PRIVACY POLICY
This Privacy Policy informs you about how we handle your data. With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). Our website is not aimed at minors under the age of 16.
CONTROLLER RESPONSIBLE FOR PROCESSING
Cosphatec GmbH, Hopfenmarkt 33, 20457 Hamburg, Germany, Phone +49 40 3501669-0, E-Mail: info@cosphatec.com
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The contact details of our external company data protection officer are: Mauß Data protection GmbH, Neuer Wall 10, 20354 Hamburg, Germany. You can contact our data protection officer by post (see above), by phone: +49 40 999 99 52-0 or by e-mail: datenschutz@datenschutzbeauftragter-hamburg.de.
Whenever you contact our data protection officer, please refer to the client, Cosphatec GmbH.
What do we do with your data?
In the following, you will find out when specific data is collected, how it is used (type, scope and purpose of the processing of personal data) as well as the legal basis and the period for which the data is stored.
Operation of the web server, delivery of the website
When you visit our website, we automatically process the following data from you in order to provide you with our website and the services it offers.
- Date and time of access
- Your IP address
- The pages you visit on our website
- Information about your web browser (browser type and version)
- The operating system of the device used to access our website and services
- Your internet service provider
For security reasons, we store this information in log files and usually delete it automatically after 2 weeks. The data in the log files are stored separately from your other data.
Longer storage will only take place in justified individual cases (e.g. in the event of suspected misuse or fraud or in the event of attacks on our web server). In these cases, the respective log files are stored until the matter has been clarified and the resulting measures have been completed.
In order to be able to provide you with our website and the services it offers, we use a service provider (web host) who processes your data on our behalf and exclusively in accordance with our instructions: Host Europe GmbH c/o WeWork, Friesenplatz 4, 50672 Cologne, Germany.
The legal basis for data processing is Article 6 (1) (f) GDPR. We have a legitimate interest in processing your data so that we can offer you our website and the services it provides in a technically flawless, secure manner and optimised for your needs. In addition, we have a further legitimate interest in detecting and defending against attempted fraud or attacks on our websites.
Use of a tool for obtaining and managing consent
We use various tools and technologies on our website, including cookies and other storage technologies, the usage of which requires your consent.
We use a “consent manager” to obtain and manage your consent. Specifically, we use the product Borlabs Cookie (Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany, https://de.borlabs.io/datenschutz/).
The consent manager stores information on your end device in order to save your consent. The storage period of this data can be found in the information in the consent manager.
You can grant consent for all the tools and technologies we use in the consent manager, where you can also withdraw consent at any time. The consent manager is automatically displayed the first time you visit our website. You can also reopen it at any time by clicking on the icon at the bottom left on every page. All necessary details regarding the cookies used or tools and technologies requiring consent can be found in the consent manager.
The legal basis for the use of the consent manager is our obligation to obtain your consent for certain processing operations and our legal obligation to be able to prove the type of consent you have given us (Art. 6 (1) (c) GDPR in conjunction with Art. 7 GDPR and Art. 5 (2) GDPR). The decision to use an external provider is based on our legitimate interest (Art. 6 (1) (f) GDPR) in using a modern, secure and cost-effective solution.
Storage and retrieval of data on your device
In order to provide the functionalities that you request, including the provision of the website, we store data in your browser in accordance with Section 25 of the German Telecommunications Digital Services Data Protection Act [Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG] and also access it again. We use cookies as well as the session storage and the browser’s local storage for this purpose.
The legal basis for the storage and retrieval of data from your browser is either your consent (Section 25 (1) TDDDG) or the technical necessity to provide a service requested by visitors to the website (Section 25 (2) No. 2 TDDDG).
If personal data is involved, the legal basis for its processing is stated in the privacy policy of the respective service.
All further information on this type of data storage and retrieval, in particular which legal basis is relevant, can be found in the consent manager (see previous section). You can change your cookie settings at any time by clicking on the cookie icon at the bottom left of the page.
Registering for and participating in webinars
If you register for one of our webinars, we will use the data you provide to conduct the webinars, including answering questions asked via chat. We will also use the contact details to send you information material and to contact you after the webinar. The legal basis for processing is your consent in accordance with Article 6 (1) (a) GDPR. You can withdraw your consent at any time, please inform us of your withdrawal by telephone or e-mail. If we write to you by e-mail, you will also find an unsubscribe link in every e-mail. Please note that withdrawal is only effective for the future. Processing that took place before withdrawal of consent is not affected. With regard to your further rights as a data subject, please refer to our explanations below.
We store your data until consent is withdrawn. We will delete the data that we require as proof that you have consented to the sending of information material after expiry of the limitation period for the relevant obligations to provide proof.
