Privacy Policy (valid from 01.02.2020)

These information on data protection (hereinafter: „Privacy Policy“) shall give you an overview of what happens to your Personal Data (hereinafter also referred to as “Data”) in our company and to inform you of the data protection claims and rights to which you are entitled in line with the European General Data Protection Regulation (“GDPR”) and national data protection legislation, for example the German Federal Data Protection Act (Bundesdatenschutzgesetz “BDSG”). We therefore ask you to take note of this Privacy Policy and if necessary, to print it out or save it.

Personal Data is every information with which you can be personally identified. Your Personal Data may be processed for various purposes. Essentially, exccon AG (hereinafter also referred to as “exccon” or “We”) can divide its data processing operations into the following areas of application:

  • In connection with the website exccon.com (hereinafter referred to as “Website“), or comparable external online presences, such as our Social Media Profile or browser-based services (Website and external online presences hereinafter jointly referred to as “Online Presence“), we process visitor data exchanged between their internet-enabled-devices and the server operated by us, as well as data communicated to us in connection with the use of the Website. For details, please refer to Part B.
  • For the purpose of processing or initiating contracts, we process the necessary data of our customers and interested parties. You will find more information on this under Part C.
  • Our business partners’ and suppliers’ data are used exclusively for the direct placing, processing and execution of orders. You will find more information on this under Part C.

Please visit each section for quick and contextual information on specific processing situations.

General information on data protection, data processing procedures and data subject rights, which applies to all data processing procedures carried out for us, can be found in Part A below.

A.     General Information On Data Protection And Data Subject Rights

I.         Who Is Responsible For Data Processing And Who Can You Contact If You Have Any Questions?

Controller” according to the GDPR and other national data protection laws of the member states as well as other provisions of data protection law is:

exccon AG
Tal 11
80331 München

Tel.: +49 89 189 04 775-0
Fax: +49 89 189 04 775-99
E-Mail: info@exccon.com

Responsible contact person at exccon is Mrs. Jaqueline Track, ibidem

Our appointed data protection officer can be contacted at:

Rechtsanwalt Richard Metz
Lohmanns Lankes & Partner PartGmbB
Rechtsanwälte und Patentanwalt
Würmtalstr. 20a
81375 München
Tel: 089 / 552 75 500
E-Mail: r.metz[at]llp-law.de

II. What Rights Do You Have With Regard To Your Personal Data?

If your Data is processed, you are the “Data Subject” as defined by the GDPR, which means that you may be entitled to the rights described below. If you assert any rights against EXCCON as the responsible party („Controller“), we recommend that you direct them to the following address:

exccon AG
Tal 11
80331 München

info@exccon.com

1. Right Of Access

In accordance with Art. 15 GDPR, you can request confirmation from us as to whether Personal Data relating to you is being processed by us and to what extent we are processing your Data.

2. Right To Recitification

If Personal Data concerning you is incorrect or incomplete, you have a right to correction and/or completion pursuant to Art. 16 GDPR.

3. Right To Erasure

If the legal requirements of Art. 17 GDPR are met, you can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to erasure, we will immediately and completely erase your data in order to fulfil our statutory obligations to erase after the processing purpose has ceased to apply, provided there is no legal or statutory retention period to the contrary.

4. Right To Restriction Of Processing

In the cases specified in Art. 18 GDPR, you may request us to restrict the processing of your Data. If you have restricted the processing of your Personal Data, this Data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

5. Right To Data Portability

Pursuant to Art. 20 GDPR, you have the right to have Data provided by you, which we process automatically on the basis of your consent or in fulfilment of a contract, transferred to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible. The right to Data Portability does not apply to the processing of Personal Data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.

6. Right To Object

If we process your Data on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you may object to this ata processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you file an objection, we will no longer process your Personal Data concerned unless we can prove compelling legitimate grounds for the processing which override your interests as a Data Subject or for the establishment, exercise or defence of legal claims.

Where a Data Subject objects to data processing for direct marketing purposes, the Personal Data shall no longer be processed for such purposes; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your Personal Data will no longer be used for direct marketing purposes. You can object to the processing of your Data for the purpose of direct marketing at any time without giving reasons.

7. Right To Withdraw Consent Under Data Protection Law

Some data processing operations are only possible with your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please note that even after withdrawing your consent, it may still be possible to process the Data concerned in whole or in part on the basis of other legal principles.

8. Right To Lodge A Complaint With A Supervisory Authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes upon GDPR (Art. 77 GDPR in conjunction with § 19 BDSG).  A list of data protection authorities in Germany and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

If you are of the opinion that we violate German or European data protection law when processing your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for our company headquarters:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27

91522 Ansbach

E-Mail: poststelle@lda.bayern.de

III.       Which Personal Data Are Processed And From Which Sources?

1. The Origin Of Personal Data

We mainly process the Data that we receive directly from the Data Subjects as part of a business relationship (see also Part C).

In individual cases, we also process Data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have obtained, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media).

Via our Online Presences, we process Data that we receive during your visit to the Website or that you actively communicate to us when using the Website, e.g. when using our contact form. Other data is automatically collected by our IT systems when you visit the respective Online Presence. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our Website. Details can be found under Part B.

2. Categories of Personal Data

Among the Personal Data that we regularly process are personal master/contact data such as: First and last name, address, e-mail address, telephone number, fax, position in the company.

