Beprino AI Marketing Services

Privacy Policy

General Section

Overview of Data Protection

Article 12 of the General Data Protection Regulation (GDPR) requires us to inform you in a precise, transparent, understandable, and easily accessible way, and in clear and simple language, about how we process your data. We aim to contribute to this requirement honestly and have summarized our privacy policy as follows. The details are provided under this summary:

Processing Activities: Any tools/processing activities that may be used

Processing activities required for the fulfillment of contracts: Contact form, PayPal, Stripe, Copecart, Zoom, Webinarjam, Everwebinar, internal login area, Klick-Tipp (for contract fulfillment), Zapier (for contract fulfillment), Intercom (for contract fulfillment), Sendgrid (for contract fulfillment)

Processing activities that require your consent: Google Analytics, Google Tag Manager, Hotjar (as an analysis tool), Social networks with advertising tools (Facebook, Instagram, LinkedIn), Klick-Tipp (for marketing automation), Zapier (for marketing automation), YouTube, Vimeo, Google Ads, Google Remarketing

Processing activities based on our legitimate interests: Transient cookies, rights management (with external counsel)

Processing activities involving automated decision-making, including profiling: No such processing takes place.

Target Audience

This privacy policy applies to all individuals who visit our website. All gender references include male, female, and diverse individuals and language forms, and are always understood to include “(m/f/d).”

Data Controller

The data controller according to Article 4, Section 7 of the GDPR, for the processing of personal data of visitors to this website is:
Beprino LLC
30 N Gould St Ste R
Sheridan, WY 82801
Email: support@beprino.com

Rights of Website Visitors

Visitors have several rights regarding their personal data processed under the GDPR, including:

The right to access stored personal data,

The right to correct inaccurate stored personal data,

The right to delete personal data if there is no legal basis for its further storage,

The right to restrict the processing of stored personal data,

The right to data portability,

The right to lodge a complaint with the relevant data protection authority.

If the conditions for these rights are met and we can identify you, we will promptly fulfill your requests.

Processing Activities Involving Automated Decision-Making, Including Profiling

If we mention tools and/or processing situations in the last row of the above table (“Overview of Data Protection”) in the line “Processing activities involving automated decision-making, including profiling,” this means that we exceptionally use a special form of data processing with these tools/processing situations. In this context, we would like to inform you of the following:
The special form of processing is called automated decision-making. These are decisions based solely on automated processing that significantly affect you legally or otherwise (e.g., decision about entering into a contract). Such processing also includes “profiling,” which consists of any form of automated processing of personal data that evaluates personal aspects relating to an individual, especially to analyze or predict aspects concerning work performance, economic situation, health, personal preferences or interests, reliability or behavior, location, or movements of the person concerned, insofar as it has legal effects on the affected person or significantly impacts them in a similar way.
In principle, such processing activities are prohibited (cf. Article 22, Section 1 of the GDPR), although there are exceptions to this prohibition. If we rely on exceptions, we explain them in our privacy information for individuals with whom we make contractual decisions, typically customers and/or suppliers. We refer to this explanation.
If we refer in the following statement to the fact that you have consented to the transfer to a third-country location, this means that you have been informed of all possible risks of such transfers, for which there is no adequacy decision or other guarantees, and have nonetheless consented to the data transfer. This guarantee then follows from Article 49, Section 1, Letter a of the GDPR. For transparency reasons, we describe the corresponding risks in a separate section.
This notice is provided as a precaution. It applies only if we refer to it in the following statement. It is also possible that we may not make use of it.

Special Case: EU Standard Contractual Clauses and Third-Country Locations Based in the USA

In addition to the details under “Data Transfer to Locations Outside the European Union” — Section 3, we would like to inform you of a special case. For transfers to third-country locations based in the USA, the possibility of relying on the EU Standard Contractual Clauses is limited. Therefore, if we intend to rely on the EU Standard Contractual Clauses in this context (or are already doing so), we point out the following:
We will only rely on the EU Standard Contractual Clauses for the transfer of personal data to third-country locations in the USA if we have conducted a thorough assessment of the facts associated with the transfer. This involves first assessing a risk level (type and, in particular, sensitivity of the affected data, scope of data processing, purpose of data processing, vulnerability to misuse). We then examine whether the contractual commitments of the third-country location in the USA, as well as the technical and organizational measures taken there (e.g., data processing exclusively in EU-based data centers, encryption technology), adequately mitigate the previously identified risks. Only if we conclude that the EU Standard Contractual Clauses provide an adequate guarantee in this exceptional case with a US-based third-country location will we rely on them.
This notice is provided as a precaution. It applies only if we refer to it in the following statement. It is also possible that we may not make use of it.

Special Case: Consent to Transfer to Third-Country Locations Based in the USA, Including Risk Notices

In addition to the details under “Data Transfer to Locations Outside the European Union” — Section 4, we would like to inform you of another special case. For transfers to third-country locations based in the USA, the possibility of relying on the EU Standard Contractual Clauses is limited. Therefore, in some cases, we may only have the option to request your consent for such transfers. However, before you give this consent, we ask you to take note of the following risks and consider them when deciding whether to consent:
We strongly emphasize that data transfers to the USA without the protection of an adequacy decision may involve significant risks. In particular, please take note of the following risks:

In the USA, there is no uniform data protection law; certainly not one comparable to the data protection laws in force in the EU. This means that both US companies and government agencies have more opportunities to process your personal data, particularly for advertising purposes, profiling, and conducting (criminal) investigations. Our ability to take action against such practices is significantly limited.

