The hotel brands GHOTEL hotel & living and nestor are part of the portfolio of The Chocolate on the Pillow Group.
Data protection is of particular importance to the management of The Chocolate on the Pillow Group. In the following Privacy Policy, we inform you about how your personal data will be handled when you use our website. Personal data refers to any data with which you could be personally identified.
The Chocolate on the Pillow Group GmbH
Peter-Huppertz-Str. 5
51063 Köln
Deutschland
Telefon: +49 228 – 9558680
E-Mail: info@cotp.group
Web: www.cotp.group
The data protection officer can be contacted at: datenschutz@ghotel.de
Below you will find information on your rights as a data subject. You can exercise these rights at any time and contact us directly for this purpose. If you demand these rights from us, we will examine them in detail, taking into account the related legal requirements and provisions. We may ask you for further information. We will explain in detail the results of our audit and our procedure for fulfilling your request. It is possible that we may not be able to fully meet your wishes in the manner you request. This should not prevent you from claiming your rights from us or asking us about them. We will be happy to answer all your questions about data protection.
a) Right to information (Article 15 GDPR)
You have the right to request information from us at any time as to whether and which of your personal data is processed by us. This also includes information on the purposes of processing, if applicable on recipients to whom we have disclosed data about you, the planned storage period and, if applicable, information on the origin of this data, unless we have collected this data directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us.
b) Right to rectification (Article 16 GDPR)
You have the right to request us to correct any inaccurate information we hold about you. This also includes the right to complete incomplete personal data.
c) Right to erasure (Article 17 GDPR)
You have the right to request us to erase any inaccurate information we hold about you. If we have published data about you, this also includes our obligation, within the framework of the “right to be forgotten” pursuant to Art. 17 (2) GDPR, taking into consideration the available technology and the implementation costs of your erasure request to forward all links to this data as well as copies or replications of these data concerning to further persons responsible for the processing of these published personal data.
d) Right to restriction of processing (Article 18 GDPR)
You have the right to request us to restrict the processing of data which we have stored concerning you. Thereafter, processing of this data is only possible with your consent or for a few, legally defined purposes.
e) The right to object to processing (Article 21 GDPR)
Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is not necessary in particular for the performance of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have been doing. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue processing the data.
You may of course object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising objection using the contact channels listed above.
f) Right to revoke consent under data protection law (Article 7 GDPR)
If you have provided your consent to the processing of your data, you may revoke this consent at any time pursuant to Article 7 (3) GDPR. If you exercise this right, it will affect our ability to process your personal data for which you have given your consent to us.
g) Right to data portability (Article 20 GDPR)
You have the right to receive information about yourself that you have provided to us from us in a structured, commonly used and machine-readable format for the purpose of transfer to another controller. At your request and taking into account the available technical possibilities, this also includes the direct transfer from us to the other controller.
h) Right to lodge a complaint with a supervisory authority (Article 13 GDPR)
You have the right to complain at any time to a data protection supervisory authority about our processing of your personal data. The responsible supervisory authority can be contacted at:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia), Postfach 20 04 44, 40102 Düsseldorf, Germany
i) Automated decision-making including profiling (Article 22 GDPR)
You have the right to request information about the existence of automated decision-making processes, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the software involved, as well as the significance and envisaged consequences of such processing for the data subject.
(1) Insofar as we obtain the data subject’s consent for the processing of personal data, this takes place on the legal basis of Article 6 (1) a) of the EU General Data Protection Regulation (GDPR).
(2) In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) b) GDPR serves as the legal basis. This also applies to processing necessary to implement pre-contractual measures.
(3) Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) c) GDPR serves as the legal basis.
(4) In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) d) GDPR applies as the legal basis.
(5) If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f) GDPR serves as the legal basis for processing.
(1) Below we provide information on the collection of personal data when using our website. Personal data is all data personally attributable to you, e.g. name, address, email addresses, user behavior.