We use Zoom (Zoom Video Communications, Inc., 55 Almaden Blvd, San Jose, CA 95113, USA) to conduct the webinars. Zoom is located in the USA, i.e. a third country. Since Zoom is based in the USA and has not yet committed to the EU-U.S. Data Privacy Framework (DPF), we also require your express consent to the transfer of data to an insecure third country (see Art. 49 (1) (a) GDPR). If you register for a webinar and/or participate in a webinar, you also consent to this transfer in accordance with Art. 49 (1) (a) GDPR.
We also use cookies in connection with registration for webinars. We need them to provide the technical functionality. In this case, cookies are used in accordance with the exception of Section 25 (2) TDDDG; if we process personal data in this context, we do so on the basis of Article 6 (1) (f) GDPR; in this case, our legitimate interest is to provide the functionality you require.
Handling data contacts at our customers
When working with our customers, we usually process the following data: Your name, your employer, your position in the company as well as your address and contact details.
The purposes of processing are the initiation and execution of contracts. This includes in particular the preparation of quotations, the processing of your orders as well as quality assurance, invoicing and financial accounting.
If we are legally required to do so, we will pass on your data to public authorities, such as the tax office or customs authorities. In the course of transporting your orders, we pass on the necessary data to shipping, transport and logistics service providers. Data is not transferred to third countries.
The legal basis for the processing of your data is Art. 6 (1) (b) GDPR if you are self-employed and Art. 6 (1) (f) GDPR if you are the employee of a company. Our legitimate interest in this case is the initiation and fulfilment of contracts with your employer.
We store your data for the period of our cooperation with your employer. If we are legally required to store your data for a longer period (e.g. invoices or business letters), we will store your data for up to 10 years beyond this period.
Handling data of contacts at suppliers and service providers
When working with our suppliers and service providers, we usually process the following data: Your name, your employer, your position in the company as well as your address and contact details.
The purposes of processing are the selection of suppliers and service providers, contract fulfilment, purchasing, quality assurance, financial accounting and others.
If we are legally required to do so, we will pass on your data to public authorities, such as the tax office or customs authorities. Data is not transferred to third countries.
The legal basis for the processing of your data is Art. 6 (1) (b) GDPR if you are self-employed and Art. 6 (1) (f) GDPR if you are the employee of a company. In this case, our legitimate interest is to commission your employer with the provision of services or the delivery of goods; you have been named to us as the contact.
We store your data for the period of our cooperation. If we are legally required to store your data for a longer period (e.g. invoices or business letters), we will store your data for up to 10 years beyond this period.
Processing your data in the context of a job application
If you apply for a job with us, we will process the data you provide exclusively for the purpose of processing your application. This also includes making contact by e-mail or telephone, as well as conducting job interviews and making hiring decisions.
In this context, we usually process the following data: Your name and address, contact details, CV, references and other data that you send us. We obtain all data exclusively from you and will not transfer it to third parties or third countries.
We do not subject you to any automated decision-making or profiling.
The legal basis for data processing in the context of a job application is Article 6 (1) (b) GDPR.
If you are hired, we will transfer your data to your personnel file and store it for at least the period of your employment. If we do not enter into an employment relationship, we will delete your data four months after the end of the application process.
Automated decision-making
Unless otherwise stated above for the individual processing operations, we do not use any automated decision-making.
Transfer of personal data to non-EU countries, server location
We do not transfer any personal data to non-European countries within the scope of our website. The web server we use is located in Germany. Please note that for some of the services we use, it cannot be ruled out that the service providers will transfer data to the USA. Information on this can be found in the details of the relevant services in the consent manager.
Duty to provide data
You are neither legally nor contractually required to provide us with personal data when using our website. However, our pages cannot be accessed without providing your IP address.
Your rights
If you wish to exercise any of the rights to which you are entitled, please contact us as the controller using the contact details provided above or use one of the other methods we offer to send us this notification.
Right to information
In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, you have a right of access to this personal data and to further information as specified in Art. 15 GDPR.
Right to rectification/completion
In accordance with Art. 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’)
You have the right to obtain from us the erasure of personal data concerning you without undue delay. We have the obligation to erase personal data without undue delay if the relevant requirements of Art. 17 GDPR applies. Please refer to Art. 17 GDPR for the details.
Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right, under certain conditions, to obtain from us restriction of the processing of your personal data.
Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and the processing is carried out by automated means.
Right to withdraw consent
In accordance with Art. 7 GDPR, you have the right to withdraw your consent at any time and without giving reasons. Please note that withdrawal is only effective for the future and does not affect the lawfulness of processing based on consent before its withdrawal.
Right to object
Pursuant to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to lodge a complaint
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority for data protection, without prejudice to any other administrative or judicial remedy. This right applies in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Subject to change
We reserve the right to modify our security measures and privacy policy. Please make sure to always refer to the current version of this Privacy Policy.