The US legislature has granted itself numerous access rights to your personal data (see, for example, Section 702 of FISA or E.O. 12333 in conjunction with PPD-28), which are incompatible with our legal principles. In particular, there is no proportionality test comparable to that required in the European Union before access is granted.

Citizens of the European Union cannot expect effective legal protection in the USA.

As a rule, we will only ask for such consent if we have concluded that the third-country entity in the USA cannot successfully rely on EU Standard Contractual Clauses.
We make this statement merely as a precaution. It only applies if we refer to it in the following statement. It is also possible that we may not make use of it.

Notice Regarding Legal Processing Obligation

A legal obligation to process data exists only if we refer to Article 6(1)(c) GDPR in the following privacy statement.

Processing Activities Necessary for Contract Fulfillment (Primary Legal Basis: Article 6(1)(b) GDPR)

General Information on Purpose and Legal Basis of the Processing Activities Described Below

The purpose of the processing activities described below is the establishment, execution, and termination of contracts, as well as the defense against claims on your part that are directly or indirectly related to the respective contract.
Insofar as the processing aims at the establishment, execution, or termination of contracts, Article 6(1)(b) GDPR is the legal basis for processing your personal data. According to this provision, the processing of your personal data is permissible without your consent if it is necessary for the fulfillment of a contract to which you are a party or for the implementation of pre-contractual measures carried out at your request.
Insofar as the processing aims to defend against claims from you that are directly or indirectly related to the respective contract, Article 6(1)(f) GDPR is an additional legal basis alongside Article 6(1)(b) GDPR. Our legitimate interest in this respect arises from our right to defend ourselves against claims on your part.
Only if we process your data on this website in your capacity as an applicant or as a current or former employee, Article 88 GDPR in conjunction with Section 26(1) BDSG2018 is the legal basis. According to this provision, the processing of your personal employment data (including your applicant data) is permissible without your consent if it is necessary for the fulfillment of an employment contract to which you are a party or for the implementation of pre-contractual measures.
In cases where we refer to Article 6(1)(f) GDPR, you have the right to object to the processing, which will lead to the termination of processing based on this legal basis if the objection is justified. And as long as we do not expressly refer to Article 6(1)(c) GDPR, there is no obligation to process.

General Information on the Retention Period Regarding Data in the Following Processing Activities

We retain data as long as it is necessary to establish, perform, possibly terminate the contract, and/or defend ourselves against claims from you that are directly or indirectly related to the respective contract.
If a contractual relationship is established between us, we will additionally retain the data until the expiration of our statutory retention periods. The legal basis for this is Article 6(1)(c) GDPR in conjunction with Section 147 of the German Fiscal Code (AO), Section 257 of the German Commercial Code (HGB). According to these provisions, some of the aforementioned data must be retained even beyond the achievement of the purpose. Thus, we may be required to:

Retain personal data relating to you that arises from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325(2a) HGB, consolidated financial statements, management reports and group management reports, opening balances, accounting records, documents under Article 15(1) and Article 163 of the Union Customs Code, commercial books, as well as the working instructions and other organizational documents required for their understanding, for ten years, with the retention period generally beginning at the end of the calendar year in which the relevant document was created (Article 6(1)(c) GDPR in conjunction with Section 147 AO and/or Section 257 HGB).

Data related to you that originates from received commercial or business letters, from reproductions of received commercial or business letters, as well as from other documents relevant for tax purposes, will be retained for six years, with the retention period generally beginning at the end of the calendar year in which the respective document was created (Article 6(1)(c) GDPR in conjunction with Section 147 AO and/or Section 257 HGB).

If we process your data in your role as an applicant on this website, we generally retain the data until a final decision regarding your application is made and:

In the case of a rejection, for an additional six months after the rejection, with the legal basis for the six-month retention being Article 6(1)(f) GDPR, and our legitimate interest arising from the right to defend against complaints under the German General Equal Treatment Act (AGG) (see Section 15(4) AGG).

If we ask you if you would like to be included in our applicant pool and you agree, until the time you withdraw your consent, with the legal basis for this retention being your consent in accordance with Article 88 GDPR in conjunction with Section 26(2) BDSG2018.

In the cases of Paragraph 3, Numbers 1 and 2, we reserve the right to retain the data; however, this privacy policy does not establish an obligation for retention.
In cases where we refer to Article 6(1)(f) GDPR, you have the right to object to the processing, which will lead to the termination of processing based on this legal basis if the objection is justified. And as long as we do not expressly refer to Article 6(1)(c) GDPR, there is no obligation to process.

The Use of PayPal

We use the following provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 (Luxembourg), Email: impressum@paypal.com, which provides us with the payment service "PayPal." We would like to briefly describe this processing activity: Before you use this payment service, you must create your own account with this provider. To do so, you provide the provider with the necessary information. If you then come across service providers (like us) who accept payment through this payment service, you authorize this provider either to credit us with the money deposited in your account with this payment service or the money this payment service collects by direct debit from your bank account. This is done by redirecting you from our website to the provider's website, where you will need to identify yourself and authorize the payment through various security procedures. In this process, the provider naturally obtains information about your purchasing behavior. Thus, the provider is not acting as our processor but as your payment service provider. You can find the provider's privacy policy here.
In this context, we generally process the following data about you:

We document through this provider that you use it and

the amount, the timing, and that you make a payment,

personal data and account information necessary to execute the transaction,

personal data needed to resolve conflicts and to check and prevent fraud.

We receive the information about the mentioned data from the provider. More details on the nature and method of processing can be found here and under the heading "Product Purchase and/or Service Booking" in this Privacy Policy.

