Data Privacy Information
The following provides you with information about how we process your personal data and the claims and rights to which you are entitled under data protection regulations.
This privacy information explains the nature, scope and purpose of the processing of personal data within our website (hereinafter referred to as “the website"). This privacy information applies regardless of the domains, systems and devices (e.g. desktop, mobile, etc.) used.
Personal data is all data that is personally identifiable to you, e.g. name, address, email addresses, user behaviour. Which data is processed in detail and how it is used depends largely on the services used.
1. Who is responsible for data processing and who can I contact?
The responsible body is:
Alte Jakobstr. 83-84
Tel: +49 (0) 30 - 293 63 99 - 0
Fax: +49 (0) 30 - 293 63 99 – 50
You can contact our company data protection officer at:
mip Consult GmbH
Asmus Eggert, Solicitor
Tel: +49 (0) 30 - 2088999 - 0
2. What sources and data do we use?
We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship.
For purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specifically accessed website), access status/HTTP status code, data volume transmitted in each case, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, notification of successful retrieval.
We also receive your personal data if you contact us via contact form or email. Personal data here refers to name, address, email, telephone number (hereinafter referred to as "contact data"), for example.
3. Why do we process your data and on what legal basis?
We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal basis:
If you have given us your consent to process personal data for specific purposes (e.g. when contacting us via our contact form or by email for processing and handling the inquiry, sending newsletters, advertising by telephone, email, SMS, etc.), the legality of this processing is given on the basis of your consent. Given consent can be revoked at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.
Consent, Art. 6 Par. 1a GDPR
When contacting us (via contact form or email), your details will be processed in addition to any consent given for the processing of the contact enquiry and its handling, also on the basis of the implementation of pre-contractual measures, Art. 6 para. 1b GDPR.
Implementation of pre-contractual measures on request of the person, Art. 6 para. 1b GDPR
We process your access data (see above under point 2) to protect our legitimate interests or those of third parties. We pursue the following legitimate interests in particular:
Asserting legal claims and defence in legal disputes;
In the context of balancing interests to protect legitimate interests, Art. 6 para. 1f GDPR
If we receive your data when you download our whitepapers, we process your data on the basis of your consent to inform you about Blue Ant.
Consent, Art. 6 Par. 1a GDPR
4. Who gets my data?
The departments needed to fulfill our contractual and regulatory obligations within the organization will have access to your information.
Contractors used by us (Art. 28 GDPR) may also receive data for the aforementioned purposes. These are companies in the categories IT services, printing services, telecommunications, consulting and sales and marketing. If we use contract processors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, e.g. on the basis of Art. 6 para. 1 lit. b) GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to an economic and effective operation of our business or if you have consented to the data transmission. In the purely informational use of the website, we do not pass on any data to third parties.
5. How long will my data be stored?
For security reasons (e.g. to investigate misuse or fraud) log file information is stored for a maximum of fourteen days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract via contact form or by email.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the Tax Code (AO). The periods for storage and documentation specified here range from two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) may as a rule be 3 years, but in certain cases also up to thirty years, whereby the regular limitation period is 3 years.
6. Is data transferred to a third country or to an international organisation?
The data provided is processed within the European Union and in the USA. For states without an adequacy decision by the Commission according to Article 45 GDPR, as is the case with the USA, it applies that we generally agree on EU standard data protection clauses with the recipients of your data or obtain your consent for the data transfer. If necessary, please contact us using the contact details provided under point 1 above.
Note: The protection of personal data in the USA does not correspond to the level of data protection required by the EU. There are no enforceable rights that safeguard the protection of your data against access by government agencies. There is therefore a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.
7. What are my data protection rights?
Each person concerned has
- The right to information in accordance with Art. 15 GDPR,
- the right to correction in accordance with Art. 16 GDPR,
- the right to deletion in accordance with Art. 17 GDPR,
- the right to restrict processing in accordance with Art. 18 GDPR, and
- the right to data transferability under Art. 20 GDPR.
Furthermore, you can revoke your consent with effect for the future in general. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR i.V.m. § 19 BDSG). In addition, we would like to draw your attention to your right of objection under Art 21. GDPR:
Information about your right of objection according to Art. 21 GDPR
You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you under Article 6(1)(e) GDPR (Data Processing in the Public Interest) and Article 6(1)(f) of the General Data Protection Regulation (Data Processing on the basis of a balance of interests), including profiling based on this provision within the meaning of Article 4(4) GDPR, which we use for questionnaire evaluation or for promotional purposes.
