In this privacy statement, we inform you on the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering. For more information on the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
CLAYTEC e.K.
Nettetaler Str. 113
41751 Viersen
Tel. +49 2153 9180
E-mail: service(at)claytec.com
Data Protection Officer
Arndt Spelten
BScom GmbH
Fröbelstr. 4
41844 Wegberg
Tel. +49 2431 81244-55
E-mail: info(at)bscom.de
Types of data processed
- Inventory data (e.g. name, address)
- Contact data (e.g. e-mail address, telephone number)
- Content data (e.g. text input)
- Meta/communications data (e.g. websites visited, browser type, IP address)
Purpose of processing
- Provision of the online offering, its functions, and its content
- Replying to contact requests
- Security measures
- Fulfilment of contracts/orders placed
Key legal basis
Unless a particular legal basis is expressly specified, the following applies in general:
For the fulfilment of our products and services and the performance of contractual measures, as well as replying to queries, data processing takes place according to Art. 6(1)(a) and Art. 7 of the GDPR. For the fulfilment of our legal obligations, data processing takes place according to Art. 6(1)(c) of the GDPR. Data processing to protect our justified interests takes place according to Art. 6(1)(f) of the GDPR. In cases where vital interests of the data subject or another natural person necessitate the processing of data, Art. 6(1)(d) of the GDPR serves as the legal basis.
We ask that you inform yourself regularly on the contents of our privacy statement. We will adapt the privacy statement as soon as changes in the data processing we perform makes this necessary. We shall inform you as soon as the changes require action on your part (e.g. supplying of consent).
Collaboration with processors and third parties
In cases where, as a part of our processing, we disclose, transmit, or otherwise provide access to data to persons and companies (processors or third parties), this takes place based on legal authorisation (e.g. the transmission of data for the fulfilment of the order or to financial services providers, Art. 6(1)(b) GDPR), your consent, due to a legal obligation or justified interests (e.g. when utilising representatives, web hosting etc.). In cases where we commission third parties with the processing of data based on a “processing contract”, this takes place based on Art. 28 of the GDPR.
If data is transmitted to third countries (countries outside of the EU/EEA) for the fulfilment of our (pre-)contractual obligations, this takes place contingent on recognised guarantees for compliance with a level of data protection corresponding to that of the EU (e.g. the “Whitelist” of the EU, “Privacy Shield” of the USA, etc.) or in compliance with recognised contractual obligations (“Standard Contractual Clauses of the EU”).
Rights of data subjects
- You have the right to receive information on whether data about you is being processed, as well as information about this data in accordance with Art. 15 GDPR.
- You have the right to have this data completed or rectified (Art. 16 GDPR)
- You have the right to have the data erased immediately in accordance with Art. 17 GDPR, or alternatively have the processing of data restricted in accordance with Art. 18 GDPR.
- You have the right to receive the data about you which you have provided us with, or to ask that it be transmitted to other controllers (Art. 20 GDPR).
- Furthermore, you also have the right to lodge a complaint with the relevant supervisory authority (Art. 77(3) GDPR). You will find a list under https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right of revocation and right of objection
You can revoke consent that was previously granted in accordance with Art. 7(3) GDPR with effect for the future. Similarly, you can also object to the future processing of data in accordance with Art. 21 GDPR at any time. In particular, such objection may be made against processing for the purposes of direct advertising. The legality of the data processing up to the point in time of objection remains unaffected by the objection.
Cookies
Cookies are small files that are stored on your end device when you visit our website. Cookies generally serve the purpose of recognising you during your use of our online offering and to store information that is necessary for operating website functions. Our online offering uses cookies to analyse the use of our web offering as well as to integrate external services such as Google Analytics, YouTube, Facebook, and Instagram. The legal basis for their use is justified interests in accordance with Art. 6(1) S.1 (f) GDPR.
You have the option of preventing the storage of cookies on your device by configuring your browser accordingly. It is not guaranteed that you will be able to access all the functions of this website without restrictions if your browser does not allow any cookies.
Google Analytics
This website uses the service “Google Analytics”, which is offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the analysis of users’ use of the website. The service uses cookies, which are text files that are stored on your end device. The information collected by the cookies are generally transmitted to a Google server in the USA and stored there.
On this website, IP anonymisation has been activated. The IP addresses of users will be truncated within the member states of the EU and the European Economic Area. With this truncation, your IP address is no longer personally identifiable. As part of the agreement on data processing which the website operators have entered into with Google Inc., the latter will use the information collected to compile an assessment of website use and website activity, as well as provide services related to internet use.
Furthermore, you can also use a browser plugin to prevent the information collected by the cookies (including your IP address) from being sent to Google Inc. and being used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en
This is where you will find more information on Google Inc.’s use of data: https://support.google.com/analytics/answer/6004245?hl=en
Plug-ins and Tools
Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6 Sect. 1 lit. f GDPR. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6 Sect. 1 lit. a GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g. information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g. IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
Data are stored and analyzed on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6 Sect. 1 lit. a DGDPR. Any such consent may be revoked at any time.
For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.