Stripe

We use the following provider here: Stripe Payments Europe, Ltd., based in Ireland. Stripe Payments Europe, Ltd. is a subsidiary of Stripe, Inc., based in the USA. Stripe Payments Europe, Ltd. is subject to European data protection law. Information about data protection at Stripe can be found here. Furthermore, we have placed great importance on ensuring that Stripe Payments Europe, Ltd. meets the highest security standards and can at least provide certification under the Payment Card Industry Data Security Standard (PCI-DSS). According to our review, the provider meets these requirements. A description of Stripe's security measures can be found here. Proof of PCI-DSS certification can be found here. Additionally, we have contractually bound Stripe in accordance with Article 28 GDPR.
In this context, we generally process the following data about you:

We document that you use this provider, as well as

the amount, timing, and confirmation of your payment,

personal data and account information necessary to execute the transaction,

personal data required for resolving conflicts and for fraud detection and prevention.

We receive the information about the mentioned data from the provider. More details on the nature and method of processing can be found at the above links.

Copecart

We use the following provider here: CopeCart GmbH, Berlin (Germany), which provides the "Copecart" tool we use. We briefly describe this processing activity: When you order access to our products, there is the possibility that you will land on a Copecart landing page. We have tasked this provider with support in displaying the landing page and with establishing, executing (especially the payment process), and concluding the contract for our products in accordance with Article 28 GDPR. The provider’s privacy policy can be found here.
In this context, we generally process the following data about you: The data you provided during communication for the initiation, execution, and termination of the obligation relationship, particularly order and billing data. More details on the nature and method of processing can be found here and under the heading "Product Purchase and/or Service Booking" in this Privacy Policy.

The Use of Zoom

We use the following provider here: Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113 (USA), additional contact option here. We briefly describe this processing activity: You can register on our website for one of our webinars or otherwise communicate with us via video conference. All necessary steps associated with this, from initiation, execution, to follow-up of the webinar, are conducted through this provider. The provider receives your data as soon as you register for the webinar on our website, or at the latest when you participate in the webinar. We process the data that the provider makes available to us for the purpose of establishing, executing, and terminating this contract solely for these purposes. We have engaged this provider according to Article 28 GDPR. The provider's privacy policy can be found here.
In this context, we generally process the following data about you: We document, through this provider, all data that you disclose when registering for and participating in the respective webinar. More details on the nature and method of processing can be found here.
The engagement of this provider is not hindered by the fact that they process data outside the EU. You can only participate in our webinar if you consent to the related data transfer to the USA (cf. Article 49 Paragraph 1 lit. a GDPR). Please make sure to read our risk notices beforehand (cf. General Section/Special Case: Consent to Transfer to Third-Country Entities Based in the USA, including Risk Notices).

The Use of Webinarjam and Everwebinar

We use the following provider here: Genesis Digital LLC, 7660 Fay Ave #H184, La Jolla, CA 92037 (USA). We briefly describe this processing activity: You can register on our website for one of our webinars or otherwise communicate with us via video conference. All necessary steps associated with this, from initiation, execution, to follow-up of the webinar, are conducted through this provider, who receives your data as soon as you register for the webinar on our website or at the latest when you participate in the webinar. We process the data that the provider makes available to us for the purpose of establishing, executing, and terminating this contract solely for these purposes. We have engaged this provider according to Article 28 GDPR. The provider's privacy policy can be found here.

Hierbei verarbeiten wir in der Regel folgende Daten von Ihnen: Wir dokumentieren über diesen Anbieter alle Daten, die Sie bei der Anmeldung und Teilnahme am jeweiligen Webinar von sich preisgeben. Nähere Informationen zur Art und Weise der Verarbeitung finden Sie hier.

Der Beauftragung steht nicht entgegen, dass der Anbieter die Daten außerhalb der EU verarbeitet. Sie können nur dann an unserem Webinar teilnehmen, wenn Sie der damit verbundenen Datenübermittlung in die USA zustimmen (vgl. Artikel 49 Absatz 1 lit. a DSGVO). Bitte lesen Sie vorher unbedingt unsere Risikohinweise (vgl. Allgemeiner Teil/ Sonderkonstellation: Einwilligung in die Übermittlung an Drittlandstellen mit Sitz in den USA, einschließlich der Risikohinweise).

In this context, we typically process the following data from you: We document all the information you disclose during registration and participation in the respective webinar through this provider. Further details on the nature of processing can be found here.
The appointment of this provider is not hindered by the fact that the provider processes data outside the EU. You can only participate in our webinar if you consent to the associated data transfer to the USA (cf. Article 49 Paragraph 1 lit. a GDPR). Please make sure to read our risk notices beforehand (cf. General Section/Special Case: Consent to Transfer to Third-Country Entities Based in the USA, including Risk Notices).

Internal Area

We briefly describe this processing activity: On our website, you have the option to register for the use of an internal area, subsequently log in, and finally log out again. When you register for the internal area, we collect the data you provide during the registration process. Within the internal area, we record your actions as necessary to provide the obligations pursued herewith. Upon logging out, we delete the data unless retention periods prevent this.
In this context, we typically process the following data from you: (1) the registration data you entered, (2) login data, (3) data on actions you perform within the log-in area, (4) status regarding logout.

