Privacy Policy

1. CONTROLLER

1.1
The controller for this website is: Convotis GmbH, Neuer Zollhof 3, 40221 Düsseldorf
office@convotis.com
Host Provider for this website: xdot GmbH | Feldstiege 78 | 48161 Muenster

2. DATA PROTECTION OFFICER

2.1
We have appointed a data protection officer for our company. Should you have any requests or questions in relation to the processing of your personal data by us, kindly address them to: Convotis GmbH, attn. Data protection officer, Feldstiege 78, 48161 Münster, or by Phone: +49 (2533) 28 118 08 100, or by E-mail: dsb@xdot.de.

3. COOKIES

3.1.1
Website uses cookies. These are small text files that may be placed on your device while browsing our Website which store certain information about you. Cookies cannot access, read or modify other data stored on your device. When we refer to “cookies” we include other technologies with similar purposes, such as pixel tags.

3.2
We use two types of cookies on our Website:

3.2.1
Necessary cookies: Without necessary cookies the proper functioning of our Website would not be possible or only to a limited extent. The use of necessary cookies on our Website is possible without your consent. However, you can deactivate cookies at any time by modifying your browser settings. Legal basis: Section 165 Telecommunications Act 2021.

3.2.2
Optional cookies: These types of cookies may be used to improve our Website, optimize your user experience, analyze user behavior or customize marketing activities. Optional cookies may also be placed by external advertising companies (“third party cookies”). Optional cookies will only be used upon your consent which you may provide by clicking “OK” on our Website’s cookie banner. This consent can be withdrawn at any time with effect for the future.

3.3
Necessary cookies used on our Website

Cookie-name

Storage periode

Purpose

viewed_cookie_policy

1 year

The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

cookielawinfo-checkbox- necessary

1 year

Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Necessary” category .

cookielawinfo-checkbox- functional

>

1 year

The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category “Functional”.

cookielawinfo-checkbox- performance

1 year

Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category “Performance”.

cookielawinfo-checkbox- analytics

1 year

Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Analytics” category .

cookielawinfo-checkbox- advertisement

1 year

Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Advertisement” category .

cookielawinfo-checkbox- others

1 year

Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category “Others”.

3.4
Optional cookies used on our Website

Cookie-name

Storage periode

Purpose

_ga

2 years

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information and assigns a randomly generated number to recognize unique visitors.

_gid

1 day

Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit.

_gat_gtag_UA_50940963_1

1 minute

Set by Google to distinguish users.

3.4
Optional cookies used on our Website

Cookie-name

Storage periode

Purpose

_ga

2 years

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information and assigns a randomly generated number to recognize unique visitors.

_gid

1 day

Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit.

_gat_gtag_UA_ 50940963_1

1 minute

Set by Google to distinguish users.

3.5
How to control and manage the use of cookies

3.5.1
By clicking on the “OK”-button in the Website’s cookie banner you agree to the use of the above listed optional cookies on our Website. Your consent can be withdrawn (for all or individual cookies) at any time with effect for the future.

3.5.2
You may also refuse the use of cookies by selecting the appropriate settings on your browser or by deleting the cookies from the device and browser. Most browsers accept cookies automatically, but you can alter the settings of your browser to erase cookies or prevent automatic acceptance if you prefer. Generally you have the option to see what cookies have been placed and delete them individually, block third party cookies or cookies from particular sites, accept all cookies, to be notified when a cookie is issued or reject all cookies. Visit the ‘options’ or ‘preferences’ menu on your browser to change settings, and check the following links for more browser-specific information:

3.5.3
You should be aware that any preferences will be lost, if you delete all cookies and many websites will not work properly or you will lose some functionality. We do not recommend turning cookies off when using our website for these reasons.

3.6
Server log files

3.6.1
We automatically collect and store information in so-called server log files, which your
browser automatically transmits to us. These are:

  • Browser type and browser version
  • operating system used
  • referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

3.6.2
This data is not merged with other data sources.

The collection of this data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the technically error-free presentation and optimisation of its website. The processing of these log files is necessary for us to maintain the functionality, stability and security of our Website.

4. CONTACT FORM AND INQUIRY BY E-MAIL, TELEPHONE OR FAX

4.1.1
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. If you contact us by e-mail, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of processing your request.

4.1.2
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.

5. SOCIAL MEDIA

5.1
Social media plugins with Shariff

5.1.1
Plugins from social media are used on this website (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).

5.1.2
You can usually recognize the plugins by the respective social media logos. To ensure data protection on this website, we only use these plugins together with the so-called “Shariff” solution. This application prevents the plugins integrated on this website from transmitting data to the respective provider when you first enter the page.

