Privacy Policy
1. 1. Privacy Policy – Overview
General Information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to the privacy policy listed below this text.
Data Collection on Our Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the site’s legal notice (Imprint).
How do we collect your data?
Your data is collected, in part, by you providing it to us—e.g., by entering data into a contact form.
Other data is collected automatically by our IT systems when you visit the website. This primarily includes technical data (e.g., web browser, operating system, or the time of the page visit). This data is collected automatically as soon as you access our website.
Why do we use your data?
Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipients, and purpose of your stored personal data at any time—free of charge. You also have the right to request the correction, blocking, or deletion of this data. You can contact us at any time at the address listed in the legal notice with questions about your rights or other privacy-related concerns. Additionally, you have the right to lodge a complaint with the relevant supervisory authority.
Google Tag Manager
Use of Google Tag Manager:
Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The Tag Manager tool itself (which implements the tags) does not use cookies and does not collect personal data. The tool triggers other tags that may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.
More information:
http://www.google.de/tagmanager/use-policy.html
Analytics Tools and Third-Party Tools
When visiting our website, your browsing behavior may be statistically evaluated. This is done primarily through cookies and analytics programs. The analysis of your browsing behavior is usually anonymous; it cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information on this can be found in the detailed privacy policy below.
You may object to this analysis. We will inform you about your options to object in this Privacy Policy.
2. Legal Bases
The legal bases for processing personal data are primarily derived from the General Data Protection Regulation (GDPR). These may be supplemented by national laws of the EU member states and may apply alongside or in addition to the GDPR.
Consent
Article 6(1)(a) GDPR provides the legal basis for processing operations for which we obtain consent for a specific purpose.
Performance of a contract
Article 6(1)(b) GDPR is the legal basis for processing necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation
Article 6(1)(c) GDPR applies where processing is necessary for compliance with a legal obligation.
Vital interests
Article 6(1)(d) GDPR applies if processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest
Article 6(1)(e) GDPR applies to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interests
Article 6(1)(f) GDPR is the legal basis for processing necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject—particularly if the data subject is a child.
3. Rights of data subjects
Right to Information
Data subjects have the right, pursuant to Art. 15 GDPR, to request confirmation as to whether we process data concerning them. They can request information about this data as well as the additional information listed in Art. 15(1) GDPR and a copy of their data.
Right to Rectification
Data subjects have the right, pursuant to Art. 16 GDPR, to request the rectification or completion of data concerning them that we process.
Right to Erasure
Data subjects have the right, pursuant to Art. 17 GDPR, to request the immediate erasure of data concerning them. Alternatively, they can request the restriction of processing of their data pursuant to Art. 18 GDPR.
Right to Data Portability
Data subjects have the right, pursuant to Art. 20 GDPR, to request the provision of data they have provided to us and to request its transmission to another controller.
Right to Lodge a Complaint
Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them pursuant to Art. 77 GDPR.
Right to Object
If personal data is processed based on legitimate interests pursuant to Art. 6(1) sentence 1 letter f) GDPR, data subjects have the right to object to the processing of their personal data under Art. 21 GDPR, provided there are reasons arising from their particular situation, or if the objection is directed against direct marketing. In the latter case, data subjects have an unconditional right to object, which we will implement without the need for a particular situation to be provided.
4. General Information and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this privacy policy.
When you use this website, various personal data will be collected. Personal data are data that can be used to identify you personally. This privacy policy explains which data we collect and for what purposes we use them. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. A completely secure protection of data against access by third parties is not possible.
Note on the Responsible Entity
The responsible entity for data processing on this website is:
TimOpEx Unternehmensberatung GmbH
Hindenburgstr. 2
D-72622 Nürtingen
Phone: XYZ
E-Mail: XYZ
Responsible Entity
The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, or similar).
Revocation of Your Consent to Data Processing
If we process your personal data based on a legitimate interest assessment, you have the right to object to such processing at any time, for reasons arising from your particular situation, with effect for the future.
If you exercise your right to object, we will cease processing the affected data. However, further processing may be allowed if we can demonstrate compelling legitimate grounds for processing that override your interests, fundamental rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. You can exercise this right of objection as described above.
Exercising Your Right to Object
If you exercise your right to object, we will cease processing the affected data for direct marketing purposes. A simple notice, such as an email to XYZ, is sufficient. The lawfulness of the data processing up to the point of revocation remains unaffected by the revocation.