(2) When you contact us via email or via a contact form, the data you provide (your email address, and if applicable your name and your telephone number) will be stored by us in order to answer your questions. We will delete the data collected within this context as soon as processing is no longer necessary, or alternatively, if any obligation of statutory retention exists, processing will be limited.
(3) If we employ contracted service providers for individual functions of our offer, or would like to use your data for advertising purposes, we will inform you in detail about the respective processes. We will also specify the defined criteria for the storage period.
a) Personal data collection when visiting our website
If you use the website for simple information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (the legal basis for this is Article 6 (1) f) GDPR):
- IP address
- Host name
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Request status/HTTP status code
- Respective volume of data transferred
- Website from which the request comes (referrer)
- The specific pages you have visited on our website
- Browser: Type, version and set language
- Operating system: Type and version
- If JavaScript is also activated:
- Display resolution
- Color depth
- Size of the browser window
- Installed browser plugins
(1) Your personal data will be deleted or blocked as soon as the purpose for its storage no longer applies.
(2) In addition, the data may be stored if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the data controller is subject.
(3) Data will also be blocked or erased if a storage period prescribed by the aforementioned regulations has elapsed, unless further storage of the data is necessary for the conclusion or fulfilment of a contract.
(1) You provide us with personal data within the framework of the application. It is particularly important to us to handle your personal data in a trustworthy manner from the application process onwards. Therefore, it goes without saying that all the personal information with which you entrust us is handled as strictly confidential and in a responsible manner in compliance with all the valid statutory data protection provisions. In connection with this, we use technical and organizational security measures to protect your personal data against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.
The legal basis for the processing of personal data with which you provide us within the framework of your application in principle constitutes the implementation of pre-contractual measures initiated by your application pursuant to Article 6 (1) b) GDPR. Insofar as you the data you transmit for the purposes of the application also contains particularly sensitive data belonging to a special category pursuant to Article 9 (1) GDPR, the processing of such data by us takes place on the legal basis of your consent pursuant to Article 6 (1) a), which we are required to obtain from you, as set out in more detail in (3).
(2) If you wish to apply for a job or a training position online, this requires you to enter certain personal data marked with mandatory fields on the respective online application form, e.g. your first names and surnames, email address and telephone number. In order to allow us to gain a better understanding of your application goals, you also have the option of providing us with more data and files on a voluntary basis, e.g. details of your professional qualifications and experience and files containing your application documents, such as your personal covering letter, your CV, your application photo, your certificates etc.
Please note that CVs, certificates or additional data transmitted by you for the purposes of the application, in party to a contract, may also contain particularly sensitive data, such as information concerning race or ethnic origin, political beliefs, religious or philosophical beliefs, membership of trade unions or political parties, physical or mental health or sex life. We therefore recommend, where possible, that you do not provide any information relating to such sensitive data belonging to a special category.
(3) It also cannot be excluded, and in some cases may also be necessary, for you to provide us with data belonging to a special category, as set out in (2), within the framework of your application. We are prohibited by law from processing such data without your consent. For this reason, you may only send your application to us via the online form after you have selected the appropriate check box on the online form. Unfortunately, it is not possible for you to transmit your documents without providing your consent here.
(4) The data and files you transmit are exclusively used for purposes which are connected to the recording and processing of your interest in employment or training with us and the processing of your online application, including contact with you which is necessary for this purpose. Your application will be handled confidentially and only disclosed to authorized employees of The Chocolate on the Pillow Group. If your application is successful, the data and files you have transmitted may be further used within the framework of the employment relationship with you. If your application for a job vacancy is unsuccessful, we store the data and files you have transmitted in our applicant database for 6 months in order to be able to respond to any queries in connection with your application. On expiry of this period, the data and files will be automatically erased.
(5) The data and files you have transmitted within the framework of the online application will not be passed on to third parties unless you have provided your express consent to this or an official order applies.
