Data protection declaration according to the GDPR

I. Name and address of the person responsible

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

inPuncto GmbH
Fabrikstr. 5
73728 Esslingen
Germany
Phone: +49 (0)711 / 66188500
Mail: kontakt[at]inpuncto.com
Website: www.inpuncto.com

II. Name and address of the data protection officer

The data protection officer of the person responsible is:

Juergen Mueller
Robert Bosch Str. 3
72622 Nuertingen
Germany
Phone: +49 (0)173 3115137
Mail: dsb-mueller[at]gmx.de

III. General information about data processing

1. Scope of the processing of personal data
We only collect and use personal data of our users insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of personal data of our users takes place regularly only with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

The following types of data are processed:

– Inventory data (for example, person master data, names, or addresses).
– Contact data (e.g. e-mail, telephone numbers).
– Content data (e.g. text input, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta/communication data (e.g. device information, IP addresses).

The data will be processed for the following purposes:

– Provision of the online offer, its functions and contents.
– Management and answering contact requests and communicating with users.
– Security measures.
– Range measurement / marketing.
– Conversion measurement.
– Feedback.
– Marketing.
– Provision of our online offer and user-friendliness.
– Information technology infrastructure.

2. Legal basis for the processing of personal data
In accordance with Art. 13 GDPR we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies to users: insofar as we obtain the consent of the person for a specific porpose or more specific porposes concerned for the processing of personal data, Art. 6 para. 1 lit. a and Art. 7 GDPR serve as the legal basis.

Art. 6 para. 1 lit. b GDPR serves as a legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations which are necessary for the implementation of pre-contractual measures (e.g. answering inquiries).

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

The processing of data for purposes other than those for which they were collected is governed by the provisions of Art. 6 (4) GDPR.
The processing of special categories of data (pursuant to Art. 9 (1) GDPR) is governed by the provisions of Art. 9 (2) GDPR.

3. Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract. The legality of the processing and use made up to the revocation remains unaffected.

4. Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements to ensure a level of protection appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, securing availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to data threats. Furthermore, we already take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address will be shortened (also known as “IP masking”). The last two digits or the last part of the IP address after a point are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or make it much more difficult to identify a person based on their IP address.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

5. Cooperation with contract processors, jointly responsible persons and third parties
In the event that data is disclosed, brokered or granted access to other persons and companies (e.g. contract processors, jointly responsible persons or third parties) or other companies of our group of companies within the framework of data processing, this is done on the basis of a legal permit, the consent of the users, a legal obligation or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.).

6. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this is done in the context of the use of third party services or disclosure or transfer of data to other persons or companies, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the legal requirements are met. I.e. the processing takes place e.g. on basis of special guarantees. Subject to express consent or contractually or legally required transmission, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, if there are certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

IV. Provision of the website and creation of log files

1. Description and scope of data processing
On the one hand, your data is collected when you communicate it to us. This can be z. B. be data that you enter in a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. These are mainly technical data, such as:

(1) Information about the browser type and version used
(2) The user’s operating system
(3) The IP address of the user
(4) Date and time of access
(5) Websites from which the user’s system reaches our website
(6) Websites accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3 Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be kept for the duration of the session.
The data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case after 30 days at the latest. An assignment to a user is no longer possible with the stored information.

5. Opposition and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website Consequently, there is no possibility of objection on the part of the user.

V. Use of cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on the user’s end device and enable us or our partner companies to recognize your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Cookies can also be used for various purposes, e.g. for the purpose of functionality, security and comfort of online offers as well as the creation of analyzes of visitor flows.

Notes on consent:

We use cookies in accordance with the legal regulations. Therefore, we obtain prior consent from users, except where not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide the users with a telemedia service (i.e. our online offer) that they have expressly requested. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

2. Legal basis for data processing
The data protection legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for their consent. If the users consent, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offer and improving its usability) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is necessary to enable our to fulfill contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.

3. Duration of storage, objection and disposal options

With regard to the storage period, the following types of cookies are distinguished:

Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g. browser or mobile application).

Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information on the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements in Art. 21 DSGVO. Users can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (which can also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Change your Consent settings:

Open Cookie Preferences

If cookies are disabled for our website, it may not be possible to use all the functions of the website.