Right to Lodge a Complaint with the Supervisory Authority
In case of data protection violations, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to Data Portability
Right to Data Portability
You have the right to request that data we process automatically based on your consent or in the performance of a contract be provided to you or a third party in a commonly used, machine-readable format. If you request direct transmission of the data to another controller, this will only be done insofar as it is technically feasible.
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser's address bar from "http://" to "https://" and by the padlock symbol in your browser's bar.
When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
Access, Blocking, Deletion
Right to Information, Correction, Blocking, or Deletion
You have the right to request free information at any time about your stored personal data, its origin and recipients, the purpose of the data processing, and, if applicable, the right to correction, blocking, or deletion of this data in accordance with the applicable legal provisions. For this purpose and for any further questions about personal data, you can contact us at any time using the address provided in the legal notice.
Objection to Promotional Emails
The use of contact details published under the imprint obligation for the purpose of sending unsolicited advertisements and informational materials is hereby objected to. The operators of these pages expressly reserve the right to take legal action in the case of unsolicited advertising information, such as spam emails.
5. Data Protection Officer
We have appointed a data protection officer for our company:
XYZ
XYZ
XYZ
Phone: XYZ
E-Mail: XYZ
6. Data Collection on Our Website
Cookies
The websites use so-called cookies in some cases. Cookies do not cause any harm to your computer and do not contain any viruses. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most of the cookies we use are called "session cookies." They are automatically deleted after you finish your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser during your next visit.
You can configure your browser to notify you when cookies are set and allow cookies only in specific cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Please note that disabling cookies may limit the functionality of this website.
Cookies that are required for the execution of electronic communication processes or to provide certain functions desired by you (e.g., shopping cart functionality) are stored based on Art. 6 (1) lit. f of the GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of their services. Other cookies (e.g., cookies for analyzing your browsing behavior) are stored separately and addressed in this privacy policy.
Borlabs
This website uses the cookie consent tool of Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, which sets technically necessary cookies to store your cookie preferences. This data processing is carried out in accordance with Art. 6 (1) lit. f of the GDPR, based on our legitimate interest in providing a cookie consent management service for website visitors.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
Used operating system
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
This data is not combined with other data sources.
The basis for data processing is Art. 6 (1) lit. f of the GDPR, which allows for the processing of data to fulfill a contract or pre-contractual measures.
7. Analytics Tools and Advertising
Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies." These are text files that are stored on your computer and allow an analysis of your usage of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies is based on Art. 6 (1) lit. f of the GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both their web offerings and advertising.
IP Anonymization
We have enabled the IP anonymization feature on this website. This means that your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and then shortened. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.Browser Plugin
You can prevent the storage of cookies by adjusting the settings in your browser software. However, we would like to point out that in this case, you may not be able to fully use all functions of this website. Additionally, you can prevent the collection of data generated by the cookie related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to Data Collection
You can prevent the collection of your data by Google Analytics by clicking the following link. An opt-out cookie will be set, which prevents the collection of your data on future visits to this website: Deactivate Google Analytics.
For more information about how user data is handled in Google Analytics, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Data Processing Agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic Features in Google Analytics
This website uses the “demographic features” function of Google Analytics. This allows reports to be generated that provide insights into the age, gender, and interests of the website visitors. These data come from Google’s interest-based advertising and visitor data from third-party sources. These data cannot be assigned to any specific individual. You can disable this feature at any time through the ad settings in your Google account or prevent the collection of your data by Google Analytics, as described in the "Objection to Data Collection" section.
8. Plug-ins and Embedded Third-Party Content
We have integrated features and content into our online offer that are sourced from third parties. For example, videos, images, buttons, or posts (hereinafter referred to as “content”) may be embedded. In order for the visitors of our online offer to view this content, the respective third party processes, among other things, the user’s IP address so that the content can be transmitted and displayed in the browser. Without this processing, embedding third-party content would not be possible. In some cases, additional information is collected through so-called pixel tags or web beacons, which allows the third party to gather information about the usage of the content or the traffic on our online offer, technical information about the browser or the operating system of the user, the time of visit, or referring websites. The data collected in this way is stored in cookies on the user’s device.
