Data Protection Statement
This Data Protection Statement was last updated in October 2022 to reflect changes in data protection laws, specifically the GDPR . It sets out the data protection practices carried out through the use of the Internet and any other electronic communications networks by Data Business Services GmbH & Co KG and its associated companies (all together “COMPANY”).
Contacts for Data Protection:
In case of any requests on data protection issues, please contact:
Severine Petersen (Data Protection Officer)
Requests that do not have confidential or sensitive content can be sent by mail to the Data Protection Officer by using the following e-mail address:
Fax: +49 89 66002036
Personal information we collect
COMPANY collects personal information from you through the use of registration forms, for instance every time you sign up for an electronic newsletter, when you send us an application to be considered for contact, employment, when you register for an event, when you submit a request for proposal or for information, when you request the authorization of downloading a document, when you enter an online competition or when you send us a message via an email reply mechanism provided on the COMPANY website.
Utlization of personal information
We process personal information collected via the COMPANY website for the purposes of:
- Providing our services
• Dealing with your enquiries and requests
• Proposing/inviting access to COMPANY’s social media accounts
• Proposing/inviting to informational events and conferences
• Providing you with information about products and services.
Information we gather via this website
When you visit one of the COMPANY website, we collect information automatically about those visits.
In particular, your browser automatically sends us certain Internet-related information, such as the Internet Protocol (IP) address of the computer you are using.
Only the following technical cookies are used which do not store tracking or retrievable information or any type of personal data.
wfwaf-authcookie-(hash) This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.
wf_loginalerted_(hash) This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.
wfCBLBypass Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.
Information we share
We will only disclose personal information to other companies within our group of companies, business partners, government bodies and law enforcement agencies, successors in title to our business and suppliers we engage to process data on our behalf. In these circumstances we will share your personal information for purposes such as our legitimate business purposes and to comply with legal obligations.
Links to other sites
This Data Protection Statement applies only to information collected by a COMPANY website. For further information an the all data protection policies of COMPANY please contact the DPO.
COMPANY website contain links to other sites that are not owned or administered by COMPANY. Please be aware that COMPANY is not responsible for the privacy practices of such other third party sites. We encourage you to read the privacy statements of every Website you visit.
We maintain safeguards to protect against unauthorized disclosure, use, alteration, or destruction of the personal information you provide to us through the COMPANY website. Please note, however, that perfect security does not exist on the Internet. Therefore, while we endeavour to protect your personal data, when data is transferred over the Internet it may potentially be accessed and used by unauthorised parties.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Access and correction and deletion
We want to make sure that any information we hold on you is up to date and correct. If you have any requests concerning your personal information COMPANY holds about you , to obtain a copy or any queries with regard to these practices please contact us at the contact the DPO as listed the beginning of this document.
Internet based transfers
Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing the COMPANY sites and communicating electronically with us, you acknowledge our processing of personal data in this way. However, we will endeavour to protect all personal information collected through the COMPANY sites in accordance with strict data protection standards.
Changes to this data protection statement
We reserve the right to amend this Statement at any time without advance notice in order to address future developments of COMPANY, the Website or changes in industry or legal trends. We will post the revised Statement on the Website or announce the change on the home page of the Website. You can determine when the Statement was revised by referring to the “Last Updated” date on the top of this Statement. Any changes will become effective upon the posting of the revised Statement on the Website. By continuing to use the Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Statement, in whole or part, you can choose to not continue to use the Website.
Security of your data
Your personal data will be secured by taking all technical and organizational security measures so that they are inaccessible to unauthorized third parties. When sending very sensitive data or information, it is recommended to use the mailing route, as a complete data security can not be guaranteed by e-mail.
Duration of storage:
The personal data provided by you is stored for the duration of the use of the website or in the event of the provision of information or services until the expiry of the legal storage period and to the permitted extent, taking the basic principles of the EU-GDPR and the German Federal Data Protection Act (BDSG) into account.
Registration on this website
You have the option to register on our website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise we shall reject the registration.
To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.
We shall process the data entered during the registration process on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You have the right to revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an informal notification via e-mail. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
The data recorded during the registration process shall be stored by us as long as you are registered on our website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary for the establishment, content organization or change of the legal relationship (data inventory). These actions are taken on the basis of Art. 6 Sect. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual actions. We collect, process and use personal data concerning the use of our website (usage data) only to the extent that this is necessary to make it possible for users to utilize the services and to bill for them.