5.1.3
Only when you activate the respective plugin by clicking on the associated button, a direct connection to the provider’s server is established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit of this website to your user account.

5.1.4
Activating the plugin constitutes consent within the meaning of Art. 6 (1) lit. a GDPR. You can revoke this consent at any time with effect for the future.

5. SOCIAL MEDIA

5.1
Social media plugins with Shariff

5.1.1
Plugins from social media are used on this website (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).

5.1.2
You can usually recognize the plugins by the respective social media logos. To ensure data protection on this website, we only use these plugins together with the so-called “Shariff” solution. This application prevents the plugins integrated on this website from transmitting data to the respective provider when you first enter the page.

5.1.3
Only when you activate the respective plugin by clicking on the associated button, a direct connection to the provider’s server is established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit of this website to your user account.

5.1.4
Activating the plugin constitutes consent within the meaning of Art. 6 (1) lit. a GDPR. You can revoke this consent at any time with effect for the future.

6. ANALYSE TOOLS AND ADVERTISING

6.1
Google Tag Manager

6.1.1
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

6.1.2
The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.

6.1.3
The use of the Google Tag Manager is based on Art. 6 para. 1 lit. a GDPR; the consent can be withdrawn at any time with effect for the future.

6.2
Google Analytics

6.2.1
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

6.2.2
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of visit, operating systems used and origin of the user. This data may be combined by Google into a profile that is assigned to the respective user or their end device.

6.2.3
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to complement the collected data sets and uses machine learning technologies in the data analysis.

6.2.4
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

6.2.5
The use of this analysis tool is based on Art. 6 para. 1 lit. a GDPR; the consent can be withdrawn at any time with effect for the future.

6.2.6
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

6.2.7
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

6.2.8
For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

6.2.9
Storage period

6.2.10
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 2 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

7. PLUGINS AND TOOLS

7.1
Google Web Fonts (local hosting)

7.1.1
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally in Münster, Germany. A connection to Google servers does not take place.

7.1.2
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy?hl=de.

7.2
Google Maps

7.2.1
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

7.2.2
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

7.2.3
The use of Google Maps is based on your consent (Art. 6 para. 1 lit. a GDPR); the consent can be withdrawn at any time with effect for the future.

7.2.4
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

7.2.5
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

7.3
Google reCAPTCHA

7.3.1
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

7.3.2
The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

7.3.3
The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

7.3.4
The storage and analysis of the data is based your consent (Art. 6 para. 1 lit. a GDPR); the consent can be withdrawn at any time with effect for the future.

7.3.5
For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

8. NEWSLETTER

8.1.1
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. For the handling of the newsletter we use newsletter service providers, which are described below.

8.2
CleverReach

8.2.1
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: “CleverReach”). CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland.

8.2.2
Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: “https://www.cleverreach.com/de/funktionen/reporting-und-tracking/” as well as CleverReach’s privacy policy at: “https://www.cleverreach.com/de/datenschutz/”.

8.2.3
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time with effect for the future by unsubscribing from the newsletter via the link we provide in every newsletter message. The legality of the data processing operations already carried out remains unaffected by the withdrawal of your consent.

8.2.4
The data you provide for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR). The storage in the blacklist is not limited in time.

9. AUDIO AND VIDEO CONFERENCING

9.1.1
Among other tools, we use online conferencing tools to communicate with our clients. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

9.1.2
The conferencing tools collect the data that you provide/enter in order to use the tools (e-mail address and/or your telephone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).

9.1.3
Furthermore, the provider of the tool processes all technical data that are necessary for the handling of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.

9.1.4
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

9.1.5
Please note that we do not have full influence on the data processing procedures of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below.

9.1.6
Purpose and legal basis

9.1.7
The use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest under Art. 6 para. 1 lit. f GDPR). Insofar as consent (Art 6 para 1 lit a GDPR) has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

9.1.8
We use the following conferencing tools:

9.1.9
TeamViewer: The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. For details on data processing, please refer to TeamViewer’s privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.

9.1.10
Microsoft Teams: The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

10. HANDLING OF APPLICANT DATA

10.1
We offer you the opportunity to apply to us (e.g. by e-mail, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process.

10.2
Scope and purpose of data collection

10.2.1
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

10.2.2
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of performance the employment relationship.

10.3
Retention period of the data

10.3.1
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 7 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 7-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.

