1. General information on the processing of personal data
1. Protecting your personal data (“Data”) is particularly important to us. Therefore, we hereby wish to inform you in detail which Data are processed when you use our websites and services (“Data Processing Activities”).
2. In accordance with Art. 4 Nr. 7 of the General Data Protection Regulation (“GDPR”), the controller is:
CA Customer Alliance GmbH
Ullsteinstr. 130 | Turm B
Telephone: +49 (0)30 762 890 00
(hereinafter: “Customer Alliance”). More detailed information can be found in our imprint.
You can reach our data protection officer at firstname.lastname@example.org or by written mail to our address with the addition “der Datenschutzbeauftragte”.
Certificates of Data Protection Officer (Hans-Christian Widegreen)
2. Data Processing Activities when visiting our websites
1. If you use our websites for informational purposes only, i. e. if you do not register, leave ratings or otherwise provide us with information, we only collect the personal Data that your browser transmits to our server. If you wish to view our websites, we collect the following Data, which are technically necessary in order for us to display our websites to you and to guarantee stability and security:
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific site/page),
- Access status/HTTP-status code,
- Respective data amount transferred,
- Website that the request is coming from,
- Server Log Files,
- Operating system and its interface
- Language and version of the browser software.
2. The legal basis is Art. 6 Para. 1 Sent. 1 lit. f. GDPR and the Data are saved only for the duration of your visit.
1. In addition to the aforementioned Data, cookies are saved to your device when you use our websites. Cookies are small text files which are saved on your hard drive in association to the browser you are using and via which information is sent to us. Cookies cannot be used to launch programs or to transfer viruses to your device. They serve to make your internet experience more user-friendly and effective. The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR.
2. You can configure your browser settings to meet your preferences, for instance by refusing to accept cookies. We do point out that you may not be able to use all of the functions and features of our websites.
3.1 Cookies created by Customer Alliance
1. Our websites use transient cookies and persistent cookies:
- Transient cookies are automatically deleted when you shut your browser or when you log out. They include session cookies. Session cookies save a so-called session-ID via which different queries from your browser can be assigned to the same session. This allows your device to be recognized when you return to our website. Session cookies are deleted when you log out.
- Persistent cookies are automatically deleted after a predetermined period of time that can differ from cookie to cookie. You can delete the cookies in the security settings of your browser at any time.
3.2 Google Analytics
2. If IP-anonymization is activated, Google shortens your IP-address within member states of the European Union and other parties to the Agreement on the European Economic Area. Only in exceptional cases the full IP-address is transmitted to a Google server in the USA and shortened there. IP-anonymization is activated on our web service. Upon our request, Google shall use this information to analyse the use of our websites, to compile activity reports and to provide us with other services related to the use of our websites and the internet.
3. According to Google, the IP-address that your browser passes on to Google Analytics is not combined with any other Google data. You can prevent that cookies are saved by changing the appropriate settings in your browser software (see No. 2.2, Para. 3). Moreover, you can prevent Google from capturing and subsequently processing the Data generated by the cookie and which refer to your usage (including your IP-address) by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout.
1. Your contact information, as well as other information you provide to us, are processed for us on the servers of our service provider HubSpot. We reserve the right to use this information to contact visitors of our websites via mail or telephone and to ascertain which of the services that our company provides are interesting for them.
2. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, One Dockland Central, Dublin 1, Ireland, telephone: +353 1 5187500.
3. If you use our contact form, we record, through HubSpot, those data that you provide us with. Exclusively those personal Data are processed that you provide in the course of registration and interaction. These Data include, in particular, your contact information, such as your name, e-mail address, company name, address and telephone number. Your personal Data also include such further information pertaining to you that is publicly available on the internet and that is aggregated by HubSpot.
4. Moreover, we also use HubSpot to record navigation information in order to analyse and subsequently improve usage of our web services. This concerns Data that pertain to your computer and your visit to our website, in particular your IP-address, your location or whereabouts, the browser you are using, the duration of your visit and the pages you open.
