Privacy policy

1. Privacy policy

2. European and Swiss data protection law

3. Controller, data protection officer

4. Data processing when operating the website

4.1. Web hosting

4.2. Usage data and server log files

4.3. Data processing in connection with cookies and similar technologies

4.3.1. Accessing and storing information in end devices

4.3.2. Cookies and similar technologies

4.4. Consent management via consent management platform CookieHub

4.5. Google Tag Manager

4.6. Google Analytics

4.7. Google advertising services and functions: Google Ads, Google Ads Conversion Tracking, Google Marketing Platform (formerly Google DoubleClick), Google Ads Remarketing.

4.8. Vimeo

4.9. New Relic (in connection with Vimeo)

4.10. Cloudflare (in conjunction with Vimeo)

4.11. Google Maps

4.12. Google Fonts

4.13. Google ReCaptcha

4.14. Contact form and general inquiries by e-mail

4.15. Web forms for collecting advertising data (newsletter registration, registration for live and on-demand webinars or events, booking appointments for talks or demos and downloading white papers and other documents)

5. Data protection information for customers and other contractual or business partners and interested parties

5.1. Establishment, execution and fulfillment of contracts and for the implementation of pre-contractual measures

5.2. Management of prospect and customer data

5.3. Data processing for advertising purposes

5.3.1. Statistical evaluation and analysis of customer and prospect data, market research and customer satisfaction surveys

5.3.2. Supplementing the database with further data collection from professional networks (LinkedIn)

5.3.3. Postal or telephone advertising measure

5.3.4. E-mail advertising to business customers

6. Data protection information for social media profiles

6.1. Social media profiles

6.2. Different responsibilities and roles

6.3. Joint controllership with platform operators

6.3.1. Joint controllers

6.3.2. Contacting the data protection officers of the platform operators

6.3.3. Data processing under joint controllership

6.3.4. Exercising your rights in the event of joint controllership

6.4. Responsibility of the platform operators

6.5. Our own responsibility

6.5.1. Data processing through the operation of the social media profile

6.5.2. Data processing when contacting us

6.5.3. Data processing for contract processing

6.5.4. Data processing based on consent

7. Other data processing

7.1. Documentation of compliance with data protection

7.2. Fulfillment of other legal obligations

7.3. Exercise or defense of legal claims

8. Your rights

1. Privacy policy

Version: 20/11/2024

Thank you for visiting our website and for your interest in our company and our products. We take the protection of your data seriously and we want you to feel secure when visiting our website. We will inform you below about how we handle your personal data in accordance with the applicable data protection regulations.

2. European and Swiss data protection law

When data of data subjects from the European Economic Area (EEA), in particular from Germany and Austria, is processed by the controller in Switzerland, the EU General Data Protection Regulation (GDPR) and, if applicable, special member state laws apply.

The Swiss Federal Act on Data Protection (DSG) applies to the processing of data of data subjects from Switzerland by the controller in Switzerland.

The following data protection information contains the mandatory information required under Art. 13 GDPR as well as the mandatory information under Art. 19 DSG with regard to the identity of the controller, the purposes of processing, the description of the data processing, the recipients and the information on data transfer to third countries. Information on the certification of recipients under the EU-U.S. Data Privacy Framework applies accordingly to certification under the Swiss-U.S. Data Privacy Framework.

With regard to the use of cookies and similar technologies, Section 25 of the Telecommunications Digital Services Data Protection Act (TDDDG) applies in Germany. For Austria, the provisions of Art. 165 Para. 3 of the Telecommunications Act (TKG) 2021 apply accordingly.

3. Controller, data protection officer

The controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is

avasis AG
Gemperenstrasse 26
CH-9442 Berneck

Tel.: +41 71 737 99 22

info@avasis.biz

You can reach the data protection officer as follows:

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich

E-mail: datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please state the company to which your request relates. Please refrain from enclosing sensitive information, such as a copy of your ID, with your request.

4. Data processing when operating the website

4.1. Web hosting

This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the servers of the hoster. This may include IP addresses, contact requests, meta and communication data, website access and other data generated via a website.

We collect the listed data in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded an order processing contract with the provider in accordance with the provisions of Art. 28 GDPR, in which we require the provider to protect our customers' data and not to pass it on to third parties.

4.2. Usage data and server log files

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
(Full) IP address of the requesting computer
Amount of data transferred

We collect the listed data in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. The data will be deleted after 7 at the latest.

4.3. Data processing in connection with cookies and similar technologies

4.3.1. Accessing and storing information in end devices

By using our website, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 Para. 1 Sentence 1, Para. 2 No. 2 TDDDG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 Para. 1 TDDDG with your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

4.3.2. Cookies and similar technologies

4.3.2.1. General information

We use services on this website that use cookies and similar technologies to store data in the browser of your end device and to read previously stored data. Cookies, the local storage memory of your browser, pixels and so-called tags can be used for this purpose.

Cookies are small text files that can be stored and read on your end device.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session for a certain period of time.

In addition to cookies, we may use the local storage memory of your browser to store and read data. We may also integrate pixels into our websites. Pixels are small individualized image files that are loaded when a page is loaded and can be used to track user activity.

Finally, we may use tags (markers) on our websites. Tags are small HTML or Java Script code fragments or markers that enable website analysis or user tracking services to distinguish or identify users and track certain user activities.

Further information on the cookies and similar technologies we use can be found below in the descriptions of the categories of cookies and in our consent management platform "CookieHub", which is displayed to you when you visit our website. You can call up "CookieHub" again via the gear icon at the bottom left of the website and change your settings.