4. Purpose of the data processing

The purpose of using technically necessary cookies (first-party cookies) is to make the use of websites attractive for users and to simplify them. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. Analysis cookies (third-party cookies) are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer. Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) of the GDPR also lies in these purposes. Furthermore, certain areas of the site are only accessible to registered users. The log-in information is stored as a cookie so that users do not have to log in again each time they change pages. The legal basis for the processing of personal data is Article 6 (1) (b) GDPR.

Processing of cookie data based on consent:

We use a procedure for cookie consent management, in the context of which the consent of the user to the use of cookies or the processing and providers mentioned in the context of the cookie consent management procedure is obtained and managed and revoked by the user can become. The declaration of consent is stored here so that the query does not have to be repeated and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of the consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and end device used.

VI. Registration on our website for the sending of information and advertising material, e.g. white papers

1. Description and scope of data processing
On our website we offer you the option of registering by providing personal data in order to receive information and advertising material.

The following data is collected during registration:
(1) Date and time of registration
(2) name
(3) email address
(4) Company

For the processing of the data, the consent of the user is obtained during the sending process and reference is made to this data protection declaration.

Instructions for sending information and advertising materials, e.g. white papers:
By sending the information, the user agrees that his data will be used to transmit the information and advertising materials and stored by inPuncto in a customer relationship management system (“CRM system”) or comparable inquiry organization. By registering, the user also agrees that their e-mail address will be processed in order to be contacted again in connection with information about similar products and services. You can object to receiving such emails at any time. The legality of the processing and use made up to the revocation remains unaffected.

2. Legal basis for data processing
The legal basis for the processing of the data after registration for the dispatch of information and advertising material is Article 6 (1) (b) GDPR.

3. Purpose of data processing
The collection of the e-mail address serves to deliver the information and advertising materials. The collection of other personal data (name, company) as part of the registration process serves to prevent misuse of the services or the email address used.

4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected

5. Possibility of opposition and elimination
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter.
Objection is also by telephone at +49 711-66 188-500, in writing: Fabrikstr. 5 | 73728 Esslingen or by e-mail at: unsubscribe@inpuncto.com The user data will then be deleted. The legality of the processing and use made up to the revocation remains unaffected.

VII. Newsletter

1. Description and scope of data processing

On our wesite you can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us:

– Name
– E-mail address
– Company
– Phone number (optional)

For the processing of the data as well as for the use of the success measurement of the newsletter, the consent is obtained during the registration process and reference is made to this data protection declaration. There is no transfer of data to third parties in connection with data processing for sending newsletters. The data will only be used to send the newsletter.

Double opt-in procedure: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

2. Legal basis for data processing
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 para. 3 UWG. The legal basis for processing the data after sending the contact form or requesting a download link by the user is Art. 6 para. 1 lit. a GDPR if the user has given his advertising consent.

3. Purpose of data processing
The collection of the user’s e-mail address serves to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

5. Possibility of opposition and elimination
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. We may store the deleted e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. The legality of the processing and use made up to the revocation remains unaffected.

VIII. Contact form and e-mail contact

1. Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:

(1) Name
(2) Company
(3) Telephone number (voluntary)
(4) E-mail address
(5) Subject
(6) Message

At the time the message is sent, the following data is also stored:
(1) Date and time of dispatch

The consent of the user is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration.
Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
In this context, it does not disclose the data to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR.

3. Purpose of the data processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of opposition and elimination
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
If you do not agree to this use, you can always call +49 711-66 188-500, in writing: Fabrikstr. 5 | 73728 Esslingen or by e-mail at: unsubscribe@inpuncto.com

All personal data stored in the course of contacting us will be deleted in this case.

IX. Integration of third-party services and content

1. Description and scope of data processing
Within our online offering, we use content or service offers from third parties to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). The third party providers of this content perceive the IP address of the users, as they cannot send the content to their browser without the IP address.
List of used services and contents of third parties:

(1) Google Tag Manager
(2) Google Analytics
(3) Google Ads
(4) Google Fonts
(5) Google Maps
(6) YouTube
(7) Mailchimp
(8) Newsletter Performance Measurement
(9) GoTo Technologies
(10) Content Delivery System (CDN)
(11) Lucky Orange
(12) Calendly

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 letter f DSGVO (i.e. interest in the analysis, optimisation and economic operation of the online offer).

3. Purpose of data processing
The IP address is required to display the contents. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents.