Klick-Tipp (for Contract Initiation, Fulfillment, and/or Termination)

We use the following provider here: KLICK-TIPP LIMITED, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ (United Kingdom). We briefly describe this processing activity: On our website, you have the option to purchase products and/or book services from us. We manage the collection of your personal data when initiating the respective contract, the necessary communication (particularly via email) with you for contract initiation, execution, and/or termination, as well as the delivery of our products and/or services.
We have engaged this provider for the necessary processing of your personal data as per Article 28 Paragraph 3 GDPR. The provider's privacy policy can be found here.
In this context, we typically process the following data from you: (1) all contact and order data you provided, (2) payment data if applicable, (3) data on delivery, and (4) data on any rights asserted by you and our responses to them. Further information on the nature of processing can be found here.
The appointment of this provider is not hindered by the fact that it is based outside the European Union, as the provider is contractually bound by the EU Standard Contractual Clauses (Article 46 GDPR).

Intercom (for Contract Initiation, Fulfillment, and/or Termination)

We use the following provider here: Intercom, Inc., a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA. The provider's privacy policy can be found here.
We describe the processing as follows: On our website, you have the option to contact us, such as via email. All emails we receive are routed to this provider and processed by us from there. Each message is also tagged to allow us to track, for example, the number of cancellations we receive by email in a given month. Additionally, we may use this provider to send emails to you.
In this context, we typically process the following data from you: all communication content you share with us, as well as your name and email address.
The appointment of this provider is not hindered by the fact that it is based outside the European Union, as the provider has contractually committed to the EU Standard Contractual Clauses.

SendGrid (for Contract Initiation, Fulfillment, and/or Termination)

We use the following provider here: SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA. The provider's privacy policy can be found here.
We are pleased to describe the processing as follows: On our website, you have the option to contact us, for example, via email. All emails we receive are forwarded to this provider and processed by us from there. Individual messages are also tagged, allowing us to track, for example, how many cancellations we receive by email in a given month. Additionally, we may use this provider to send emails to you.
In this context, we generally process the following data from you: all communication content that you provide to us, as well as your name and email address.
The appointment of this provider is not hindered by the fact that it is based outside the European Union, as the provider has contractually committed to the EU Standard Contractual Clauses.

Zapier (for Contract Initiation, Fulfillment, and/or Termination)

We use the following provider here: Zapier Inc., 548 Market St #62411, San Francisco, California 94104 (USA), which provides the "Zapier" tool we use. We describe this processing briefly as follows: With Zapier, we can connect web apps, enabling customer and prospect data to be exchanged automatically between different applications. Here, data is exchanged through Zapier, meaning that data may also be processed there. The provider has been contracted in compliance with Article 28(3) GDPR to process your personal data as necessary for contract initiation, fulfillment, and/or termination. The provider’s privacy policy can be found here.
In this context, we typically process the following data from you: All data collected via tools we use in relation to the initiation, fulfillment, and/or termination of contracts between us and automated linking through this provider. This may generally include all data from contract initiation (often your contact information), contract fulfillment (often order and payment data), and contract termination (contract end status, service termination status). Further information on usage possibilities can be found here.
The appointment of this provider is not hindered by the fact that it is based outside the European Union, as the provider has contractually committed to the EU Standard Contractual Clauses.

Processing Activities Requiring Your Consent (Legal Basis: Article 6(1) Sentence 1 lit. a GDPR)

General Information on Purpose and Legal Basis of the Processing Activities Described Below

The purpose of the processing activities described below is specified individually for each tool. The legal basis for each data processing activity is your consent in accordance with Article 6(1) Sentence 1 lit. a GDPR. Under this regulation, the processing of your personal data is permissible if you have given your consent to the processing of data relating to you for one or more specified purposes.

General Information on Retention Periods for Data within the Processing Activities Described Below

We retain the data until you withdraw your consent. Should a contractual relationship arise between us following a processing activity based on your consent, we may retain some of your data additionally until the expiration of our statutory retention periods. The legal basis for this is Article 6(1) Sentence 1 lit. c GDPR in conjunction with Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB).
According to these regulations, some of the aforementioned data must also be retained beyond the time the purpose has been fulfilled. Thus, we may be obligated to:

Retain data related to you that arises from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325(2a) HGB, consolidated financial statements, management reports and group management reports, opening balances, accounting records, documents according to Article 15(1) and Article 163 of the Union Customs Code, business books, as well as the necessary operational instructions and other organizational documents for a period of ten years. The retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6(1) Sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB).
Retain data related to you that arises from received commercial or business letters, reproductions of received commercial or business letters, and other documents relevant for taxation purposes for a period of six years. The retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6(1) Sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 257 HGB).

Notice on Legal Basis "Consent"

If we obtain your consent for processing, you have the right to withdraw this consent at any time with future effect. Generally, this can be done by sending a simple message to us (see above "Data Controller").
Furthermore, we point out that when obtaining consent, we process additional personal data from you. This includes identity markers (such as your name, email address, IP address) as well as consent log data (time of consent, consent status, scope of consent). We base this data processing on Article 6(1) Sentence 1 lit. c GDPR in conjunction with Article 7(1) GDPR. The purpose is the necessity of having to prove your consent.
We retain identity markers and consent log data until the end of the third calendar year following the year in which you withdraw consent. The legal basis for this retention is Article 6(1) Sentence 1 lit. f GDPR, where our legitimate interest lies in being able to demonstrate, within the relevant civil limitation period, that and what you have consented to.

Additional Note on Consent for Cookie Use with a Cookie-Consent Banner

Above (in the section: "Processing Activities Requiring Your Consent (Legal Basis: Article 6(1) Sentence 1 lit. a GDPR). / Notice on Legal Basis 'Consent' / Paragraph 2), we noted that under Article 6(1) Sentence 1 lit. c GDPR, we are required to provide proof at any time that you have given consent for a particular processing of your personal data. In connection with the use of cookies, we use an external cookie consent banner tool. This tool documents your consent to cookie-based data processing on our website.