In addition, we also process the following additional Personal Data depending on the order/service:

  • Information on the type and content of our business relationship such as contract data, order data, sales and document data, customer and supplier history, consulting documents.
  • advertising and sales data,
  • documentation data (e.g. consultation protocols, data from service meetings or support information from your electronic dealings with us (e.g. IP address, log-in data),
  • other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),
  • the documentation of declarations of consent
  • photos taken at public events

IV.       For Which Purposes And On What Legal Basis Are Data pProcessed?

We process your data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as amended, in particular on the following basis:

1. Fulfilment Of (Pre-)Contractual Obligations (Art. 6 para. 1 lit. b GDPR)

Personal Data is processed on the basis of Art. 6 para. 1 lit. b GDPR in order to fulfil EXCCON’s contractual obligations, in particular in connection with the sale and distribution of our goods and services as well as all activities customary in the industry for the operation or administration of EXCCON (e.g. customer administration). Data may also be processed on a pre-contractual level as part of initiating business with EXCCON or in the course of other contractual relationships with EXCCON.

Therefore, Art. 6 para. 1 lit. b GDPR, for example, is the legal basis in the following cases:

  • Creating and maintaining a customer account or a supplier account
  • Keeping customer/prospect files or our customer/prospect database
  • Sending information
  • Offering and selling of Software products
  • Offering and implementing our Services (e.g. training, consulting and support services)
  • Planning and realisation of events

Details for the purpose of such Data Processing can be found in the respective contract documents and terms and conditions.

2. Safeguarding Legitimate Interests (Art 6 para. 1 lit.f GDPR)

On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract in order to safeguard the legitimate interests of EXCCON or third parties. That is permissible except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data. Data processing to safeguard legitimate interests is carried out in the following cases, for example:

  • Execution of payment transactions via external service providers
  • Use of debt collection service providers and lawyers to collect receivables and/or enforce them in court
  • Assertion of other legal claims and defence in legal disputes
  • Advertising or marketing
  • Image and sound recordings at public events (e.g. trade fairs, open days, workshops, industry events)
  • Measures for business management and further development of our Services;
  • Carrying out a risk assessment (due diligence) in the context of any company restructuring or a company acquisition or sale
  • Measures for building and plant safety

3. Fulfilment Of Legal Obligations (Art 6 para. 1 lit.c GDPR)

The processing of your Data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from the German Commercial Code (Handelsgesetzbuch “HGB”) or the German Tax Code (Abgabenordnung “AO”).

4. Consent (Art 6 para. 1 lit.a GDPR):

If, in individual cases, you have given us your consent to process your Data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, e.g. for sending a newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the contact data listed under A. No. I or No. II. Please note that processing which took place before the withdrawal is not affected by the withdrawal and under certain circumstances data processing may continue to be possible at least partially on the grounds of some other legal basis.

For this we use your Data for the following purposes:

  • Quality assurance: In order to continuously improve our services, our products and our services for you, we conduct surveys to your satisfaction, as well as your experiences from your contractual relationship.
  • General and personalised advertising by e-mail, fax or telephone.
  • If you have given us a SEPA Direct Debit Mandate, we will use your bank details. We collect open amounts via the SEPA Direct Debit Mandate in accordance with the contractual agreements.

V. Who Receives My Data?

At EXCCON, those employees or organizational units who need your data to fulfil our contractual and legal obligations or to process or pursue our legitimate interests receive it.

Your Data will be forwarded to companies for the initiation or execution of a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 para. 1 lit. b GDPR or – depending on the type of concrete contractual relationship – and on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or the execution of the contract. This applies to the following recipients or recipient categories:

  • IT service providers (e.g. e-mail service providers, web hosting companies)
    • 4me Inc, 555 Bryant Street #156 Palo Alto, CA 94301 U.S.A. (Supportplattform)
    • RAIDBOXES GmbH, Friedrich-Ebert-Straße 7, 48153 Münster (Webhoster)
    • Mailchimp, Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (Newsletter-Dienstleister)
    • Microsoft (Office 365): Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 München, Deutschland
    • Salesforce (CRM): salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, DEUTSCHLAND
    • Moco: hundertzehn GmbH, Aeschstrasse 131F, 8123 Ebmatingen Schweiz :
    • HR Works: HRworks GmbH, Konrad-Goldmann-Str. 5 b 79100 Freiburg, Deutschland
    • DomainFactory GmbH Oskar-Messter-Str. 33 85737 Ismaning, Deutschland
  • Examination and certification provider:
    • EXIN Holding B.V., Arthur van Schendelstraat 650, 3511 MJ UTRECHT, Niederlande
    • PeopleCert International Limited, Cyprus company no. 160322, 40 Themistocles Dervi Str. 1066, Nicosia, Zypern (Examination Institute)
  • Affiliated companies and partner companies or sales partners
    • 4me, 555 Bryant Street #156 Palo Alto, CA 94301 U.S.A. (Supportplattform,
    • BeyondTrust, Atlanta, 11695 Johns Creek Parkway, Suite 200 Johns Creek, Georgia 30097, USA
    • ServiceNow, 2225 Lawson Lane, Santa Clara, CA , 95054, USA
    • Splunk, 270 Brannan Street, San Francisco, CA 94107, USA
    • salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, Deutschland
    • Oneio Cloud Oy, Huopalahdentie 24, FI-00350 Helsinki, Finland
  • advertising partners
  • insurances
  • banks
  • communication provider (telephone provider, fax provider)
    • NFON AG, Machtlfinger Str. 7, 81379 München, Deutschland
  • payment service providers
  • Shipping and logistics service provider in the education sector
    • Transimpex Exaktkurier und Overnight Termindienst Agentur GmbH, Kistlerhofstr. 70 / Geb. 79, D-81379 München
    • Deutsche Post / DHL
  • credit bureaus
  • chartered accountant
  • tax and legal advisors

If we use a service provider in the sense of data processing on behalf of a Controller in accordance with Art. 28 GDPR, we shall nevertheless remain responsible for the protection of your Data. Insofar as required by law, Processors are contractually obliged by means of an Data Processing Agreement to treat your Data confidentially and to process it only within the scope of providing the respective service. The Processors commissioned by us will receive your Data insofar as they require the Data to perform their respective services.