Please note that without the use of certain cookies and similar technologies, our websites may not be displayed correctly and some functions may no longer be technically available.

4.3.2.2. Category Necessary cookies

Services in this category may use cookies and similar technologies to store and read information on your device. We use these

to enable the website to be displayed and to provide its basic functions, in particular page navigation and access to secure areas,
to enable the submission and revocation of consent,
to protect our forms from fraudulent entries,
to protect our website from cyber-attacks and fraud attempts and

Some of the cookies and similar technologies used only contain information on certain settings and are not personally identifiable. We do not use these cookies for the purpose of tracking your interactions, measurement, or evaluation, or for advertising purposes.

The use of the services and corresponding cookies and similar technologies in this category is based on Section 25 Para. 2 No. 1, No. 2 TDDDG. Subsequent data processing is carried out on the basis of Art. 6 Para. 1 Sentence 1 lit. f GDPR.

4.3.2.3. Category User settings

Services in this category may use cookies and similar technologies to store and read information on your device. We use these

to make our websites appealing to you,
to enable the loading of content from third-party providers and
to provide you with certain settings and other functions of the website.

The use of the services and corresponding cookies and similar technologies in this category is based on your consent in accordance with Section 25 Para. 1 TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR.

4.3.2.4. Category Analytical cookies

Services in this category may use cookies and similar technologies to store and read information on your device. We use these

to be able to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and your use of our websites,
to design our websites in line with requirements and to adapt them to the interactions of users and
to monitor the technical functionality of our website and to enable error correction.

For this purpose, we and the services regularly store individual pseudonymous identifiers (recognition features) consisting of numbers and letters in cookies on your end device when you visit our website and read them out again when you visit our website again.

The use of pseudonyms allows users to be individually distinguished and recognized. However, the natural person behind a pseudonym cannot usually be identified directly, in particular not by name, without further, additional data.

Other technologies can also be used regularly to read recognition features from your end device, e.g. in the case of so-called browser or device fingerprinting, in which data from the properties of the browser you use (e.g. type and version of the browser) and its configuration (e.g. preferred language), from the properties of your end device (e.g. manufacturer and model of your cell phone, operating system) or the hardware you use (e.g. screen resolution) are used to recognize you as a different user under a pseudonym.

4.3.2.5. Category Marketing Cookies

Services in this category may use cookies and similar technologies to store and read information on your device. We use these

to be able to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and your use of our websites,
to track your interactions with advertisements placed by us via third-party providers on other websites across different end devices and websites (so-called conversion tracking),
to be able to track and evaluate your interactions with our website and to make these interactions the basis for targeted advertising campaigns in advertising networks aimed at you or a specific target group to which you belong (so-called retargeting and remarketing),
to improve the effectiveness of our advertising measures and to manage our advertising campaigns.

For this purpose, we and the services regularly store individual pseudonymous identifiers (recognition features) consisting of numbers and letters in cookies when you visit another website or when you visit our website on your end device and read them again when you visit this website or a new website.

Other technologies can also be used regularly to read recognition features from your end device, e.g. in the case of so-called browser or also device fingerprinting, in which data from the properties of the browser you use (e.g. type and version of the browser) and its configuration (e.g. preferred language) or from the properties of your end device (e.g. manufacturer and model of your cell phone, operating system) or the hardware you use (e.g. screen resolution) are used to recognize you as a different user under a pseudonym.

If necessary, the processed pseudonymous recognition features may also be merged with other data by us or the providers of the services used.

The services we use and their providers can also exchange and compare recognition features (ID) with each other in order to merge the features in the event of a match and assign them to the same pseudonymous user (ID matching/ID syncing). This enables cross-device, cross-platform and cross-advertising network recognition and advertising targeting of website visitors.

If you identify yourself with your clear data such as name or e-mail address or enter your own user data on our websites or log in to social networks or online services from third-party providers who also provide us with corresponding services for tracking and advertising, pseudonymous recognition features can also be linked to your clear data or user data.

In this way, we or the providers of the services can create and evaluate comprehensive pseudonymous or non-pseudonymous user profiles in order to subsequently use them for targeted advertising based on your interests.

4.4. Consent management via consent management platform CookieHub

On our websites, we use the consent management platform "CookieHub" from CookieHub ehf, Hafnargata 55, Reykjanesbær, Iceland, with the help of which we manage your consent to the use of cookies and similar technologies.

Description of the data processing and the purpose

We use the service to manage your consent to the use of cookies and similar technologies and the subsequent data processing.

If you give your consent via our consent banner, the service processes the following data:

a unique string of characters that is stored in a CookieHub cookie in the user's browser together with the settings for the cookie categories. This token can be requested by the user to find the entry from the consent log and to demonstrate the user's consent decisions.
the full URL that the user displayed when the cookie settings were configured in the CookieHub widget.
a reference to the version of the widget that was displayed at the time the user gave their consent.
the anonymized IP address of the customer, whereby the last part of the IP address is replaced by a 0 in order to avoid the risk of identifying personal data.
the registered country code for the anonymized IP address block.
the user agent string, which usually contains browser and operating system information.
the date and time of consent

This data is logged on the servers of the provider. As part of data processing, cookies are used to store your consent status in your end device, to read it out again when you return to the site and to compare it.

In this way, we are able to check your consent status on all subsequent and future visits to our websites and to activate or deactivate cookies and other technologies in accordance with your decision to use them when you visit the site again.

The purpose and our legitimate interest are to use cookies and similar technologies on our websites in compliance with data protection regulations and to enable you to easily revoke your declarations of consent.