4. Duration of storage, possibility of objection and elimination
The anonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as be linked to such information from other sources.
Below you will find information on the individual services as well as on the possibilities of objection:

1) Google Tag Manager

With the Google Tag Manager we can manage so-called website tags via an interface (e.g. integrate Google Analytics and other Google services into our online offer). The Tag Manager only implements the tags, but does not process any personal user data. With regard to the processing of users’ personal data, we refer to the user guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

2) Google Analytics

1. Description and scope of data processing
The web analysis service Google Analytics of Google Ireland Limited (“Google”) uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server and stored there.

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland.
Company category: tracking and analysis tool “Google Analytics”.
Transmission to third countries: In individual cases USA (according to EU standard contractual clauses)
Type of data processed: usage data, connection data.
Data processing agreement: We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. a GDPR and an order processing contract with Google pursuant to Art. 28 para. 3 sentence 1 GDPR.

3. Purpose of data processing
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data. We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data.

4. Duration of storage, objection and disposal options
The personal data of users will be deleted or anonymized after 14 months.
The user can prevent the storage of cookies by a corresponding setting of his browser software; In addition, the user can prevent the collection of the data generated by the cookie and its use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

As an alternative to the browser add-on or within browsers on mobile devices, the user can click on this link to prevent future collection by Google Analytics within this website. An opt-out cookie is stored on the user’s device. If the user deletes his cookies, he must click this link again.

Further information on data use by Google, possible settings and objections, can be found out in Google’s data protection declaration (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

3) Google Ads and conversion measurement

1. Description and scope of data processing
We use Google’s online marketing method “AdWords” to place ads on the Google advertising network. We will receive an individual “conversion cookie”. The information collected with the help of cookies is used by Google to generate conversion statistics for us. However, we only see the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland
Company category: Online marketing and conversion measurement tool “Google Ads”
Transmission to third countries: In individual cases USA (according to EU standard contractual clauses)
Type of data processed: usage data, connection data

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about the users is transmitted as a rule to Google and stored on Google’s servers in the USA.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. a DSGVO.

3. Purpose of data processing
We use the online marketing procedure Google “Ads” to place ads on Google’s advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offer more specifically in order to present users only ads that potentially correspond to their interests.

4. Information on data use by Google, setting and objection options
Further information on data use by Google, possible settings and objections can be found in Google’s data protection declaration (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

4) Google Fonts

1. Description and scope of data processing
We integrate the fonts (“Google Fonts”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. When a page is called up, the user’s browser loads the required web fonts into their browser cache to display texts and fonts correctly. For this purpose, the browser used by the user must connect to Google’s servers. This gives Google knowledge that our website has been accessed via the user’s IP address.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland.
Company category: Font delivery service “Google Fonts”.
Third country transfer: In individual cases USA (according to EU standard contractual clauses).
Type of data processed: usage data, connection data.

2. legal basis for data processing
The legal basis for the use of Google Fonts is Art. 6 para. 1 lit. f GDPR

3. Purpose of data processing
The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers.

4. Information on data use by Google, setting and objection options
Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated.

5) Google Maps

1. Description and scope of data processing
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“Google”). Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. By using this service, users will be able to see our location and find their way to us more easily.

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland.
Company category: Service for interactive maps and map functions “Google Maps”.
Third country transfer: In individual cases USA (according to EU standard contractual clauses).
Type of data processed: usage data, connection data, location data.

Users can activate Google Maps with a click, only then data processing takes place. The data can be processed in the USA. The processed data may include in particular IP addresses and location data of the users, which, however, are not collected without their consent (as a rule within the framework of the settings of their mobile devices). Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The users will be informed about the data processing by Google and referred to this privacy policy.

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR

3. Purpose of data processing
By using this service, users can see our location and find their way to us more easily.

4. Information on data use by Google, setting and objection options
If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore also the map display on this website cannot be used.

The Google Terms of Use can be found at https://policies.google.com/terms?hl=en&gl=en, the additional Terms of Use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html
Opt-Out: https://adssettings.google.com/authenticated.

6) YouTube in the extended data protection mode

1. Description and scope of data processing
We integrate the videos of the platform “YouTube” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland.
Company category: Provision of video platform “YouTube”.
Third country transfer: In individual cases USA (according to EU standard contractual clauses). More information can be found here.
Type of data processed: usage data, connection data.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR

3. Purpose of data processing
We use YouTube to present our products in an appealing way and to inform interested parties about our products.