Data Processing When Using Google Analytics

To analyze your user behavior on our website, we use the following service provider and the tool specified in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are located within the European Economic Area, your data will additionally be processed by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
We are happy to briefly describe this processing activity as follows: The tool uses so-called "cookies." These are text files stored on your computer that enable an analysis of your use of the website. The provider will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage for the website operator. The provider’s privacy policy can be found here.
The purpose can be described as follows: We use this tool to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offerings and make them more interesting for you as a user. For more details on the nature of the processing by this provider, please refer here.
Typically, we process the following data from you: This tool uses so-called "cookies," which are text files stored on your computer to enable an analysis of your website usage. The information generated about your usage of this website is generally transmitted to a server of the provider in the USA and stored there. However, your IP address is truncated by the provider within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and truncated there. The IP address transmitted by your browser as part of the tool’s usage will not be merged with other data by the provider. We also use this tool for a cross-device analysis of visitor flows, conducted using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My Data," "Personal Data."
For informational purposes, we inform you that we use this tool with the "_anonymizeIp()" extension. This means that IP addresses are further processed in truncated form, thus preventing any personal identification. As soon as any personal reference can be made to the data collected about you, it is immediately excluded, and the personal data is promptly deleted.
The processing activities are not opposed by the fact that the data may be processed outside the European Union by the provider; possibly in cooperation with Google LLC. This is because the processing of your personal data via this tool only occurs if you consent to the associated data transfer to the USA (see Article 49 Paragraph 1 lit. a GDPR). Please be sure to read our risk notice beforehand (see General Section / Special Constellation: Consent to Transfer to Third-Country Entities with Headquarters in the USA, including Risk Notice).

Data Processing Using Google Tag Manager

To coordinate and execute our analysis of your user behavior on our website, as well as our advertising efforts, we use the following service provider with the tool specified in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are located within the European Economic Area, your data will also be processed by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. We are happy to briefly describe this processing activity as follows: With this tool, we can organize and simplify the integration of various codes and services on our website. This tool implements tags or triggers the tags embedded with it. When a tag is triggered, the provider may process personal data. It cannot be ruled out that the provider may also transfer the data to a server in a third country. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1.
The purpose can be described as follows: We use the tool to embed various codes and services in an organized and simplified manner on our website; this is for the purposes of analyzing user behavior and, where applicable, for advertising purposes. Further information on the nature of the processing by this provider can be found here: https://marketingplatform.google.com/intl/en/about/tag-manager/.
In this process, we generally process those data from you that we process in connection with Google analytics tools and Google advertising tools. We refer to the other statements regarding processing in which the provider assists us.
The data processing operations are also not hindered by the fact that the data may be processed outside the European Union by the provider, possibly in collaboration with Google LLC. This is because the processing of your personal data via this tool will only take place if you consent to the associated data transfer to the USA (see Article 49 Paragraph 1 lit. a GDPR). Please be sure to read our risk notice beforehand (see General Section / Special Constellation: Consent to Transfer to Third-Country Entities with Headquarters in the USA, including Risk Notice).

Data Processing Using Hotjar (as an Analysis Tool)

To analyze your user behavior on our website, we use the following service provider with the tool specified in the heading: Hotjar Ltd. ("Hotjar") 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, EU. We are happy to briefly describe this processing activity: the tool uses so-called “cookies.” These are text files that are stored on your computer and enable an analysis of your use of the website. The privacy policy of this provider can be found here: https://www.hotjar.com/legal/compliance/gdpr-commitment and here: https://help.hotjar.com/hc/en-us/sections/115003180467-Privacy-Security-and-Operations. In addition to your right to withdraw consent at any time, you can prevent data collection by Hotjar by clicking on the following link and following the instructions provided: https://www.hotjar.com/opt-out.
The purpose can be described as follows: We use this tool to analyze and continuously improve the use of our website. The statistics we gain help us improve our offering and make it more appealing to you as a user. Further details on the processing by this provider can be found here: https://www.hotjar.com/tour/.
We generally process the following data from you: The tool uses so-called “cookies.” These are text files stored on your computer that enable an analysis of your use of the website. Typically, we obtain the following information: your IP address (anonymized), the accessed subpage and time of access, the page from which you arrived on our website (referrer), information on the browser used with its plugins, operating system, screen resolution, time spent on our website, and any pages navigated to from the accessed subpage. We have anonymized your data in this process. Typically, we obtain the following information: your IP address (anonymized), the accessed subpage and time of access, the page from which you arrived on our website (referrer), information on the browser used with its plugins, operating system, screen resolution, time spent on our website, and any pages navigated to from the accessed subpage.