Categories of Data Subjects: Users of the plug-in
Categories of Data:
Usage data (e.g., visited websites, interests, access time), meta and communication data (e.g., device information, IP address), contact data (e.g., email address, phone number), and basic data (e.g., name, address)
Purposes of Processing:
Design of our online offer, increasing the reach of advertisements on social media, sharing posts and content, interest- and behavior-based marketing, and cross-device tracking
Legal Basis: Consent (Art. 6 (1) lit. a) GDPR)
Contact Form / Email
The form fields that you must complete in order to contact us via this form so we can respond to your inquiry are marked with a * as required fields.
When you submit the form you have filled out, the data you provide, as well as the date and time, will be processed by us. This processing of your personal data is necessary for us to process and respond to your inquiry via the contact form, in accordance with Art. 6 (1) b) GDPR.
If you contact us directly via email, we will also store and process the information you provide in that email. This processing of your personal data is necessary for us to handle and respond to your inquiry, in accordance with Art. 6 (1) b) GDPR.
We delete the data collected in this way once it is no longer necessary and any legal retention periods have expired. We review annually whether the data should be deleted. In accordance with the legal retention obligations (according to HGB for 6 years, according to AO for 10 years), deletion takes place after the year in which these periods expire.
Information for Applicants:
As part of the job application process through our career website, we collect and process the following personal data that you submit as an applicant:
First name, last name
Address
Email address
Mobile number
Cover letter
Resume and relevant certificates and evidence
These data are used exclusively for processing your application. Only those employees involved in the application process have access to this data. The data will be deleted six months after the conclusion of the application process.
You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction, blocking, or deletion of this data.
9. Social Media Presences
We maintain online presences on social networks and career platforms to exchange information with users registered there and to easily get in touch with them. In some cases, user data from social networks is used for market research and advertising purposes. User profiles can be created and used based on usage behavior, such as providing interests, to tailor advertisements to target audience interests. For this purpose, cookies are regularly stored on users' devices, sometimes regardless of whether they are registered users of the social network. In connection with the use of social media, we also use the associated messaging services to easily communicate with users. We note that the security of individual services may depend on the user’s account settings. Even in the case of end-to-end encryption, the service provider may be able to infer when and whether users are communicating with us, and possibly collect location data. Depending on where the social network is operated, user data may be processed outside the European Union or the European Economic Area. This may pose risks for users, as the enforcement of their rights may be more difficult.
Categories of Data Subjects: Registered users and non-registered users of the social network
Categories of Data:
Basic data (e.g., name, address), contact data (e.g., email address, phone number), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interests, access times) , meta and communication data (e.g., device information, IP address)
Purposes of Processing: Expanding reach, networking
Legal Bases: Legitimate interests (Art. 6 para. 1 lit. f GDPR), consent (Art. 6 para. 1 lit. a GDPR)
Legitimate Interests: Interaction and communication on social media presence, profit generation, insights into target groups
Service Provider:
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy Policy:
https://www.linkedin.com/legal/privacy-policy
Opt-Out Link:
LinkedIn Retargeting Opt-Out
YouTube
Service Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy:
https://policies.google.com/privacy?hl=en&gl=de
Opt-Out-Link:
https://tools.google.com/dlpage/gaoptout?hl=de or
https://myaccount.google.com/
10. Liability for Own Content
The content on these pages has been created with the utmost care. However, we cannot guarantee the accuracy, completeness, and timeliness of the content. As a service provider, we are responsible for our own content on these pages according to general laws.
11. Liability for Links (Content of Third-Party Providers)
These own contents are to be distinguished from cross-references ("links") to content provided by other providers. We have no influence on their content; the respective provider or operator of the pages is always responsible for the content of the linked pages.
12. Contacting Us
We offer the possibility in our online offer to contact us directly or to obtain information through various contact options. In the case of contact, we process the data of the inquiring person to the extent necessary to respond to or process the inquiry. Depending on the method of contact, the processed data may vary.
Categories of Data Subjects: Inquiring persons
Categories of Data:
Basic data (e.g., name, address), contact data (e.g. e-mail address, phone number), content data (e.g., text input, photographs, videos), usage data (e.g., interests, access times), meta and communication data (e.g., device information, IP address)
Purpose of Processing:
Processing of inquiries
Legal Basis: Consent (Art. 6 Abs. 1 lit. a) DSGVO)
Fulfillment or initiation of a contract (Art. 6 Abs. 1 lit. b) DSGVO)
13. Data Transmission
We transmit the personal data of visitors to our online offering for internal purposes (e.g., for internal administration or to the HR department in order to comply with legal or contractual obligations). Internal data transmission or disclosure occurs only to the extent necessary, in compliance with applicable data protection regulations.
