Data Protection Declaration
COSMO CONSULT TIC GmbH (Listemannstr. 10, 39104 Magdeburg, Tel.: 0391-25497-0, email: magdeburg@cosmoconsult.com) takes the protection of personal data very seriously. We treat your personal data as confidential and in accordance with both legislative data protection regulations and this data protection declaration.
In what follows you will find information on how Cosmo Consult collects and uses personal data, in particular what data is collected during your visit on www.digitale-baustelle.com and how it is used. In section number 4 we provide you with information about your rights under the EU Data Protection Regulation and how you can exercise those rights.
We will not share your personal data with third parties without your consent or without a legal obligation; we will use it only for the technical administration of the web pages. If you are one of our customers, we will use your data for customer management and for marketing only to the extent required and legally permitted. As one of our customers, you are always entitled to revoke permission for the promotional use of your data at any time.
Personal data will only be collected or transmitted to state institutions and authorities within the context of mandatory national legislation.
Here we now offer you the possibility to conclude an EU-DSGVO-compliant contract agreement with us: SharePoint Link
1.0 General
The object of this data protection declaration is the collection, processing and use of personal data by the website www.digitale-baustelle.com.
1.1 Collection and processing of personal data
Our website can generally be used without providing personal data. Personal data, such as the user’s name, address, telephone number or email address, is only recorded if the user provides this information voluntarily. We use the personal data provided solely to meet your requirements.
We will process your personal data for the following purposes.
a) Contract fulfillment
We will process your data in order to be able to fulfill our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purpose of the data processing depends on the product and the application submitted; it may also be used to analyze your needs and to determine which products and services are suitable for you. For the fulfillment of the contract we need your name, your address, and your telephone number or e-mail address, so that we can contact you. We also need your personal data in order to determine whether we can offer you products and services and if so which ones. You can find details concerning the respective purposes of the data processing in the contract documents and our general terms and conditions.
This data processing is done on the basis of Article 6 (1) b GDPR.
b) Measures for your security
The situations in which we use your personal data include:
- We analyze your data to protect you or your company from fraudulent activities. This might be the case if, for example, you have been the victim of identity theft or if unauthorized persons have gained access to your user account in some other way;
- To improve the reliability of our web applications, our IT support will work closely with you in case of technical problems. In this context, we also evaluate logs of page views, actions performed, etc.;
- To ensure IT security;
- To be able to document and prove facts for the eventuality of possible legal disputes.
This data processing is done on the basis of Article 6 (1) f GDPR.
c) On the basis of your consent
If you have granted consent for the processing of your personal data for one or more specified purposes, then it is permissible for us to process your data. You may revoke your consent with a view to the future at any time without incurring any cost other than the base rate for transmission (the cost of your Internet connection). However, the revocation of consent does not affect the legality of the processing up to the revocation.
The processing of this data for this purpose is done on the basis of Article 6 (1) a of the GDPR.
d) On the basis of legal requirements or in the public interest
As a company, we are subject to a wide variety of legal requirements (for example, arising from tax legislation). In order to comply with our legal obligations, we process only the personal data that is absolutely necessary for that purpose.
In accordance with applicable data protection regulations, we do not store your personal data longer than is necessary for the purpose of the processing concerned. When the data is no longer required for the fulfillment of contractual or legal obligations, we regularly delete it, unless it is necessary to store it temporarily. The following reasons may be grounds for retaining the data:
- There are obligations to retain data under commercial and tax law that must be complied with: time periods of up to 10 years are prescribed for the retention of data according to the regulations of the commercial code and the tax code.
- To preserve evidence for the event of legal disputes within the framework of the statutory limitation period: civil law limitation periods can be up to 30 years, although statutes of limitation periods regularly expire after three years.
1.2 Cookies
Web pages sometimes use so-called cookies. Cookies are small text files that allow specific device-related information to be saved on the device used by the user (PC, smartphone, or similar) to access the web page. On the one hand, they serve the user-friendliness of web pages and thereby the users (e.g. saving login data) and on the other hand they serve to gather statistical data on website use in order to analyse this to improve what is on offer.