Legal basis for data processing

Insofar as we use cookies and similar technologies as part of the integration of the service or insofar as data is stored on your end device or read from there by the service, this is done in accordance with Section 25 Para. 2 TDDDG. Subsequent data processing is carried out on the basis of Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Recipients

When using the platform, the data collected via our websites is transmitted to the following recipients:

CookieHub ehf, Hafnargata 55, Reykjanesbær, Iceland.

Storage duration

By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 12 months. Any further storage of the data processed by the service and made available to us in our own systems only takes place in individual cases to prove compliance with the provisions of the GDPR.

4.5. Google Tag Manager

On our websites, we integrate the "Google Tag Manager" service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of the data processing and the purpose

"Google Tag Manager" is a tag management system (TMS) that enables us to integrate and manage additional website content in Java Script or HTML code.

In particular, so-called tags can be integrated and managed on our website. Tags are small code fragments or markers (web beacons, tracking pixels or similar markers) that allow website analysis or user tracking services to distinguish or identify users.

Website visits and user tracking are not analyzed by "Google Tag Manager", but by the services used for these purposes, such as "Google Analytics" or other third-party solutions. Rather, "Google Tag Manager" is only used to integrate and manage the tags required for analysis and tracking on our websites.

Since "Google Tag Manager" is provided by Google and reloaded from its servers when the page is accessed, the usage data technically required for accessing the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your revocation, please use the gear icon at the bottom left of the website to call up "CookieHub" again and change your settings.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 Para. 1 GDPR in relation to companies with certification under the EU-U.S. Data Privacy Framework.

Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

If your data is transferred to other third countries for which no adequacy decision exists, there is a risk that the authorities there may access your data for security and monitoring purposes without you being informed or having the right to appeal.

To ensure an adequate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 Para. 2 lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to guarantee the level of protection, additional technical, contractual or organizational measures are taken to secure the data transfer. We also regularly review and assess whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage duration

By integrating the service on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.

4.6. Google Analytics

On our websites, we integrate the "Google Analytics" service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of the data processing and the purpose

"Google Analytics" creates usage profiles on the basis of pseudonyms (recognition features from cookie and device ID and other data on the end device used or the so-called browser fingerprint) and usage data (e.g. name and address of the website content requested by your browser, referral links, description of the web browser and operating system used and the IP address of the requesting end device).

Likewise,

demographic data (such as continent, country, region, city, age, gender and interests of users)
Data on your interactions with search engines or other websites,
Data on your interactions with our websites (subpages accessed, data on times of visits, button clicks, scroll depth, reading depth, as well as the use of filters, search functions, forms and other input and registration options, data on products and services viewed by you on our websites, and
Data on your interactions with social media networks

are recorded and analyzed.

In this way, Google is able to recognize website visitors and the end devices they use pseudonymously to count them as such and assign them to specific demographic target groups, prospect groups or customer segments.

Visitors who have their own user account on Google platforms can also be identified by Google as visitors to our websites across devices.

Data is collected and processed on our websites using cookies and JavaScript code, which is loaded when the page is accessed and executed in the browser of your end device. This JavaScript code can then be used to store cookies in your end device and read various information from your end device and from cookies stored there. Details of the cookies and similar technologies used can be found above under "Data processing in connection with cookies and similar technologies" and via the information that you can access via our consent management platform "CookieHub".

The processed information is used by Google to create summarized statistics for us, from which we can recognize what the users of our websites are interested in, how many users have interacted with our websites and in what way.

We only receive summarized statistics (aggregated data) from Google from which we, as users of Google advertising services, cannot draw any conclusions about individual persons.

We then use these findings to place target group-oriented online advertising measures and marketing campaigns in advertising networks, in particular in Google advertising services.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your consent, please use the gear icon at the bottom left of the website to call up "CookieHub" again and change your settings.

Recipients

When using the services, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 14 months. No further storage of the data processed by the service and made available to us in our own systems takes place.

4.7. Google advertising services and functions: Google Ads, Google Ads Conversion Tracking, Google Marketing Platform (formerly Google DoubleClick), Google Ads Remarketing.

On our websites, we integrate Google advertising services and functions of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of the data processing and the purpose

We use Google marketing services and functions such as Google Ads, Google Ads Conversion Tracking, Google Ads Retargeting and the Google Marketing Platform to place and control target group-oriented advertisements for our products and services via the Google advertising network and to measure how successful these advertisements are.

In this way, Google is able to recognize website visitors and the end devices they use pseudonymously. Visitors who have their own user account on Google platforms can also be identified by Google as visitors to our websites across devices.

If you click on an ad placed for us via Google, the website or app of other providers will set cookies for conversion tracking. These are read out again when our site is accessed. Data from the original website or app is processed to determine which search terms (keywords) you may have entered in a search engine, which advertisement or groups of advertisements you have clicked on and which of our online marketing campaigns the advertisement was assigned to.

We then collect data on our websites about how you have used our website and how you have interacted with the website content, e.g. which subpages were accessed, which content was clicked on or retrieved or which forms or dialogs you used. The conversion of an advertisement into a specific action by the website visitor on a website is referred to as conversion.

When using "Google Analytics" at the same time, we can use the data collected to evaluate your actions on our websites even more precisely

The processed information is used by Google to create summarized statistics for us as part of "Google Ads Conversion Tracking" in "Google Ads" and in the "Google Marketing Platform", from which we can see how many users have reacted to our advertisements and in what way. We only receive summarized statistics (aggregated data) from Google from which we, as users of Google advertising services, cannot draw any conclusions about individual persons.

Based on the statistics, we can optimize the effectiveness of our online advertising and manage our advertising strategy via Google advertising services.