The collected customer data shall be eradicated upon completion of the order or the termination of the business relationship. This shall be without prejudice to any statutory retention mandates.
Data transfer upon closing of contracts for online stores, retailers and the shipment of merchandise
We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with companies entrusted with the provision of professional services or the financial institution tasked with the processing of payments. Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for advertising purposes, shall not occur. The basis for the processing of data is Art. 6 Sect. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual actions.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
In the event that data are processed on the basis of Art. 6 Sect. 1 lit. e or f GDPR, you have the right to at any time object to the processing of your personal data based on grounds arising from your unique situation. This also applies to any profiling based on these provisions. To determine the legal basis, on which any processing of data is based, please consult this Data Protection Declaration. If you log an objection, we will no longer process your affected personal data, unless we are in a position to present compelling protection worthy grounds for the processing of your data, that outweigh your interests, rights and freedoms or if the purpose of the processing is the claiming, exercising or defence of legal entitlements (objection pursuant to Art. 21 Sect. 1 GDPR).
If your personal data is being processed in order to engage in direct advertising, you have the right to at any time object to the processing of your affected personal data for the purposes of such advertising. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection pursuant to Art. 21 Sect. 2 GDPR).
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en.
For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.
Plug-ins and Tools
YouTube with expanded data protection integration
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Google Fonts (local embedding)
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google Fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
We have included Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).
Wordfence is designed to protect our website from unwanted access or malicious cyberattacks. To accomplish this, our website establishes a permanent connection with Wordfence’s servers, which check and block their databases against access to our website.
The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of his website against cyberattacks. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
WORDFENCE PLUGIN – DATA PROCESSING AGREEMENT
Defiant provides a data processing agreement to help customers meet their data privacy and protection obligations that are part of the General Data Protection Regulation (GDPR). Defiant has pre-signed the agreement and it is available to all Defiant customers that are processing personal data and operate in the European Economic Area (EEA) or are otherwise subject to the territorial scope of the GDPR. To learn more about privacy and data protection rules of the EEA click here.
To comply with EU General Data Protection Regulation (“GDPR”), our EU customers must sign our Data Processing Agreement (“DPA”) and the Standard Contractual Clauses to establish the respective responsibilities between the Defiant customer (as the data controller) and Defiant itself (as the data processor). If the GDPR applies to you please download, sign, and email both the DPA and the Standard Contractual Clauses to firstname.lastname@example.org. Both the DPA and Standard Contractual Clauses are available in one document below. Note you must sign in two places.
Defiant Data Processing Agreement and Standard Contractual Clauses can be downloaded here: https://www.wordfence.com/gdpr/dpa.pdf
Remember to sign in two places and email it to email@example.com.
Cookies set by the Wordfence plugin
To help you understand which cookies the Wordfence plugin sets, when installed on your WordPress site, we have provided the guide below. Wordfence currently sets three cookies and we explain what each cookie does, who will have the cookie set, and why the cookie helps secure your site.
What it does: This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.
Who gets this cookie: This is only set for users that are able to log into WordPress.
How this cookie helps: This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.
What it does: This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.
Who gets this cookie: This is only set for administrators.
How this cookie helps: This cookie helps site owners know whether there has been an admin login from a new device or location.
What it does: Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.
Who gets this cookie: When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This will be set for anyone who knows the URL that allows bypass of standard country blocking. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.
How this cookie helps: This cookie gives site owners a way to allow certain users from blocked countries, even though their country has been blocked.
Expiry: 1 year
First URL found: https://data-business-services.de
Cookie Purpose Description: Stores the user’s consent status for cookies on the current domain.
Initiator: Script tag, page source line number 1
Data sent to: Ireland (appropriate)
Appropriate country according to GDPR (EU)
First URL found: https://data-business-services.de/
Cookie purpose description: This cookie is required for the cache function. A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored in the visitor’s browser.
Initiator: Script tag, page source line number 312
Data sent to: Germany (appropriate)
Appropriate country according to GDPR (EU)
Category: Preferences (1)
Preference cookies enable a website to remember information that affects the way a website behaves or looks, such as: B. Your preferred language or the region you are in.
Procedure: 1 day
First URL found: https://data-business-services.de/
Cookie Purpose Description: Identifies the country code that is calculated based on the user’s IP address. Used to determine which language to use for users.
Initiator: script tag
Data sent to: Germany (appropriate)
Appropriate country according to GDPR (EU)
Further questions or concerns:
Data Business Services GmbH & Co. KG