Data protection

1. Your privacy at a glance

Introduction
The following information provides you with a quick summary of what happens to your personal data when you visit this website. This ‘personal data’ is all of the information that can be used to identify you as an individual. For full details of how we handle data protection, please read through the full Privacy Policy included below this introduction.

Data collection on this website
Who is responsible for data collection on this website?
Data processing for this website is handled by the website operator. For contact details,please see the section titled ‘Information about the data controller’ in this Privacy Policy.

How do we collect your data?
One way we collect data is if you provide us with your data voluntarily. This kind of data includes details that you enter into a contact form, for example. Other data is collected by our IT systems automatically or after you have given your consent when visiting the website. This includes technical data in particular (e.g. web browser, operating system or the time you accessed a page). This kind of data is collected automatically when you visit this website.

How do we use your data?
Some data is collected in order to ensure website services can be provided without errors. Other data may be used in order to analyse your user behaviour.

What rights do you have concerning your data?
You have the right to receive information about the origin, recipients and purpose of the personal data that we hold about you, at any time and at no cost to you. You also have the right to request the rectification or erasure of this data. If you have given your consent for your data to be processed, you can withdraw this consent at any time with future effect. In some circumstances, you also have the right to request that we act to restrict the processing of your personal data.You also have the right to lodge a complaint with the competent supervisory authority.You are welcome to contact us about this or any other issues related to data protection.

Analysis tools and third-party tools
Statistical tools may be applied to analyse your visits as a user of this website. Such tools are often referred to as ‘analysis programs’.
For full details of the analysis programs that we use, please see the Privacy Policy below.

2. General information and legally required information

Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential, and in accordance with both data protection legislation and the provisions of this Privacy Policy.
Various types of personal data are collected when you visit this website.‘Personal data’ is all of the information that can be used to identify you as an individual. This Privacy Policy tells you about the types of data that we collect and what we use this data for. The policy also explains how this is done and for what purposes.
Please be advised that data transmission over the internet (e.g. when communicating via email) may involve security vulnerabilities. It is not possible to provide end-to-end protection for data against unauthorised access by third parties.

Information about the data controller

The data controller for this website is:
Formcentric GmbH
Breite Str. 61
22767 Hamburg
T +49 40 22863 8060
F +49 40 22863 8069
www.formcentric.com
Phone: +49 40 22863 8060
Email: info@formcentric.com

The ‘data controller’ is the natural person or legal entity who, alone or together with others, makes decisions about the purposes and tools for the processing of personal data (e.g. names, email addresses, etc.).

Data retention
Unless a more specific retention period has been given in this Privacy Policy, we retain your personal data until the original purpose for data processing is no longer applicable. If you assert a legitimate claim to have data erased or withdraw your consent for data processing, your data will be erased unless we have any other legally permissible reasons for continuing to store your personal data (these may include retention periods specified by tax or trade law, for example); in the latter case, the data is erased once these reasons no longer apply.

Information about the legal basis for data processing on this website
If you have consented to data processing, we will process your personal data on the basis of point (a) of article 6(1) of the EU GDPR or point (a) of GDPR article 9(2) in cases where categories of data referred to in GDPR article 9(1) are being processed. In the case of explicit consent being given to transfer personal data to third countries, data will also be processed on the basis of point (a) of GDPR article 49(1). If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data will also be processed on the basis of section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. If your data is needed in order to fulfil a contract or to perform pre-contractual activities, we will process your data on the basis of point (b) of GDPR article 6(1). Furthermore, if we need to process your data in order to fulfil a legal obligation, we will process your data on the basis of point (c) of GDPR article 6(1).We may also process your data based on our legitimate interests pursuant to point (f) of GDPR article 6(1). The legal basis that is relevant and applicable in each case is stated in the following sections of this Privacy Policy.

Data Protection Officer

D&C Datenschutz und Consulting
Dirk Borbe
Phone: +49 162 5817 253
Email: info@dundc.org

Withdrawal of consent to data processing
Many data processing operations require your explicit consent before they can proceed. Once this consent has being given, you may withdraw this consent at any time. A withdrawal does not affect the lawfulness of data processing activities carried out before the withdrawal.

Right to object to data collection in special cases and to direct marketing (GDPR article 21)
If data processing is conducted on the basis of point (e) or (f) of GDPR article 6(1), you have the right to object, on grounds relating to your particular situation, to the processing of your personal data; this right also includes profiling based on these provisions. Please consult this Privacy Policy to identify the respective legal basis on which the processing is based. If you submit such an objection, then we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for this processing that override your interests, rights and freedoms, or this processing is required for the establishment, exercise or defence of legal claims (objection pursuant to GDPR article 21(1)). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data affecting you as a data subject for this kind of marketing, which includes profiling to the extent that it is related to such direct marketing. If you submit an objection, then your personal data will no longer be utilised for the purposes of direct marketing (objection pursuant to GDPR article 21(2)).

