I. Collection, processing and use of personal data
Each time you visit our website, which can be accessed at artegic.de, artegic.com, artegic.net and artegic.it, we will automatically collect and process personal data. The following data are collected for the purposes of compiling visitor statistics regarding the use of this website to ensure that the website is convenient to use and to guarantee the security and stability of the system:
- date and visit of the URL which the visitor is currently using,
- URL which the visitor visited immediately beforehand,
- name of the data accessed,
- browser used,
- if applicable, the operating system used,
- the abbreviated IP address of the visitor
The legal basis for the data processing is Article 6 (1) (f) GDPR. Our legitimate interest is derived from the purposes of the data collection listed above.
The data will be deleted once they are no longer required to achieve the purpose for which they are collected. In the event of the data being stored in log files, this is the case after seven days at the latest. It is possible to store data for longer than this. In this case, the IP addresses of the users will be deleted or modified, so that the data can no longer be assigned to the client accessing the website.
Google processes the data on our behalf to check and evaluate the use of our website and to improve the user experience for you based on the created reports. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 Para. 1 lit a) GDPR. Once you have given your consent, you can revoke it at any time with effect for the future.
You can prevent the collection of the data generated by the cookie and related to your use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The processed personal data will be deleted or anonymized after 14 months.
Further information on the use of data by Google, setting and objection options can be found in Googles data protection declaration (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
IV. Social Media Appearances
In addition to this website, we also maintain presences in various social networks to present our products and services to you and to present our company to interested parties. As far as you visit one of our presences, personal data are transmitted to the provider of the social network and processed by him. You will be regularly profiled by the social network to show you advertising within or outside the social networks based on your interests. Depending on the social network, your data will be processed by the social media outside the European Union. The data processing takes place on the basis of Article 6 (1) (f) GDPR. Our legitimate interest in the above-mentioned processing purpose, to present our products and services in accordance with our interests and to present our company. In contrast to some social networks, you have also given your consent to data processing by confirming a checkbox. In this case, the legal basis is Art. 6 (1) (a), Art. 7 GDPR. You can object to the data processing. The providers of social networks offer various opt-out options for this. Below you will find the corresponding links with further details of the respective providers:
- You may assert your rights as a person affected (for more details see section IX. Rights of parties concerned) against us or the respective providers of the social networks. Please note, however, that the processed personal data is held by the provider and we have no access to it. Your rights can therefore be most effectively asserted against the respective provider.
SOCIAL MEDIA PLUGINS
You will find the buttons of the social networks Facebook, Twitter, LinkedIn and Xing on our website. We use these plugins to promote our company. The data processing in the course of this takes place on the basis of Article 6 (1) (f) GDPR. The promotional purpose behind this is to be considered a legitimate interest as defined by Article (6) (1) (f) GDPR. In order to allow you to take better control of your personal data, we have recourse to the so-called “2-click solution”. Unlike the default buttons, these buttons do not immediately transmit information when the linked social media network is loaded, without users being able to influence this. Rather, as part of the “2-click solution”, it is up to the user to activate the transmission. Certain data will not be transmitted to the respective social media network until activation, for example:
- the address of the website on which the activated button is located,
- date and time of accessing the website or activating the button,
- information about the browser used and the operating system used,
- your current IP address.
You can disable the enabled buttons again at any time by clicking on the same button. However, this does not have any effect on the data which have already been transferred to the social media networks.