Your Data will only be transferred to state institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you have commissioned us to do so.

VI. How Long Will My Data Be Stored?

Your Personal Data will only be used for the purpose for which you provided it to us or for which you gave us your consent and will be stored until this specific purpose has been fulfilled. After complete processing of the purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in particular tax and commercial law nature).

However, the Data will be deleted at the latest after expiry of all time limits unless you have expressly consented to further or other use. You can also assert rights during the retention periods, such as blocking your data. See A. Point II.

Your Data will be erased or blocked by us as soon as the purpose of storage no longer applies or you request us to erase it.

We process and in particular store your Data in principle at most only until the termination of the business relationship or until the expiry of the applicable guarantee, warranty and limitation periods. For example, the statute of limitations according to §§ 195 ff. of the German Civil Code (BGB) is generally three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes for which the data is required as evidence.

We are also subject to statutory documentation and storage periods (e.g. from the German Commercial Code (Handelsgesetzbuch, “HGB”) (e.g. § 257 HGB), the German Money Laundering Act or the German Tax Code (Abgabenordnung “AO”) (e.g. § 147 AO)). The time limits specified there for storage or documentation are two to ten years. For example, even after termination of a contract with you, we would be required to store your Data for a period of time until the completion of the tax audit of the last calendar year in which you were our customer.

VII. Will Personal Data Be Transferred To A Third Country?

As part of our processing activities, in certain business transactions or areas of activity, personal data may also be transferred to locations in so-called third countries outside the EU or the EEA to which the EU Commission has not yet attested an adequate level of data protection, for example in the USA. If such data transfer should become necessary in individual cases, this will only be done on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your express consent.

B.     Use Of Our Online Presences

In principle, you can visit our Online Presences and use them for information purposes without having to provide any personal details (e.g. register, place orders or otherwise provide information about yourself).  In this case, we process Personal Data of our users only to the extent necessary to provide a functional Website and our content and services or to the extent that cookies used on the Online Presemce provide us with personal information when visiting the respective Online Presence. For information on our own cookies used by us, please refer to B Section II. Other cookies enable our partner companies or third parties to recognise your browser on your next visit, if applicable. For information on such third party cookies, please refer to B Section III.

In addition, the processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by statutory provisions.

I. Provision Of The Website And Creation Of Log Files

Description Of Data Processing

Each time you access our Website, our system automatically collects Data and information from the computer system of the accessing computer, which your Internet browser automatically transmits to us or our web host (so-called log files). These server logfiles contain IP addresses or other Data that enable an assignment to a user. This could be the case, for example, if the link to the Website from which the user accesses the Website or the link to the Website to which the user switches contains personal data. The following information is collected:

  • Domain (website you visit)
  • Website from which you visit us (referrer URL)
  • Your Internet Protocol (IP) address
  • Date and time of your visit
  • Browser type and version; operating system used
  • Transmitted bytes

These Data are not stored together with other Personal Data of the user.

Legal Basis And Purpose Of Data Processing

The legal basis for the temporary storage of Data in log files is Art. 6 para. 1 lit. f GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the Website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The Data is stored in log files in order to ensure the functionality of the Website. The Data is also used to optimise the Website and to ensure the security of our information technology systems.

Duration Of Storage / Right Of Objection And Elimination

The Data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the purpose of providing the Website, this is the case when the session in question has ended.

When Data is stored in log files, this is the case after 3 days at the latest. Storage going beyond this is possible. In this event, the IP addresses of the users will be erased or alienated so that an assignment of the accessing client is no longer possible. After 24 hours, anonymous data will be available from our provider for 3 months.

The collection of Data for the provision of the Website and the storage of Data in log files is mandatory for the operation of the Website. Consequently, there is no possibility for the user to object.

II.        Use Of Cookies

Description Of Data Processing

Our Online Presences use cookies or similar methods and collects, processes and uses usage data (e.g. access times, visited websites) or meta and communication data (IP address, device information). Cookies are text files with a characteristic string of characters that are stored in the Internet browser or by the Internet browser on the user’s computer system and which enable the browser to be uniquely identified when the offer is called up again. If a user calls up a Website, a cookie can be stored on the user’s operating system. A cookie contains a characteristic string of characters. The use of these cookies serves to make a website more user-friendly, effective and secure. When you visit a website on which a cookie is embedded, the Data you enter is stored exclusively in the cookie on your computer. In this case, Data will only be transmitted to the servers of our offer when a page request is made.

Some cookies are deleted after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g. so that you can log in to the application and also remain logged in across pages during your visit to our Website.

Other cookies remain on your end device for a specified period of time and enable us to recognize your browser during your next visit (so-called persistent or protocol cookies). The purpose of using these cookies is to provide you with optimal user guidance, to “recognize” you and to present you with a varied Website and new content when you repeatedly use the respective Online Presence.

Cookies from partner companies or third parties may be used, for example, to collect information for advertising, custom content or statistics (“Third Party Cookies”). Unless we identify cookies as originating from third parties, the cookies originate from our offering (“First Party Cookies”). We will inform you separately about third party cookies or tracking technologies that we use in the following sections of our Privacy Policy.

Flash cookies are stored on your computer as data elements of web pages when they are operated with Adobe Flash. Flash cookies have no time limit.