4. Information on data use by Google, setting and objection options
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated.

7) Newsletter by Mailchimp

1. Description and scope of data processing

Our newsletter is sent using the mailing service provider “MailChimp”.

Data recipient: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA
Company category: “Mailchimp” newsletter distribution platform.
Third country transfer: USA (according to EU standard contractual clauses).
Type of data processed: contact data, inventory data, usage data, connection data.
Data processing agreement: We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

The newsletter service provider can use the recipient’s data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the shipping service does not use the data of our newsletter recipients to write them down itself or to pass the data on to third parties. Users can view the data protection provisions of the shipping service provider here: https://mailchimp.com/legal/privacy/.
The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

2. Legal basis for data processing
The dispatch service provider is used on the basis of our legitimate interests according to Art. 6 Para. 1 lit. f GDPR and an order processing contract according to Art. 28 Para. 3 S. 1 GDPR.

3. Purpose of data processing
Delivery of the newsletter.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
5. Possibility of opposition and elimination
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. Objection is also by telephone at +49 711-66 188-500, in writing: Fabrikstr. 5 | 73728 Esslingen or by e-mail at: unsubscribe@inpuncto.com The user data will be deleted after 7 days at the latest.

Further information on processing processes, procedures and services:

8) Newsletter Success Measurement

1. Description and scope of data processing
The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file which is retrieved from the server of our mail service provider Mailchimp when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the user’s browser and system as well as his IP address and the time of retrieval are initially collected. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our goal nor, if used, that of the shipping service provider to observe individual users.

2. Legal basis for data processing
The legal basis for recording the success measurement of the newsletter is our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
We use this information to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The evaluations also serve us to recognize the reading habits of the users and to adapt our contents to them or to send different contents according to the interests of our users.

4. Duration of storage
The data will be deleted no later than three months after cancellation of the newsletter.

5. Possibility of opposition and elimination
A separate cancellation of the success measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled.

For this purpose there is a corresponding link in every newsletter. Objection is also by telephone at +49 711-66 188-500, in writing: Fabrikstr. 5 | 73728 Esslingen or by e-mail at: unsubscribe@inpuncto.com The user data will be deleted after 7 days at the latest.

9) Login/Registration for Webinars

1. Description and scope of data processing

On our website, we offer users the opportunity to register for webinars by providing personal data. We use GoToWebinar/GoToStage services from GoTo Technologies Ireland Unlimited Company (hereinafter referred to as “GoTo Technologies”). The registration form is already part of the GoToWebinar/GoToStage application. When registering, the user is asked for his e-mail address and other personal data. The e-mail address and personal data are used by the webinar organizers GoTo Technologies and inPuncto to communicate with the user regarding the webinar. After registration, the user receives z. B. his personal link to an upcoming webinar from GoTo Technologies via e-mail or his direct access to the inPuncto company channel with recorded webinars. The organizers will only use this data for participation in webinars and similar services and will not pass it on to third parties or use it for other purposes.

Data recipient: GoTo Technologies Ireland Unlimited Company The Reflector 10 Hanover Quay Dublin 2 D02R573 Ireland
Company category: Provision of platform for virtual events.
Third country transfer: In individual cases USA (according to EU standard contractual clauses).
Type of data processed: contact data, usage data, connection data, location data.
Data processing agreement: We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

By completing the registration form for the respective webinar, the user expressly agrees to these terms of use. The terms of use of GoTo Technologies GoToWebinar/GoToStage also apply to the use of the webinar offers: https://www.goto.com/de/company/legal/privacy
The data that users have provided in the course of registering for a webinar can also be stored by inPuncto in a customer relationship management system (“CRM system”) or comparable inquiry organization and used to send information about similar services.

2. Legal basis for data processing
The legal basis for processing the data is Art. 6 para. 1 lit. a GDRP. The legal basis for the processing of data by inPuncto is Art. 6 Para. 1 lit. b DSGVO and Art. 6 Para. 1 lit. f.

3. Purpose of data processing
A registration of the user is required for the webinar participation. Your e-mail address and personal information will be used by the webinar organizer LMI to communicate with you regarding the webinar. Furthermore, inPuncto will use the data provided by users for the webinar registration in order to send them later the link to the webinar recording or may use it for our legitimate interest to contact the webinar participants after the webinars in order to obtain their feedback with regard to improvements.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.