Use of YouTube in enhanced data protection mode
We utilise the provider YouTube for integrating videos. For this purpose, the videos have been embedded in enhanced data protection mode. However, just like most websites, YouTube also uses cookies to collect information about the visitors to its website. Among other things, YouTube uses this information to collect video statistics, to prevent fraud, and to improve user-friendliness. This also leads to a connection being established with the Google DoubleClick network. When you start the video, this may trigger other data processing procedures. We have no influence over this. For more information on data privacy at YouTube, please read their privacy statement at: http://www.youtube.com/t/privacy_at_youtube
Deletion of data
The data we process will be deleted or their processing restricted (e.g. blocked) in accordance with Art. 17 and 18 GDPR as soon as they are no longer necessary for the intended purpose or product/service to be provided, and no statutory archival obligations prevent this. According to statutory provisions in Germany, archival shall in particular take place for 10 years in accordance with Sections 147(1) AO, 257(1) No. 1 and 4, Section 4 HGB (books, records, status reports, accounting records, commercial books, documents relevant for taxation, etc.) and for 6 years in accordance with Section 257(1) No. 2 and 3, Section 4 HGB (business letters).
Business-related processing
In addition, we process contractual data (e.g. subject of the contract, term, customer category), payment data (e.g. bank details, payment history) and booking data (e.g. hotel bookings, bookings from participants) from our customers, interested parties, and business partners for the purpose of providing the contractual products, services, and customer care.
Hosting
We use hosting products and services in order to provide our online offering. For this purpose, we and/or our hosting provider process inventory data, contact data, content data, contractual data, usage data, meta- and communication data from customers, interested parties, and visitors to this online offering based on our justified interest in an efficient and secure provision of this online offering in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (signing of a processor contract).
We and/or our hosting provider collect, based on our justified interests as specified in Art. (6)(1)(f) GDPR, data on every access attempt on the server on which this service is located (server log files). The access data includes the name of the website or file accessed, data and time of access, quantity of data transferred, notification of successful access, browser type including version, the operating system of the user, referrer URL (previously visited website), IP address, and the querying provider. For security reasons (e.g. for clarifying cases of misuse or fraud), log file information is stored for a maximum duration of 30 days and then deleted. Data which needs to remain archived for the purposes of furnishing proof are excluded from the deletion until the final clarification of the respective incident.
Contact form
Data transmitted via the contact form including your contact data will be stored in order to be able to process your query or to remain available for follow-up questions. This data is not disclosed to others without your consent.
The processing of the data provided in the contact form takes place exclusively based on your consent (Art. 6(1)(a) GDPR). You may revoke previously provided consent at any time. For this revocation, an informal request via e-mail shall suffice. The legality of the data processing procedures up to the point in time of objection remains unaffected by the objection.
The data transmitted via the contact form remains with us until you request its deletion, revoke your consent for its storage, or it is no longer necessary to store the data. Mandatory statutory provisions — in particular archival periods — remain unaffected.
Newsletter
Newsletter data
If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.
The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
CleverReach
This website uses CleverReach for the sending of newsletters. The provider is the CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you have entered for the purpose of subscribing to our newsletter (e.g. e-mail address) are stored on servers of CleverReach in Germany or in Ireland.
Newsletters we send out via CleverReach allow us to analyze the user patterns of our newsletter recipients. Among other things, in conjunction with this, it is possible how many recipients actually opened the newsletter e-mail and how often which link inside the newsletter has been clicked. With the assistance of a tool called Conversion Tracking, we can also determine whether an action that has been predefined in the newsletter actually occurred after the link was clicked (e.g. purchase of a product on this website). For more information on the data analysis services by CleverReach newsletters, please go to: https://www.cleverreach.com/en/features/reporting-tracking/.
The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
If you do not want to permit an analysis by CleverReach, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the Data Protection Provisions of CleverReach at: https://www.cleverreach.com/en/privacy-policy/.
Execution of a contract data processing agreement
We have entered into a contract data processing agreement with the provider of CleverReach and implement the strict provisions of the German data protection agencies to the fullest when using CleverReach.
Unsubscribe from our Newsletter: https://seu2.cleverreach.com/f/223656-273332/wwu/
Facebook Pixel
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in effective advertising campaigns, which also include social media. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de-de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.
If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
Financial accounting, office organisation, administration of contacts
We process data as part of administrative tasks as well as in the organisation of our business, financial accounting, and compliance with legal obligations, such as archival. In this case, we process the same data that we process as part of the provision of our contractually owed performance. The basis for processing are Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. The purpose and our interest in the processing lie in financial accounting, office organisation, and the archival of data, i.e. tasks for maintaining our business activities, performing our tasks, and the provision of our products and services. The deletion of the data with regard to contractual performance and contractual communication corresponds to the tasks specified for these processing activities.
For this purpose, we disclose or transmit data to the tax authorities, consultants, e.g. tax consultants or auditors, as well as other fee centres and payment providers. Furthermore, based on our business interests, we store information on suppliers, organisers, and other business partners, e.g. for the purposes of establishing contact at a later time. We generally store this mostly company-related data indefinitely.
SSL and TLS – encryption in the booking system
For reasons of security and for the protected transmission of confidential information which you send to us, the website operator, our website utilises SSL/TLS encryption. This means that data which you transmit via this website cannot be read by third parties. You can identify an encrypted connection via a “https://” URL of your browser and the lock symbol in the browser bar.