In particular, the following special features exist for the social media networks:
You can identify Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, by the Facebook logo (a white “f” on a blue background and/or the “thumbs up” symbol). Detailed information about the appearance of the Facebook social plugins can be found at https://developers.facebook.com/docs/plugins/. If you enable our Facebook button within the framework of the 2-click solution, a connection is established to the Facebook servers, and the Facebook plugin shown, e.g. the “Like” button, will be downloaded by means of a notification to your browser on the website. Facebook is certified under the privacy shield agreement and, as a result, guarantees that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). We do not have any influence over the amount of data collected by Facebook with the aid of this plugin. However, it is currently to be assumed that Facebook obtains the information that you have accessed the relevant page of our website. If you are logged in as a member of Facebook, Facebook allocates this information to your personal Facebook user account. When you use the plugin functions (e.g. clicking on the “Like button” or making a comment), this information is also associated with your Facebook account, which you can only prevent by logging out before using the plugin. The active use of Facebook plugins is subject to the data protection conditions and terms of service of Facebook Inc. Information about the collection, storage and use of your data by Facebook Inc. can be found in the Facebook data privacy guidelines (https://www.facebook.com/about/privacy/) and the privacy guidelines.
You can identify Twitter, Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, by the Twitter logo (a white “t” on a blue background or a small white “bird”, both of which may possibly be linked to the additional word “tweet”). If you enable the Twitter button within the framework of the 2-click solution, a connection is established to www.twitter.com and the Twitter plugin is thereby downloaded by means of a notification to your browser on the respective webpage. If you are simultaneously logged in to Twitter, a reference will be made to our website in your Twitter account in the form of a so-called tweet. In this case as well, the relevant information is transmitted directly from the plugin to Twitter in the USA and is made visible to all of the third parties who can read your Tweets. Twitter is certified under the privacy shield agreement and, as a result, guarantees that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). ). If you would like to learn more about the purpose and use of your data and the further use thereof by Twitter, please visit http://twitter.com/de/privacy. You can find out more details about the tweet button at https://dev.twitter.com/web/tweet-button. You can object to processing by Twitter Inc. and set an opt-out cookie at https://twitter.com/personalization.
From time to time you will have the opportunity to take part in contests at trade fairs, our website, or other events. In the course of this, personal data such as your first name and surname, your email address and your address may be collected and stored for the purposes of conducting the competition in accordance with our conditions of participation. The personal data collected will be exclusively processed for the purposes of conducting the competition. The legal basis is Article 6 (1) (b) GDPR. The name or address of the winner will not be published. Your data will be deleted following the end of the competition.
VI. Communication Channels
You can register to receive our newsletter on the subject of “Marketing Engineering” on our web pages. By subscribing to the Marketing Engineering newsletter, you will regularly receive tips, studies, information and details of best practice regarding digital dialogue marketing and CRM. At the same time, you will receive up-to-date information on our company and our services by email. In any event, we will require your email address for the registration. You can provide us with other information on a voluntary basis such as e.g. your name, so that we can address you personally. When you subscribe to our newsletter you will receive an email in which you will be asked to confirm your newsletter subscription (double opt-in process). Your subscription to the newsletter will not become active until you click on the confirmation link contained therein. If you do not click on the link, your data will be automatically deleted again after 30 days. In this way we can ensure that no third party has misused your personal data. In order to adapt the newsletter to your personal interests, we process the following data in addition to the personal data collected when ordering the newsletter:
- Email and link opening rate,
- Data of the mobile device used,
- Location data based on the IP address,
- Reachability of the email address,
- Recommendation via social networks such as Facebook or Twitter.
We will save your opt-in data for demonstrability reasons. This includes your email address, your IP address, the date, the time and information about the communication received.
The legal basis for the dispatch of the newsletter is Article 6 (1) (a) and Article 7 GDPR. The proof of consent is logged on the basis of Article 6 (1) (f) GDPR. Our legitimate interest is derived from the need to furnish proof of granted consent. To this end, we can store the data for up to three years after you unsubscribe from the newsletter.
We offer you a variety of materials such as e.g. white papers, checklists, studies, or handouts regarding our products on our website, which we will send them free of charge on request. This is done solely on the basis of our download conditions. In order to send you the requested documents electronically, we will need your contact data especially your email address. As part of the process, you will receive an email in which you will be asked to confirm your email adress and your consent in getting contacted (double opt-in procedure). After you activate the confirmation link, the materials will be sent to the confirmed email address. If you do not click on the link, your data will be automatically deleted again after 30 days. The documents are therefore sent on the basis of Article 6 (1) (b) GDPR and the contacting on the basis of Article 6 (1) (a), Article 7 GDPR. You can object to your consent at any time. The logging to proof your consent occurs on basis of Article 6 (1) (f) GDPR. Following the termination of the contract, your personal data will be kept in accordance with the statutory storage obligations and subsequently deleted.
