Data protection

Privacy notice

I. Name and address of Controller

The Controller within the meaning of the relevant data protection legislation is:

CANCOM SE
Erika-Mann-Str. 69
D-80363 Munich (headquarters)
Tel.: +49 89 540 540
Email: info@cancom.de

together with the affiliated companies listed below:

CANCOM a+d IT Solutions GmbH

CANCOM Financial Services GmbH

CANCOM GmbH

CANCOM ICT Service GmbH

CANCOM ICP

CANCOM Leipzig Hansa Computer

CANCOM on line BVBA

CANCOM on line GmbH

CANCOM physical infrastructure GmbH

CANCOM SCS GmbH.

CANCOM Communications & Collaboration

– Below they are referred to jointly as “CANCOM”, the “Undertaking” or “We” –

II. Name and address of data protection officer

CANCOM’s data protection officer is:

Markus Ost
Messerschmittstraße 20
89343 Jettingen-Scheppach
Germany
Tel.: +49 8225 996-1379
E-Mail: datenschutz@cancom.de

III. General information on data processing

1. Scope of personal data processing
As a general rule, We only process personal data about our users where We need to do so in order to provide a functioning website, our content and services and where We are permitted to do so by law.

2. Legal basis for the processing of personal data
Where We obtain the consent of the data subject to process personal data, the legal basis for processing is Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR).
Where We process personal data for the performance of a contract to which the data subject is party, the legal basis for processing is Article 6 (1) (b) GDPR. This is also the case where We process data in order to take steps prior to entering into a contract.
Where We process personal data in order to comply with a legal obligation to which We are subject, the legal basis for processing is Article 6 (1) (c) GDPR.
Where We process personal data in order to protect the vital interests of the data subject or another natural person, the legal basis for processing is Article 6 (1) (d) GDPR.
Where We process personal data for the purposes of the legitimate interests pursued by our Undertaking or a third-party and these interests do not override the interests, fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6 (1) (f) GDPR.

3. Data erasure, retention period
DWe block or erase personal data about data subjects as soon as there ceases to be a need to retain it. We may also retain data where provided for by European or national legislators in EU regulations, laws or other rules to which We, the Controller, are subject. We block or erase data when a retention period stipulated in one of the aforementioned regulations, laws or other rules expires, except where We need to retain the data for longer in connection with the conclusion or performance of a contract.

IV. Provision of website and creation of log files

1. Description and scope of data processing
When you view our website, our system automatically collects data and information from the computer system on the computer you are using. During this process We gather the following data:

(1) information about the browser type and version used
(2) the user’s operating system
(3) the user’s internet Service Provider
(4) the user’s IP address
(5) the date and time of access
(6) websites from which the user’s system accessed our website
(7) websites accessed by the user’s system via our website.

The data is also stored in our system’s log files. This data is not stored together with other personal data about the user.

2. Legal basis for data processing
The legal basis for the temporary storage of this data and the log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing
The system needs to store the IP address to deliver the website to the user’s computer. This means We need to retain the user’s IP address for the length of the session.

We store data in log files to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our information technology systems. We do not evaluate the data for marketing purposes as part of this process.

These purposes constitute the legitimate interests in data processing pursued by our Undertaking under Article 6 (1) (f) GDPR.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. When We collect data in order to provide the website, We no longer need it once a particular session has ended.

When we store data in log files, We generally erase it after no more than seven days. In certain circumstances We may retain it for a longer period, in which case users’ IP addresses are erased or masked so that that they can no longer be connected to the retrieving client.

5. Right to object, right of removal
The collection of data to provide the website and the storage of the data in log files is essential to our operation of the website. As a result, the user has no right to object to it.

V. Use of Cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after a page change (technically necessary cookies).

The following data is stored and transmitted in the cookies:

  • language settings
  • Article in a shopping cart
  • Log-in information

In addition, we use cookies on our website that allow an analysis of users’ browsing behavior (technically unnecessary cookies).

In this way, the following data can be transmitted:

  • Entered search terms
  • Frequency of page views
  • Use of website features
  • Anonymized usage data for generating statistics

When you visit our website, you are informed about the use of cookies and your consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f. DSGVO.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. 1 lit. a GDPR.

3. Purpose of data processing
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these it is necessary that the user is recognized by an ID even after a page break. We require cookies for the following applications:

  • Transfer of language settings
  • Remember searchterms
  • shopping cart

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents for the user. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer and the user experience.

4. Retention period, Right to object, right of removal
Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

VI. Newsletter

1. Description and scope of data processing
Users are able to subscribe to our free newsletter. When they sign up, the following data from the sign-up form is sent to us:

  • Title
  • Surname
  • E-Mail-Adress

We also collect the following data during the sign-up process:

(1) the IP address of the computer from which the site is being viewed
(2) the date and time of registration.

On the sign-up form We ask for your consent to process the data. The sign-up form also contains a reference to this privacy notice.