We use the following cookies to make our Website more user-friendly and store or transmit the following data:

Cookiename: CookieConsent

  • Purpose: Saves the user’s consent status for cookies on the current domain.
  • Storage Period: 1 Year
  • Type of Cookie: HTTP
  • Domain: www.cookiebot.com

Cookiename: PHPSESSID

  • Purpose: Maintains the status of the user for all page requests.
  • Storage Period: Session
  • Type of Cookie: HTTP
  • Domain: www.exccon.com

Cookiename: rc::a

  • Purpose: This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports on the use of its website..
  • Storage Period: Persistent
  • Type of Cookie: HTML
  • Domain: www.google.com

Cookiename: rc::b

  • Purpose: This cookie is used to distinguish between humans and bots.
  • Storage Period: Session
  • Type of Cookie: HTML
  • Domain: www.google.com

Cookiename: rc::c

  • Purpose: This cookie is used to distinguish between humans and bots.
  • Speicherdauer: Session
  • Type of Cookie: HTML
  • Domain: www.google.com

Cookiename: wc_cart_hash_#

  • Purpose: This cookie is set by WooCommerce (shop system) to save the shopping cart during a session, i.e. to ensure that products that you have placed in the shopping cart are not deleted again while you are searching for other products that you also want to add.
  • Storage Period: Persistent
  • Type of Cookie: HTML
  • Domain: www.exccon.com

Cookiename: wc_fragments_#

  • Purpose: This cookie is set by WooCommerce when using the online shop.
  • Speicherdauer: Session
  • Type of Cookie: HTML
  • Domain: www.exccon.com

Cookiename: wordpress_test_cookie

  • Purpose: Used to check whether the user’s browser supports cookies.
  • Storage Period: Session
  • Type of Cookie: HTTP
  • Domain: exccon.com

Cookiename: _ga

  • Purpose: Registers a unique ID, which is used to generate statistical data on how the visitor uses the website, is used to distinguish users.
  • Storage Period: 2 Years
  • Type of Cookie: HTTP
  • Domain: https://analytics.google.com

Cookiename: _gat

  • Purpose: Is used by Google Analytics to limit the request rate.
  • Storage Period: 1 Minute
  • Type of Cookie: HTTP
  • Domain: https://analytics.google.com

Cookiename: _gid

  • Purpose: Registers a unique ID, which is used to generate anonymous statistical information about how the visitor uses the site, is used to distinguish users.
  • Storage Period: 1 Day
  • Type of Cookie: HTTP
  • Domain: https://analytics.google.com

Cookiename: woocomerce_recently_viewed

  • Purpose: Contains data on the last products that the visitor viewed. Used by the webmaster for internal statistics.
  • Storage Period: Session
  • Type of Cookie: HTTP
  • Domain: exccon.com

Cookiename: _ir

  • Purpose: Collects information about visitor behavior on multiple web pages. This information is used on the website to optimise the relevance of the advertising.
  • Storage Period: 1 Day
  • Type of Cookie: HTTP
  • Domain: www.pinterest.de

Cookiename: ads/ga-audiences

  • Purpose: Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites
  • Storage Period: session
  • Type of Cookie: Pixel
  • Domain: www.google.com

Cookiename: IDE

  • Purpose: Used by Google DoubleClick to register and report user actions on the website after displaying or clicking on one of the provider’s advertisements, with the purpose of measuring the effectiveness of a rating and displaying targeted advertising for the user.
  • Storage Period: 1 Year
  • Type of Cookie: HTTP
  • Domain: doubleclick.net

Cookiename: NID

  • Purpose: Registers a unique ID that identifies the device of a returning user. The ID is used for targeted advertising.
  • Storage Period: 6 Months
  • Type of Cookie: HTTP
  • Domain: www.google.com

Cookiename: test_cookie

  • Purpose: Used to check if the user’s browser supports cookies.
  • Speicherdauer: 1 Day
  • Type of Cookie: HTTP
  • Domain: doubleclick.net

Cookiename: VISITOR_INFO1_LIVE

  • Purpose: Tries to estimate user bandwidth on pages with built-in YouTube videos.
  • Storage Period: 179 Days
  • Type of Cookie: HTTP
  • Domain: youtube.com

Name des Cookies: YSC

  • Purpose: Registers a unique ID to keep statistics of YouTube videos the user has seen.
  • Storage Period: Session
  • Type of Cookie: HTTP
  • Domain: youtube.com

Cookiename: yt-remote-cast-installed

  • Purpose: Saves the user setting when calling up a YouTube video integrated on other websites.
  • Storage Period: Session
  • Type of Cookie: HTML
  • Domain: youtube.com

Cookiename: yt-remote-connected-devices

  • Purpose: Saves the user setting when calling up a YouTube video integrated on other websites.
  • Storage Period: Persistent
  • Type of Cookie: HTML
  • Domain: youtube.com

Cookiename: yt-remote-device-id

  • Purpose: Saves the user setting when calling up a YouTube video integrated on other websites.
  • Storage Period: Persistent
  • Type of Cookie: HTML
  • Domain: youtube.com

Cookiename: yt-remote-fast-check-period

  • Purpose: Saves the user setting when calling up a YouTube video integrated on other websites.
  • Storage Period: Session
  • Type of Cookie: HTML
  • Domain: youtube.com

Cookiename: yt-remote-session-app

  • Purpose: Saves the user setting when calling up a YouTube video integrated on other websites
  • Storage Period: Session
  • Type of Cookie: HTML
  • Domain: youtube.com

Cookiename: yt-remote-session-name

  • Purpose: Saves the user setting when calling up a YouTube video integrated on other websites.
  • Storage Period: Session
  • Type of Cookie: HTML
  • Domain: youtube.com

 

Legal Basis And Purpose Of Data Processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality and security of the Website and a customer-friendly and effective design of the site visit, unless we ask you for consent under Art. 6 para. 1 lit. a GDPR.

The purpose of using technically necessary cookies is to simplify the use of Websites for users. Some functions of our Website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change.