Right to lodge a complaint at the supervisory authority
In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, whether in the member state of their place of residence, their workplace or the place of the alleged violation. This right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability
You have the right to request the delivery of the data that we process on the basis of your consent or in fulfilment of a contract either to yourself or to a third party in a standard, machine-readable format. In cases where you request the direct transfer of data to another data controller, this will be duly carried out only if technically feasible.

SSL and TLS encryption
For security reasons and to protect the transfer of confidential data, such as purchase orders, for example, or enquiries that you send to us as the site operator, this website utilises SSL and/or TLS encryption. You can identify an encrypted internet connection by the presence of a padlock icon on your browser’s address bar and the prefix ‘https://’ instead of ‘http://’. When SSL or TLS encryption is activated, the data that you send to us cannot be intercepted and read by a third party.

Encrypted payment transactions on this website
If, after the conclusion of a paid contract, there is a requirement for you to transfer your payment data to us (e.g. account number for a direct debit mandate), these details will be required for payment processing.
Payment transactions using standard payment methods (Visa/MasterCard, direct debit) are always made over an encrypted SSL or TLS connection. You can identify an encrypted internet connection by the presence of a padlock icon on your browser’s address bar and the prefix ‘https://’ instead of ‘http://’.When using an encrypted communication channel, the payment data you send to us cannot be intercepted and read by a third party.

Right to access, erasure and rectification
In accordance with applicable data protection legislation, you have at all times the right to be informed at no charge about your stored personal data, its origin and its recipients, and the purpose of data processing. You may also have the right to rectify or erase this data. You are welcome to contact us about this or any other issues related to your personal data.

Right to restriction of processing
You have the right to request that we act to restrict the processing of your personal data.You are welcome to contact us about this at any time. Your right to restriction of processing applies in the following cases:

  1. If you are contesting the accuracy of the personal data that we store about you, we will typically need some time to verify your claim. While we are doing this, you have the right to request that we act to restrict the processing of your personal data.
  2. If the processing of your personal data was or is being carried out unlawfully, you may request the restriction of data processing instead of data erasure.
  3. If we no longer need your personal data, but you require your personal data for the establishment, exercise or defence of legal claims, then you have the right to request the restriction of the processing of your personal data instead of data erasure.
  4. If you have lodged an objection pursuant to GDPR article 21(1), then a decision must be made about whose interests will prevail, namely: yours or ours. Until a decision has been taken regarding these interests, you have the right to request that we act to restrict the processing of your personal data.

If you have acted to restrict the processing of your personal data, then this data, with the exception of its storage, can only be processed as follows: with your consent being given; or for the establishment, exercise or defence of legal claims; or to protect the rights of another natural person or legal entity; or for reasons of an important public interest of the European Union or of an EU Member State.

Legal warning re unsolicited mail
The operators of this website expressly prohibit the use of contact details provided in accordance with German law (‘Impressumspflicht’) for the purpose of sending any advertising or information materials not expressly requested. The operators of this website expressly reserve the right to take legal action in the event of receiving unsolicited advertising information such as ‘spam’ mail.

3. Data collection on this website

Contact form
If you use our contact form to send us your enquiry, then the information you enter into the enquiry form and your contact details will be stored by us for the purpose of processing your query, and for contacting you if we need to clarify anything. We will not share this information without your consent.
This data is processed on the basis of point (b) of GDPR article 6(1), insofar as your enquiry relates to the fulfilment of a contract or is necessary in order to perform pre-contractual activities. In all other cases, processing is based on our legitimate interests in the efficient processing of enquiries that we receive (point (f) of GDPR article 6(1)) or on your consent (point (a) of GDPR article 6(1)), if this consent was requested; your consent can be withdrawn at any time.
We retain the data that you enter into the contact form until you request its erasure or withdraw your consent to its storage, or until the purpose for storing this data no longer applies. (e.g. once we have finished processing your enquiry). This does not affect any mandatory legal provisions, such as retention periods in particular.

Enquiries made by email, phone or fax

If you contact us by email, phone or fax, then we will store and process your enquiry, including all related personal data (name, enquiry details) for the purpose of processing your enquiry. We will not share this information without your consent.
This data is processed on the basis of point (b) of GDPR article 6(1), insofar as your enquiry relates to the fulfilment of a contract or is necessary in order to perform pre-contractual activities. In all other cases, processing is based on our legitimate interests in the efficient processing of enquiries that we receive (point (f) of GDPR article 6(1)) or on your consent (point (a) of GDPR article 6(1)), if this consent was requested; your consent can be withdrawn at any time.
We retain the data that you send us as part of your contact enquiry until you request its erasure or withdraw your consent to its storage, or until the purpose for storing this data no longer applies. (e.g. once we have finished processing your enquiry). This does not affect any mandatory legal provisions, such as legal retention periods in particular.