Data Processing Using Facebook

We use the aforementioned social media platform. Its provider is Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA. If you are outside the USA and/or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland is responsible. We have no control over the collected data or data processing procedures and are not aware of the full extent of data collection, the purposes of processing, or retention periods. Nor do we have information on data deletion by this provider. When you access our company pages, the provider may store the data it collects about you as user profiles and use it for advertising, market research, and/or to tailor its website as needed. You have the right to object to the creation of these user profiles, and to exercise this right, you must contact the provider. A privacy policy for the provider can be found here: https://www.facebook.com/policy.php.
To the extent that we are able to influence the data processing, its purpose is to present our company, analyze your user behavior in connection with your interactions with our company page, and communicate with you via this social network (potentially including advertisements).
The categories of personal data we process about you depend on the specific use of this social medium, as described in paragraph 4.
We maintain a company page on this social network and may analyze whether and how you have visited our company page there; whether and how you react to our posts on social networks; and whether and how you communicate with us via these channels. The basis for this is the consent you have granted to the provider.
In addition to our general information on the legal basis, we would like to clarify: if you yourself maintain a profile on this social medium, the legal basis is your consent in accordance with Article 6(1)(1)(a) GDPR, which you have granted to the provider of the social network. In all other cases, the legal basis is Article 6(1)(1)(f) GDPR, which allows your data to be processed if it is necessary to safeguard our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override these interests, especially if the data subject is a child. We have an economic interest in linking our company pages, which you click on voluntarily. The provider is otherwise responsible.
If and insofar as we analyze visitor interactions with our company page, we are jointly responsible with Facebook for data protection in this regard, in accordance with Article 26 GDPR. If and insofar as we contract Facebook to process data for us beyond this, we are considered the data controller in accordance with Article 28 GDPR. The data processing procedures are not hindered by the fact that data may be processed outside the European Union by the provider. This processing of your personal data through this tool only occurs if you agree to the associated data transfer to the USA (see Article 49(1)(a) GDPR). This applies to the extent that we control the data processing. Please be sure to read our risk information beforehand (see General Section/Special Constellation: Consent to Transfer to Third Country Locations in the USA, including Risk Information). If the provider controls the processing (e.g., when you visit the social network independently of an action on our website), there is no transfer by us to the USA, and we are not required to provide further assurances as per Articles 44ff. GDPR. In this case, there is only a relationship with the provider in accordance with Article 26 GDPR.

Additionally, we would like to point out the following:

We use the Facebook Pixel, which is an analytics tool designed to measure the effectiveness of advertising. Typically, it is used to understand and track user actions on a website. The Facebook Pixel is implemented by placing the pixel code in the website’s header. When someone visits the website and performs an action (such as completing a purchase), the Facebook Pixel is triggered, and the action is reported. In this way, one can see when a customer takes an action and evaluate it. There is also the option of advanced matching, which we also use and is covered by your consent. The Facebook Pixel allows customer data such as first name, last name, email address, etc., to be transmitted to Facebook and enriched with existing tracking data. This makes it possible to capture data even from non-Facebook users or users who are not logged into Facebook during their visit to a website. Thus, website visitors are tracked through Facebook even if they have deliberately blocked third-party cookies. We have engaged the provider in accordance with Article 28 GDPR. More information on the functionality and related data processing can be found here: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142

Data Processing When Using Instagram

We use the aforementioned social medium. Its provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, impressum@support.instagram.com. We have no control over the data collected and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, or storage periods. We also have no information regarding the deletion of data collected by this provider. When you visit our company pages, there is a possibility that the provider will store the data collected about you as user profiles and use them for advertising, market research, and/or to tailor its website to users’ needs. You have the right to object to the creation of these user profiles, but to exercise this right, you must contact the provider directly. The provider's privacy policy can be found here: https://help.instagram.com/519522125107875.
To the extent that we can influence data processing, its purpose is to present our company, analyze your user behavior in terms of interaction with our company page maintained there, and communicate with you via this social network (including for advertising purposes).
The categories of personal data we process about you depend on the specific use of this social medium, as described in paragraph 4.
We maintain a company page on this social network and may analyze whether and how you visit our company page there, whether and how you respond to our posts on social networks, and whether and how you communicate with us through the respective channels. This is based on the consent you have provided to this provider.
In addition to our general statements on the legal basis, we would like to add the following: If you maintain a profile on this social medium, the legal basis is your consent according to Article 6 (1) sentence 1 lit. a GDPR, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6 (1) sentence 1 lit. f GDPR, according to which your data may be processed if necessary to protect our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms, which require the protection of personal data, do not prevail, particularly if the data subject is a child. We have an economic interest in linking our company pages, whereby you independently and voluntarily click on the links. Otherwise, the provider is responsible.
If and to the extent that we analyze visitor interactions with our company page, we are jointly responsible for data protection with this provider in accordance with Article 26 GDPR. If and to the extent that we commission this provider to further process data for us, we are a controller within the meaning of Article 28 GDPR. The data processing operations are not precluded even if the data is processed outside the European Union by the provider, potentially in collaboration with Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA. This processing of your personal data through this tool only occurs if you consent to the associated data transfer to the USA (cf. Article 49 (1) lit. a GDPR). This applies insofar as we control the data processing. Please be sure to read our risk notices beforehand (cf. General Part / Special Circumstances: Consent to Transfer to Third-Party Locations in the USA, including Risk Notices). If the provider controls the processing (e.g., if you visit the social network independently of an action on our website), no transfer by us to the USA takes place, so we are not required to provide additional guarantees per Articles 44ff. GDPR. In this case, there is only a relationship with the social network provider within the meaning of Article 26 GDPR.
Additionally, we would like to point out the following:

We have linked our company page on this provider's platform on our website. If you click this link (meaning the link to our company page), you will be directed to our profile. In this context, we refer to our previous statements regarding the visit to our company page on this provider's platform.

