personal data unless we can provide compelling and legitimate reasons for processing which outweigh your interests, rights and freedoms or if the processing of personal data is necessary for us for the establishment, exercise or defence of legal claims.

3.3 Your rights with regards to direct marketing

If we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning such marketing, which includes profiling to the extent that it is related to such direct marketing, according to Art. 21 paragraph 2 GDPR.
In the event of your opposition to processing for the purpose of direct mail, we will no longer process your personal data for these purposes.

3.4 Your rights to an appeal to a supervisory authority

You also have the right to object directly to the responsible data protection authorities against our processing of your personal data.

4 Collection of personal data while visiting our website

If you only visit our website for information purposes, i.e. if you do not register or send us any data via our website we only process those data that your browser sends to our server. If you visit our website, we collect the following data that are technically necessary for us to display our website and to ensure stability and security. Legal basis for this is Art. 6 paragraph 1 f GDPR:
IP address, date and time of your inquiry, requested file (which individual pages you visited), access-method/ HTTP-statuscodes, volume of data transmitted, origin-website for the request, browser, operating system and language and version of the browser-software.

5 Contacting us via email or contact form

If you contact us via email or one of our contact forms we store the data you provide us (your email-address, your name and if necessary your company and telephone number) to be able to answer your inquiry. As far a we collect data through our forms that are not necessary for us to contact you, we mark them as optional. Such information shall serve to supplement requirements and help us to better perform the service you have requested. Notifications of this information is entirely given on a voluntary basis and with your consent, Art. 6 paragraph 1 a GDPR. As far as the provided information includes means of communication (such as email-address, phone-number) you also agree that we get in contact with you via the provided communication-channel to answer your enquiry. Of course, you can revoke your consent at any time with effect for the future.
We will delete all data relating to that enquiry if a storage is no longer necessary or we limit the processing if there are statutory retention obligations.

6 Newsletter

6.1 General information

With your consent in the terms of Art. 6 paragraph 1 a GDPR you can subscribe to our newsletter. The newsletter provides you periodically with information about our services and our offers. For registering to our newsletter, we are using the so-called double-opt-in process. That means that we send you an email to the provided email-address in which we ask you to confirm the subscription to our newsletter. If you do not confirm the subscription by clicking the link provided in the email within 24 hours, the given information is blocked and automatically deleted after one month.
When subscribing to our newsletter, we will store your IP address as well as the date and time you subscribed. The purpose of this proceeding is to verify your subscription and to investigate a possible unauthorized use of your personal data. After confirming your subscription, we store your personal data for purposes of sending you our newsletter. Legal basis is Art. 6 paragraph 1a GDPR.
You may cancel your subscription to the newsletter at any time. You can revoke your subscription by following the link in the footer of the newsletter or by contacting our data processing controller named above.

6.2 Newsletter-Tracking

Please note, that we track your user behavior when sending our newsletter. To be able to do this our newsletter-emails include so-called web-beacons or tracking pixels, that are stored on our website. For the tracking we link the data and the web-beacons with your email-address and your ID. The links provided in the newsletter also include this ID. With the data obtained we create a user profile to better fit the newsletter to your individual interest. In doing so we capture which link you select when you are reading our newsletter and can then conclude on your personal interests. You can refuse the tracking by selecting the link which is given in each newsletter-email. After you have unsubscribed from our newsletter we store your data only statistically and anonymously.
Such tracking is also not possible if you deactivate the display of pictures in your email-application by default. In this case our newsletter is not displayed completely, and you cannot use all functions. If you allow your email-application manually to display the pictures the tracking described above is performed.

6.3 Newsletter by MailChimp

We use MailChimp to send our newsletter to our subscribers. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Ste 404 Atlanta, GA 30318.
When you registered for our newsletter your provided data is sent to MailChimp and stored there. The data is not given to any Third Party. After your subscription to our newsletter you will receive an email from us via MailChimp to verify your subscription (double-opt-in process).
MailChimp offers numerous options to analyze how the newsletter is opened and used. These analyses are group-related and are not used by us for an individual analysis.
Further information about Mail Chimp and the data protection offered by MailChimp can be found at: http://mailchimp.com/legal/privacy/

7 Job applications

You can apply for a job in our company via email. We electronically collect and process your application data for the purpose of completing the application process and we will not give your data to a Third Party. Please be aware that non-encrypted emails cannot be transferred in a secure way.
If you applied for a specific job and this is already occupied or when we think that you may suit better for another job within our company, we will forward your application internally. Please tell us in advance if you do not want us to forward your application in our company.
Your personal data is deleted after the completion of the application process (after 6 months as a maximum) if you have not given your explicit consent that the data might be kept longer or if your application results in the conclusion of an employment contract. Legal basis is Art. 6 paragraph 1 a, b and f GDPR as well as § 26 BDSG (Bundesdatenschutzgesetz).

8 Use of cookies:

Our website makes use of so-called cookies in order to recognize repeat use of our website by the same user/internet connection subscriber. Cookies are small text files that your internet browser downloads and stores on your computer. Cookies can not execute programs and cannot send a virus to your computer. They are used to improve our website and services.
To an extent, however, these cookies also pass along information used to automatically recognize you. Recognition occurs through an IP address saved to the cookies. The information thereby obtained is used to improve our services and to expedite your access to the website.
Our website is using the following cookies. In the following, the functionality and extent of these cookies is described.