You can configure your browser in such a way that you are informed of the placement of cookies and only allow them on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
1.3 Use of Matomo
This website uses Matomo, an open source software for statistical evaluation of visitor access. Matomo uses “cookies” (see above), which are stored on your computer, to help the website analyze how users use the website. The information generated by the cookie about your use of this website will be stored on the web servers in the European Union that we use. The IP address is anonymised immediately after processing and before it is stored. You can prevent the installation of cookies by setting your browser software accordingly.
If you do not agree with the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing usage data. If you delete your cookies, the Matomo Opt-Out-Cookie will also be deleted. The opt-out must be reactivated when you visit our site again.
1.4 Use of Youtube
On our website we use plugins from the YouTube page, which is operated by YouTube LLC, a subsidiary of Google, 901 Cherry Ave., San Bruno, CA 94066, USA. If you access a page from our website that contains such a plugin, your browser will establish a direct connection with YouTube’s servers. The Youtube server will be informed which of our pages you have visited. If you are logged in to your YouTube account, you can allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. For more information about the handling of user data, please refer to YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.
1.5 Use of LinkedIn plugins
On our website we use so-called social plugins (“plugins”) from the social network LinkedIn, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). You can recognise LinkedIn plugins on our website by the LinkedIn logo or the “recommend” button.
If you access a page from our website that contains such a plugin, your browser will establish a direct connection with LinkedIn’s servers. The content of the plugin is transmitted from LinkedIn directly to your browser and embedded in the page. As a result of this embedding, LinkedIn obtains the information that your browser accessed the corresponding page of our website, even if you do not have a profile with LinkedIn or are not currently logged in to LinkedIn. This information (including your IP address) is sent from your browser directly to a LinkedIn server in the USA and is saved there.
If you are logged in to LinkedIn, LinkedIn may immediately assign the visit to our website to your LinkedIn account. If you interact with the plugins, for example by pressing the “LinkedIn” button, the corresponding information is also sent directly to a LinkedIn server and is saved there. The information will also be published to your LinkedIn account and displayed there to your contacts.
To find out more about the purpose and scope of data gathering and the further processing and use of the data by LinkedIn, and your rights and configuration options for the protection of your privacy in this respect, please see LinkedIn’s privacy policy: www.linkedin.com/legal/privacy-policy.
1.6 Use of Google+ plugins (for example, the “+1” button)
On our website we use so-called social plugins (“plugins”) from the social network Google+, which is operated by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (“Google”). Google+ plugins are characterised, for example, by buttons with the “+1” symbol on a white or coloured background. You can find an overview of Google+ plugins and their appearance here: https://developers.google.com/+/plugins.
If you access a page from our website that contains such a plugin, your browser will establish a direct connection with Google’s servers. The content of the plugin is transmitted from Google directly to your browser and embedded in the page. As a result of this embedding, Google obtains the information that your browser accessed the corresponding page of our website, even if you do not have a profile with Google+ or are not currently logged in to Google+. This information (including your IP address) is sent from your browser directly to a Google server in the USA and is saved there.
If you are logged in to Google+, Google may immediately assign the visit to our website to your Google+ profile. If you interact with the plugins, for example by pressing the “+1” button, the corresponding information is also sent directly to a Google server and is saved there. The information will also be published to Google+ and displayed there to your contacts.
To find out more about the purpose and scope of data gathering and the further processing and use of the data by Google, and your rights and configuration options for the protection of your privacy in this respect, please see Google’s privacy policy: http://www.google.com/intl/de/+/policy/+1button.html.
If you do not want Google to immediately assign the data collected via our website to your Google profile, you must log out of Google+ before visiting our website. You can also completely prevent Google plugins from loading by using add-ons for your browser, for example with the “NoScript” script blocker (http://noscript.net/).
