1. Data protection – basics at a glance

General Notes
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Detailed information on data protection can be found in our privacy policy below this text.

Data collection on our website

Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator, whose contact details can be found in the imprint of this website.

How do we collect your data?
On the one hand, the personal data you provided us will be collected. For example, this can be data that you enter into a contact form.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter our website.

For what do we use your data?
Part of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

What are your rights concerning your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to demand the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for further questions on data protection. Furthermore, you have a right of appeal to the responsible supervisory authority.

Analysis tools and third-party tools
When you visit our website, your browsing behavior can be statistically evaluated. This is mainly done with cookies and with so-called analysis programs. The analysis of your surfing behavior is usually done anonymously; the surf behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following privacy policy.

You can contradict this analysis. We will inform you about the possibilities of objection in this data protection declaration.

2. Legal bases

The applicable legal basis is primarily the GDPR. These are supplemented by national laws of the Member States and may be applicable jointly with or in addition to the GDPR.

Consent
Consent Art. 6 sec.1 lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Contractual performance
Art. 6 sec. 1 lit.b) GDPR serves as the legal basis for processing necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

Legal obligation
Art. 6 sec. 1 lit.c) GDPR serves as the legal basis for processing, which is necessary for the fulfilment of a legal obligation.

Vital interests
Art. 6 sec. 1 lit. d) GDPR serves as a legal basis where processing is necessary to protect vital interests of the data subject or another natural person.

Public interest
Article 6(1) lit.e) GDPR serves as the legal basis for processing necessary for the performance of a task which is in the public interest or in the exercise of official authority delegated to the controller.

Legitimate interest
Article 6(1) lit. f) GDPR serves as the legal basis for processing necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular where the data subject is a child.

3. Rights of the people concerned

Right of information
In accordance with Article 15 GDPR data subjects have the right to request confirmation as to whether we are processing the data in question. You can request information about this data as well as the other information listed in Article 15(1) GDPR and a copy of your data.

Right to rectify inaccurate data
Pursuant to of Article 16 GDPR, data subjects have the right to request the correction or completion of the data concerning them and processed by us.

The right to erasure
Data subjects have the right under Art. 17 GDPR to request the immediate deletion of the data concerning them. Alternatively, in accordance with Article 18 GDPR, you may require us to restrict the processing of your data.

The right of data portability
In accordance with Art. 20 GDPR, data subjects have the right to demand that the data they have provided us with be made available to us and to request that it will be transferred to another responsible party.

Right of appeal
Persons concerned also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Article 77 GDPR.

Right to object
If personal data are processed on the basis of legitimate interests pursuant to Art. 6 sec. 1 lit. f. GDPR, data subjects have the right to object to the processing of their personal data in accordance with Art. 21 GDPR, if there are reasons for doing so, which arise from their particular situation or if the opposition is directed against direct marketing. In the latter case, data subjects have a general right of objection, which is implement by us without specifying a specific situation.

4. General notes and mandatory information

Privacy
The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating via e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The data controller on this website is:
CPC Corporate Management AG
The Squaire 11
Am Flughafen
D-60549 Frankfurt am Main

Phone: +49 (0) 69 / 56 03 03 03
E-mail: contact@cpc-ag.de

The controller is the natural or legal person who decides alone or jointly with others on the purposes and means of processing personal data (e.g names, e-mail addresses, etc.).

Revocation of your consent to data processing
If we process your personal data as part of a balance of interests due to our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future for reasons arising from your particulate situation.

If you exercise your right of objection, we will terminate the processing of the data concerned. However, further processing is reserved if we can prove compelling legitimate grounds for processing that outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise the opposition as described above.

If you exercise your right of objection, we will stop processing the data concerned for direct advertising purposes. An informal message is enough for this purpose: e-mail to  datenschutz@cpc-ag.de. The legality of the data processing carried out until the revocation remains unaffected by the revocation. 

Right to complain to the competent supervisory authority
In the event of data protection violations, the person concerned has the right to complain to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:  https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Right of data portability
You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done if it is technically feasible.

