In the following we would like to inform you about how we process your personal data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
CleverReach GmbH & Co. KG is responsible for the data collection and processing explained in this policy. You can find our contact data in our imprint.
Usage data & log files
When you visit our web pages, temporary so-called usage data are stored on our web server for statistical purposes as a protocol to improve the quality of our web pages. This data set contains:
- The page from which the file was requested,
- The file name,
- The date and time of the query,
- The amount of data transferred,
- The access status (file transferred, file not found),
- The description of the type of web browser used,
- The IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.
These log data are only stored anonymously. We store this log data strictly earmarked for a maximum of seven days to be able to detect, limit, and eliminate attacks on our websites. We delete these data at the end of this period. The legal basis is Art. 6 (1) (f) GDPR.
2. Analysis tools and third-party tools
4. Google Analytics
The information a cookie generates about your use of this website is usually transferred to a Google server in the United States and will be stored there. However, because we have activated IP anatomization on this website, your IP address will be shortened beforehand by Google within Member States of the European Union. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and be shortened there. If the data is processed outside the EU/EEA, please note that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in unsafe third countries and you give your consent, the transfer to a third country takes place based on Art. 49 para. 1 letter a GDPR.
We have concluded a contract for order processing with Google Inc. (USA) in accordance with Art. 28 GDPR and the EU standard data protection clauses. Google will therefore use all information strictly for the purpose of evaluating for us how our website is used and for compiling reports on website activities.
5. Facebook Pixel
Our website uses the visitor action pixel of Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for conversion tracking. This way, the behavior of page visitors can be tracked after they have been forwarded to the provider’s website by clicking on a Facebook advertisement. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized. For us as the operator of this website, the collected data is anonymous; we cannot draw any conclusions about the identity of the users. However, Facebook stores and processes your data, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data use guidelines. This allows Facebook to serve ads on Facebook pages and outside of Facebook. We as the site operator cannot influence the use of data. Facebook pixels are used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures including social media.
6. Retargeting Google
We use Google’s cross-device remarketing technologies to enable us to display targeted advertising on other websites based on your visit to our websites. Data processing is carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both their website and their advertising. When you visit our websites, it is possible that Google’s Cross-Device Remarketing technologies may retrieve recognition features for your browser or your end device (e.g. create a so-called browser fingerprint), evaluate your IP address or store a recognition feature in the form of a small data file on your end device (e.g. a so-called third-party cookie). It is also possible that Google may link and store your visit to our website with one or more of these recognition features in order to display our advertising on other pages on the Internet.The recognition features described above are designed as pseudonyms. Due to the cross-device remarketing technologies at Google, we can commission the placement of advertisements on other websites that are based on the visits on our websites. So, if you visit another website that is part of Google’s display advertising network, Google can use the recognition features to determine alternatives, and if so, which of our ads should be displayed to you. For more information on how Google Remarketing technologies work, visit https://www.google.com/policies/technologies/ads/.
If you sign in to Google services with your own credentials or use one or more of your own Google accounts, Google may link the recognition features of different browsers and devices. So, if Google has created a recognition feature for your laptop, desktop PC or smartphone or tablet, you can associate those features once you use or have used a Google service with your sign-in information. In this way, Google can also play our advertising campaigns beyond end devices in a targeted manner. However, Google will only do this if you have agreed to this data processing in the past. You have the option of making settings for advertising. You can object to this form of advertising at any time. To do so, please visit https://support.google.com/ads/answer/2662922 and deactivate personalized advertising. Please note that these settings may not affect all devices and browsers.
7. Google AdWords (as of 24 July, 2018 Ads) and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). In the context of Google AdWords, we use the so-called Conversion Tracking. When you click on an ad served by Google, a cookie is placed for conversion tracking. Cookies are small data files that the Internet browser places on a user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and Clever Reach can recognize that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by simply deactivating the Google Conversion Tracking cookie via your Internet browser under User Settings. You are then not included in the conversion tracking statistics.