1.7 Use of Twitter plugins (for example, the “Tweet” button)
On our website we use so-called social plugins (“plugins”) from the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). The plugins are characterised by a Twitter logo, for example in the form of a blue “Twitter bird”.
If you access a page from our website that contains such a plugin, your browser will establish a direct connection with Twitter’s servers. The content of the plugin is transmitted from Twitter directly to your browser and embedded in the page. As a result of this embedding, Twitter obtains the information that your browser accessed the corresponding page of our website, even if you do not have a profile with Twitter or are not currently logged in to Twitter. This information (including your IP address) is sent from your browser directly to a Twitter server in the USA and is saved there.
If you are logged in to Twitter, Twitter may immediately assign the visit to our website to your Twitter account. If you interact with the plugins, for example by pressing the “Tweet” button, the corresponding information is also sent directly to a Twitter server and is saved there. The information will also be published to your Twitter account and displayed there to your contacts.
To find out more about the purpose and scope of data gathering and the further processing and use of the data by Twitter, and your rights and configuration options for the protection of your privacy in this respect, please see Twitter’s privacy policy: twitter.com/privacy.
You can change your privacy settings on Twitter in the account settings at twitter.com/account/settings.
If you do not want Twitter to immediately assign the data collected via our website to your Twitter account, you must log out of Twitter before you visit our website. You can also completely prevent Twitter plugins from loading by using add-ons for your browser, for example with the “NoScript” script blocker (http://noscript.net/).
1.8 Use of Facebook Social Plugins
Our website uses Social Plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”). Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is legally responsible for all users outside of the USA and Canada. The Facebook Social Plugins are characterised by one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” symbol) or are provided with the “Facebook Social Plugin” add-on. The list and the appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
If you access a website that contains such a plugin, your browser will establish a direct connection with Facebook’s servers. The content of the plugin is transmitted from Facebook directly to your browser and embedded in the website by the browser. As a website provider, we have no influence on the scope of the data that Facebook gathers using this plugin and therefore inform you of the following, according to our present knowledge:
The embedded Facebook Social Plugins transmit to Facebook the information that a user accessed the corresponding website. If the user is logged in to Facebook at the time, Facebook can assign the visit to the user’s Facebook account. If an interaction occurs between the user and the plugin, for example if the user presses the “Like” button or writes a comment, the corresponding information will be sent from the browser directly to Facebook and will be stored there. Even if a user is not a member of Facebook, there is the possibility that Facebook will find out the user’s IP address and store it. According to Facebook, in Germany only anonymised IP addresses are saved.
To find out more about the purpose and scope of data gathering and the further processing and use of the data by Facebook, and your rights and configuration options for the protection of your privacy in this respect, please see Facebook’s data policy: https://www.facebook.com/about/privacy/.
If you are a member of Facebook and do not want Facebook to collect information about you via our web pages and to link with your member data saved on Facebook, you must log out of Facebook before visiting our website. Additional settings and objections to the use of data for advertising purposes are available within the Facebook profile settings: www.facebook.com/settings.
1.9 Contact requests / demo account
Some pages on our website offer you the option of contacting us or request a demo account for further functions. We will only use information transmitted in this way to process your request or to provide access to the demo system. Data collected in this way will not be passed on to third parties or reconciled with data that may have been collected by other components of our website.
1.10 Objection to advertising emails
The use of contact data published in compliance with German legislation on providing company information for sending advertisements and informational material that is not expressly requested is hereby rejected. The operators of the web pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.
1.11 Amendment to the data protection declaration
We reserve the right to amend this data protection declaration from time to time based on updates of this website. We therefore recommend that you visit this website regularly to make sure that you agree with the amendments.
1.12 Revocation, amendments, corrections and updates
You have the right to access the information on your stored personal data, its origin and recipients, and the purpose of data processing free-of-charge and at any time, and you also have the right to correct, block or delete this data. For this purpose and in case of additional questions on the topic of personal data, you may contact us at any time at the address provided in the imprint.