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests you send to us as a site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from “http://” to “https://” and by the lock icon in your browser line.

If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

Information, blocking, deletion
Within the scope of the applicable statutory provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to rectification, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for further questions about personal data.

Objection to receive advertising emails
The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertisement and information materials is hereby contradicted. The operators of the site expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam e-mails.

5. Data protection officer

We have appointed a data protection officer for our company.

Prof. Dr. Andreas Wamsler
Pestalozzistraße 22
74321 Bietigheim

Phone: +49 7142 9669351
E-mail: datenschutz@cpc-ag.de

6. Data collection on our website

Cookies
The websites sometimes use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.

Most of the cookies we use are so-called “session cookies”. They will be deleted automatically after the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when the browser is closed. When disabling cookies, the functionality of this website may be limited.

Cookies that are necessary to carry out the electronic communication process or to provide certain functions that you wish to use (e.g shopping cart function) are stored based on Art. 6 sec. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for the analysis of your browsing behavior) are stored, these are treated separately in this data protection declaration.

UserCentrics
This website uses the cookie-consent tool of UserCentrics GmbH, Rosental 4, 80331 Munich (“UserCentrics”), which sets technically necessary cookies to store your cookie preferences. This data processing is carried out in accordance with Art. 6 sec. 1 lit. f GDPR based on our legitimate interest in providing a cookie consent management service for website visitors.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing machine
  • Time of server request
  • IP address
  • This data is not merged with other data sources.

The basis for the data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of data for the fulfilment of a contract or pre-contractual measures.

7. Analysis Tools and Advertising

Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6 sec. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising.

IP anonymization
We have activated the IP anonymization function on this website. This will shorten your IP address from Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.

Browser Plugin
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:  https://tools.google.com/dlpage/gaoptout?hl=de.

Opposition to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set that prevents the collection of your data on future visits to this website: disable Google Analytics.

For more information on how google analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Contract data processing
We have concluded a contract with Google for contract data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographics of Google Analytics
This website uses the “demographic characteristics” function of Google Analytics. This allows you to create reports that contain statements about the age, gender, and interests of page visitors. This data comes from interest-based advertising from Google as well as from third-party visitor data. This data cannot be associated with a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as shown in the item “Opposition to data collection”.

8. Newsletter

Newsletter data
If you wish to receive the newsletter offered on the website, we require you to provide an e-mail address as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data are not collected or only on a voluntary basis. We use this data exclusively for the sending of the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is carried out exclusively based on your consent (Art. 6 sec. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you have stored with us for the purpose of receiving the newsletter will be stored by us until you are sent out of the newsletter and deleted after the newsletter has been unsubscribed. Data that has been stored for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

9. Plug-in and integrated content of third parties

In our online offer, we have integrated functions and content that are obtained from third parties. For example, videos, representations, buttons or posts (hereinafter referred to as content) can be integrated. In order to be able to display content to visitors to our online offer, the respective third-party provider processes, among other things, the user’s IP address so that the content can be transmitted to the browser and displayed. Without this processing, it is not possible to integrate third-party content. In some cases, additional information about so-called pixel tags or web beacons is collected, whereby the third party receives information about the use of the content or the traffic of visitors on our online offer, technical information about the browser or the operating system of the user, the visit time or to referring websites. The data thus obtained is stored in cookies on the user’s terminal device.

Categories of data subjects
Users of the plug-in

Categories of Data
Usage data (e.g. visited websites, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number), master data (e.g. name, address)

Purpose of processing operation
Design of our online offer, increase the reach of social media ads, share posts and content, interest- and behavior-based marketing, cross-device tracking

Legal bases  
Consent (Art. 6 sec. 1 lit. a) GDPR)

Google Maps
This page uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to and stored by a Google server in the USA. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and in an easy search of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR.

For more information on how to handle user data, please refer to Google’s privacy policy: https://policies.google.com/privacy.