To fulfill contracts or meet legal obligations, it may be necessary to pass on personal data. If the necessary data is not provided, it may be the case that the contract with the affected person cannot be concluded.
14. Retention Period
We store the data of visitors to our online offering as long as it is necessary for the provision of our service or if required by laws or regulations set forth by the European legislative body or another applicable law. In all other cases, we delete personal data once the purpose has been fulfilled, except for data that we must continue to store in order to comply with legal obligations (e.g., we are required to retain documents such as contracts and invoices for a certain period due to tax and commercial retention periods).
15. Changes to this Privacy Notice
We update this privacy notice when there are changes in data processing or when other circumstances make it necessary. The current version can always be found on this website.
(As of: 31.10.2023)
16. Data Protection Microsoft Teams
Privacy Notice for Online Meetings, Conference Calls, and Webinars via "Microsoft Teams" of the CPC Unternehmensmanagement AG Group.
We would like to inform you about the processing of personal data in connection with the use of "Microsoft Teams."
Purpose of Processing
We use the tool "Microsoft Teams" to conduct conference calls, online meetings, video conferences, and/or webinars (hereinafter referred to as "Online Meetings"). "Microsoft Teams" is a service provided by Microsoft Corporation.
Responsible Party
The responsible party for data processing directly related to the conduct of "Online Meetings" is the respective legal entity of the CPC Unternehmensmanagement AG Group within which the meeting is organized. This information can be found in the email signature of the organizer of the "Online Meeting."
Note: If you visit the "Microsoft Teams" website, Microsoft is responsible for data processing. However, visiting the website is only necessary to download the software for the use of "Microsoft Teams."
If you do not wish or are unable to use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service will then also be provided via the "Microsoft Teams" website.
Which Data is Processed?
Various types of data are processed when using "Microsoft Teams." The scope of data depends on what information you provide before or during your participation in an "Online Meeting."
The following personal data is processed:
User details: e.g., display name, possibly email address, profile picture (optional), preferred language
Meeting metadata: e.g., date, time, meeting ID, phone numbers, location
Text, audio, and video data: You may have the option to use the chat function during an "Online Meeting." In this case, your text inputs will be processed to display them in the "Online Meeting." To enable video display and audio playback, the data from your device's microphone and any video camera will be processed during the meeting. You can turn off your camera or microphone at any time using the "Microsoft Teams" applications.
Scope of Processing
We use "Microsoft Teams" to conduct "Online Meetings." If we wish to record "Online Meetings," we will transparently inform you beforehand and, if necessary, ask for your consent.
If necessary for documenting the results of an "Online Meeting," we may log the chat content. However, this will generally not be the case.
Automated decision-making in the sense of Art. 22 GDPR does not take place.
Legal Basis for Data Processing
If personal data of employees of the CPC Unternehmensmanagement AG Group is processed, § 26 BDSG (German Federal Data Protection Act) serves as the legal basis for the data processing. If personal data is not necessary for the establishment, performance, or termination of the employment relationship but is essential for the use of "Microsoft Teams," Art. 6(1)(f) GDPR is the legal basis for the data processing. Our interest in these cases is the effective conduct of "Online Meetings."
In other cases, the legal basis for data processing in conducting "Online Meetings" is Art. 6(1)(b) GDPR, as the meetings are conducted within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6(1)(f) GDPR. In this case, our interest is also in the effective conduct of "Online Meetings."
Recipients / Disclosure of Data
Personal data processed in connection with participation in "Online Meetings" is generally not shared with third parties unless it is intended for sharing. Please note that content from "Online Meetings," just like in-person meetings, often serves to communicate information with clients, prospects, or third parties, and is therefore intended for sharing.
Further Recipients: The provider of "Microsoft Teams" necessarily gains knowledge of the aforementioned data, as this is required under our data processing agreement with "Microsoft Teams."
Deletion of Data
We generally delete personal data when there is no longer a need to store it. A need may still exist if the data is required to fulfill contractual services, to examine and assert or defend warranty and possibly guarantee claims. In the case of legal retention obligations, deletion will only occur after the respective retention period has expired.
Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint about the processing of personal data by us with a supervisory authority for data protection.