Privacy Policy

1. Data protection at a glance

General information

The following information provide a simple overview of what happens to your personal data when you visit our website. Personal information is any information that personally identifies you. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Data collection on our website

Who is responsible for data collection on this website?

The data processing on this website is done by the website operator. The contact data can be found in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected by you communicating it to us. This may, for example, involve data that you enter in a contact form.

Other data is automatically collected by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure that the website is error-free. Other data can be used to analyze your user behaviour.

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to request that this data be corrected, blocked or deleted. For this as well as for further questions on the subject of data protection, you can contact us at any time using the address given in the imprint. Furthermore, you have the right of appeal at the responsible supervisory authority.

In addition, you have the right, under certain circumstances, to demand the restriction of the processing of your personal data. For details please refer to the data protection declaration under “Right to limitation of processing”.

Analysis tools and third-party tools

Your surfing behaviour can be statistically evaluated when you visit our website. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you.

You can contradict this analysis or prevent it by not using certain tools. Detailed information on these tools and your possibilities to appeal can be found in the following privacy statement.

2. General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data privacy policy.

If you use this website, various personal data will be collected. Personal data is data with which you can be personally identified. This privacy policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the internet (e.g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is not possible.

Responsible body

Responsible for data processing on this website is:

citema group GmbH
citema consulting GmbH
citema experts GmbH
citema GmbH
Möschenfeld 3a
85630 Grasbrunn

phone: +49 8106 35603-00
E-mail: info@citema.de

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. To do so, an informal e-mail notification to us is sufficient. The legality of data processing carried out until the revocation, remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data for reasons arising from your particular situation at any time; this also applies to profiling based on these provisions. The respective legal basis on which the processing is based, can be found in this data protection declaration. If you lodge an objection, we will no longer process your concerned personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims (objection according to Art. 21 para. 1 GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, the persons concerned have the right to appeal to a supervisory authority, in particular in the member state of their habitual residence, workplace or place of presumed violation. The right of appeal shall be without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data handed out to you or to a third party, that we process automatically on the basis of your consent or in fulfilment of a contract in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, blocking, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this and other questions on the subject of personal data, you can contact us at any time using the address given in the imprint.

Right to limitation of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time using the address given in the imprint. The right to restriction of the processing exists in the following cases:

  • If you impugn the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the check, you have the right to demand that we restrict the processing of your personal data.
  • If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Opposition to promotional e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.

3. Data acquisition on our website

Cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser during your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions requested by you (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the storage of cookies for the technically error-free and optimized provision of its services. When other cookies (e.g. cookies for analyzing your surfing behavior) are stored, they are dealt with separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Used operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data will not be merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the technically error-free presentation and optimization of his website – for this purpose the server log files must be recorded.

Contact form

If you send us enquiries via our contact form, your details from the enquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. These data will not be passed on without your consent.

The processing of the data entered in the contact form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing operations carried out until the revocation, remains unaffected by the revocation.

The data entered by you in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request including all personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

If your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, the data is processed on the basis of Art. 6 Para. 1 lit. b GDPR. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.

The data you send us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

4. Social Media

Facebook Plugins (Like & Share Button)

Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE=en_DE.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like Button” while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate visiting our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or its use by Facebook. Further information can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation

If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.

The Facebook plugins are used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in social media.

Twitter Plugin

On our pages, functions of the Twitter service are integrated. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. Further information can be found in Twitter’s data protection declaration at: https://twitter.com/de/privacy

The Twitter plug-in is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in social media.

You can change your data protection settings on Twitter in the account settings at https://twitter.com/account/settings .

Google+ Plugin

The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Collection and disclosure of information: You can use the Google+ button to publish information worldwide. The Google+ button provides you and other users with personalized content from Google and our partners. Google stores both, information that you have given +1 for an item of content and information about the page you have viewed by clicking +1. Your +1 may appear as clues along with your profile name and photo in Google services, such as search results or your Google profile, or elsewhere on websites and ads on the internet.

Google records information about your +1 activity to improve Google services for you and others. To use the Google+ button, you need a globally visible, public Google profile that includes at least the name chosen for the profile. This name is used in all Google services. In some cases, this name may also replace another name you used when sharing content through your Google account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.

Use of Information collected: In addition to the uses described above, the information you provide will be used in accordance with applicable Google privacy policies. Google may publish or share aggregated statistics about users’ +1 activity with users and partners, such as publishers, advertisers, or affiliates.

The Google+ plug-in is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in the social media.

5. Newsletter

Newsletter data

If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use these data exclusively for the dispatch of the requested information and do not pass these on to third parties.

The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, e-mail address and their use to send the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you cancel the newsletter. Data stored by us for other purposes remain unaffected by this.

6. Plugins and tools

Google Web Fonts

This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using, must connect to Google’s servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de=en.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymization on these web pages, your IP address will be shortened by Google in advance within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services to website operators in connection with website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plugin available under the following link: Browser Add On for deactivating Google Analytics.

You can find more information about the terms of use and data protection at http://www.google.com/analytics/terms/de.html

Mailjet

Sending e-mails to various user groups of citema GmbH is a central function of the platform. This ensures that content is communicated promptly and personally. For the purpose of e-mail dispatch, we use the e-mail dispatch service Mailjet, 37 Bis Rue du Sentier 75002 Paris, France. Only the e-mail addresses required for dispatch are transferred and temporarily stored. A complete deletion takes place at the latest 30 days after the last dispatch time. E-mail addresses are used exclusively in the context of citema GmbH and are not passed on to third parties. Mailjet’s data protection regulations can be found at https://www.mailjet.de/privacy-policy/. The legal basis for the use of the dispatch service provider is Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests. We have concluded an order processing contract with Mailjet pursuant to Art. 28 Para. 3 S. 1 GDPR.
Mailjet can use the recipient’s data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

Google Maps

This page uses the Google Maps map service via an API. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You will find more information on the handling of user data in Google’s data protection declaration: https://policies.google.com/privacy?hl=de=en.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a person or by an automated program. To this end, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his web offers against abusive automated spying and against SPAM.

Further information on Google reCAPTCHA and Google’s privacy policy can be found on the following links: https://www.google.com/recaptcha/intro/android.html=en and https://www.google.com/recaptcha/intro/android.html

Source: e-recht24.de