This website uses the Hotjar tool of the provider Hotjar Limited (Hotjar Ltd.), Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta, to analyze the use of our offers. Hotjar provides a variety of options such as heat maps, visitor recordings, funnel and form analytics, feedback polls, surveys, and recruiters (for more information, please visit https://www.hotjar.com/).
Hotjar is a complete analytics-and-feedback tool that provides both online behavior analytics and feedback from website visitors. By combining both A) analytics and B) feedback, Hotjar gives us a “big picture” of how to improve our website user experience and performance. In doing so, the analytics tool allows us to monitor user behavior (what users are doing), while the feedback tool allows us to hear what users are saying (user voice). By doing so, Hotjar allows us to analyze and understand the behavior patterns of our website visitors and customers on our web presences with the help of using analytics and feedback. The sole purpose of the data collection is to improve the functionality of the website and the overall user experience of users and customers.
As part of the use of Hotjar, data may be processed such as the IP address (stored in anonymized form), screen resolution, device type (unique device identifiers), operating system, browser, geographic location (country only), language preferred to view our website, mouse movements, keystrokes, referral URL and domain, web pages visited and date and time when the web pages were visited. In order to work properly, Hotjar sets cookies in your browser.
These have different lifetimes; some remain stored for up to 365 days, some only during the current website visit (see: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information).
The processing of data is based on your consent according to Art. 6 (1) (a) GDPR or Art. 15 (3) TMG, if you have given your consent via our banner. You can revoke your consent via the banner (by clicking on “Cookie settings” in the footer) at any time. The information generated and processed by cookies and, if applicable, integrated script of the service about your use of this website is usually transmitted to a Hotjar server in Ireland (European Union) and stored there (https://help.hotjar.com/hc/en-us/articles/115011639887-Data-Safety-Privacy-Security#FAQ_1).
As data processing may also take place outside the EU or EEA (through the use of subcontractors), please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having any legal recourse. If you give your consent, the transfer to a third country will be based on Art. 49 (1) (a) GDPR.
We have also entered into a contract for commissioned processing with Hotjar Limited in accordance with Art. 28 GDPR, in which the provider undertakes to make appropriate and legally binding contractual arrangements and to take control measures to ensure data protection and data security when using subcontractors and under which data transfers to third countries take place under EU standard data protection clauses. The processor will also use all information strictly for the purpose of analyzing the use of our website and user-related behavior for us.
For more information on data protection at Hotjar, see: https://www.hotjar.com/privacy/.
9. Bing Ads
This website uses Bing Ads, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA – Bing Ads Conversion Tracking. When you click on one of our ads on Bing or on selected Bing network sites, a temporary cookie is placed on your computer. When you now reach one of our conversion pages – recognizable for Microsoft Bing and us – we know that you have previously clicked on the ad. This is used to create conversion statistics, i.e. to record how many users reach a conversion page after clicking on an ad, i.e. to complete an order process. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this – for example using a browser setting that generally deactivates the automatic setting of cookies. The use of Bing Ads is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both their website and their advertising.
If you do not want Facebook to associate your visit to our pages with your Facebook account, please log out of your Facebook account.The Facebook plugins are used on the basis of Art. 6 (1) (f) GDPR. The website operator has a justified interest in the widest possible visibility in social media.
12. Explanation of safety measures
To protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. We use encryption on our pages. Your information is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You know this by the fact that the lock symbol is closed in the status bar of your browser and the address line starts with https://.
13. Rights of the data subject
When processing your personal data, GDPR grants you as a website user certain rights:
1. Right of access by the data subject (Art. 15 GDPR):
You have the right to obtain from the controller confirmation as to whether personal data concerning you are being processed; if this is the case, you have a right to access this personal data and to all information specified in Art. 15 GDPR.
2. Right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to request the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data. You also have the right to obtain the immediate erasure of personal data concerning you if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.