Duration Of Storage / Right Of Objection And Elimination

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Website, it is possible that all functions of the Website can no longer be used to their full extent.

III.       Statistical Analysis Of The Website / Increase Of Reach

1. Google Analytics

Description Of Data Processing

This Website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

Google Analytics also uses so-called “cookies”. The information generated by the Google cookie about your use of this Website will generally be transmitted to and stored by Google on servers in the United States. Google is a participant in the EU-US Privacy Shield https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg) which sets minimum standards for the protection of personal data of Europeans whose data are stored or processed in the USA.

We would like to inform you that this Website uses Google Analytics exclusively using the extension “anonymizeIp()”. Your IP address will therefore not be stored completely and will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area prior to transmission to the USA. The identification of the visitor of the web page is impossible. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

For further information on the processing of data by Google, please read Google’s privacy policy: https://policies.google.com/privacy?hl=de,

Legal Basis And Purpose Of Data Processing

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The Website operator has a legitimate interest in analysing user behaviour in order to optimise both its Website and its advertising.

The information generated by the cookies about your use of this Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity for Website operators and providing other services relating to Website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google has contractually guaranteed that it will not associate your IP address with any other data held by Google.

We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Duration Of Storage / Right Of Objection And Elimination

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Website, it is possible that all functions of the Website can no longer be used to its full extent.

By installing the browser add-on to deactivate Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de), you can object to its use. By doing so, you inform Google Analytics that no information about the Website visit should be transmitted to Google Analytics.

Furthermore, you can install an opt-out cookie on your device via this link https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable in particular for browsers of mobile devices, so that the collection of data by Google Analytics on our Website is prevented in the future. Please note that if you delete cookies from your end device, you must also reinstall the opt-out cookie.

2. Google Tag Manager

Description Of Data Processing

The Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) that allows marketers to manage Website tags through a single interface. The Google Tag Manager itself (which implements the tags) is a domain without cookies and does not collect personally identifiable information. The Google Tag Manager triggers other tags that may themselves collect data. For details of these third parties, please refer to this privacy statement. The Google Tag Manager does not access this information. If you have set cookies to be disabled or otherwise set cookies to be disabled, this will be applied to all tracking tags used with Google Tag Manager, so the tool will not change your cookie settings.

For more information about the Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.

Duration Of Storage / Right Of Objection And Elimination

We use the Tag Manager for the Google services Google Analytics and GA Audience. If you have deactivated these services, the Google Tag Manager will take this into account. See B.III.1 for details on Google Analytics.

V.        Further information on procedures, plug-ins and tools used to design the Website

1. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2. YouTube

Description Of Data Processing

We may from time to time use content or services provided by YouTube LLC, 901 Cherry Ave on our Website. San Bruno, California, CA 94066, United States (hereinafter referred to as “YouTube”), to include video content on our Website using a plugin. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, a subsidiary of Alphabet, Inc. If you want to play the embedded videos using this plugin (by clicking the Play button), your IP address will be sent to YouTube because YouTube cannot send the video content to your browser without the IP address. The IP address is therefore required for the display. The YouTube server also receives information about which subpage of our Website you have visited. If you are logged into your YouTube account as a YouTube member, you will also be able to assign your usage behaviour directly to your personal profile when playing our videos. For more information about YouTube’s data processing practices, please refer to the YouTube section: https://policies.google.com/privacy?hl=de&gl=de

Legal Basis And Purpose Of Data Processing

Facebook Connect is used on the basis of our legitimate interests under Art. 6 para. 1 lit. f GDPR to make video content available on our Website.

Duration Of Storage / Right Of Objection And Elimination

To prevent this assignment, please log out of your YouTube profile before playing our video content.

VI.       Online presences on social networks and platforms

Description Of Data Processing

EXCCON maintains further online presences within social networks and/or industry networks (LinkedIn, facebook, XING, Twitter und Instagram) (hereinafter also “SN”) and platforms (e.g. Youtube) and links to them from our Website. By clicking on the respective buttons (recognizable by the respective logos of the social networks or platforms) you get to the respective online presence of the SN. The purpose of these online presences is to communicate with active customers, interested parties and users and to inform them about our services.

When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Legal Basis And Purpose Of Data Processing

Unless otherwise stated in our data protection declaration, we process user data on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR effective information of users and communication only if they communicate with us within social networks and platforms (e.g. if users write articles on our online presences or send us messages).

In some cases, the SN maintain servers in the USA to which your data may be forwarded. These SN such as Facebook Inc. and Twitter Inc. have joined the EU-US Privacy Shield, which sets minimum standards for the protection of personal data of Europeans whose data is stored or processed in the USA. Details are given in the list below.

Duration Of Storage / Right Of Objection And Elimination

If you are a member of one of the SN on which we maintain online presences and do not want the SN to collect data about you via our service and link it to your data on the SN, you must log out of your SN before visiting our service. For a detailed description of the respective processing operations, information on the duration of the storage of data by the respective SN and the opt-out options, please refer to the information provided by the providers linked below.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.

Facebook

For our Facebook company page (“Fanpage”) of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, we have concluded an agreement on joint processing of personal data with Facebook pursuant to Art. 26 GDPR.

This agreement is necessary because Facebook Inc., Menlo Park, California, USA (hereinafter referred to as Facebook Inc.) enters so-called page insights on our fan page. Page Insights is a compilation of information that enables both us and Facebook Inc. to understand how our users interact with our site. Page insights may be based on personally identifiable information collected in connection with our users’ visits or interactions with our site. However, by maintaining the Facebook Corporate Page, we share responsibility and have a duty to notify Facebook when we receive privacy inquiries about page views. Please note that we forward requests for page views to Facebook Ireland. For the rest, please refer to the comments on the rights to which you are entitled under A.