10. Social Media Presences

We maintain online presences on social networks and career platforms in order to exchange information with the registered users and to get in touch easily. In some cases, users’ data on social networks will be used to conduct market research and thus pursue advertising purposes. User profiles can be created and used to adapt advertisements to the interests of target groups through user behavior, such as the indication of interests. For this purpose, cookies are regularly stored on the end devices of the users, partly regardless of whether you are a registered user of the social network. In connection with the use of social media, we also use the corresponding messengers in order to be able to communicate easily with the users. We would like to point out that the security of individual services may depend on the user’s account settings. Even in the case of end-to-end encryption, the service provider can draw conclusions about the fact that and when users communicate with us and, if necessary, collect location data. Depending on where the social network is operated, the user data may be processed outside the European Union or outside the European Economic Area. This can lead to risks for users, for example, because enforcing their rights can be difficult.

Categories of data subjects
registered users and unregistered users of the social network.

Categories of Data
master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text information, photographs, videos), usage data (e.g. visited websites, interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing operation
Extension of reach, networking

Legal bases
Legitimate interests (Art. 6 sec. 1 lit. f) GDPR), consent (Art. 6 sec. 1 lit. a) GDPR)

Legitimate interests
interaction and communication on social media presence, increase in profits, insights about target groups

Facebook

Service used
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data protection
https://www.facebook.com/privacy/explanation  and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-Out Link
https://www.facebook.com/settings?tab=ads

Linkedin

Service used
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Data protection
https://www.linkedin.com/legal/privacy-policy

Opt-Out Link
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Youtube

Service used
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection
https://policies.google.com/privacy?hl=de&gl=de

Opt-out link
https://tools.google.com/dlpage/gaoptout?hl=de  or  https://myaccount.google.com/

Xing

Service used
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy
https://privacy.xing.com/de/datenschutzerklaerung

11. Responsibility for own content

The contents of these pages have been created with the utmost care. However, we cannot assume any liability for the correctness, completeness and topicality of the contents. As a service provider, we are responsible for our own content on these pages in accordance with the general laws.

12. Liability for links (contents of third-party providers)

Cross-references (“links”) to the content provided by other providers must be distinguished from these own contents. We have no influence on their content; the respective provider or operator of the pages is always responsible for the contents of the linked pages.

13. Contact

In our online offer we offer the possibility to contact us directly or to obtain information about various contact options. In the event of contact, we process the data of the requesting person to the extent necessary for answering or processing the request. Depending on how we are contacted, the processed data may vary.

Categories of data subjects
Inquirer

Categories of Data
master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text input, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing operation
processing of requests

Legal bases
Consent (Art. 6 sec. 1 lit. a) GDPR), fulfilment or initiation of the contract (Art. 6 sec. 1 lit.b) GDPR)

14. Data Transmission

We transmit the personal data of visitors to our online offer for internal purposes (e.g. internal administration or to the HR department in order to comply with legal or contractual obligations). The internal transfer or disclosure of the data is only carried out to the extent necessary in compliance with the relevant data protection regulations.

In order to carry out contracts or to fulfil a legal obligation, we may need to disclose personal data. If the necessary data is not provided to us, the contract with the data subject may not be concluded.

We transfer data to countries outside the EEA (so-called third countries). This is done based on the above purposes (transmission within the Group and/or other recipients). The transmission takes place only for the fulfilment of our contractual and legal obligations or based on a prior consent of the data subject. In addition, this transmission takes place in compliance with the applicable data protection laws and in particular in accordance with Art. 44 et seq. GDPR, in particular on the basis of adequacy decisions taken by the European Commission or on the basis of certain guarantees (e.g. standard data protection clauses, etc.).

15. Storage period

As matter of principle, we store the data of visitors to our website for as long as this is  necessary to provide our services or if this is provided by the European Directives and Regulations or other legislation in laws or regulations to which we are subject. In all other cases, we delete the personal data after completion of the purpose, with the exception of data that we must continue to store in order to fulfil legal obligations (e.g. we are obliged to keep documents such as .B contracts and invoices for a certain period of time due to tax and commercial retention periods).

16. Changes to this privacy policy

We will revise this Privacy Policy in the event of changes in data processing or other occasions that make this necessary. You will always find the current version on this website.  

As of: 09.12.2020