2.0 Data Protection Officer
If you have questions regarding the processing of your personal data or require additional information on the topic of data protection, please do not hesitate to contact our data protection manager.
Mr Marco Schröder
2b Advice GmbH
Joseph-Schrumpeter-Straße 15
53227 Bonn
Germany
cosmoconsult(at)2b-advice.com
www.2b-advice.com
3.0 Members of the Joint Controllership Agreement
As the joint controllership body, COSMO CONSULT Group, the companies listed here have entered into a data protection agreement in accordance with Article 26 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR) as amended.
3.1 Overview of all Partners and Contractors
COSMO CONSULT has concluded data processing agreements with strategic partners and other service providers in accordance with Article 28 GDPR with effect for all companies of the group. COSMO CONSULT uses the service providers listed as approved subcontractors. Here you can find the Overview of all Contractors and Partners.
3.2 Order Data Processing Agreement
Article 28 ff. EU-GDPR lays out detailed statutory rules on the processing of personal data by service providers. If you pass on personal data of your company, business partners or customers, it is important that you do so in a manner that is legally compliant and in accordance with the new EU Regulation.
If you have your customer data processed directly or remotely by COSMO CONSULT or if you make it available to us for the purpose of processing service requests, we are now offering the opportunity for you to conclude an EU-GDPR-compliant contract agreement with us that guarantees you complete legal certainty. In order to make the necessary processes as convenient and transparent as possible for you, an application form is available under the following link:SharePoint Link
Simply log in here with your YourCOSMO user account.
In the online form you can then enter the specific details about the type and scope of the data to be processed. On the basis of this, we will create a processor contract tailored to your needs. Please note: No additional costs arise for you in connection with the application or preparing or concluding the contract!
3.3 Data protection and Data Security at COSMO CONSULT
COSMO CONSULT has taken measures in the areas of construction, personnel, organization and technology that ensure the security of objects and data, as well as uninterrupted operations.
The technical and organizational data-protection measures deal with the following:
- Organizational control, physical access control, system access control, data access control, transfer control, order control, availability control and the separation requirement
- Type of data exchange, provision of data, nature and circumstances of processing, data storage as well as the kind of and environment for data transmission
- Measures to permanently secure the confidentiality, integrity, availability and capacity of the systems and services and the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident. A procedure for periodically reviewing, assessing and evaluating the effectiveness of these measures.
As a general principle, the technical and organizational measures of COSMO CONSULT are affected by technological progress and continuing development. COSMO CONSULT will take all measures necessary to increase security. You can download the current documentation of the technical and organizational measures “Data Protection and Data Security at COSMO CONSULT” here.
4.0 Rights of affected persons
You always have the right to receive information about your stored personal data, its origin, the recipients of that data as well as the the purpose of the data processing free of charge at any time. If the data is not correct, you are entitled to require us to correct it or, if it is incomplete, to remedy that. If we have given your data to third parties with your consent, we will inform them of this action in certain legal circumstances.
If the data processing is done in the public interest or on the basis of a balance of interests, you have the right to object to the data processing for reasons arising from your particular situation.
If your data is no longer needed for the original purpose, you have revoked your consent and there is no other legal basis for processing the data, or if your data is being processed unlawfully, you are entitled to require us to delete your data. This also applies if your objection to the processing is legally effective or your data must be deleted to fulfill a legal obligation.
Please note that before deleting your data, we must confirm that there is no legitimate reason or legal obligation to process your personal data.
You are entitled to demand that the processing of your data be restricted if you dispute the accuracy of the data, we still need the data in order to assert legal claims, the data is being processed unlawfully or you have objected to the processing and the review of your case is still pending.
If you provide us with personal data, you have the right to receive that data on request in a transferable and machine-readable format or to have that data provided to another person named by you.
Of course, you also have the right to lodge a complaint with the competent authority at any time if our conduct in relation to your personal data gives you grounds to do so.