The evaluation of the data collected via page views serves to improve our Websites and for advertising purposes. The collection of this data is in our legitimate interest and in the legitimate interest of Facebook Inc. pursuant to Art. 6 para. 1 lit. f GDPR.

We would like to draw your attention to the fact that we cannot switch page insights technology on or off. We must therefore forward the majority of such requests to Facebook-Ireland, unless we ourselves have collected data. If you do not want Facebook Inc. to collect your data, please do not use our Facebook company page and/or set your browser so that it does not set cookies and/or log out of Facebook while you are using our page.

Privacy Policy

https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/information_about_page_insights_data ,

Right of objection

https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,

Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Instagram

Instagram is a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy Policy/Right of objection:

https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Privatsph%C3%A4re%20und%20Sicherheit

Linkedin

Linkedin is a service of LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland

Privacy Policy: https://www.linkedin.com/legal/privacy-policy ,

Right of objection:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

Twitter

Twitter is a services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Privacy Policy: https://twitter.com/de/privacy,

Right of objection:https://twitter.com/personalization,

Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

XING

XING is a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland („XING“)

Privacy Policy/Right of objection:

https://privacy.xing.com/de/datenschutzerklaerung

VII. Links To Websites Of Other Providers

Our Website may contain links to other websites. We have no influence whatsoever on the content or design of other providers’ websites. The statements in this data protection declaration therefore do not apply to external providers to whose offers or content we merely link to.

If you are forwarded via links from our Website to other websites, please inform yourself there about the respective handling of your Data.

VIII. Active Use Of Our Website

1. E-Mail-Contact

Description Of Data Processing

You can contact us via our provided e-mail address (see “Impressum” or “Contact”).  In this case the personal data of the user transmitted with the e-mail will be stored.

Legal Basis And Purpose Of Data Processing

Art. 6 para. 1 lit. f GDPR is the legal basis for the processing of data transmitted in the course of sending a contact form request or an e-mail. If the contact form request or the e-mail contact is intended to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

The processing of personal data from the input mask serves us solely to process the establishment of contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration Of Storage / Right Of Objection And Elimination

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified and that no legal requirements call for longer storage.

The user has the possibility to withdraw his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In this event, all personal data stored in the course of contacting us will be deleted unless legal requirements require longer storage.

2. Newsletter and Newsletterprovider

Description Of Data Processing

We would like to inform our customers and interested parties at regular intervals with advertising news about our products, services, innovations or news at EXCCON by e-mail or other electronic notifications (hereinafter referred to as “Newsletter”). For this purpose we need your e-mail address. In the respective newsletter registration forms, further information might requested, such as name as well as the form of address and the company, in order to send you personalized contents tailored to your interests. You can alternatively enter “private” in the company field.

You can subscribe to our newsletters by using the corresponding function of a subscription form to subscribe to our newsletter, or during a registration process by ticking a check-box (so-called opt-in). For this purpose, we provide various options on our Websites or in the context of registration or order interfaces to register for our (possibly topic-specific) newsletters. The details to the respective contents of the newsletters are described concretely in the respective registration form. This description is relevant for your consent.

Following your registration, you will receive an e-mail from us in which you will be asked to confirm your newsletter subscription once again (so-called double opt-in procedure). This confirmation is necessary to exclude the possibility that someone else has misused your e-mail address to subscribe to our newsletter at a different address. Only when you activate the hyperlink sent to your email address will the newsletter be sent to your email address.

For verification purposes, the IP address and the registration date (“timestamp”) are stored in addition to your e-mail address and name for the newsletter dispatch.

For the dispatch of our Newsletters and mailings we work together with the dispatch service provider MailChimp. MailChimp is a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

MailChimp may use recipient data in a pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for technical optimization of sending and presentation of newsletters or for statistical purposes. However, MailChimp is not entitled to use the Data of our newsletter recipients to write to them or to pass the Data on to third parties. You can see the privacy policy of the dispatch service provider here: https://mailchimp.com/legal/privacy/.

The Rocket Science Group LLC as the provider of MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level.

Legal Basis And Purpose Of Data Processing / Recipients

The legal basis for the dispatch of newsletters is the consent given by you as the recipient pursuant to (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 of the German Law Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, “UWG”), or if consent pursuant to § 7 para. 3 UWG is not required for existing customers, on the basis of our legitimate interest in direct marketing measures pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG. § 7 para. 3 UWG.

The logging of the registration procedure is based on our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in a secure and targeted newsletter system that meets both our business sales interests and the ideas and needs of the recipients, as well as the verifiability of the consents given.

MailChimp is used as a dispatch service provider on the basis of our legitimate interests according to Article 6 para. 1 lit. f GDPR and an data processing agreement pursuant to Art. 28 para. 3 sentence 1 GDPR.

Duration Of Storage / Right Of Objection And Elimination

You can object to the dispatch of the Newsletter at any time or withdraw your consent to receive the Newsletter in whole or in part. You will find an unsubscribe link at the end of each Newsletter. You can also contact us directly under: newsletter@exccon.com.

Unsubscribing from the Newsletter will not affect business communication. For the purpose of contract processing, our support and services, for software updates or registration for events, your Data will remain stored with us. Furthermore, we reserve the right to store the necessary evidence for the proof of a legally compliant newsletter dispatch until the expiry of the statutory limitation periods.

3. Registration For Events, Fairs, Courses Or Seminars (“Events”)

Description Of Data Processing

On our Website you can inform yourself about current events by and with EXCCON. The information on the respective event includes registration forms with which you can register yourself, if you are interested. If a user takes advantage of this possibility, the Data entered in the respective input mask will be transmitted to us and stored.