Google Ads Remarketing then enables us to place interest- and target group-related advertisements when you continue to use the Internet or app based on websites and content that you have visited on our website, as well as how you have used them and what actions (conversions) you have taken on our websites.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Recipients

When using the services, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

4.8. Vimeo

We embed videos on our websites via Vimeo, a video platform of Vimeo.com, Inc, 330 West 34th Street, 10th Floor, New York, New York 10001, USA.

Description of the data processing and the purpose

Vimeo enables us to integrate videos on our websites. Since embedded videos are reloaded from the servers of the video platform "Vimeo" when the page is accessed, the usage data technically required for accessing the page is also transmitted. In this respect, Vimeo.com, Inc. also receives your IP address, which is technically required to retrieve the content.

Cookies and similar technologies may be used as part of the integration of the service or data may be stored on or read from your device by the service.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Vimeo.com, Inc, 330 West 34th Street, 10th Floor, New York, New York 10001, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on how Vimeo handles personal data can be found at https://vimeo.com/privacy.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Vimeo.com, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

Storage duration

By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 400 days. No further storage of the data processed by the service and made available to us in our own systems takes place.

4.9. New Relic (in connection with Vimeo)

On our websites, we integrate the New Relic service of New Relic Inc. 188 Spear Street, Suite 1000, San Francisco, California 94105, USA. The integration takes place via the Vimeo service.

Description of the data processing and the purpose

New Relic enables us to identify and rectify technical errors in the integration of Vimeo on our website and the associated infrastructure. In this context, log files and error reports may be created, which may also contain personal data.

Depending on the circumstances and type of technical error, all personal data that is collected when you use our website may be processed in this context. In particular, this includes

technical information such as IP address and MAC address (device identifier of your end device in the network),
information about your web browser (language, version, etc.),
information about the way you use our website (time of use, duration of activity, website from which you accessed our website, resources accessed on our website, etc.) and
any other data that you actively provide when you visit the site (e.g. first and last name, e-mail address).

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

New Relic Inc, 188 Spear Street, Suite 1000, San Francisco, California 94105, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on the handling of personal data by the provider can be found at https://newrelic.com/termsandconditions/privacy.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

New Relic Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

Storage duration

By integrating the services on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes. No further storage of the data processed by the service and made available to us in our own systems takes place.

4.10. Cloudflare (in conjunction with Vimeo)

On our websites, we integrate third-party content via the content delivery network CDN of Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA.

Description of the data processing and the purpose

We use Cloudflare as part of the integration of Vimeo on our website and the associated infrastructure.

A content delivery network is an online service that is used in particular to deliver content such as graphics, scripts or other page content or through a network of regionally distributed servers connected via the Internet. When you access our website, your web browser loads the required content from the content delivery network into your browser cache.

Since the content is provided by Cloudflare and reloaded from its servers when the page is accessed, the usage data technically required to access the page is also transmitted. In this respect, Cloudflare also receives your IP address, which is technically required to retrieve the content.

We use the content from the content delivery network for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TTDSGTDDDG The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Recipients

When using the service, your data will be transmitted to the following recipients:

Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Cloudflare Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

Storage duration

4.11. Google Maps

On our websites, we integrate the "Google Maps" service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of the data processing and the purpose

Our website uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

Since "Google Maps" is provided by Google and reloaded from its servers when the page is accessed, the usage data technically required for accessing the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.

Cookies and similar technologies may be used as part of the integration of the service or data may be stored on or read from your device by the service.

In addition, Google Maps uses Google Fonts to display its web fonts and loads them from Google servers when the page is accessed.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Recipients

When using the services, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

4.12. Google Fonts

We integrate Google Fonts web fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, on our websites.

In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of the data processing and the purpose

Google Fonts enables us to use web fonts. For this purpose, the required Google Fonts are loaded from your web browser into your browser cache when you access our website. This is necessary so that your browser can also display a visually improved presentation of our texts. If your browser does not support this function, a standard font will be used by your computer for display.

Since Google Fonts are provided by Google and are reloaded from its servers when the page is accessed, the usage data technically required for accessing the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.

We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "CookieHub".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

4.13. Google ReCaptcha

On our websites, we integrate the Google ReCaptcha service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of the data processing and the purpose

ReCaptcha enables us to check whether the data entry on our website (e.g. in a contact form) is made by a human or by an automated program (bot).

For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information, e.g.

IP address
Length of stay of the website visitor on the website
mouse movements made by the user

The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Since ReCaptcha is provided by Google and reloaded from its servers when the page is accessed, the usage data technically required for accessing the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.

We use ReCaptcha to secure our web forms against misuse by automated programs (bots), in particular to protect against automated spying and against the unwanted sending of automated messages (spam).

Legal basis for data processing

The legal basis for the integration and use of the service is our legitimate interest in protecting our website from abusive automated spying and from the unwanted sending of automated messages (spam).

The use of cookies and similar technologies is based on Section 25 Para. 2 No. 2 TDDDG. It is necessary in order to be able to provide the forms you have requested. The subsequent data processing is based on Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

4.14. Contact form and general inquiries by e-mail

Description of the data processing and the purpose

If you send us inquiries via the contact form or e-mail, your details from the inquiry form or your first and last name, company and e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.

Legal basis for data processing

The legal basis for the processing of your data is your and our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR and, if applicable, Art. 6 Para. 1 Sentence 1 lit. b GDPR, if your inquiry is aimed at concluding a contract.

Recipients

We only pass on your personal data within our company to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out in this privacy policy.