8.1 Transient Cookies

A transient cookie, sometimes called a session cookie (or session ID), is a small file that contains information about a user that disappears when the user’s browser is closed. A transient cookie is not stored on your hard drive but is only stored in temporary memory that is erased when the browser is closed.

8.2 Persistent Cookies

Persistent cookie, also called a permanent cookie, or a stored cookie, is a cookie that is stored on a user’s hard drive until it expires (persistent cookies are set with expiration dates) or until you delete the cookie in the security settings of your browser.

8.3 Flash Cookies

Flash cookies used are not detected by your browser but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not want the processing of Flash Cookies, you will need to install a corresponding add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox (https://addons.mozilla.org/en-US/firefox/addon/clear-flash-cookies/) or Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. In addition, we recommend that you regularly delete your cookies and delete the browser history manually.

8.4 Prevention of Cookies

You can configure your browser according to your needs and e.g. refuse Third-Party-Cookies or all cookies. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.

8.5 Legal basis and duration of storage

The legal basis and the possible processing of personal data and their duration of storage vary and are explained in the following sections.

9 Website analysis

For purposes of analyzing and optimizing our websites, we use various services, which are listed below.
So, we can e.g. analyze how many people visit our site, what information is most in demand, and how people get access to our website. Among other things, we collect data from which website a person comes to visit our website (so-called referrers), which subpages of our website were visited or how often and for which length of stay a subpage was viewed.
This helps us to design and improve our offers in a user-friendly way. The data collected is not intended to personally identify individual users. Anonymous or at most pseudonymous data are collected. The legal basis for this is Art. 6 paragraph 1 f of the GDPR.

10 Use of Google Maps

Our website is using Google Maps for creating interactive maps or route descriptions.
Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about using this website including your IP-address might be sent to Google in the United States. If you visit a page of our website which includes Google Maps, your browser is building up a direct connection to Google’s servers. We do not have any influence on the extent of the data Google is collecting.
According to our information status at least those data are collected by Google:
Date and time of the visit of the website that includes Google Maps, URL of the visited, IP-address and, in case you are using the website as a route planning tool, also the entered starting position.
If you do not agree with this processing of your data, you may choose to deactivate the “Google Maps” service and thereby prevent the transfer of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use “Google Maps” or at least only to a limited extent.
The use of “Google Maps” and the information obtained through “Google Maps” is according to Google’s Terms of Use as well as your rights and options to protect your personal privacy which you can find on Google’s website: https://policies.google.com/?hl=en

11 Google reCAPTCHA

In order to protect input forms on our site, we use the “reCAPTCHA” service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”. By means of this service it can be distinguished whether the corresponding input is of human origin or is created improperly by automated machine processing. To our knowledge, the referrer URL, the IP address, the behaviour of the website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, user input behaviour and mouse movements in the “reCAPTCHA” checkbox are conveyed to “Google.”
Google uses the information obtained, among other things, to digitize books and other printed matter as well as to optimize services such as Google Street View and Google Maps (e.g. house number and street name recognition).
The IP address provided as part of “reCAPTCHA” is not merged with other data from Google unless you are logged into your Google Account at the time the “reCAPTCHA” plug-in is used. If you want to prevent this transmission and storage of data by “Google” about you and your behaviour on our website, you must log out of “Google” before you visit our site or before using the reCAPTCHA plug-in.
The use of the “reCAPTCHA” service is according to the Google Terms of Use: http://www.google.de/intl/en/privacy oder https://www.google.com/intl/en/policies/privacy/

12 Vimeo

We use Vimeo components on our site. Vimeo is a service of Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Whenever you visit our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding display of the Vimeo component. When you visit our site and are at the same time logged into Vimeo, Vimeo recognizes by means of the information collected by the component, which specific page you are visiting and assigns this information to your personal account at Vimeo. If, for example, you click on the “Play” button or make comments, this information will be conveyed to your personal user account at Vimeo and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. This is done regardless of whether you click on the component/comment or not.
If you want to prevent this transmission and storage of data by Vimeo about you and your behaviour on our website, you must log out of Vimeo before you visit our site. Vimeo’s Privacy Policy provides more detailed information concerning this, in particular regarding the collection and use of data by Vimeo: https://vimeo.com/privacy.

13 Data transfer

A transfer of your data to third parties will not take place, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the disclosure of your data.
External service providers and partner companies will only receive your data if this is necessary for processing your order. In these cases, however, the amount of data transmitted is limited to the minimum required.
As far as our service providers get into contact with your personal data, we ensure in the context of order processing according to Art. 28 GDPR, that those service providers with the provisions of data protection laws in the same way.
Please also note the respective privacy policy of the provider. The respective service provider is responsible for the content of third-party services, whereby we check the reasonableness of the services for compliance with legal requirements.
We attach great importance to processing your data within the EU / EEA. However, it may happen that we use service providers that process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection is provided to the recipient prior to the transmission of your personal data. This means that through EU standard contracts or an adequacy decision, such as the EU Privacy Shield, a level of data protection comparable to the standards within the EU is achieved.

14 Data security

We have taken comprehensive technical and operational safety precautions to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

May 2018