We use Calendly.com – a service provided by Calendly Inc., 1315 Peachtree St NE, Atlanta, GA 30309, USA – to schedule appointments online. This site provides an external platform for scheduling appointments. Appointment scheduling is integrated in the source code of our website via a script. By using the appointment scheduler, you automatically use the services of Calendly.com. The Data transmitted there serve security and documentation purposes. The Data collected include: name, IP-address at the time the appointment is arranged, arranged date and arranged time. These Data are not shared with third parties and are only used for the purpose of administering and organising the appointments and for internal statistics. By using the appointment scheduler, you confirm that you agree to this. More information on Calendly.com is available here.
3.5 Facebook, Custom Audiences and Facebook-Marketing-Services
1. Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, we use the so-called “Facebook-Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
2. Facebook is certified under the Privacy-Shield Framework and thus guarantees adherence to European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
3. On the one hand, the Facebook-Pixel enables Facebook to identify users of our online services as the target group for the display of advertisements (so-called “Facebook-Ads”). Accordingly, we use the Facebook-Pixel to ensure as far as possible that the Facebook-Ads we have placed are only displayed to those Facebook-Users who have expressed an interest in our online services or who exhibit certain criteria or attributes (f. ex. interests in certain topics or products as ascertained based on the websites the user has visited) that we transmit to Facebook (so-called “Custom Audiences”). By using the Facebook-Pixel, we furthermore aim to ensure that our Facebook-Ads correspond to the potential interests of the users and do not come across as disturbing, harassing or annoying. Moreover, using the Facebook-Pixel helps us to understand the effectiveness of Facebook-Ads for statistical and market research purposes in that we can see whether users are directed to our website after clicking on a Facebook-Ad (so-called “Conversion”).
4. The Facebook-Pixel is immediately integrated when one of our web pages is opened, and can store a so-called cookie on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online service is assigned to your profile. The Data collected which pertain to you are anonymous to us, and thus do not allow us to infer the identity of users. The Data are, however, stored and processed by Facebook, so that they could be linked to the respective user profile and used by Facebook or for our own market research and advertising purposes. In the event that we should transfer Data to Facebook for matching purposes, such Data are locally encrypted by the browser and are only then transferred to Facebook via a secure https-connection. This is done solely for the purpose of making a comparison with the Data that have likewise been encrypted by Facebook.
5. Facebook processes the Data in accordance with Facebook’s Data Usage Policy. Corresponding general information on the display of Facebook-Ads, in Facebook’s Data Usage Policy: https://www.facebook.com/policy.php. Special information and details on the Facebook-Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
6. You may opt out of your Data being collected by the Facebook-Pixel and used to display Facebook-Ads. In order to customize which types of advertisements are displayed for you within Facebook, you can open the respective page provided by Facebook and follow the instructions for setting up use-based advertising: https://www.facebook.com/settings?tab=ads. These settings apply irrespective of platforms, i. e. they are applied for all devices, for instance desktop computers or mobile devices.
3.6 LinkedIn Conversion-Tracking
4. Data Processing Activities when you contact us
When you contact us via E-mail, telephone or a contact form, we process the Data you provide (f. ex. E-mail address, name and/or telephone number) in order to respond to your questions or to process your requests. The Data you provide can be stored in our Customer Relationship Management System (“CRM System”) or comparable query organization. The consent you give in the course of contacting us provides the legal basis for such data processing activities (Art. 6 Para. 1 lit. b) GDPR).
5. Data Processing Activities in the context of leaving, analysing and presenting reviews
5.1 Feedback requests
1. When you are approached by Customer Alliance with a request to leave a review, the Data that Customer Alliance processes stem from a contractual partner of Customer Alliance who is currently providing you with services and who provided you with services immediately prior to you being approached by Customer Alliance. For the purpose of feedback requests, Customer Alliance is entrusted with your master and contact data as well as general information relevant for the performance of services, which are processed for feedback requests.
2. The legal basis is Art. 6 Para. 1 Sent. 1 lit. f. GDPR. We require these Data in order to request feedback.
5.2 Leaving reviews
If you leave a review, Customer Alliance processes name, age, gender and type of journey, insofar as you provide such information, along with the IP-address, the browser type, the browser version and the type and model of device used, in order to generate and process a review. The legal basis is provided by Art. 6 Para. 1 Sent. 1 lit. b. and f. GDPR.