4. Analysis tools and advertising

Matomo

This website uses Matomo, an open-source web analysis service. Matomo makes use of methods that facilitate tracking a user across separate pages in order to analyse user behaviour (e.g. using cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. IP addresses are anonymised before they are stored.
Thanks to Matomo, we are able to collect and analyse data about the use of our website by website visitors. Examples of this including finding out which pages were accessed and which geographical region you are based in. We also log technical information (e.g. your IP address, page referrer, browser used and operating system) and can also find out whether our website visitors have performed certain actions (e.g. clicks, purchases, etc.).
The legal basis for the use of these analysis tools is point (f) of GDPR article 6(1). The website operator has a legitimate interest in analysing user behaviour, so as to optimise their web services as well as their advertising. If consent has been obtained in this context, then processing is carried out exclusively on the basis of point (a) of GDPR article 6(1) and TTDSG article 25(1), insofar as this consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) in the sense as defined by the TTDSG. This consent may be withdrawn at any time.

Hosting

We host Matomo only on our own servers. Accordingly, all analysis data remains on our own systems and is not shared

LinkedIn Insight Tag

This website uses the insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Data processing by the LinkedIn insight tag

The LinkedIn insight tag provides us with information about the visitors to our website. If a website visitor is registered with LinkedIn, we can analyse some basic items of career data (e.g. career level, company size, country, location, industry and professional title) for our website visitors and therefore design our site to better serve the respective target audiences. We can also use LinkedIn insight tags to discover whether visitors to our web pages have made a purchase or carried out other actions (conversion measurement). This conversion measurement may also be device-independent (e.g. from PC to tablet). The LinkedIn insight tag also offers a retargeting feature, which we can use to have targeted advertising displayed to our website visitors outside of our website. LinkedIn states that it does not personally identify the recipients of this advertising.

Linkedin itself also logs certain kinds of data (URL, referrer URL, IP address, device and browser properties, and time of access). The IP addresses are truncated or (if they are used for the purpose of reaching LinkedIn members across several devices) hashed (pseudonomised).

As a website operator, we are unable to associate the data collected by LinkedIn with specific individuals. LinkedIn stores the personal data that it collects from website users on its servers in the USA and uses this data for its own advertising activities. Data erasure: Personal data stored by Formcentric in the LinkedIn Campaign Manager is erased automatically on a routine basis:

- Within 30 days in relation to contact lists (e.g. hashed emails)
- On a rolling basis within 90 days for target groups that were created on the basis of contact lists (if not actively used by customers)
- Within 365 days for data submitted in forms for lead generation
- Within 180 days for pseudonomised website visitor data and offline conversion data

For details, please see the LinkedIn Privacy Policy:

https://www.linkedin.com/help/linkedin/answer/a1444756

Legal basis

Insofar as consent has been obtained, the sole legal basis for the abovementioned service is point (a) of art. 6(1) of the EU GDPR and section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG). This consent may be withdrawn at any time.

Data transfers to the USA are based on the standard contractual clauses from the EU Commission. For details, please see:

https://www.linkedin.com/legal/l/dpa and

https://www.linkedin.com/legal/l/eu-sccs.

The company has been certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement made between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing carried out in the USA. Every company certified under the DPF has agreed to uphold these data protection standards. The provider has made further information available at the following link:

https://www.dataprivacyframework.gov/participant/5448.

Opting out of the use of the LinkedIn insight tag

Use the following link to opt out of the analysis of user behaviour and targeted advertising by LinkedIn:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

LinkedIn members can also use their account settings to control the use of their personal data for advertising purposes. To avoid the creation of a link between data collected on our website by LinkedIn and your LinkedIn account, you will need to log out of your LinkedIn account before visiting our website.

Commissioned data processing

We have concluded a data processing agreement (DPA) for the use of the abovementioned service[2] [3] [4] . This DPA is a contract prescribed by data protection law that ensures that the data processor processes the personal data of our website visitors only in accordance with our instructions and while complying with the EU GDPR.

5. Ecommerce and payment service providers

Processing of customer and contractual data

We collect, process and use personal customer and contractual data in order to establish, design and provide content for, and modify our contractual relationships. We collect, process and use personal data concerning the utilisation of this website (usage data) only insofar as is required in order to facilitate the utilisation of the service for users or to bill users for the same.This is based on point (b) of GDPR article 6(1).
All customer data collected is erased once the order is complete or the business relationship has ended, and following the expiry of any applicable legal retention periods.This does not affect statutory retention periods.

Sharing of data on contract conclusion for services and digital content

We share personal data with third parties only where necessary in the course of contract processing – such as when sharing data with the financial institution tasked with payment processing.
Sharing of data for other purposes does not take place unless you have expressly consented to the sharing of your data. Data is not shared with third parties – such as for advertising purposes, for example – without your express consent.
The basis for data processing is given by point (b) of GDPR article 6(1), which permits the processing of data to fulfil a contract or pre-contractual activities.