3. Right to restriction of processing (Art. 18 GDPR):
You have the right to request a restriction on processing if one of the conditions set out in Article 18 GDPR applies, e.g. if you have lodged an objection to processing, for the duration of any examination.
4. Right to data portability (Art. 20 GDPR):
In certain cases, which are listed in Article 20 of GDPR, you have the right to receive personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.
5. Right to object (Art. 21 DSGVO):
If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing to protect legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process your personal data unless there are demonstrably compelling reasons worthy of protection for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
6. Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right of appeal to a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right of appeal may be exercised in particular before a supervisory authority in the Member State where you are staying, working or suspected of infringing.
14. Contact details of the data protection officer
Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection:
Dr. Uwe Schläger
datenschutz nord GmbH
Phone: +49 421/696632-0
15. Newsletter on request
On our website we offer you the possibility to subscribe to our newsletter. If you have given us separate consent to inform you by email about our own products and services, they will be processed in accordance with Art. 6 (1) (a) GDPR. By subscribing to our newsletter, you agree that we monitor your clicking and opening behavior in order to create an optimal offer of our newsletter for you. If we process your personal data on the basis of your consent, you can withdraw your consent at any time without this affecting the legality of the processing carried out so far. If the consent is revoked, we will stop processing your data.
If you no longer wish to receive our newsletter, you can simply unsubscribe at any time, e.g. by emailing firstname.lastname@example.org or via the link to unsubscribe from the newsletter that you will find in every newsletter email. Your data we need for sending you our newsletter will be deleted within 3 months after the newsletter has last been received, provided that the erasure does not conflict with any statutory retention obligations.
16. Contact & Support Form
You can contact us via web forms. To use our contact form, we usually only need your email address. You can provide further information, but you do not have to. By submitting the respective form, you agree that the data you provide will be electronically recorded and stored for up to 6 years. In the contractual relationship, the legal basis of the processing is Art. 6 (1) (b) GDPR, otherwise Art. 6 (1) (f) GDPR. The web page operator has a justified interest to lead your exchange and to process your inquiry appropriately. In this respect, we use your data exclusively for processing your inquiry.
To process your support or contact request, we use the Zendesk software solution provided by Zendesk Inc, 1019 Market St, San Francisco, CA 94103, USA. Your data will be processed on servers hosted by Zendesk exclusively in the USA and within the scope of the GDPR. We have also concluded data protection agreements with Zendesk (in accordance with the EU standard data protection clauses, among others), by which we oblige the provider to process our customers’ data strictly in accordance with their instructions, to protect it and not to pass it on to third parties. Zendesk Inc. takes further technical precautions to protect personal data. Personal data will not be transferred to third parties in the sense of Art. 4 (10) GDPR.
17. Account registration to use our software
To use our CleverReach software for free, you need to register first. For account registration we collect your email address on the basis of Art. 6 (1) (b) GDPR. We will store your data until you object to its storage by email to email@example.com in which you wish to delete your account. If there are no legal retention periods, your data will be deleted within 10 days after you have entered your objection.
You can use a free account if we may send you regular email account reports, news & product information in return. The CleverReach GmbH & Co. KG will use your data exclusively for the aforementioned purpose and will not pass it on to third parties. You can unsubscribe from the newsletter in any email or object to the storage of your data by email to firstname.lastname@example.org and request that we delete your data at any time, provided that the erasure does not conflict with any legal storage obligations.
18. Paid use
If you want to use our CleverReach software as a paid version, you have to register first. We store and use your personal data, which you transmit in the course of the registration or an order process, on the basis of Art. 6 (1) (b) GDPR exclusively for the processing of your orders. We will use your email address to inform you about the status of your order or to send you the respective receipts. We also offer you to send you account reports and news & product information by email.
If after the conclusion of a chargeable contract there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization), this data is required for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, PayPal, direct debiting) are made exclusively via an encrypted SSL or TLS connection.In the case of encrypted communication, your payment data you transmit to us cannot be read by third parties. We may transfer data to other responsible parties (such as PayPal (Europe) or Mollie B.V.) who are necessary payment service providers for the secure execution of the payment.