5.3 Analysis and presentation of reviews
The analysis and presentation of reviews can contain information pertaining to the reviewer (f. ex. age, profile picture or type of journey) and the review source. The aggregated Data are obtained from both own and publicly accessible sources. The legal basis is provided by Art. 6 Para. 1 Sent. 1 lit. f. GDPR. This allows us to improve the quality of reviews.
6. Data Processing Activities during the performance of contract
1. If you register with us and create and use a user account, we process your master, contact and payment data as well as your communication, access and contract data in order to fulfil, process and invoice the contractual services. Your master, contact and payment data are necessary for the conclusion of the contract. Without them, the contract cannot be concluded. For the aforementioned purpose, your Data may be transferred to service providers who support us with our business and who we have of course selected with the utmost care and diligence. Such service providers include, in particular, providers of technical services who support us in rendering our services.
2. The existing contractual relationship constitutes the legal basis (Art. 6 Para. 1 Sent. 1 lit. b. GDPR).
7. Other Data Processing Activities
1. Should you have given your consent to receive our promotions (newsletters, SMS, E-mail, by post, etc.), we shall use your personal data to inform you of our offers via the respective means of communication. Should you have agreed to being approached in a promotional manner by third parties, we surrender the necessary data to these third parties in order to enable them to inform you of their offers. You can retract your approval of being approached in a promotional manner at any time.
2. We reserve the right to use your data in order to contact you should our services undergo or have undergone important changes or developments.
8. Your rights
1. You have the following rights in relation to us with regard to the personal data concerning you:
- Right of access (Art. 15 GDPR),
- Right to rectification and erasure (Art. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
2. Furthermore, you have the right to complain to a supervisory authority for data protection about the processing of your Data by us.
3. We would like to point out that any possible consent you have given pertaining to data protection can be revoked at any time, effective immediately. The same applies when you have given consent to be approached in a promotional manner. To do so, please contact us informally via e-mail at: email@example.com. Such revocation can result in our services no longer being available at all, or only with restrictions.
9. Data erasure, storage period
1. The Data we store shall be deleted as soon as they are no longer needed for the purpose for which they are being stored and the law does not prescribe a statutory duty for the Data to be retained. In the event that user Data are not deleted on grounds that they are still required for other or legally admissible reasons, their processing shall be restricted. This means that the Data shall be blocked and shall not be processed for other purposes. This applies, for instance, for user Data that have to be kept for reasons pertaining to trade or tax law.
2. In accordance with the pertinent legal provisions, such data shall be stored for 6 years pursuant to Section 257 Para. 1 German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and 10 years pursuant to Section 147 Para. 1 of the German Fiscal Code (accounts, records, situation reports, accounting records, trade or business letters, documents relevant for taxation, etc.).
10. Transmission of Data to third parties and third party providers
1. Data are only transmitted to third parties in a manner that is in compliance with the applicable statutory provisions. We only transmit user Data to third parties if, for example, doing so is necessary for contractual purposes pursuant to Article 6 Para. 1 lit. b. GDPR or on the basis of legitimate interests in economic and effective business operation within the meaning of Art. 6 Para. 1 lit. f. GDPR.
2. In the event that we employ subcontractors in order to provide our services, we shall take appropriate legal precautions and corresponding technical and organisational measures in order to ensure that your personal Data are protected in accordance with the applicable statutory provisions.
3. In case contents, tools or other means of third parties (hereinafter jointly referred to as “Third Party Providers”) are used in the framework of this privacy statement and the stated registered offices of those Third Party Providers are situated in a third country, it should be assumed that Data are transferred to the countries in which the Third Party Providers have their registered offices. Third countries are to be understood as such countries in which the GDPR does not constitute directly applicable law, i. e. in general countries outside of the EU or the European Economic Area. Data are only transferred to third countries if an adequate level of data protection is ensured, the user has given explicit consent or the law provides another form permission for such a transfer.
11. Final provisions
1.We employ technical and organizational security measures to protect the Data we have gathered, especially against accidental or deliberate manipulation, loss, destruction or attack by unauthorized persons. Our security measures are subject to continuous improvement in line with technological advances and development.