Data Processing When Using LinkedIn

We use the aforementioned social media platform. Its provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We have no control over the collected data and data processing activities, nor are we aware of the full extent of data collection, the purposes of processing, or the storage periods. We also do not have information on the deletion of data collected by this provider. If you access our company pages, there is a possibility that the provider stores the data collected about you as usage profiles and uses it for purposes of advertising, market research, and/or tailored design of its website. You have the right to object to the creation of these usage profiles, for which you must contact the provider directly. You can find the provider's privacy policy here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.
To the extent that we can influence data processing, its purpose is to present our company, to analyze your user behavior regarding interaction with our company page, and to communicate with you through this social network (potentially in an advertising context).
The categories of personal data we process about you depend on the specific use of this social medium, as described in paragraph 4.
We maintain a company page on this social network and may analyze whether and how you visit our company page, whether and how you respond to our posts on social networks, and whether and how you communicate with us through the respective channels. This is based on the consent you have given to this provider.
In addition to our general statements regarding the legal basis, we would like to add the following: If you maintain a profile on this social medium, the legal basis is your consent according to Article 6 (1) sentence 1 lit. a GDPR, which you have provided to the provider of the social network. In all other cases, the legal basis is Article 6 (1) sentence 1 lit. f GDPR, according to which your data may be processed if necessary to protect our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms, which require the protection of personal data, do not prevail, particularly if the data subject is a child. We have an economic interest in linking our company pages, whereby you independently and voluntarily click on the links. Otherwise, the provider is responsible.
If and to the extent that we analyze visitor interactions with our company page, we are jointly responsible for data protection with this provider, according to Article 26 GDPR. If and to the extent that we instruct this provider to process data for us beyond this, we are the controller within the meaning of Article 28 GDPR. Data processing activities are not hindered by the fact that data may be processed outside the European Union by the provider, potentially in cooperation with LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA. The processing of your personal data through this tool will only take place if you consent to the associated data transfer to the USA (see Article 49 (1) lit. a GDPR). This applies to us insofar as we control the data processing. Please read our risk notices carefully beforehand (see General Section/Special Constellation: Consent to transfer to third-country entities based in the USA, including risk notices). If the provider controls the processing (e.g., when you visit the social network independently of any action on our website), no transfer by us to the USA occurs, so we do not need to provide further guarantees in terms of Articles 44ff. GDPR. In this case, there exists a relationship between us and the provider of the social network under Article 26 GDPR only.
Additionally, we would like to note the following:

We have linked our company page with this provider on our website. If you click this link (meaning the link to our company page), you will be directed to our profile. Concerning this processing, we refer to our previous explanations regarding visiting our company page on this provider’s platform.

Data Processing in the Use of Google Ads

Data Processing with the Use of Google Remarketing

We use the aforementioned social medium. Its provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are located within the European Economic Area, your data is additionally processed by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. You can find the provider’s privacy policy here: https://policies.google.com/privacy?fg=1.
This is a procedure through which we aim to address you with advertisements. Through this application, after visiting our website, our ads may be displayed to you as you continue to browse the internet. This is achieved through cookies stored in your browser, allowing the provider to record and evaluate your user behavior as you visit various websites. This enables the provider to recognize that you previously visited our website. According to the provider’s statements, the data collected through remarketing is not combined with any of your personal data that the provider may store. Specifically, the provider states that pseudonymization is used for remarketing, which occurs across all devices where you are logged into an account with this provider or even if you were only logged in for a brief moment.
These advertisements are delivered by Google via so-called "Ad Servers." To measure specific success parameters, such as the display of ads or clicks by users, we use Ad Server cookies. If you access our website through a Google ad, a cookie from Google Ads is stored on your computer. Typically, these cookies expire after 30 days and are not intended to personally identify you. The analytical values stored for these cookies generally include a unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions), and opt-out information (indicating that the user no longer wishes to be targeted). These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not expired, Google and the customer can determine that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie, so cookies cannot be tracked across the websites of Ads customers. We ourselves do not collect or process any personal data in these advertising measures. We receive only statistical evaluations from Google, which allow us to understand which of the deployed advertising measures are particularly effective. We do not receive further data from the use of advertising materials, specifically not allowing us to identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection to the provider’s server.
You can prevent participation in this tracking procedure in several ways: a) by adjusting your browser software settings to suppress third-party cookies, which will prevent you from receiving ads from third-party providers; b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads), noting that this setting will be deleted if you clear your cookies.
The data processing procedures are not opposed to the possibility that the data may be processed outside the European Union by the provider, potentially in cooperation with Google LLC. This processing of your personal data through this tool only occurs if you consent to the associated data transfer to the USA (see Article 49 paragraph 1 point (a) GDPR). Please be sure to read our risk notices in advance (see General Section/Special Circumstance: Consent to Data Transfer to Non-EU Entities Located in the USA, including Risk Notices).
In this process, we generally process the following data about you: We process all data that we use for marketing communication, as already described in this privacy policy. Additionally, in our communication with you (e.g., for contract processing or in follow-up emails) and in the delivery of newsletters and webinars, we use so-called "tags" from Klick-Tipp. A tag is a label that associates information with additional information, specifications, or categories. When tagging, information is linked to relevant keywords, categories, or other parameters defined by us in advance. Further information on tagging with Klick-Tipp can be found here: https://www.klick-tipp.com/handbuch/erste-schritte/tag-erstellen. It is essential that we set up and define these tags in such a way that Klick-Tipp follows our instructions in this regard. Klick-Tipp employs both SmartTags and Manual Tags. SmartTags are used when you register via a sign-up form (appointment, newsletter, webinar, etc.). In this case, you automatically receive a tag with the name of the relevant sign-up form. Additionally, Klick-Tipp automatically assigns the tags "Email received," "Email opened," "Email clicked," and "Email viewed in browser" for us. Manual Tags are set by us independently. For example, we can tag you with "Customer" or, more specifically, with "Product B purchased" or "Webinar viewed until this point." Klick-Tipp collects some of the information used for tagging via additional tracking pixels. Tags are generally used so that we can fulfill our obligations in the pre-contractual and contractual relationship. They also enable us to automate communication with you, which increases our accessibility and thus our service level. If we use tags to send marketing communications, this is part of the legal basis claimed for this purpose. We also use tags to improve our marketing communication. If you do not want analysis by Klick-Tipp, you must unsubscribe or opt-out of the reason for our communication. For this, we provide an appropriate link in every message aimed at this. Additionally, you can unsubscribe from the newsletter or the webinar directly on the website.
The data processing operations are not opposed by the fact that the data may be processed outside the European Union. This is because, according to Article FINPROV 10A of the Brexit Agreement of December 31, 2021 (p. 468 ff), the United Kingdom will not be considered a "third country" within the meaning of Article 44 GDPR for four months starting from January 1, 2021, i.e., initially until May 1, 2021. Even regardless of the UK’s third-country status, the data transfer there is justified, as the provider has committed to the EU Standard Contractual Clauses (Article 46 GDPR).