In doing so, we process the information provided in the respective input forms, such as salutation, name, company, e-mail, telephone (binding information is usually marked with the addition *) as well as comments or messages submitted.

We process and use the Data collected in this process for the purpose of processing registrations and for the execution of the respective event. Further details on the legal and organisational framework can be found in the underlying event descriptions or Terms and Conditions for participation.

Legal Basis And Purpose Of Data Processing

The legal basis for the processing of data sent in the course of an electronic application is Article 6 para. 1 lit. b GDPR, otherwise Article 6 para. 1 lit. f GDPR, based on the intended conclusion of a contract.

The processing of the personal data from the input mask serves us to process the respective registration as well as to plan and carry out the respective events.

Duration Of Storage / Right Of Objection And Elimination

The Data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is usually the case for the Personal Data from the input mask in the registration when the respective event has ended.

All Personal Data stored in the course of establishing contact will be deleted at the latest if no legal requirements call for longer storage.

4. Orders Via Our Website (“Webshop”)

Description Of Data Processing

On our Website you have the possibility to book directly offers from the area “Education” (like seminars or trainings). The individual training offers can be added to the shopping cart of our shop system via a booking button. The Data processed includes inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer services. For this purpose we use session cookies on the Website to store the contents of the shopping cart.

During the ordering process we process in detail the information taken from the respective input forms, such as title, name, company, department, address, e-mail. Binding information is usually marked with an asterisk (*) and includes the information necessary for the provision and invoicing of the ordered service, as well as contact information to be able to consult with you or to inform you of important information regarding the order (such as postponements).

We process and use Data collected during this process to enable you to select and order our training offers and associated services, as well as to make payment for them. In addition, the Data will be processed for the purpose of processing the order placed by you and subsequently for the execution of the seminar or training you have booked. Further details on the legal and organisational framework conditions can be found in the respective event descriptions or Terms and Conditions of participation.

If you purchase goods or services from us, we would like to send you, as an existing customer, information e-mails (“Newsletter”, for more information on shipping and service providers used for this purpose, see also Section VII. 2) for similar goods or services in the future. These e-mails will only be sent after an order has been placed.

Legal Basis And Purpose Of Data Processing

Due to the intended conclusion of a contract, the legal basis for the processing of Data collected in the course of an order is Art. 6 para. 1 lit. b GDPR, otherwise Art. 6 para. 1 lit. f GDPR.

The processing of the Personal Data from the input mask serves us for the processing of the respective registration as well as for the planning and execution of the respective events (Art. 6 para. 1 lit. b GDPR).

The legal basis for sending advertising information to existing customers by e-mail is our legitimate interest in direct marketing measures in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 of the UWG.

Duration Of Storage / Right Of Objection And Elimination

The Data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the Personal Data from the input mask of the order process, this is the case after the conclusion of a training contract at the earliest when the respective training service has been completely provided. In general, we retain contract-related data until the expiry of the statutory warranty obligations. In the case of a legal retention obligation, the deletion of data affected by this obligation is carried out after expiry of the period.

You can request at any time to no longer receive information e-mails from us as an existing customer. Therefore, please send an e-mail to newsletter@exccon.com or use the contact details given in the Legal Notice of our Website („Impressum“). If the respective Newsletter includes an appropriate link to unsubscribe at the end of the e-mail, you can also use this link to exercise your right to object. This will not incur any costs other than the transmission costs according to the basic telecommunication rates.

V. Use Of Our Support Area

Description Of Data Processing

We offer our customers the possibility to submit support requests to us via a browser-based tool with a specific login area. The URL under which the tool can be accessed and the necessary password will be communicated to our customers as part of the business transaction. The access data (email address and password) necessary for the login will be deposited by us when creating a corresponding customer account.

For the provision of our support services, we use on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (data processing agreement with our service provider) the cloud application of the manufacturer 4me Inc. 555 Bryant Street #156 Palo Alto, CA 94301, U.S.A.. Your access data are also managed here. However, ticket processing is primarily done by our support staff.

4me is certified under the Privacy-Shield Agreement and thus offers a guarantee to comply with the European data protection level.

Within the scope of each registration process and the use of the support area, the service provider used by us stores your IP address and the time of the respective user action (timestamp), Internet service provider, web browser and operating system used or the respective version information, language settings and referrer URL. The IP addresses are anonymized or deleted according to the statement of the service provider used immediately after the end of the use of his services.

If a solution to the malfunction or an answer to a question can only be provided by the respective manufacturer, we will pass on the information related to the enquiry / malfunction to the manufacturer after consulting with you.

Legal Basis And Purpose Of Data Processing

Due to the intended conclusion of a contract, the legal basis for the processing of Data transmitted to us in the course of sending an electronic application is Art. 6 para. 1 lit. b GDPR, otherwise Art. 6 para. 1 lit. f GDPR.

The processing of Data in connection with our support area serves the purpose and legitimate interest of providing an effective way to contact and communicate with our support team, as well as the administration, processing and solving of support cases received through it.

Duration Of Storage / Right Of Objection And Elimination

The Data is deleted as soon as it is no longer necessary for the fulfilment of the purpose for which it was collected (conclusion of the support case) and storage is, also with regard to the legal periods applicable for the services provided in this context (in particular warranty claims), no longer required

As far as we use Data within the scope of fulfilling our contractual obligation entered into with a customer, our interest in handling your Data lies in enabling and maintaining the exchange with the customer, typically within the scope of a support contract and its fulfilment. If you act as a contact person – typically in your function as an employee of these companies – you usually have no predominant conflicting interest, as far as this interaction with us is part of your area of responsibility, so that a right of objection is regularly excluded. Furthermore, it would regularly be impossible for us to provide the contractually agreed support services properly.