(6) You have the option of withdrawing your application in part or in full at any time. Also, you can at any time request that all or some of your transmitted data and files are deleted or modified in our applicant database. You also have the right to revoke your consent to the processing of personal data and files transmitted by you within the framework of the online application at any time with future effect. For this purpose, it is sufficient to send an email to datenschutz@ghotel.de. However, certain data on your application must be stored for a limited period of 3 months to comply with legal requirements, especially the obligation to provide evidence from the General Equal Treatment Act (AGG). With regard to your fundamental rights, we would like to make reference to Section 1 of this Privacy Policy here.
Cookies are small files which are allocated and stored on your hard disk in association with the browser you are using and through which the site which sets the cookie transmits certain information. Cookies cannot run programs or transfer viruses to your computer. They serve to make our website more user-friendly and effective overall.
The storage of cookies which are not technically necessary or the use of comparable technical functions takes place on the legal basis of consent pursuant to Article 6 (1) a) GDPR in connection with Section 25 (1) Teleservices Data Protection Act.
The storage of technically necessary cookies takes place on the legal basis of Article 6 (1) f) GDPR in connection with Section 25 (2) Teleservices Data Protection Act.
Technically essential cookies
| Cookie name | Provider | Purpose | Duration |
| __cf_bm | Monotype | This cookie is used to distinguish between humans and bots. This is beneficial for the website for creating valid reports about the website use. | 1 day |
| _GRECAPTCHA | This cookie is used to distinguish between humans and bots. This is beneficial for the website for creating valid reports about the website use. | 179 days | |
| CookieConsent [x3] | Cookiebot | Saves the user’s consent status for cookies to the current domain. | 1 year |
| rc::a | This cookie is used to distinguish between humans and bots. This is beneficial for the website for creating valid reports about the website use. | Persistent | |
| rc::b | This cookie is used to distinguish between humans and bots. | Session | |
| rc::c | This cookie is used to distinguish between humans and bots. | Session | |
| Test_cookie | Doubleclick.net | Checks whether the browser supports cookies. | 1 day |
| wc_cart_hash_# | www.ghotel.de | Pending | Persistent |
| wc_fragments_# | www.ghotel.de | Pending | Session |
| wp_woocommerce_session_# | www.ghotel.de | Pending | 1 day |
Preferences
| Cookie name | Provider | Purpose | Duration |
| CookieConsentBulkSetting-# | Cookiebot | Activates consent to cookie use for multiple websites. | Persistent |
| pll_language | www.ghotel.de | Enables cookies via multiple websites. | Persistent |
| pll_language | www.ghotel.de | Sets the user’s preferred language. Enables the website to define the user’s preferred language when they revisit the site. | 1 year |
Statistics
| Cookie name | Provider | Purpose | Duration |
| _ga | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 years | |
| _gat | Used by Google Analytics to reduce the query rate. | 1 day | |
| _gid | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 1 day |
Marketing
| Cookie name | Provider | Purpose | Duration |
| _fbp | Meta Platforms, Inc. | Used by Facebook to display a range of advertising products, e.g. real-time bidding by third-party advertisers. | 3 months |
| _gcl_au | Used by Google AdSense to experiment with advertising efficiency on websites which use its services. | 3 months | |
| fr | Facebook.com | Used by Facebook to deliver a series of advertising products such as real-time bidding from third party advertisers. | 3 months |
| IDE | Used by Google DoubleClick to register and report the user’s actions on the website after viewing or clicking on any of the provider’s ads for the purpose of measuring the effectiveness of an advertisement and displaying targeted advertising to the user. | 1 year | |
| pagead/1p-user-list/# | Used to track whether the visitor has shown interest in certain products or events on multiple websites and how the visitor navigates between the websites. This is used to measure advertising expenditure and simplifies the payment of recommendation fees between websites. | Session | |
| pagead/landing | Doubleclick.net | Collects data on visitor behavior from multiple websites in order to provide more relevant advertising.