The service providers We use to help provide our services may have access to your data. They are primarily service providers We engage to help provide the newsletter and the software we use to do so (Software-as-a-Service, ASP service). We allow them access to your data only in so far as is necessary to provide their services and for the necessary period. They undertake to use only people who have signed a confidentiality undertaking or are subject to an appropriate statutory duty of confidentiality to provide their services.
The processing of data on behalf of other parties is governed by data processing agreements as stipulated in Article 28 GDPR.

We disclose data to third parties (Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich) in connection with the processing of data for the mailing out of newsletters. This data is used exclusively to mail out the newsletter.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for processing data after he or she has signed up to the newsletter is Article 6 (1) (a) GDPR.

The legal basis for mailing out newsletters following the purchase of goods and services is section 7 (3) of the German Law Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb, UWG].

3. Purpose of data processing
We collect the user’s title, surname and email address so that We can personalise the newsletter.

We collect other personal data during the sign-up process in order to prevent any abuse of the services and the email address used.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. As a result, we store the user’s email address for as long as his or her newsletter subscription remains active.

Other personal data collected during the sign-up process is generally erased after a period of seven days.

5. Right to object, right of removal
Users can cancel their newsletter subscription at any time. Each newsletter contains a specific link for this purpose.

This link also allows you can withdraw your consent for us to store personal data collected during the sign-up process.

VII. Kontaktformular und E-Mail-Kontakt

1. Description and scope of data processing
Our website contains forms for contacting us, registering for events and advertising and forms for feedback and processing support requests. They can be used to contact us electronically. When a user completes one of these forms, the data entered into the form is sent to us and stored.
The data entered is as follows:

  • Title
  • Name
  • E-Mail
  • Telephone number
  • Company
  • Reason for making contact
  • Consent to store data
  • Address (location, post code)

As the message is sent, the following data is also stored:

(1) the user’s IP address
(2) the time and date of registration.

We ask for your consent to process this data during the sending process and provide a reference to this privacy notice with the necessary duties of information.

Alternatively, you can contact us using the email address provided. If you do this, We store the personal data about you sent with the email.

We do not pass the data collected during this process on to third parties. It is used for the stated purpose only.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for data processing is Article 6 (1) (a) GDPR.

The legal basis for processing data provided when an email is sent is Article 6 (1) (f) GDPR. Where email contact leads to the conclusion of a contract, Article 6 (1) (b) GDPR provides another legal basis for processing.

3. Purpose of data processing
We only use personal data collected from contact forms to process the contact request. If you contact us by email, this in itself constitutes our legitimate interest in processing the data.

Other personal data collected during the sending process is used to prevent any misuse of the contact form and ensure the security of our information technology systems.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. This means that we erase personal data entered in a contact form or sent by email once the conversation with the user has finished. The conversation is deemed to have finished when the circumstances indicate that the matter at issue has been resolved.

Other personal data collected during the sending process is erased after a period of no more than seven days.

5. Right to object, right of removal
Users can withdraw their consent for us to process personal data at any time. If a user contacts us by email, he or she can object to the storage of his or her personal data at any time. Where this is the case, however, it is impossible to continue the conversation.

To object to the storage of your personal data, simply send a message to widerspruch@cancom.de

In this case, all the personal data stored when you made contact will be erased.

VIII. Web analysis using Google Analytics

1. Description and scope of data processing
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”. Cookies are text files that are stored on your computer and allow us to analyse how you use our website. Information on how you use the website generated by the cookie, including:

  • browser type/version,
  • operating system used,
  • referrer URL (page previously visited),
  • host name of the accessing computer (IP address),
  • time of the server request,

is generally transmitted to a Google server in the USA, where it is stored. Google does not combine the IP address transmitted by your browser via Google Analytics with any other data. In addition to Google Analytics, we have also installed “anonymizeIP” on this website. This masks your IP address so that all data is collected anonymously. If, in exceptional circumstances, the full IP address is sent to a Google server in the USA, it is abbreviated.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for data processing is Article 6 (1) (a) GDPR.

3. Purpose of data processing
On behalf of the provider of this website, Google uses this information to assess how you use our website, to compile reports on website activity and to provide the website provider with other services connected with website and internet use.

4. Retention period
Data sent by us which is linked to cookies, login details (e.g. a user ID) or advertising IDs is erased automatically after 26 months. Data which has reached its storage limit is erased automatically once a month.