C.     Contractual relationships with customers and business partners

I. Am I obliged to provide data?

If you enter into contract negotiations with us with questions about our services, accept one of our offers or have other contractual agreements with us, we will process the Data you provide in this context. Which Data is processed in detail depends decisively on the relevant objects of purchase or the services which you obtain from us or which you inquire about. In this context, the processing of your Data is usually absolutely necessary for the preparation, conclusion and processing of the contract. If you do not provide us with this Data, we may have to refuse to conclude a contract or execute an order or may no longer be able to execute an existing contract.

As far as we use Data in the context of contract initiation or performance with a customer, business or cooperation partner, our interest in handling your Data lies in enabling and maintaining the exchange with the customer or the respective business or cooperation partner, typically in the context of a contract or other relationship. If you act as a contact person – typically in your function as an employee at these companies – you usually have no overriding opposing interest, insofar as this interaction with us is part of your area of responsibility, so that a right of objection is regularly excluded.

However, you are not obliged to give your consent to data processing with regard to data which is not relevant for the fulfilment of the contract or which is not required by law.

II. Communication

In principle, we collect the necessary data from you ourselves through personal contact. Of course, you can also contact us by telephone, fax, post or alternatively via our e-mail address (see Legal Notice („Impressum“) or via the e-mail addresses of our employees provided to you. In the latter case, the personal data transmitted with the e-mail will be stored. Please note that e-mail communication is not encrypted for technical reasons.

Your Data will be used for the processing of the conversation and the post-processing of the respective inquiry or meeting contents. Your Data will be processed on the basis of Art. 6 para. 1 lit. b GDPR if the communication is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.

In all other cases, processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the effective processing of enquiries addressed to us.

In this context, the data will not be passed on to third parties unless it is necessary to pursue our claims or legitimate interests (Art. 6 para. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 para. 1 lit. c GDPR).

III. Data processing within the framework of distribution

Data will be processed on the basis of Art. 6 Para. 1 lit. b GDPR in order to provide the service you have commissioned us to provide, in particular to implement our contracts or pre-contractual measures, as well as all activities required for the operation and administration of EXXCON.

The resulting purposes of Data processing shall primarily depend on the activities and individual services specifically agreed with you and may include, but are not limited to, consulting activities or activities within the scope of controlling sales processes (e.g. compiling documents, sending EXCCON product or event information, providing EXCCON services) or accompanying sales negotiations and concluding contracts.

Further details on the scope, purpose and recipients of your data can be found in the relevant contractual documents and associated terms and conditions.

To the extent necessary within the framework of our operational processes, we process your Data in connection with our services beyond the actual fulfilment of the contract to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR).

In connection with the offer or provision of our services, we may be subject to special legal obligations, such as requirements of tax legislation. The purposes of processing your data may therefore include, among other things, compliance with fiscal control and reporting obligations, customs or export regulations and the assessment and control of risks. The data processing required for this is based on Art. 6 para. 1 lit. c GDPR.

IV. Events, Fairs, Courses Or Seminars (“Events”)

Description Of Data Processing

If you participate in courses, seminars or other events organised by us or visit us at our stands at trade fairs where we are represented, we kindly ask you to fill in or confirm so-called “Lead Sheets” if you are interested in our services and products for further contact and information. The scope of the Data requested and provided by you is shown on the respective form. Our employees are regularly handed out business cards with the request to contact us. Data from your Lead Sheets or business cards will be used in accordance with the kind of your interest in our services in order to contact you afterwards.

We would like to point out that, depending on the type of event, we will take photos and film/audio recordings at the event location. If necessary, the recordings can be published on our Website or other Online Presences or in the media. In this way, we process recordings for the purpose of advertising, marketing, press and public relations work and reporting in connection with our events, in particular through publication and use. This is not intended to identify uninvolved persons or the targeted recording of objects, which are suitable for the indirect identification of Persons. We will not publish any images that degrade, disparage, humiliate or expose the person depicted, interfere with his or her privacy or violate his or her personal interests in any way.

If, in individual cases, photographs are taken showing you as an individual, through which you are clearly recognisable and identifiable, you will be contacted by the photographer in advance, if possible, or at the entrance to the event, in order to give your consent. Please note that – especially when participating in public events at which photographs or film/sound recordings are usually made – consent may also be implied, for example if you pose for the photographer on your own initiative. No special permission is required for the depiction of larger groups of people at events where photography does not focus on the individual. If you do not wish to be photographed or recorded, please inform the photographer.

Legal Basis And Purpose Of Data Processing

If you participate in courses, seminars or other events organised by us, the legal basis for the processing of data processed in the course of specific requests for pre-contractual information is Art. 6 para. 1 lit. b GDPR due to the intended conclusion of a contract, when filling out a lead sheet your consent pursuant to Art. 6 para. 1 lit. a GDPR, otherwise Art. 6 para. 1 lit. f GDPR.

Photos, film or sound recordings are produced on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of documenting and promoting our events. If, in individual cases, we are to process and use recordings in which individuals are clearly recognisable, we will obtain consent in accordance with Art. 6 Para. 1 lit. a GDPR.

Duration Of Storage / Right Of Objection And Elimination

The Data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the Data from the input mask of the registration, this is usually the case when the respective event is finished.

All Data stored during our contact will be deleted at the latest when no legal requirements no longer require a storage.

V. Transmission of data

Depending on the scope of the service, your Data or documents may be passed on to public authorities or private service providers or persons with whom we cooperate on a regular basis during the enquiry or offer phase as well as during the execution of the contract (see Section A, Section V).

D.     Miscellaneous

Due to the further development of our Online Presences or our Services, as well as due to changed legal or official requirements, it may become necessary to change this Privacy Policy. You can access the current Privacy Policy on our Website or the respective Online Presence at any time and print it out, if necessary.