This also enables to website to limit the number of access instances to the same ad. |
Session |
| pagead/landing | Collects data on visitor behavior on multiple websites in order to present more relevant adverts. This also enables the website to limit the number of times the same advert is displayed. | Session | |
| tr | Meta Platforms, Inc. | Used by Facebook to display a range of advertising products, e.g. real-time bidding by third-party advertisers. | Session |
Unclassified
| Cookie name | Provider | Purpose | Duration |
| QQqfCJWN2rEBEO-fo9IC,undefined | www.ghotel.de | Unclassified | Persistent |
| QQqfCJWN2rEBEO-fo9IC,undefined_expiresAt | www.ghotel.de | Unclassified | Persistent |
(1) In addition to the purely informative use of our website, we offer various services that you can use if you are interested. For this purpose, you must provide further personal data, which we will use to provide the respective service and to which the aforementioned data processing principles apply.
(2) When you contact the service provider by email, your address and, if you specify this, your name, your telephone number and […] will be stored by us in order to answer your questions.
(3) In some cases, we use external service providers to process your data. They have been carefully selected and commissioned by us, and they are bound by our instructions and checked regularly.
(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
a) Contact form
(1) Personal data is collected when contacting us (e.g. via the contact form or email). We make it clear which data is being collected on the respective contact form.
(2) This data is stored and used exclusively for the purpose of answering your request or for contacting you and the corresponding technical administration service.
(3) The legal basis for the data processing is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 (1) b) GDPR.
(4) Your data will be deleted after your request has been processed. This is the case if it is clear from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
b) Registration and booking
On our website, we offer users the opportunity to register, during which you will be asked to provide personal information, in connection with online booking. This data is entered into an input screen and transmitted to us. The data is processed and stored by our service provider Quality Reservations Deutschland GmbH and their partner SHS Sabre Hospitality. The company provides contractually confirmed guarantees that appropriate technical and organizational measures are carried out in such a way that the processing is carried out in accordance with the GDPR and ensures the protection of the rights of the data subject. This data shall not be passed on to third parties.
The following data is collected during the registration process:
Mandatory information:
- Title
- First name
- Surname
- Email address
- Password
- Security question/answer
- Telephone number for questions
Optional fields:
- Company
- Country
- Billing address
- City
- Zip code
- State/Province
The following data will be stored at the point in time of registration:
Legal basis for data processing
The registration serves the fulfilment of a contract to which the data subject is the user or for implementation of pre-contractual measures. The legal basis for the data processing is Article 6 (1) b) GDPR.
Purpose of data processing
User registration is required for the provision of certain content and services on our website or the performance of a contract.
The user has the option of creating a customer account before or during a booking. Creating a customer account makes the booking process easier for the user in the event they make another booking in the future as the booking screen is pre-populated with the data they have saved after they log in. Users also have the option of viewing their current bookings by logging in with their email and password.
When making an online booking, users are required to enter their email address, title, form of address, first name, surname and telephone number. The processing and storage of the data is necessary for processing the booking, including for clarifying any questions about the booking.
Storage period
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case for data collected during the registration process for fulfilment of a contract or implementation of pre-contractual measures, if the data is no longer necessary for fulfilment of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
Revocation and erasure
You may cancel the registration or have the data concerning you that is stored amended at any time. Please send us an email to datenschutz@ghotel.de. If the data is required to fulfil or establish a contractual relationship with you, premature erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.
Beyond the online booking with our abovementioned service provider Quality Reservations and the partner SHS Sabre Hospitality, there is also the option of online booking for our franchised partner hotels via their websites.
(1) The legal basis for the use of local web analysis tools is Article 6 (1) f) of the GDPR, i.e. the protection of our legitimate interests in consideration of the interests of our website visitors. We are interested in analyzing the use of our website by our website visitors in order to improve our service and make it more interesting for you as a user. If the analysis tool which is used also serves other purposes or we use it for other interests of ours, we will inform you directly in the explanations for the respective analysis tool.