5. Right to object, right of removal
You can set your browser software to block the installation of cookies. If you do this, however, you may be unable to use all the functions of our website fully. You can also prevent Google from collecting and processing data generated by cookies relating to your use of the website (including your IP address) by downloading and installing the browser-add-on Opt-out cookies stop your data being collected when you visit a website in the future. Click here to install the opt-out cookie: deactivate Google Analytics
6. Further information
You will find further information on our terms of use and data protection at:

https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de

IX. Social Plugins

On our website we offer the chance to use so-called social media buttons. To protect your data we have chosen to use the Shariff plug-in. This means that the buttons simply appear on the website as icons which contain a link to the relevant button provider. Clicking on an icon takes you to the services offered by the relevant provider and it is only at this point that your data is sent to the provider. If choose not to click on the icon, no data will be exchanged between you and the social media button providers. You can find how social networks collect and use your data in the terms of use published by the various providers.
Our website features social media buttons for the following providers:

XING button, XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
You can find XING’s privacy notice at: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn button, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
You can find LinkedIn’s privacy notice at: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Twitter button, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”)
You can find Twitter’s privacy notice at: https://twitter.com/privacy

Youtube button, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Youtube”)
You can find Google’s privacy notice at: http://www.google.com/intl/de/+/policy/+1button.html

Facebook button, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”)
You can find Facebook’s privacy notice at:
http://www.facebook.com/policy.php

Google+ button, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You can find Google’s US data protection notice at: http://www.google.com/intl/de/+/policy/+1button.html

Vimeo button, Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA
You can find Vimeo’s privacy notice at: https://vimeo.com/privacy

Instagram button, Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”)
You can find Instagram’s privacy notice at: https://help.instagram.com/155833707900388/

X. Data security

We safeguard our website and other systems against the loss, destruction, access, alteration or dissemination of your data by unauthorised persons by technical and organisational measures. In particular, your personal data is transmitted in encrypted form. On our website we use standard SSL (Secure Socket Layer) technology. Unfortunately, however, the transmission of information via the Internet is never completely safe. For this reason, We are unable to guarantee the security of data transmitted to our Website via the Internet.

 

XI. Disclosure of data

We do not pass on your personal data to third parties unless you have given your consent for us to do so or We are permitted or obliged to do so by statutory provisions and/or an administrative or court order. This may include, in particular, the provision of information for the purposes of law enforcement, protection against security threats and the enforcement of intellectual property rights.

 

XII. Data protection and third-party websites

Our website may contain hyperlinks to and from third-party websites. Please note that if you follow a hyperlink to a third-party website, We cannot accept any liability or responsibility for third-party content or privacy notices. Please check the relevant privacy notices before sending personal data to these websites.

XIII. Rights of data subjects

Whenever your personal data is processed, you are a Data Subject within the meaning of the GDPR. This gives you the following rights in respect of the Controller:

1. Right of access
Under Article 15 GDPR, you have the right to access any personal data about you that We process. In particular, you have the right to obtain information about the purposes of the processing; about the categories of personal data concerned; about the categories of recipients to whom the data has been or will be disclosed; about the planned retention period; about your right to the rectification or erasure of personal data, to the restriction of processing of personal data and to object to such processing; about the source of data where it was not collected by us; about the existence of automated decision-making including profiling; and, where appropriate, to access detailed and meaningful information on these issues.

2. Right to rectification
Under Article 16 GDPR, you have the right to obtain from the Controller the rectification and/or completion of processed personal data about you that is inaccurate or incomplete. The Controller shall carry out such rectification without undue delay.

3. Right to erasure
Under Article 17 GDPR, you have the right to obtain the erasure of your data where its processing is not necessary to the exercise of the right of freedom of expression and information, to compliance with a legal obligation, for reasons of public interest or to the establishment, exercise or defence of legal claims.

4. Right to restriction of processing
Under Article 18 GDPR, you have the right to obtain restriction of the processing of your personal data where you dispute the accuracy of the data, where the processing is unlawful but you refuse the erasure of the data and where We no longer need the data but you need it for the establishment, exercise or defence of legal claims or where you have objected to the processing under Article 21 GDPR.

5. Right to data portability
Under Article 20 GDPR, you have the right to receive any personal data you have provided to us in a structured, common and machine-readable format or transmit it to another Controller.

6. Right to withdraw consent
Under Article 7 Abs. 3 GDPR, you have the right to withdraw the consent you have given us at any time. Once you have withdrawn your consent, We must cease processing based on this consent for the future.
To exercise your right to withdraw consent, send an email to:
widerspruch@cancom.de
In addition, in each newsletter you will find a link that allows you to unsubscribe from further newsletters.

7. Right to object
Where your personal data is being processed on the basis of legitimate interest under Article 6 (1) sentence 1 (f) GDPR, Article 21 GDPR gives you the right to object to this processing on grounds relating to your particular situation or where the objection is against direct marketing.
In the case of direct marketing, you have a general right to object which can be exercised without indicating a particular situation.
To exercise your right to object to processing, send an email to: widerspruch@cancom.de

8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data about you breaches the GDPR.
The supervisory authority with which the complaint has been lodged will inform you about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

XIV. Version

This privacy notice was last updated on 22 May 2018. CANCOM reserves the right to update this privacy notice from time to time. (Version: 22 May 2018)