The following companies currently belong to our group of companies:

avasis AG, Gemperenstrasse 26, 9442 Berneck, Switzerland,
avasis GmbH, Ludwig-Erhard-Allee 10, 76131 Karlsruhe, Germany,
avasis solutions GmbH, Domstraße 10, 20095 Hamburg, Germany,
avasis unity GmbH, Rosenheimer Straße 65, 83059 Kolbermoor, Germany,
avasis austria GmbH, Steingasse 6a, 4020 Linz, Austria.

Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of Internet service providers and providers of customer management systems and software.

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus for the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information.

Under these conditions, recipients of personal data may be, for example:

External tax consultant
Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation,
Recipients to whom the transfer is directly necessary for the establishment or fulfillment of the contract,
Other data recipients, insofar as you have given us your consent to transfer data.

As part of data processing, your data will be transmitted to the following recipients in particular:

avasis GmbH, Ludwig-Erhard-Allee 10, 76131 Karlsruhe, Germany,
avasis solutions GmbH, Domstraße 10, 20095 Hamburg, Germany,
avasis unity GmbH, Rosenheimer Straße 65, 83059 Kolbermoor, Germany,
avasis austria GmbH, Steingasse 6a, 4020 Linz, Austria,
Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

The Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

Storage duration

Your data will be deleted after final processing of your request as soon as no further queries are to be expected and provided that there are no statutory retention obligations to the contrary.

4.15. Web forms for collecting advertising data (newsletter registration, registration for live and on-demand webinars or events, booking appointments for talks or demos and downloading white papers and other documents)

On our websites, we collect personal data via various web forms for the purpose of contacting you for advertising purposes in order to promote the sale of our products, goods or services by means of direct advertising. For example, these may be forms for registering for newsletters, live and on-demand webinars or events, for booking meetings or product demo appointments or forms for downloading white papers and other documents. Further information on the processing of your data for advertising purposes can be found in the following section of this privacy policy.

5. Data protection information for customers and other contractual or business partners and interested parties

5.1. Establishment, execution and fulfillment of contracts and for the implementation of pre-contractual measures

Description of the data processing and the purpose

We process your personal data insofar as this is necessary for the establishment, execution and fulfillment of a contract and for the implementation of pre-contractual measures.

We only process data that is related to the establishment of the contract or pre-contractual measures. This may be general data about you or persons in your company (name, address, contact details, etc.) as well as any other data that you provide to us in the context of establishing the contract.

Legal basis for data processing

Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 Para. 1 Sentence 1 lit. b GDPR.

Sources

We process personal data that we receive from you in the context of contacting you or establishing a contractual relationship or in the context of pre-contractual measures.

Recipients

We only pass on your personal data within our company to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out in section 3 of this data protection information sheet.

Under these conditions, recipients of personal data may be, for example:

External tax consultant
Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation,
Recipients to whom the transfer is directly necessary for the establishment or fulfillment of the contract,
Other data recipients, insofar as you have given us your consent to transfer data.

As part of data processing, your data will be transmitted to the following recipients in particular:

avasis GmbH, Ludwig-Erhard-Allee 10, 76131 Karlsruhe, Germany,
avasis solutions GmbH, Domstraße 10, 20095 Hamburg, Germany,
avasis unity GmbH, Rosenheimer Straße 65, 83059 Kolbermoor, Germany,
avasis austria GmbH, Steingasse 6a, 4020 Linz, Austria,
Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA
Isonet AG, Kreuzbuchstr. 40, 6045 Meggen, Switzerland,
Vertec AG Switzerland, Wenigstr. 7, 8004 Zurich, Switzerland,
Mendix Technology B.V., Wilhelminakade 197, 5th floor, 3072 AP Rotterdam, The Netherlands.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

If necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This also includes the initiation and execution of a contract.

In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods prescribed there are two to ten years.

Finally, the storage duration is also based on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

Necessity to provide personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make a decision within the scope of contractual measures if you provide such personal data that is necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

5.2. Management of prospect and customer data

Description of the data processing and the purpose

We store personal data collected by us in our Customer Relationship Management (CRM) system in order to efficiently manage our business contacts and the contacts of potential interested parties.

For this purpose, we collect personal data provided by you via various communication channels (including e-mail, post, telephone, business cards, events, forms on our websites) (title, first name, last name, contact details such as e-mail address and telephone number, link to LinkedIn profile, information about your position in your company), information about your company itself (e.g. industry, size), information about which of our products you are interested in and other information that you provide to us voluntarily.

Legal basis for data processing

The legal basis for the processing of your data is Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interest lies in being able to efficiently manage our business contacts and potential prospects.

Recipients

As part of data processing, your data will be transmitted to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA,
Vertec AG Switzerland, Wenigstr. 7, 8004 Zurich, Switzerland.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

We store your data as long as this is necessary to achieve the aforementioned purpose or as long as you have not objected to the data processing. We will then delete your data unless data processing is still permitted on the basis of another legal basis or is mandatory for us (e.g. in the case of statutory retention obligations).

5.3. Data processing for advertising purposes

We process your personal data in order to contact you by post, telephone and e-mail for the purpose of direct advertising and to evaluate prospect data, conduct market research and carry out customer satisfaction surveys.

5.3.1. Statistical evaluation and analysis of customer and prospect data, market research and customer satisfaction surveys

We process data collected from you as an interested party, e.g. via forms on our website, as well as data collected from you as a customer or employee of a customer in the context of implementing pre-contractual measures or in the context of contract fulfillment, in order to find out which of our products and services interested parties and customers are interested in, how we can improve them if necessary and how we can optimize our advertising measures. In order to be able to address interested parties in a more targeted manner, we form so-called target groups from the data. The analysis and evaluation may also include your details from customer satisfaction surveys we have conducted.