If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and no costs other than transmission costs according to basic tariffs need be incurred. The objection should, if possible, be addressed to:
Alte Jakobstr. 83-84
or by email to:
8. To what extent is there automated decision making in individual cases, including profiling?
When accessing our website or contacting us by form or email, we do not use fully automated automatic decision-making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
Within the framework of our website, you must provide the personal data that is technically necessary for IT security reasons or for the use of our website. If you do not provide this information, you may not use our website.
When contacting us by form or email, you only need to provide the personal data required to process your request. Otherwise we will not be able to process your request.
The following information informs you about our newsletter and the registration and shipping procedure and informs you about your rights. If you subscribe to our newsletter, you agree to receive the newsletter and the described procedures.
We will only send our calendar of events and other emails containing advertising information (hereinafter "Newsletter") with the consent of the recipients or on a legal basis. You will then receive our newsletter with information about proventis, Blue Ant and our events.
The registration for our newsletter takes place in the so-called double opt-in procedure, i.e. after registration for the newsletter we will send you an email asking you to confirm your registration. This confirmation serves to ensure that only persons who actually have access to the email address specified in the form register for our newsletter. We log the registrations for the newsletter in order to be able to prove the registration process according to the legal requirements. This includes the storage of the time of registration and confirmation as well as the IP address. The newsletter is sent using Sugar CRM, which is hosted on a server rented by us and located in Germany.
To subscribe to the newsletter, simply enter your email address. We give you the option of entering a name in the newsletter in order to address you personally.
The newsletter is sent on the basis of the recipient's consent pursuant to Art. 6 para. 1a GDPR and § 7 para. 2 no. 3 UWG (Federal law against unfair competition), or on the basis of the legal permission of § 7 para. 3 UWG.
The registration procedure is logged on the basis of our legitimate interests pursuant to Art. 6 para. 1f GDPR and serves as proof of consent to receipt of the newsletter.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent at any time with effect for the future. You will find a link to cancel the newsletter at the end of each of our newsletters. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.
Cookies are information that is transferred from our web server or third party web servers to the user's web browser and stored there for later retrieval. Cookies are small files or other types of information storage. Cookies are used for security purposes or are required to operate our website (e.g. for optimal presentation of the website on various end devices) or to save your decision when confirming our cookie banner.
We use "session cookies", which are only stored for the duration of the current visit to our website and in some cases enable the use of our online content in the first place. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. Session cookies are deleted at the latest when you have finished using our website and close your browser.
If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. Please note that the deactivation of cookies can lead to functional limitations of this website.
12. Google Analytics
Based on your consent, we use the web analytics service Google Analytics from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) hereinafter "Google".
Google processes the data for us in order to evaluate the use of our website by visitors, to create reports on the activities within our website and to provide other services associated with the use of the website. In doing so, pseudonymous usage profiles of website visitors are created from the processed data.
During your visit to the website, the following information, among other things, is collected:
- pages viewed,
- the achievement of contact goals, such as contact and test requests or newsletter registrations,
- your use of our website, for example clicks and time spent on one of our pages,
- your approximate location (country and city),
- your IP address (in shortened form, so that no clear allocation is possible),
- technical information such as browser, internet provider, terminal device and screen resolution,
- which website or advertising medium you used to reach us.
Google Analytics stores cookies in your browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognise you during future website visits.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. The IP address transmitted by your browser will not be merged with other Google data.
We use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
You can prevent the storage of cookies either by rejecting them in our cookie banner or by setting your browser software accordingly; users can also prevent the collection of the data generated by the cookie and the transmission to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Analytics Remarketing to display the ads we place with Google or its partners only to users who have also shown an interest in our website or who have certain products or services (e.g., interests in certain topics on our website), which we transmit to Google (so-called "remarketing"). With the help of remarketing, we want to ensure that our advertisements correspond to the interests of the users and do not have a harassing effect. You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; follow this link:
Further information on data processing by Google, setting and objection options can be found on the Google website at https://policies.google.com/technologies/partner-sites
You can find further information in Google's data protection information at https://www.google.de/intl/de/policies/privacy/.
13. Google Adds
On this website, we use the Google Maps service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States. The legal basis for the use of Google Maps is your consent Art. 6 para. 1 p. 1 lit. a) and Art. 49 para. 1 p. 1 lit. a) GDPR.