5. Possibility of opposition and elimination
As a user, you have the option at any time to cancel your registration and to have the data stored about you modified or deleted. The legality of the processing and use made up to the revocation remains unaffected.

If the user wishes to cancel his participation in a webinar, there is a corresponding link in every registration e-mail. Users also have the possibility at any time to have the data stored inPuncto about them modified or deleted. This can be done by telephone at +49 711-66 188-500 (weekdays 8-18 hour), in writing: Fabrikstr. 5 | 73728 Esslingen or by e-mail: unsubscribe@inpuncto.com

You can find further information on processing processes, procedures and services at: https://www.inpuncto.com/en/data-privacy/data-protection-notice-for-webinars/

10) Content Delivery Network application

1. Description and scope of data processing
We use a so-called “Content Delivery Network” (CDN), offered by Fritz Managed IT GmbH, Saarstr. 11, DE 91207.
A CDN is a service with the help of which contents of our online offer, in particular large media files, such as graphics or scripts, are delivered more quickly with the help of regionally distributed servers connected via the Internet. The processing of user data takes place solely for the aforementioned purposes and to maintain the security and functionality of the CDN. Further information can be found in the Fritz GmbH data protection declaration: https://www.fritz.gmbh/de/datenschutz.htm

Recipient of the data: Fritz Managed IT GmbH, Saarstr. 11, DE 91207 Lauf.
Company Category: ECS Web Hosting.
Third country transfer: According to EU standard contractual clauses.
Type of data processed: connection data, usage data, content data.
Data processing agreement: We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

2. Legal basis for data processing
The use is based on our legitimate interests, i.e. Interest in a safe and efficient provision, analysis and optimization of our online offer according to Art. 6 § 1 lit. f. DSGVO.

3. Purpose of data processing
A CDN is a network of powerful servers that cache content in various locations around the world. A CDN has two main tasks: it should provide content in the shortest possible time and on the other hand, it should relieve the web host by distributing the data traffic.

4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Further information can be found in the data protection declaration of Fritz Managed IT GmbH.

11) Use of Lucky Orange

For web analysis, we use the services of the American company Lucky Orange – Lucky Orange LLC, 8680 w. 96th Street, Suite 200, Overland Park, KS 66212, USA on our website.

Lucky Orange also processes personal data in third countries where it may not be possible to establish an appropriate level of data protection. This means that in these cases you cannot assert the same rights as provided for in the GDPR.

The service is used on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a. GDPR

You give your consent by setting the use of cookies (cookie banner / consent manager), with which you can also declare your revocation at any time with effect for the future in accordance with Article 7 (3) GDPR. There is no legal or contractual obligation to provide your data. If you do not give us your consent, you can visit our website without restrictions, but not all functions may be fully available.

The specific storage period of the processed data cannot be influenced by us, but is determined by Lucky Orange, LLC. Further information can be found in the data protection declaration https://www.luckyorange.com/legal/privacy.

12) Use of Calendly

We use the planning and organization tool Calendly from the American company Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA on our website to make appointments.

Calendly also processes personal data in third countries where it may not be possible to establish an appropriate level of data protection. This means that in these cases you cannot assert the same rights as provided for in the GDPR.

The service is used on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Calendly, LLC. Further information can be found in the data protection declaration https://calendly.com/de/privacy

X. Application procedure

1. Description and scope of data processing
The application procedure requires that applicants provide us with the applicant data. The necessary applicant data can be found in the job descriptions. In principle, this includes personal details, postal and contact addresses and the documents associated with the application, such as cover letters, curriculum vitae and certificates. Applicants may voluntarily provide us with additional information.
If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily provided as part of the application process, they will also be processed in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application procedure, they will also be processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if they are required for the exercise of a profession).

Applicants can send us their applications via e-mail. Please note, however, that e-mails are generally not sent in encrypted form and the applicants themselves must ensure that they are encrypted. Therefore, we cannot assume any responsibility for the transmission path of the application between the sender and the reception on our server.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. By submitting their application to us, applicants declare their consent to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.

2. Legal basis for data processing
The processing of applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure as defined in Art. 6 para. 1 lit. a. GDPR, Art. 6 para. 1 lit. b. GDPR and Art. 6 para. 1 lit. f. GDPR insofar as data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, § 26 BDSG also applies).

3. Purpose of data processing
We process applicant data only for the purpose and within the framework of the application procedure in accordance with the legal requirements.

4. Duration of storage and disposal possibility
If the application for a job offer was not successful or if the applicant has withdrawn his application (which the applicants are entitled to do at any time), the applicant’s data will be deleted. The legality of the processing and use made up to the revocation remains unaffected.

Subject to justified revocation by the applicant, the data will be deleted after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with the provisions of tax law.

XI. Online presence in social media

1. Description and scope of data processing
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and active users and to inform them about our services. When using the respective platforms, user data can be processed outside of the European Union area. This can result in risks for users, as it could, for example, make it more difficult to enforce the rights of users. US providers certified under the Privacy Shield have undertaken to comply with EU data protection standards. The data of the users of the platforms are usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users in which the user behaviour and the interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

Type of data processed: usage data, connection data, content data.

2. Legal basis for data processing
The processing of users’ personal data is carried out on the basis of our legitimate interests in the effective information of users and communication with users in accordance with Art. 6 Para. 1 lit. f. GDPR. If the users are asked by the respective providers for their consent to data processing (i.e. their consent e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

3. Possibility of opposition and removal
For a detailed representation of the respective processing and the possibilities of objection (Opt-Out), we refer to the following linked information of the providers.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. If you nevertheless need help, you can contact us.

Facebook

We have a profile on Facebook. We have concluded an agreement on joint processing (Controller Addendum) with Facebook. This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads. Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Data recipients: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Company Category: Social Network.
Third country transfer: According to EU standard contractual clauses: https://www.facebook.com/legal/EU_data_transfer_addendum
Joint Controllership Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data
Legal basis: Legitimate interest (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Website: https://www.facebook.com
Privacy Policy: https://www.facebook.com/about/privacy

LinkedIn

Data recipients: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland;
Company Category: Social Network
Third country transfer: According to EU standard contractual clauses: https://legal.linkedin.com/dpa
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR)
Website: https://www.linkedin.com
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Data processing agreement: https://legal.linkedin.com/dpa
Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Twitter

Recipients of the data: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Company Category: Social Network.
Third country transfer: partly according to EU standard contractual clauses
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Website: https://twitter.com
Privacy Policy: https://twitter.com/privacy

Xing

Recipient of the data: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Company Category: Social Network
Third country transfer: No
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR);
Website: https://www.xing.de
Data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung

XII. Rights of the data subject

If your personal data is processed, you are the data subject as defined by the GDPR and you have the following rights towards the person responsible:

Right to information: You may ask the responsible person to confirm whether personal data relating to you will be processed by us and the right to access such data and to obtain further information and a copy of the data in accordance with the provisions of the law.

Right to rectification: you have a right of rectification and/or completion towards the data controller if the personal data processed concerning you are inaccurate or incomplete.

Right to cancellation and limitation of processing: You may request the data controller, in accordance with the provisions of the law, to delete the data concerning you immediately or, alternatively, to limit the processing of your data in accordance with the provisions of the law.

Right to be informed: If you have asserted the right to rectification, cancellation or limitation of processing to the controller, the latter is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves impossible or involves a disproportionate effort.

Right of withdrawal: You have the right to revoke your consent with effect for the future.

Right of objection: You can object at any time to the future processing of the data concerning you in accordance with the statutory provisions. In particular, you may object to the processing of your data for the purposes of direct marketing.

Right to complain to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of presumed infringement, if you are of the opinion that the processing of your personal data violates the GDPR.

Competent supervisory authority: Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg

Address:
Königstrasse 10 a
70173 Stuttgart

Postal address:
Postfach 10 29 32
70025 Stuttgart

Phone: +49 (0)711/615541-0
Fax: +49 (0)711/615541-15
E-mail: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/

XIII. Up-to-dateness and amendment of the data protection declaration

This data protection declaration is currently valid and was updated on August, 18 2022.

We ask you to inform yourself regularly about the contents of our data protection declaration. Due to the further development of our Internet pages and offers or due to changed legal or official requirements, it may become necessary to amend this data protection declaration. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

You can call up and print out the current data protection declaration at any time on the website at:
https://www.inpuncto.com/en/data-privacy/