19. Applications, in particular via HCM4all
We process your data within the scope of applicant management for the purpose of deciding on establishing an employment relationship on the basis of § 26 of the Federal Data Protection Act (BDSG). We process the data you provide in the course of your (online) application exclusively for the purpose of selecting applicants. Data will not be processed for other purposes.
You yourself determine the scope of data that you would like to submit as part of your application. Applications are transmitted electronically to our Human Resources Department where they are processed as quickly as possible. Applications are forwarded to the heads of the relevant specialist departments in our company. Beyond that, your data will not be passed on. our information will be treated confidentially in our company. If your application is unsuccessful, your documents will be deleted after 6 months.
With your express consent, we will store your data for an additional 24 months in our applicant or talent pool to consider it in future job advertisements.
The talent pool is managed by the entire Ashampoo group of companies that consists of the following companies:
– Ashampoo GmbH & Co. KG
– Ashampoo Systems GmbH & Co. KG
– CleverReach GmbH & Co. KG
In case your application is considered for another vacant position at the Ashampoo group of companies, we will forward your application documents to the respective department and contact you by phone or e-mail if necessary. Your data will be processed based on art. 6 para. 1 lit. a, 7 GDPR in connection with § 26 paragraph 2 German Federal Data Protection Act. Your declaration of consent includes the processing of all data that you have made available to us within the scope of the application procedure. In addition, data that was necessary to process the application (correspondence, handwritten notes from job interviews, etc.) will also be processed and stored. Additionally, we may process job-related information made publicly available by you, such as a profile on business-related social media networks or online job portals.
Your data is only accessible to selected employees within the Ashampoo group of companies who are involved in filling vacant positions. Your data will only be passed on within the Ashampoo group of companies to the extent necessary for the application process. Your data will not be passed on to third parties or used for other purposes.
Unless you revoke your consent to the processing of your data in the talent pool, your data will be completely deleted after 24 months at the latest. You will not be informed about the deletion of your data.
You can revoke your consent informally at any time, e.g. by sending an e-mail to email@example.com.
We use the software solution HCM4all GmbH, Trogerstraße 48, 81675 Munich, Germany, to carry out the application management. We have also concluded appropriate data protection agreements with HCM4all (including the EU standard data protection clauses), by which we oblige the provider to process our applicants’ data strictly in accordance with instructions, to protect them and not to pass them on to third parties. HCM4all takes further technical precautions to protect personal data. A transfer of personal data to third parties in terms of Art. 4 (10) GDPR does not take place.
20. YouTube videos
Our website uses plugins from Google’s YouTube site. This website is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. Furthermore, Youtube can store various cookies on your end device. With the help of these cookies, Youtube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your terminal until you delete them.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Further information on how user data is handled can be found in YouTube’s data protection declaration at: https://policies.google.com/privacy?hl=en.
21. Google reCAPTCHA
22. Online Seminars
If you would like to take part in our voluntary online seminars, a separate registration is required. For the online seminar registration, we collect your email address, first and last name on the basis of Art. 6 (1) (b) GDPR. Your data will be stored for 12 months (after the last registration) or until you object to the storage by sending an email to firstname.lastname@example.org and wish to delete your data. If there are no legal retention periods, your data will be deleted within 10 days after discussion of the revocation.
To conduct the online seminars we use the GoToWebinar software solution provided by LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. Your data is processed on servers hosted by LogMeIn solely in the USA and within the scope of the GDPR. We have also entered into data protection agreements with LogMeIn (including the EU standard data protection clauses), in which we oblige the provider to process our customers’ data strictly in accordance with their instructions, to protect it and not to pass it on to third parties. LogMeIn Limited takes additional technical precautions to protect personal information. Personal data is not transferred to third parties in accordance with Art. 4 (10) GDPR.