Zapier (for Marketing Automation)

We use the following provider here: Zapier Inc., 548 Market St #62411, San Francisco, California 94104 (USA), which provides the "Zapier" tool that we use. Briefly describing this process: Zapier allows us to connect web apps, so customer and prospect data can be exchanged automatically between different applications. Data is exchanged via Zapier and may also be processed there. We have contracted this provider to process your personal data as necessary in accordance with Article 28(3) GDPR. You can find the provider's privacy policy here: https://zapier.com/privacy/.
In this process, we generally process the following data about you: All data we collect via tools used in the context of marketing automation. Further information on usage options can be found at: https://zapier.com/learn/getting-started-guide/what-is-zapier/. The fact that this provider is based outside the European Union does not prevent its use, as the provider has committed to the EU Standard Contractual Clauses.

Processing Operations Based on Our Legitimate Interest (Legal Basis: Article 6(1)(f) GDPR)

General Information on Purpose and Legal Basis of the Following Processing Operations.
The purpose of each of the processing operations described below is specified for each tool individually and is the key justification for our legitimate interest in processing.
The legal basis for each data processing operation is Article 6(1)(f) GDPR. According to this provision, the processing of your personal data is permissible even without your consent if it is necessary to protect our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms, which require the protection of personal data, do not override them.
General Information on Data Retention Regarding the Following Processing Operations.
We retain the data until our purpose has ceased, which is always the case when you have raised a justified objection (see "Notice of Right to Object").
If a contractual relationship is established between us following processing based on legitimate interest, we will additionally store the data until the end of our statutory retention periods. The legal basis for this is Article 6(1)(c) GDPR in conjunction with § 147 of the German Fiscal Code (AO) and § 257 of the German Commercial Code (HGB). According to these regulations, some of the above-mentioned data must be retained beyond the point of purpose fulfillment. Therefore, we may be obligated to retain:

Data relating to you that arises from books and records, inventories, annual financial statements, individual financial statements in accordance with § 325(2a) HGB, consolidated financial statements, management and group management reports, opening balances, accounting records, documents under Article 15(1) and Article 163 of the Union Customs Code, commercial books, and any other organizational documents necessary for their understanding, for ten years. The retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6(1)(c) GDPR in conjunction with § 147 AO or in conjunction with § 257 HGB).

Data relating to you that arises from received commercial or business letters, reproductions of received commercial or business letters, and other documents that are important for taxation purposes, for six years. The retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6(1)(c) GDPR in conjunction with § 147 AO or in conjunction with § 257 HGB).

Notice of Right to Object

If we base data processing in the following privacy policy on Article 6(1)(f) GDPR, i.e., on a legitimate interest in processing, you always have the right to object to the processing. This can typically be done by sending us an informal message (see above “Data Controller”).
If the legitimate interest is based on an interest in direct marketing or promotional communication, your objection is always valid if you can be identified.

Informative Use of the Website

If you use our website solely for informational purposes, meaning if you do not register as a user or otherwise transmit information, we collect the following data from you: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, data volume transferred, website from which the request originated, browser, operating system and its interface, language, and version of the browser software. We receive this data through cookies and directly from your browser.
The purpose of this processing is to provide our website and to conduct statistical analysis.

Transient Cookies

We would like to briefly describe this processing operation: We use so-called transient cookies on our website. These include, in particular, session cookies. These cookies store a session ID that allows different requests from the visitor's browser to be assigned to the same session. This enables the visitor's computer to be recognized when they return to your website.

The purpose, which also constitutes our legitimate interest, can be described as follows: The cookies serve to provide you with an appropriate display and use of the website.

We generally process the following data from you: Session cookies. These store a session ID that allows various requests from your browser to be assigned to the same session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Rights Management

You have certain rights with regard to us (see General Section, Rights of Website Visitors). If you exercise your rights with regard to us, we process the related contact, communication, and transaction data.
We process your data as follows:

We acknowledge your request.

We review your request.

If justified, we comply with your request.

We store the related data.

While processing as per Section 2, Nos. 1 to 3 is justified under Article 6(1)(c) GDPR (we are generally obliged to process your requests under GDPR), the purpose of storage (Section 2, No. 4) is to retain the data so that we can defend ourselves against potential claims from you in the future. This also constitutes our legitimate interest. We store your data until the end of the third calendar year following your request (see Article 6(1)(f) GDPR in conjunction with §§ 193, 195 BGB).

External Consultation, in Case of Claims

You have certain rights with regard to us (see General Section, Rights of Website Visitors). If you exercise your rights with regard to us, we may transfer your data to external consultants whom we have either obligated to confidentiality or who are professionally obligated to confidentiality.
The purpose of this processing is to obtain expert advice in order to handle your request in compliance with legal requirements. This is in both our legitimate interest and yours.