In order to get in contact with us, the following personal data are also collected by the contact forms provided: your first name and surname, your email address and your message. You can also provide us with further details such as the company, address, or phone number. The personal data collected are exclusively used to respond to your enquiry. Following processing of your enquiry, the data will be deleted by us, provided that they do not have to be kept for longer periods for demonstrability reasons, ongoing customer service, or relevant statutory storage periods. The data will be processed for the purpose of contacting us in the event of pre-contractual measures or questions regarding the execution of the contract in accordance with Article 6 (1) (b) GDPR. We also answer contact inquiries from other occasions on the basis of Article. 6 (1) (b) f. GDPR. Our legitimate interest lies in answering your inquiry.
- On our website, we publish current vacancies which you are welcome to apply for. In order to process your application, we will process the personal data provided by you when you send the application documents. In the process, selected service providers gain access to your data, which supports us in the context of applicant management. The legal basis for this data processing is Section 26 of the German Data Protection Act (new). If an employment contract is concluded between you and us, the data will be processed for the implementation of the employment relationship in compliance with the statutory storage obligations. If you receive a rejection from us, the application documents provided will be kept by us for a further six months in pursuance of Article 6 (1) (f) GDPR and subsequently deleted. This is done so that we are still able to objectively justify the selection of candidate even after the conclusion of the application process, for example in court proceedings. If additional storage is required, specific consent to this in pursuance of Article 6 (1) (a) GDPR will be obtained from the applicant, who can withdraw this at any time by sending an email to email@example.com.
- artegic AG is open to the use of new forms of application. For this reason, we also use the mobile recruiting app “Truffles” from Truffles GmbH, Chausseestraße 86, 10115 Berlin. If you should decide in favour of us on this app by a swipe, we will first receive an anonymous short profile. If we confirm your interest, the personal data provided by you – usually first and last name, photograph and, if applicable, curriculum vitae – will be displayed. As with a classic application, the legal basis for this data processing is § 26 BDSG (new). If an employment contract is concluded between the candidate and us, the data will be processed for the implementation of the employment relationship in compliance with the statutory storage obligations. If the candidate receives a rejection from us, the application documents provided will be kept by us for a further six months in pursuance of Article 6 (1) (f) GDPR and then be deleted. This is done in order to be able to objectively justify the selection of applicants even after completion of the application procedure, for example in court proceedings. This is done so that we are still able to objectively justify the selection of candidate even after the conclusion of the application process, for example in court proceedings. If additional storage is required, specific consent to this in pursuance of Article 6 (1) (a) GDPR will be obtained from the applicant, who can withdraw this at any time by sending an email to firstname.lastname@example.org.
We offer webinars at regular intervals. Webinars are used for communication between us and a group of individuals who register online for a digital conference for the purposes of obtaining information. On registering, you are concluding a contract with us regarding the conducting of the webinar. As part of the registration process, we will therefore require your first name and surname and your email address in order to conduct the webinar. The processing of your personal data is carried out on the basis of Article 6 (1) (b) GDPR. Both before the webinar and as a follow-up to the webinar, you will receive information related to the webinar from us.
In order to be able to offer webinars, artegic AG uses the GoToWebinar service of LogMeIn USA Inc., 333 Summer Street, Boston, MA 02210 USA. LogMeIn USA Inc. is certified under the privacy shield agreement and, as a result, guarantees that it will comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000013fAAA&status=Active.
Your personal data will be kept following the termination of the contract in accordance with the statutory storage obligations and subsequently deleted.
