Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand who we are, how we collect information and how we use the information collected as well as how you can make use of your rights.
Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany
E-mail: datenschutz@usercentrics.com | Website: www.usercentrics.com
SECUWING GmbH & Co. KG
Maximilian Hartung
Frauentorstr. 9
86152 Augsburg
Germany
E-mail: epost@datenschutz-agentur.de | Phone: +49 821 90786450 | Fax: +49 821 90786459
In principle, we process personal data only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para.1 s. 1 lit. a GDPR serves as a legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 s. 1 lit. b GDPR is a legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 s. 1 lit. c GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 s. 1 lit. f GDPR serves as the legal basis for processing.
In principle, we only store personal data for as long as is necessary to fulfill contractual or legal obligations for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
For evidentiary purposes, we must retain contractual data for six years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest according to the statutory limitation period.
Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.
We delete or block the personal data of the data subject as soon as the purpose of the storage is fulfilled. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
Your consent data will be processed for the use of this website and the use of the implemented Consent Management Platform. We use the Google Cloud Platform, provided by Google Cloud EMEA Ltd. The servers are located in Germany and Belgium. Due to the judgment of the Court of Justice of July 16th, 2020 (Case C311/18), the transfer of personal data to the US on the basis of the Privacy Shield was declared invalid. We would like to inform you that we cannot exclude the fact that data may be transferred to the US and may be subject to access by the US security authorities in accordance with 50 U.S.C. §1881(b)(4), 50 U.S.C. §1881a (= FISA 702). In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with Google in accordance with Art. 46 Para. 2 lit. c GDPR. More information can be found in the Data Protection references of Google. Additionally we have taken further safety measures to ensure the security of the data.
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. This is e.g. information like
We collect such technical information in so-called “log files”, so that you can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, we have a legitimate interest in the processing of data according to Art. 6 para. 1 s. 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website.
Web Browser Cookies: A web browser cookie is a small text file sent from a website to your computer or mobile device where it is stored by your web browser. Web browser cookies may store information such as your IP address or other identifier, your browser type, and information about the content you display and interact with on the digital services. By storing such information, web browser cookies can store your preferences and settings for online services and analyze how you use online services.
Tracking Technologies: Web Beacons, Pixels, Tags, Scripts.
E-mails and mobile applications can contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyze and improve their services.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break. The user data collected through technically necessary cookies will not be used to create user profiles.
Cookies are stored on the computer of the user and transmitted to our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.
As a customer of Usercentrics some of your data will be processed. This includes the following information:
Legal basis for the processing of the data is in the presence of the consent of the user art. 6 para 1 s. 1 lit. a GDPR and art. 6 para. 1 s. 1 lit. b GDPR, since the registration of the fulfillment of a contract or the implementation of pre-contractual measures.
The processing of the above mentioned data is necessary in order to carry out the contractual obligations.
As a customer you always have the option to cancel your account. You can change the data stored about you at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible, unless contractual or legal obligations preclude deletion.
As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.
If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.
Usercentrics does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or processors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We will also share data among the Usercentrics entities (Usercentrics A/S, Usercentrics GmbH, Cybot A/S (including CYBOT A/S, odštěpný závod office in Prague), Usercentrics Unipessoal, Usercentrics Inc.), here also including sharing data among Cookiebot™ and Usercentrics products when needed. All the entities may have access to personally identifiable information on a need to know basis and will be contractually obliged to keep your information confidential (joint controller agreement).
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of others, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We only pass on the data we have collected if this is necessary for the fulfillment of the contract or for the provision of the technical functionality of the website, or if there is another legal basis for passing on the data.
In principle, we process your data ourselves. In some cases, however, we also use service providers. In addition to the processors mentioned in this privacy policy, these may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to processors, they may only use the data to fulfill their tasks. The processors have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.
In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement. When governments make a lawful demand for customer data from Usercentrics, Usercentrics strives to limit the disclosure. Usercentrics will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Usercentrics will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
If Usercentrics commissions third parties with the collection, processing and use of data within the scope of commissioned processing in accordance with Art. 28 GDPR, this will also take place exclusively in compliance with the statutory provisions on data protection.
In order to exercise your rights described here, you can contact us at any time using the contact details listed under “Name of the person responsible”.
You also have the right to complain to the data protection supervisory authority responsible for us. You can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.