(2) The legal basis for the use of third-party providers for the implementation of web analysis takes place on the basis of Article 6 (1) a).
a) Google Maps
(1) On this website we use the services of Google Maps to show you interactive maps directly in the website and to enable you to use the map function in a convenient manner. The legal basis for the use of the plug-in is Article 6 (1) a) GDPR. Consent is provided via your selection in the cookie banner.
(2) When you visit this website, Google is notified that you have accessed the corresponding sub-page of our website. This takes place regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be associated with your Google profile, you must log out before clicking the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or requirements-oriented design of its website. This type of evaluation is carried out (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
(3) For more information about the purpose and scope of data collection and their processing by the plug-in provider, please refer to the provider’s privacy policies. You will also find further information there on your rights and settings options for protecting your privacy: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; http://www.google.de/intl/de/policies/privacy.
b) YouTube
(1) We have included YouTube videos in our online service, which are stored on http://www.youtube.com and are playable directly from our website.
(2) The legal basis for the use of the plug-in is your consent according to Article 6 (1) a) GDPR. Consent is provided via your selection in the cookie banner.
(3) When you visit this website, YouTube is notified that you have accessed the corresponding sub-page of our website. This takes place regardless of whether YouTube provides a user account via which you are logged in or no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be associated with your profile when using YouTube, you must first log out before clicking the play button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. This type of evaluation is carried out (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube if you wish to exercise this right.
(4) For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy.
(5) There you will also find further information about your rights and setting options to protect your privacy: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy
a) Chatbot from Dialogshift
Our website uses the chat application of DialogShift GmbH, Rheinsberger Str. 76/77, 10115 Berlin. This application processes and stores data for the purpose of web analysis, to operate the chat application and to answer queries.
When using the chat function, cookies are set and the chat history is saved. More information about cookies can be found in the cookie banner.
The possible disclosure of, for example, name, e-mail address or a telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of contacting you until the end of the contact. This personal data is deleted after 90 days.
The legal basis for data processing is based on your consent in accordance with Art. 6 Para. 1 lit. a DSGVO.
We have concluded an order processing contract with the service provider in accordance with Art. 28 DSGVO.
A transfer of your data to a third country cannot be excluded.
Last updated: 14.04.2023
b) Cooperation with StepStone Germany
In the context of a cooperation with StepStone Deutschland GmbH, we transmit your personal data to this cooperation partner. The job exchange available on our site under the “Career” item is provided and operated by StepStone Deutschland GmbH. Therefore, when you access the “Careers” page, a direct connection is established between your device and StepStone Deutschland GmbH and your IP address is transmitted there. The legal basis for the transmission of your data is your consent in accordance with Art. 6 Para. 1 lit. a). You can find the data processing that takes place there and further information in this regard in the data protection declaration of StepStone Deutschland GmbH at Hotelcareer Datenschutzerklaerung. The data protection declaration is also linked directly from this website www.ghotel.de.
Status: 04.01.2023
c) Cooperation with Brevo (former Sendinblue)
Our website uses the mailing tool of the appointed processor Brevo, former Sendinblue GmbH, (Köpenicker Straße 126, 10179 Berlin). The processor offers a service that organises and analyses the newsletter dispatch. Among other things, this can be used to analyse how many recipients have opened the newsletter and how often which link in the newsletter was clicked on. In addition to the name and email address, the IP address and, if applicable, the telephone number and postcode are also processed, should you have provided this data. The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 lit. a). For more information on data protection at Brevo, please visit https://www.brevo.com/de/datenschutz-uebersicht/
Status: 4.1.2023
d) TrustYou
We integrate a widget from TrustYou GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany, on subpages of our website. The TrustYou widget is used for the purpose of displaying our online reputation. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
When the widget is displayed, the user’s IP address and other technical information such as timestamp, HTTP status code, URL, referer and user agent are stored. The purpose of this storage is to ensure a smooth connection, error-free use and system stability and security (detection and defense against attacks). The IP addresses are anonymized after 60 days at the latest.