We approach our customers at regular intervals in order to ask them about their satisfaction with our services. We use the „SurveyLegend“ software from SurveyLegend AB, Hamngatan 4, 211 22, Malmö, Sweden. If we do not carry out the surveys in an anonymous form, the survey is carried out on the basis of your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. In the course of the survey we process technical data such as your IP address and device information, your first and last name, your contact data such as email address or telephone number, as well as content data according to your entries. After completion and evaluation of the customer survey, the personal data will be deleted. The maximum storage period is three months.
To enable an encrypted file exchange between us and our customers, we use the software „Cryptshare“ of Befine Solutions AG. In the course of this, the customer can have himself verified by us for encrypted dispatch by stating his first and last name, his telephone number, and e-mail address. The data provided is used exclusively for the purpose of sending the files/messages provided in an encrypted form as part of the contractual relationship. The legal basis is to be seen in Art. 6 para. 1 sentence 1 letter b GDPR.The data is deleted after 180 days.
VII. Sharing Personal Data
In addition, personal data will not be shared without your express consent in pursuance of Article 6 (1) (a) GDPR, unless there is a legal obligation in pursuance of Article 6 (1) (c), this is legally required in pursuance of Article 6 (1) (b) GDPR for the performance of contractual relations, or the sharing is required in pursuance of Article 6 (1) (f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest in the non-sharing of your data, which merits protection.
VIII. Data Security
The website is protected by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. We use the widespread SSL method (Secure Socket Layer) during your visits to the website, in conjunction with the highest level of encryption which is supported by your browser in each case. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we have recourse to 128-bit v3 technology instead. You can see whether an individual page of our website is encrypted by means of the locked padlock icon in the bottom status bar of your browser. Despite regular checks, it is impossible to provide complete protection against all risks. However, our security measures are continuously being improved in accordance with technological developments.
IX. Rights of Parties Concerned
You have the right:
- in pursuance of Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of the processing or to object to such processing, the existence of a right to lodge a complaint, the origin of your data if these were not collected by us, as well as regarding the existence of automated decision-making, including profiling and, if applicable, meaningful information about the details thereof;
- in pursuance of Article 16 GDPR, to immediately request the rectification of inaccurate personal data or the completion of your personal data stored by us;
- in pursuance of Article 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- in pursuance of Article 18 GDPR, to request the restriction of the processing of your personal data, inasmuch as the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure thereof and we no longer need the data but you need them for the establishment, exercise or defence of legal claims, or you have objected to the processing in pursuance of Article 21 GDPR;
- in pursuance of Article 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format, or to request the transmission to another controller;
- in pursuance of Article 7 (3) GDPR, to withdraw the consent you have given us at any time. The consequence of this is that we can no longer continue processing the data which was based on this consent for the future, and
- in pursuance of Article 77 GDPR, to lodge a complaint with a supervisory authority. As a general rule, you can contact the supervisory authority of your habitual residence or place of work, or the head office of our company.
X. Right to object
If your personal data are processed on the basis of legitimate interests in pursuance of Article 6 (1) (f) GDPR, you have the right, in pursuance of Article 21 GDPR, to object to the processing of your personal data, inasmuch as grounds relating to your particular situation exist or the opposition is aimed at direct marketing. In the latter case, you have a general right to object which will be implemented by us without the indication of a particular situation. On the basis of Article 7 (3) GDPR you can object to your consent at any time. If you do so, we are not allowed to proceed the processing of your data, which you gave consent for. The legitimacy of the processig of your data which occured before you objected to it remains untouched by your withdrawal. If you would like to make use of your right to withdraw consent or right to object, you simply have to send an email to this effect to email@example.com. You can also contact us via mail or telephone.
XI. Data Protection Contact
If you have any questions regarding the collection, processing, or use of your personal data or if you require information, or for rectification, blocking or erasure of data, please contact:
The Data Protection Officer
Tel: +49 228 22 77 97-0
Fax: +49 228 22 77 97-900