10.3.2
A longer storage can also take place if you have given a corresponding consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations oppose the deletion.

10.4
Inclusion in the applicant pool

10.4.1
If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

10.4.2
Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6 para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. You can withdraw your consent at any time with effect for the future. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

11. OBLIGATION TO PROVIDE DATA

11.1
We need some of the above mentioned personal data for the performance of our services or the contract with you and/or in order comply with legal obligations we are subject to. If you refuse to provide personal data which are required for the performance of the contract or which we are obliged to process due to legal obligations, it may not be possible for us to carry out these services and/or, more specifically, the purposes listed above and/or it would significantly slow down the relevant purpose.

12. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA

12.1
For the above mentioned purposes, we may share your personal data with the following recipients:

  • group companies, where necessary in order to perform our services (e.g. where you request certain services via our Website); a list of group companies may be found here:
    xdot GmbH – www.xdot.de
    Lynet Kommunikation GmbH – www.lynet.de
    ITSDONE Holding GmbH – www.itsdone.at
    Bürotex – www.buerotex.de
  • IT service providers who provide hosting, maintenance and security services for our Website
  • advertising und web-analysis partners (e.g. Google LLC) who provide certain services to us in connection to our Website
  • Where disclosure is required (i) by law or regulation or (ii) to establish, exercise or defend legal claims, we may also disclose personal data to a competent authority, such as supervisory, regulatory or criminal authorities, courts of law or other third parties who advise us in this context (e.g. lawyers or forensics experts).

12.2
Some of these recipients may be located in countries outside the EU/EEA for which an adequate level of data protection has not yet been established by the EU Commission. In particular, this includes our group companies. It should be noted that the level of data protection in such countries may not be the same as within the EU/EEA. Also, subject to local laws and regulations data may be accessible to local authorities or courts.

12.3
However, where personal data is transferred to such third countries, we implement appropriate safeguards to ensure that your rights are protected in accordance with the GDPR. This includes the conclusion of the EU Commission’s standard contractual clauses for the transfer of personal data (Art 46(2) c GDPR). Further details on the implemented safeguards as well as copies of the respective agreements are available on request at dataprotection@convotis.com.

12.4
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

13. HOW LONG WE KEEP YOUR PERSONAL DATA

13.1
Log files (see 0 above) are generally kept for a period of three months. Beyond this time period log files will only be stored for the purpose of investigating irregularities or security incidents in our system. For the storage duration of cookies see 3 above.

13.2
We generally retain your personal data for as long as this is necessary for the fulfilment of the purpose for which they were obtained. Thus, in any case we process your personal data for the duration of our contractual or service relationship with you. Beyond this time period we keep your personal data to comply with statutory retention obligations (e.g. to fulfill the 7-year retention obligation under applicable tax and company law). Where necessary we may also keep your data for as long as potential legal claims against us are not yet time-barred; for certain claims the statutory limitation period may be up to 30 years.

13.3
As soon as there are no legitimate grounds for the further storage of personal data available, they will either be deleted or anonymized.

14. YOUR RIGHTS AS A DATA SUBJECT

14.1
As a data subject you have the following rights under the statutory conditions:

  • to check whether and what kind of personal data we hold about you and to request copies of such data (right of access)
  • to request correction, supplementation or deletion of your personal data that is inaccurate or processed in non-compliance with applicable requirements (right to rectification and erasure)
  • to request us to restrict the processing of your personal data (right to restriction)
  • in certain circumstances, to object for legitimate reasons to the processing of your personal data or to revoke consent previously granted for the processing (right to object or withdraw consent)
  • to receive the personal data you provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller (right to data portability)

14.2
We do not process your personal data for the purpose of taking decisions based solely on automated processing, including profiling, which produce legal effects concerning you (Art 22 GDPR).

14.3
To exercise any of the above rights kindly send an email to dataprotection@convotis.com Further, you have the right to lodge a complaint with a supervisory authority, if you believe your data protection rights have been violated.

15. OBJECTION TO ADVERTISING E-MAILS

15.1
The use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

16. UPDATES TO THIS NOTICE

16.1
We may update this Notice to reflect legal, technical or business changes. When we update this Notice, we will take reasonable steps to inform you about the changes made. You will find the date of the “last update” at the beginning of this Notice.

17. DISCLAIMER

17.1
The Website contains links to third-party websites. We have no control over the content or privacy practices of these other websites. Please read the respective data protection provisions of other websites that you visit.

Newsletter subscription

 

 

Anmeldung Newsletter