For this purpose, we may collect your details and data on

Your company (e.g. size, industry)
Your position in the company,
Your country,
Your preferred language of communication
Your areas of interest, topics and technologies or product categories,
as well as the referral source, i.e. the information on how you became aware of our company.

Legal basis for data processing

The legal basis for the processing of your data is Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interests lie in further developing our products and services in line with market requirements and in better understanding the needs and interests of our customers and potential customers in order to enable target group-oriented direct advertising.

Recipients

As part of data processing, your data will be transmitted to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA,
CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede,
Isonet AG, Kreuzbuchstr. 40, 6045 Meggen, Switzerland.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

5.3.2. Supplementing the database with further data collection from professional networks (LinkedIn)

Description of the data processing and the purpose

We compare the data collected from you and stored by us with other data that you have published in your profile in professional networks, in particular LinkedIn, in order to keep the data we have on your company, your role in the company and the contact details you have provided in the network complete and up to date.

Legal basis for data processing

The legal basis for the processing of your data is Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interests lie in adding relevant entries to our records of business contacts and keeping them up to date.

Source

The source of your data is the professional network in which you have published your data. In the case of LinkedIn, this is the

LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland.

Recipients

As part of data processing, your data will be transmitted to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA,
Vertec AG Switzerland, Wenigstr. 7, 8004 Zurich, Switzerland.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

5.3.3. Postal or telephone advertising measures

Description of the data processing and the purpose

We process your personal data (title, academic title, first name, last name, company, division, department, position, business address and telephone number (landline and cell phone number), preferred language of communication, areas of interest and data on target group affiliation such as industry, software, etc.) for the purpose and in our legitimate interest of addressing you or your company in a personalized manner by post or telephone and informing you about our company and our products, goods, services, events (our own or those of partners) and offers.

Legal basis for data processing

The legal basis for this processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. As we only process personal data that is related to your work in order to achieve the purpose, there are no apparent overriding interests on your part that conflict with our interest in data processing.

You can object to data processing at any time with effect for the future. To exercise your right to object, please use the contact details above.

Recipients

As part of data processing, your data will be transmitted to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Storage duration

5.3.4. E-mail advertising to business customers

5.3.4.1. Existing customer advertising

Description of the data processing and the purpose

We process your personal data (title, first name, last name, business e-mail address), which we receive in connection with the conclusion of a contract, for the purpose and in our legitimate interest of sending you or your company personalized direct advertising as an existing customer for our own similar products, goods and services that are related to the previous conclusion of the contract.

Legal basis for data processing

The legal basis for this processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. As we comply with the provisions of the exemptions in Section 7 Para. 3 of the Act against Unfair Competition (UWG) for Germany, Section 174 Para. 4 of the Telecommunications Act (TKG) 2021 2021 for Austria and Art. 3 Para. 1 lit. o of the Federal Act against Unfair Competition (UWG-CH) for Switzerland, as well as to achieve the purpose of processing only such personal data that are related to your work, there are no apparent overriding interests on your part that conflict with our interest in data processing, provided that you have not yet objected to the processing.

You can object to data processing at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates. To exercise your right to object, please use the unsubscribe link in our advertising e-mails or contact us using the contact details above.

Recipients

As part of data processing, your data will be transmitted to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.
CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

The Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

Storage duration

5.3.4.2. Consent to receive promotional e-mails and the newsletter, newsletter tracking

Description of the data processing and the purpose

In addition, we process your personal data (title, academic title (optional), first name, last name, company, division, department, position, business e-mail address, preferred language of communication, areas of interest and data on target group affiliation such as industry, software, etc.) for the purpose of addressing you or your company in a personalized manner by e-mail or via our e-mail newsletter and to inform you about our company and our products, goods, services, events (our own or those of partners) and offers only if you have given us your express consent to do so separately.

If you give us your consent, you also allow us to process data on whether you have received our marketing e-mails and whether you have opened them, the extent to which you have interacted with the content, in particular which links you have clicked on and the extent to which you have read or skimmed our e-mails (newsletter tracking).

Legal basis for data processing

The legal basis for this processing is your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR. Your consent is voluntary and can be revoked at any time with effect for the future. Revoking your consent does not invalidate the legality of the data processing carried out up to that point. To exercise your right of revocation, please use the unsubscribe link in our promotional e-mails or in the newsletter or contact us using the contact details above.

Recipients

As part of data processing, your data will be transmitted to the following recipients:

CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede

Storage duration

6. Data protection information for social media profiles

Below you will find information on the handling of your data that is collected through your use of our social media profiles on social networks and platforms.

6.1. Social media profiles

We maintain profiles, presences, pages or fan pages on the following social media platforms:

Platform	& Profile
LinkedIn:	https://www.linkedin.com/company/avasis
YouTube:	https://www.youtube.com/@avasisgroup
Vimeo:	https://vimeo.com/user132668299

6.2. Different responsibilities and roles

Depending on how the platform operators and we as the site operator are involved in the processing of your personal data, the respective responsibility or role differs.

This means that we can either be jointly responsible with the platform operator or the platform operator is solely responsible.

6.3. Joint controllership with platform operators

6.3.1. Joint controllers

There is a joint controllership between us and the following platform operators:

Platform: LinkedIn
Platform operator: LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland

As the site operator, we are jointly responsible with the providers of the respective platform for the processing of your personal data in connection with your visit to the presence, profile, page or fan page on the platforms if the platform operators provide aggregated information on visitors to our profiles, presences, pages or fan pages (e.g. so-called "insights" or "analytics").

In the case of joint controllership, we have concluded agreements with the platform operators in accordance with Art. 26 GDPR on joint controllership for the processing of your personal data (e.g. Page Controller Addendum or Joint Controller Addendum).

This agreement specifies the data processing operations for which we or the respective platform operator are responsible. You can view these agreements under the following links:

Platform: LinkedIn
Agreements on joint controllership: https://legal.linkedin.com/pages-joint-controller-addendu

Further information on data processing by the platform operators can be found in their privacy policies:

Platform: LinkedIn
Privacy policy: https://www.linkedin.com/legal/privacy-policy

6.3.2. Contacting the data protection officers of the platform operators

You can contact the data protection officers of the platform operators here:

Platform: LinkedIn
Options to get in touc: To contact LinkedIn's data protection officer, you can use the contact form at the link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO .

6.3.3. Data processing under joint controllership

6.3.3.1. Accessing and storing information in end devices

When you access our profiles on the aforementioned platforms, the platform operator uses cookies and similar technologies on your end device to store data on your end device or to read data from there. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of the services, this is done on the basis of Section 25 Para. 1 Sentence 1, Para. 2 No. 2 TDDDG. Subsequent data processing may be carried out on the basis of Art. 6 Para. 1 Sentence 1 lit. f GDPR.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 Para. 1 TDDDG with your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the use of cookies and similar technology and their legal basis can be found in the respective privacy policy of the platform operator. Links to the respective privacy policies can be found above. If you have any further questions, please contact the operator of the respective social media platform directly.

6.3.3.2. Data processing for advertising and market research purposes

As a rule, personal data on our social media profile is primarily processed for market research and advertising purposes of the platform operator. Insofar as the data collection also takes place directly on our social media profile, we participate in the data processing of the platform operator and are therefore jointly responsible with the platform operator in this respect.

During data processing, cookies and similar technologies are used that enable the platform operator to recognize you when you visit a social media profile. In addition, for members of the social media platform, the platform operator comprehensively evaluates your interactions on the platform (clicks, comments and likes) and processes the information you provide to the platform operator, such as your master data, your profile picture or name. In particular, demographic data (age, gender, country, industry, profession, etc.) from your own member profile may also be processed.

The collected data can be used to create user profiles. These are then used by the platform operator to place advertisements inside and outside the platform that presumably correspond to your interests.

Although we do not have direct access to the data processed by the platform operator, we also benefit from this data processing by placing corresponding advertisements within or outside the platforms based on the target groups identified by the platform operator.

The legal basis for the processing of your personal data in relation to this is your consent given to the platform operator pursuant to Art. 6 Para. 1 lit. a GDPR.

Please note that we have no influence on data collection and further processing under the controllership of the platform operators. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by the platform operator.

Further information on this can be found in the data protection information of the respective provider.

6.3.3.3. Data processing in the context of "Insights" or "Analytics"

In addition, your data will be processed under joint controllership in connection with so-called "Page Insights" or "Page Analytics".

Page Insights" or "Page Analytics" are analysis functions provided by the platform operator, by means of which the master data processed on you, in particular demographic data and the data on your interactions with our profile, are collected jointly by the platform operator and us.

The platform operator then analyzes this data and creates summarized (so-called aggregated data) for us, from which we can see which demographic target group has visited our profile and how our profile was used by them.

In this respect, we also have no direct access to the data processed by the platform operator. It is only made available to us by the platform operator in aggregated form. This means that we cannot recognize individual visitors or their interactions from the aggregated data.

We then use this aggregated data to tailor our social media profile to the target group and generally to optimize it in relation to the aforementioned advertising purposes (increasing the reach and awareness of our profile and evaluating the success of marketing campaigns).

The legal basis for the processing of your personal data in relation to this is your consent given to the platform operator pursuant to Art. 6 Para. 1 lit. a GDPR.

Further information on this can be found in the data protection information of the respective provider.

6.3.3.4. Data processing based on consent

If you are asked by the respective platform operator for consent to processing for a specific, common purpose, the legal basis for processing is Art. 6 Para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.

6.3.3.5. Recipients and data transfer to third countries

If we pass on personal data to the operators of social media platforms, the latter are recipients of the data within the meaning of the GDPR. Art. 4 No. 9 GDPR.

Platform: LinkedIn
Recipients:

LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland
LinkedIn Corp, 1000 W. Maude Ave, Sunnyvale, CA

When you visit our social media profiles, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

Recipients: LinkedIn Corp.

Ensuring an adequate level of data protection: The LinkedIn Corp. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov)

6.3.4. Exercising your rights in the event of joint controllership

Your rights as a data subject of data processing

If, as a visitor to the site, you would like to exercise your rights (information, rectification, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both the platform operator and us.

Platform: LinkedIn
Settings in the platform account: You can (also) restrict the visibility of your LinkedIn account to us via the LinkedIn settings. For more information on asserting your rights, please refer to LinkedIn's privacy policy at the following link: https://www.linkedin.com/legal/privac

6.4. Responsibility of the platform operators

If your personal data is processed by one of the operators of social media platforms listed below, this processing is the responsibility of the platform operator as defined within the meaning of Art. 7 No. 4 GDPR.

Platform	& Platform operator
YouTube:	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Vimeo:	Vimeo.com, Inc, 330 West 34th Street, 10th Floor, New York, New York 10001, USA

We have no influence on data processing by the platform operators. For more information, please check the privacy policy of the respective platform operator:

Platform	& Privacy policy
YouTube:	https://policies.google.com/privacy
Vimeo:	https://vimeo.com/privacy

When asserting your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please feel free to contact us at any time.

6.5. Our own responsibility

We are solely responsible for the following data processing via our social media profiles.

6.5.1. Data processing through the operation of the social media profile

When you visit or interact with our social media profile, we process your personal data.

This may be information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name). Depending on the provider and your settings on the provider's platform, we may also be informed about who has accessed our profile on the platform.

The legal basis for the processing of personal data when operating our social media profile is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

The legitimate interest lies in addressing visitors for advertising purposes and in providing an effective means of communication and interaction with our company on the social media platform.

6.5.2. Data processing when contacting us

We ourselves collect personal data when you contact us, for example, via a contact form or a messenger function on the respective platform.

Which data is collected depends on the information you provide and the contact details you give or release. These are stored by us for the purpose of processing the request and in the event of follow-up questions.

The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Your data will be deleted after the final processing of your request, provided that there are no statutory retention obligations to the contrary. We assume that processing has been completed when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

6.5.3. Data processing for contract processing

If your contact via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the fulfillment of the contract or for the implementation of pre-contractual measures or for the provision of the desired services.

The legal basis for the processing of your data in this case is Art. 6 Para. 1 Sentence 1 lit. b GDPR.

Your data will be deleted if it is no longer required for the performance of the contract or if it is established that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact.

Please note, however, that it may be necessary to store personal data of our contractual partners even after conclusion of the contract in order to comply with contractual or legal obligations.

6.5.4. Data processing based on consent

If you are asked by us for consent to processing for a specific purpose, the legal basis for processing is Art. 6 Para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.

7. Other data processing

7.1. Documentation of compliance with data protection

Description of the data processing and the purpose

If you submit a declaration of consent to us, we process your personal data about the circumstances and time of submission (signature, e-mail address, telephone or fax number or IP address, if applicable) in order to be able to prove that you have consented to the data processing in question as part of our accountability obligation under Art. 5 Para. 2 GDPR.

If you exercise your data subject rights under the GDPR against us, we will also process your personal data in order to be able to prove that we have complied with the GDPR when processing your request as part of the accountability obligation pursuant to Art. 5 Para. 2 GDPR.

Legal basis for data processing

The processing is carried out on the basis of Art. 6 Para. 1 Sentence 1 lit. c GDPR or Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interest lies in being able to document compliance with the requirements of the GDPR as part of our accountability.

Recipients

In addition, we may forward your personal data in connection with your request to our external company data protection officer, who supports us in complying with the requirements of the GDPR.

Storage duration

We store your data for as long as this is necessary to achieve the aforementioned purpose. We regularly store data relating to a given consent until the expiry of 3 years from the end of the year in which we last made use of this consent. Data that we process in connection with the implementation of data subject rights is regularly stored for a period of 3 years from the end of the year in which you exercised your data subject right.

We will then delete your data unless data processing, possibly also in other systems, is still permitted on the basis of another legal basis or is mandatory for us (e.g. in the case of the existence of statutory retention obligations).

7.2. Fulfillment of other legal obligations

Description of the data processing and the purpose

We process personal data if this is necessary for the fulfillment of a legal obligation. The scope of the data to be processed results from the legal obligation that we have to comply with.

Legal basis for data processing

The legal basis for the processing of your data in these cases is Art. 6 Para. 1 Sentence 1 lit. c GDPR in conjunction with the respective legal standard that imposes such an obligation on us.

These may, for example, be standards from tax or commercial law or criminal procedural law.

In Germany, this applies in particular to Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB) or various standards from the Code of Criminal Procedure (StPO).

In Austria, this applies in particular to Section 132 of the Austrian Federal Fiscal Code (BAO), Section 212 of the Austrian Commercial Code (UGB) and various standards from the Code of Criminal Procedure (StPO-AT).

In Switzerland, this applies in particular to

Art. 958f of the Swiss Code of Obligations (OR), Art. 70 in conjunction with Art. 42 of the Value Added Tax Act (MWSTG) or various standards from the Code of Criminal Procedure (StPO-CH).

Recipients

If necessary, your data will be transmitted to tax consultants, auditors, financial or investigative authorities, lawyers, experts or courts to the extent required.

Storage duration

We store your data to the extent required for as long as this is necessary to achieve the aforementioned purpose. The storage duration results from the special legal regulations that oblige us to retain or process data for a period of up to 10 years, whereby the specific start of the retention periods results from the respective special law.

We will then delete your data, unless data processing, possibly also in other systems, is still permitted on the basis of another legal basis.

7.3. Exercise or defense of legal claims

Description of the data processing and the purpose

In addition, we process your data in individual cases for the purpose and in the interest of asserting legal claims, for example to enforce our claims due to unpaid invoices, if your data is relevant for a legal dispute.

We also process your data in individual cases for the purpose and in the interest of defending against legal claims asserted against us, for example when asserting claims for material defects, provided that your data is relevant to a legal dispute.

Legal basis for data processing

The legal basis for the processing of your data is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Recipients

If necessary, your data will be transmitted to tax consultants, auditors, financial or investigative authorities, lawyers, experts or courts to the extent required.

Storage duration

We store your data in individual cases to the extent required for as long as this is necessary to achieve the aforementioned purpose. We will then delete your data unless data processing, possibly also in other systems, is still permitted on the basis of another legal basis or is mandatory for us (e.g. in the case of the existence of statutory retention obligations).

8. Your rights

Below you will find information on the data subject rights granted to you by the applicable data protection law with respect to the controller in regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing , the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

The right to request the immediate rectification of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR.

The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right to request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller in accordance with Art. 20 GDPR.

The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to revoke consent granted in accordance with Art. 7 Para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of processing based on consent before its revocation.

Right of objection

If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to info@avasis.biz.