More information about the handling of user data at TrustYou can be found in TrustYou’s privacy policy.
Status: 14.4.2023
e) GreenSign
On subpages of our website the plugin of Greensign, GreenSign Institut GmbH, Katharinenstraße 12, 10711 Berlin, to prove our sustainability. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
In the course of displaying the widget, the IP addresses of the users are recorded. The last octet of the IP addresses is anonymized after 7 days.
You can find more information on data protection at: https://www.greensign.de/datenschutz/.
Status: 14.4.2023
f) HubSpot
(1) HubSpot Analytics Type
We use HubSpot Analytics from HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of times our online offer is called up, sub-pages visited and the length of time visitors spend on the site. HubSpot Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.
We have concluded an order processing contract with HubSpot in accordance with Art. 28 DSGVO.
This information is used, among other things, to compile reports on website activity.
Purpose and legal basis: We process data with the help of HubSpot Analytics on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO, § 25 para. 1 TTDSG and Art. 49 para. 1 lit. a DSGVO. You can revoke this at any time with effect for the future in the cookie banner.
Please note the risks associated with the transfer of your data to the USA as set out in section (7).
(2) HubSpot Chat
Nature and scope of the processing: We have integrated components of the customer communication platform HubSpot Chat on our website. HubSpot Chat is a service of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA and offers us the possibility to communicate with visitors to our website via chat and to provide targeted help with questions. HubSpot Chat uses cookies and other browser technologies to analyse user behaviour and recognise users. Furthermore, HubSpot Chat is used to store and transmit data entered in chats by means of cookies, including your IP address. In this case, your data is passed on to the operator of HubSpot Chat.
We have concluded an order processing contract with HubSpot in accordance with Art. 28 DSGVO.
Purpose and legal basis: HubSpot Chat is used on the basis of your consent pursuant to Art. 6 Para. 1 lit. a DSGVO, § 25 Para. 1 TTDSG and Art. 49 Para. 1 lit. a DSGVO. You can revoke this at any time with effect for the future in the cookie banner.
Please note the risks associated with the transfer of your data to the USA as set out in section (7).
(3) HubSpot CDN
Nature and scope of the processing: We use HubSpot CDN to properly deliver the content on our website. HubSpot CDN is a service of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, which acts as a content delivery network (CDN) on our website to ensure the functionality of other HubSpot services. You will find a separate section in this privacy policy for said services. This section only deals with the use of the CDN.
We have concluded an order processing contract with HubSpot in accordance with Art. 28 DSGVO.
A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to HubSpot servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of HubSpot CDN.
Purpose and legal basis: HubSpot Chat is used on the basis of your consent pursuant to Art. 6 Para. 1 lit. a DSGVO and Art. 49 Para. 1 lit. a DSGVO. You can revoke this at any time with effect for the future in the cookie banner.
Please note the risks associated with the transfer of your data to the USA as set out in section (7).
(4) HubSpot Pixel
Nature and scope of the processing: We use HubSpot Pixel from HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, to determine conversion rates and to subsequently optimise them. This happens in particular when you interact with advertisements that we have placed with HubSpot.
We have concluded an order processing contract with HubSpot in accordance with Art. 28 DSGVO.
Purpose and legal basis: Purpose and legal basisaWe process your data with the help of HubSpot Pixel on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO and Art. 49 para. 1 lit. a DSGVO. You can revoke this at any time with effect for the future in the cookie banner.
Please note the risks associated with the transfer of your data to the USA as set out in section (7).
(5) HubSpot LeadFlow
Nature and scope of the processing: We have integrated HubSpot LeadFlow on our website. HubSpot LeadFlow is a service of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, which identifies anonymous website visitors, provides full contact details and insights into the visit history.
We have concluded a contract for commissioned processing with HubSpot in accordance with Art. 28 DSGVO.
HubSpot LeadFlow uses cookies and other browser technologies to evaluate user behaviour and recognise users.
Among other things, HubSpot LeadFlow shows us which companies have visited our website, determines the history of your visit, including all pages visited and viewed by you and the length of your stay on this website.
HubSpot LeadFlow collects and processes data about companies such as company name, phone number, address, web address, industry, company profile, sales and key people on LinkedIn.
Purpose and legal basis: We process your data with the help of HubSpot LeadFlow on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO, § 25 para. 1 TTDSG and Art. 49 para. 1 lit. a DSGVO. You can revoke this at any time with effect for the future in the cookie banner.
Please note the risks associated with the transfer of your data to the USA as set out in section (7).
(6) Newsletter
Nature and scope of the processing: When sending our electronic newsletter, to which you can subscribe, we process the data you enter. Mandatory fields are marked with an *.
We process your e-mail address in order to contact you for the purpose of sending you our electronic newsletter, to inform you about current events and, if applicable, current developments and to maintain our contractual relationship with you. In addition, we use this data for advertising messages by e-mail and, if we have received your e-mail address in connection with our products and services, for advertising measures about our own similar products and services.
We use the service provider HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA for the newsletter mind. We have concluded an order processing contract with HubSpot in accordance with Art. 28 DSGVO.
The so-called web beacon, which is included in all newsletters, is a pixel-sized file that the HubSpot server automatically retrieves when the newsletter is opened. Technical information, e.g. on the browser and system, your IP address and the time of the retrieval, is created in the process. This information is used for technical service optimisation and is used with the help of technical data or the target groups and your reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The indications of whether and when the newsletters are opened and which links are clicked are also the content of the statistical collection. An allocation to individual newsletter recipients is thus possible. However, a related observation of individual users is neither our intention nor that of the service provider. We merely pursue the purpose of learning more about the reading habits of our users and to adjust our content accordingly or to publish different content according to interest.
Legal basis: The consent of the recipients pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO, Art. 49 para. 1 sentence 1 lit. a DSGVO, Art. 7 DSGVO in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG is a basic requirement for our newsletter dispatch and its tracking.
You can revoke your consent at any time by clicking on the link provided in every newsletter email or by contacting us.
The registration procedure for our newsletter is called double opt-in. This means that directly after your newsletter registration you will receive an e-mail from us in which we ask you once again to confirm your registration. In this way, we ensure that only persons who actually have access to the listed e-mail address register for the newsletter. The newsletter registrations, including the storage of the registration and confirmation time and with your IP address, are logged by us as proof that the registration process complies with the legal requirements. Changes to your stored data with the newsletter service provider are also recorded in the log.
Please note the risks associated with the transfer of your data to the USA as set out in section (7)].
(7) Data transfer to the USA
There is no adequate level of data protection for the transfer of personal data to the USA on the basis of a decision by the European Commission. Due to the powers of the US intelligence services and the legal situation in the US, the requirements of the GDPR cannot be met:
Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides no limits on the surveillance activities of the intelligence agencies and no safeguards for non-US citizens,
Presidential Policy Directive 28 (PPD-28) does not give affected persons effective remedies against measures taken by the US authorities and does not provide for barriers to ensuring proportionate measures, the Ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders against the intelligence services.
As a result, there is no effective legal remedy or independent data protection supervisory authority available in the event of access to your personal data by US authorities.
If your personal data is transferred to the US, the loss of data sovereignty cannot be excluded. As a result, the rights and freedoms of data subjects may not be adequately protected.
a) Personal data
“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online ID or with one or several special features reflecting the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person.
b) Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
c) Restriction of processing
The marking of stored personal data with the aim of limiting their future processing.
d) Profiling
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
e) Pseudonymization
The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not an identified or an identifiable natural person.
f) Controller
The natural or legal person, public authority, agency or other body, which either alone or with others, determines purposes and means of processing of personal data; where purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
g) Order processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
h) Third party
A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
i) Consent
Any statement of intent voluntarily and unambiguously given by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirming act that indicates to the data subject that they have consented to the processing of their personal data.
Last updated: 05.05.2022