This enables us to show you interactive maps directly on the website and allows you to use the map function conveniently.
Google Maps is integrated in such a way that data about you as a user is only transmitted to Google once you have activated Google Maps by clicking on it. We have no influence on the data transmission to Google that then takes place.
When you visit the website, Google receives the information that you have called up the corresponding sub-page of our website, as well as the date and time of your visit to the website in question and your IP address. This takes place regardless of whether you are logged in to Google. If you are logged in, however, your data will be assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating a map.
If you are logged in to Google, Google may store your data as usage profiles and use it for the purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalised services, including content and advertisements. This data processing is then governed by the usage agreement concluded between you and Google within the scope of your Google account.
The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transferred to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a) GDPR.
For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the Google data protection information. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://policies.google.com/technologies/partner-sites and an opt-out from personalised advertising is possible at https://www.google.com/settings/ads/.
Further information can be found in Google's data protection information at https://www.google.de/intl/de/policies/privacy/.
14. Google Tag Manager
We use Google Tag Manager service from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland based on your consent.
Google Tag Manager is a service that organises the loading of further tools - in particular analysis tools. The information from the Google Tag Manager is usually transferred to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you agree to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.
For more information on Google Tag Manager, please see Google's privacy information at https://www.google.de/intl/de/policies/privacy/.
Please note that American authorities, such as intelligence services, could potentially gain access to personal data that is inevitably exchanged with Google when this service is integrated due to the Internet Protocol (TCP) based on American laws such as the Cloud Act.
15. Other services
We use the remarketing services ("Google Remarketing Services") of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google") on the basis of our legitimate interests, i.e. our interest in analysing and optimising our website within the meaning of Art. 6 Para. 1f GDPR.
Google is certified under the EU-US Privacy Shield Agreement, thereby guaranteeing compliance with European data protection law (https://www.privacyshield.gov).
Remarketing refers to the display of ads for products or other services that a user has been interested in on other websites. Ideally, users are then only presented with ads that correspond to their potential interests. The Google Remarketing Services allow us to technically implement this and to display advertisements for our website and/or products and services on other websites in a more targeted manner.
For this purpose, Google program code is used when our or other websites on which Google remarketing services are active are accessed and so-called "web beacons" (invisible graphics) are integrated into the website. In addition, individual cookies are placed on the user's device. These cookies record which websites the user has opened, what content they are interested in and which ads they have clicked. Furthermore, technical information about the browser and operating system, referring websites, visit time and other information about the use of the website are stored. The IP address of the users is also recorded. Within the framework of Google Analytics, however, the IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area is shortened and only in exceptional cases completely transferred to a Google server in the USA and shortened there. The above data can also be linked by Google with data from other sources. If the user subsequently visits other websites, ads tailored to their interests will be displayed.
User data is processed pseudonymously within the framework of Google Remarketing Services. This means that Google does not process personal data such as the user name or email address, but only cookie-related data within pseudonymous user profiles. In this respect, from Google's point of view, the data is not managed and displayed for a specifically identified person, but only for the device on which the respective cookies are located. If a user has expressly permitted Google to process the data without being pseudonymised, the above does not apply. The collected data is then transmitted to Google and stored on Google servers in the USA.
We use the online advertising program "Google AdWords" for remarketing. Here, a dedicated "conversion cookie" is set for each AdWords customer by Google, including us. The information collected using this cookie is used to generate conversion statistics for us as AdWords customers. This tells us the total number of users who clicked on our ads and were redirected to our conversion tracking tagged page. However, we do not receive any information that personally identifies users.
Further information on the use of data by Google can be found at https://www.google.com; Google's privacy information can be accessed at https://www.google.com/policies/privacy
If you wish to object to interest-based advertising by Google, you can use the "opt-out" options provided by Google: http://www.google.com/ads/preferences.
Range of services
Based on our legitimate interests within the meaning of Art. 6 para. 1f GDPR, i.e. our interest in an optimal website, we use services from third-party providers on our website. The IP address of the user is transmitted to these third party providers. The IP address is technically required for the contents to be displayed. Third-party providers can use so-called web pixels (invisible graphics, also known as "web beacons") for evaluation or marketing purposes. The web pixels allow information such as visitor traffic to be evaluated. The third party providers can store information in cookies on the user's device.
We use the following third parties on our website: