Information on data protection for website users bewegend.scholpp.de
§ 1 Information on the collection of personal data
(1) General information
Thank you for your interest in our website. Protecting your personal data upon your visit to our website is a particularly high priority for the management of SCHOLPP Holding GmbH. We have set out the following information to give you an overview of how your personal data is processed by us and your rights under data protection legislation. Personal data is any data that can be related to you personally, for example, your name, address, e-mail addresses, and user behavior.
Where a data subject wishes to use particular services offered by our company via our website, such as our contact form, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for the processing, we generally obtain the consent of the data subject. Data is processed at all times in compliance with the European General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations that apply to SCHOLPP Holding GmbH.
As the data controller, SCHOLPP Holding GmbH has implemented technical and organizational measures to ensure that your personal data processed on this website is protected to the greatest possible extent against loss, destruction, access, alteration, or dissemination by unauthorized persons. This also includes securely transmitting your personal data in encrypted form. We use the TSL (Transport Layer Security) coding system for this purpose.
However, it is impossible to guarantee complete protection due to fundamental security vulnerabilities in web-based data transmission.
The controller pursuant to Art. 4 (7) of the European General Data Protection Regulation (GDPR) and the applicable country-specific data protection regulations is:
SCHOLPP Holding GmbH
Phone: +49 (0)6074 929 0
Fax: +49 (0)6074 929 100
If you have any general questions about data protection within the SCHOLPP Group, please send an e-mail to datenschutz(at)scholpp.de.
You can write to our Data Protection Officer, Sven Bartsch, at the above postal address c/o Data Privacy Officer, or you can contact us by e-mail to: datenschutzbeauftragter(at)scholpp.de.
(3) General information on data processing
We collect and use the personal data of our users only where this is necessary to provide a functional website, to display our content, and to provide services. The personal data of our users is collected and used only with the consent of the user. This does not apply to cases where it is not possible to obtain prior consent for practical reasons and where the processing of the data is permitted under statutory regulations.
The following legal bases apply to the processing of your personal data:
- Processing on the basis of consent (Art. 6 (1) a) GDPR)
- Processing for the purpose of performing a contract to which the data subject is party. This also applies to processing that is necessary to take steps prior to entering into a contract (Art. 6 (1) b) GDPR)
- Processing that is necessary for compliance with a legal obligation to which our company is subject (Art. 6 (1) c) GDPR)
- Processing in the event that the vital interests of the data subject or another natural person render the processing of personal data necessary (Art. 6 (1) d) GDPR)
- Processing that is necessary to protect the legitimate interests of our company or a third party, except where these interests are overridden by the interests, fundamental rights, and freedoms of the data subject (Art. 6 (1) f) GDPR). Legitimate interests may include, in particular:
- Correctly displaying the content of our website
- Statistical analyses for the purpose of monitoring and optimizing our website
- Providing law enforcement authorities with the information required for criminal prosecution in the event of a cyberattack
- Responding to requests and providing services and/or information intended for you
- Processing and transmitting personal data for internal or administrative purposes
- Preventing and investigating cases of fraud and criminal offenses
- Ensuring the permanent operational reliability of our IT systems and the technology used on our website with a view to strengthening data protection and data security within our company.
§ 2 Your rights
(1) My rights as a data subject
You can request information on the data stored on you (Art. 15 GDPR) using the above contact details. Additionally, you can request rectification where we have stored inaccurate data relating to you (Art. 16 GDPR). Under certain conditions, you can also request the erasure of your data (Art. 17 GDPR) or exercise your right to object (Art. 21 GDPR). You also have the right to restrict the processing of your personal data (Art. 18 GDPR) and the right to receive the data that you have provided (Art. 20 GDPR). The restrictions under Articles 34 and 35 GDPR apply to the right of access and the right to erasure. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act (BDSG)).
(2) Objection to/withdrawal of consent to the processing of your data
If you have given your consent to the processing of your data, you can withdraw this consent at any time. Withdrawing your consent affects the lawfulness of the processing of your personal data after you have notified us of the withdrawal.
Insofar as we have based the processing of your personal data on the balance of interests, you can object to the processing. This is the case where, in particular, processing is not necessary to perform a contract with you, as we have outlined in the following description of the respective functions. If you choose to exercise your right to object, please state the reasons why we should not process your personal data as we have been doing so far. If your objection is justified, we will examine the situation and will either stop processing your data, or adapt the manner in which we do so, or state our compelling legitimate reasons for continuing to process your data.
(3) Who has access to my data?
Unless otherwise provided for in the detailed descriptions of our services, those units within our company that need your data to fulfill our contractual and statutory obligations will have access to it. We will only disclose information relating to you where statutory duties to provide information require us to do so, where you have given your consent and/or where the disclosure is legitimate under another legal basis.
Where we engage the services of contracted service providers for specific functions of our website, these providers are carefully selected and commissioned by us, are bound by our instructions and monitored on a regular basis.
If we would like to use your data for marketing purposes, we have set out in detail below how these processes operate.
(4) How long is my data stored?
Unless otherwise provided for in the detailed descriptions of our services, we process and store your personal data as long as is necessary to fulfill our contractual and statutory obligations.
Your personal data is periodically deleted or blocked where it is no longer required to fulfill contractual or statutory obligations, you have exercised your right to erasure, all reciprocal claims have been settled, and no other statutory retention obligations or legal bases for storing the data exist.
§ 3 Collection of personal data when you visit our website
(1) Use of server log files
Each time a data subject or an automated system accesses our website, a series of general data and information is collected in log files. This includes an Internet protocol address (IP address), the directory protection user, the browser types and versions used, the website from which the accessing system accesses our website (so-called referrer), the sub-pages on our website accessed by the accessing system, data volume, date and time of the access to our website, and other similar data and information for risk prevention purposes in case of attacks on our IT systems.
The legal basis for the temporary storage of data and log files is Art. 6 (1) f) GDPR in connection with the aforementioned legitimate interests.
Temporary storage of the IP address by the system is necessary to ensure that the website is transmitted to the user’s computer. In this case, the user’s IP address must be stored for the duration of the session.
Data is stored in log files to ensure that the website functions properly. The data also helps us to optimize the website and ensure the security of our IT systems. This also forms the basis for our legitimate interest in the data processing pursuant to Art. 6 (1) f) GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data is collected to provide the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of data in log files is necessary to operate the website. The log files may also be inspected where, on the basis of specific indications, there is legitimate reason to suspect illegal use or a specific attack on our website. Here, our legitimate interest in the processing lies in identifying and prosecuting the individuals behind such attacks or illegal use.
In addition to the data set out above, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to your browser and stored on your hard drive, and by means of which specific information is transmitted to the body setting the cookie (in this case, us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the website more user-friendly and more efficient as a whole.
This website uses the following types of cookies. Their scope and function are set out below:
Transient cookies: Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These store a so-called session ID, which is used to assign various requests from your browser to the same session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies: These are deleted automatically after a specified time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
§ 4 Other functions and services of our website
Besides the purely informational use of our website, we also offer various services which you can use if interested. You will generally be asked to provide further personal data in this case, which we will use to provide the respective service. The above data processing principles apply to the personal data provided.
(1) Use of contact options
We provide a contact form, which can be used to contact us electronically, on our website. The data entered by the user on this form is transmitted to us and stored. This includes the following required fields: your name, e-mail address, and your message. All other details are voluntary and not required. Before the contact form is transmitted, we obtain your consent to the processing of your data and refer you to this Data Protection Policy. Art. 6 (1) a) GDPR provides the legal basis for the processing of data using the contact form.
Alternatively, you can contact us using the e-mail address provided. In such cases, we store the personal data of the user that is transmitted in the e-mail. The data is used solely for the ongoing dialogue with you and will not be shared with third parties. We have a legitimate interest in processing the personal data transmitted in an e-mail under Art. 6 (1) f) GDPR.
Where the purpose of the e-mail contact is to conclude a contract, Art. 6 (1) b) GDPR applies additionally to steps taken prior to entering into a contract and, where applicable, for subsequent processing in order to perform a contract.
We only store personal data that is processed by us within the context of a general request sent via the contact form or in an e-mail until such time as our dialogue has ended. The dialogue is deemed to have ended when it can be seen from the circumstances that the issue in question has been conclusively resolved.
Consent to the processing of your personal data can be withdrawn at any time. If you contact us by e-mail, you can, of course, also object at any time to the storage of your personal data. In such cases, we will not be able to continue the dialogue with you.
(2) Comment function
You have the option to write comments. We need your name or pseudonym for this. Entering the name of your website is optional. We will also ask for your IP and email addresses.
Purposes of processing
We ask for this information to enable transparent and individual communication to take place between the authors and commentators.
We need to store your IP and email addresses to defend ourselves against liability claims in the possible event that illegal content is published.
We also need your email address to contact you in case there are any complaints from third parties who find your comments illegal.
The IP and email addresses are also stored to avoid spam.
Art. 6 (1) (b) and (f) GDPR form the legal basis for this.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.
The IP and email addresses we collect are deleted once a month. Your public statements remain online after being reviewed and approved by the administrator.
Possibility to object
If you would like us to delete any of your published comments, please contact our Data Privacy Officer.
(3) Use of RSS
An RSS feed is a different form of the conventional newsletter, which you can read either with your browser or using a special program (RSS reader). Where we offer an RSS feed, we will use it to keep you updated about current events.
If we collect personal data when you subscribe to an RSS feed, this data will be processed solely for the purpose of providing the RSS feed and will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. when you unsubscribe or if we discontinue the RSS feed.
§ 5 Web analysis
(1) Google Tag Manager
This website uses Google Tag Manager. This service enables website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are set and no personal data is collected. Google Tag Manager triggers other tags that in turn may collect data. However, Google Tag Manager does not access this data. In the event that domains or cookies have been disabled, this also applies to all tracking tags, provided that these were implemented using Google Tag Manager.
(2) Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files that are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will first be truncated by Google within the Member States of the European Union or other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services relating to website activity and Internet usage.
Your IP address transmitted by your browser will not be associated by Google with any other data during the use of Google Analytics.
You can prevent the storage of cookies by configuring your browser settings accordingly. However, please note that in this case you may not be able to use all of the functions of this website to their full extent. You can also prevent the collection and processing of data generated by the cookie and related to your use of the website (including your IP address) by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Opt-out cookies prevent your data from being collected in future when you visit this website. To prevent the collection of data by Universal Analytics on various devices, you should set the opt-out cookie on all of the systems that you use. To set the opt-out cookie, click here: deactivate Google Analytics.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are only processed in truncated form, meaning that they cannot be related to a specific individual. Any possibility of relating the data collected on you to you personally is immediately excluded, and the personal data is deleted immediately.
We use Google Analytics to analyze the use of our website and in order to make regular improvements. We use these statistics to improve our presence and to make the content more interesting for you as the user. For the exceptional cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) f) GDPR.
This website also uses Google Analytics for the cross-device analysis of website traffic, which is performed via a user ID. You can disable the cross-device analysis of your user behavior in your customer account by going to My Data > Personal Data.
(3) Analysis by Wired Minds
Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist. An IP address is not stored in LeadLab under any circumstances. While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person. WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website. Alternatively, you can disable the Doubleclick cookies on the Digital Advertising page by clicking on the following Exclude from tracking link.
§ 7 Use of social media
(1) Social media plug-ins
We have no influence on the data collected or the manner in which it is processed, nor are we aware of the full scope of the data collection, the purposes of the processing or the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.
The plug-in provider stores the collected data relating to you in the form of user profiles and uses these for the purpose of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even if users are not logged in) in order to display appropriate ads and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; however, you must contact the respective plug-in provider to exercise this right. We use this plug-in to enable you to interact with the social media networks and other users so that we can improve our online presence and make the content more interesting for you as the user. The legal basis for the use of plug-ins is Art. 6 (1) f) GDPR.
The data is transmitted regardless of whether or not you have an account with the plug-in provider and are logged into it. If you are logged into the plug-in provider, the data relating to you collected by us is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you routinely log out after using any social media network, and in particular before activating the button, as this prevents the plug-in provider from linking this data to your profile.
Further information on the purpose and scope of the data collection and processing by the plug-in provider can be found in the providers’ privacy policies listed below. These policies also contain further information on your rights in this context and the settings to protect your privacy.
Addresses of the respective plug-in providers and URLs where you can find their privacy policies:
1. Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2. Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.
3. LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4. Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
5. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; policies.google.com/technologies/partner-sites. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(2) Social media sharing plug-ins
Interesting content on the website can be shared directly on the Facebook, LinkedIN, and XING social networks as well as on the WhatsApp instant messaging service. The providers of each of these services use plug-ins to enable this. Clicking on the symbol to share a post on the network establishes a connection to the respective service. This post is then shown in your user account in accordance with your privacy settings for the particular service, for instance only to a specific group of people on the network or to everyone.
The user’s data is normally transmitted from the plug-ins to the social network’s server as soon as you call up the website, regardless of whether or not you click on or tap the plug-in or are even registered as a user on the social network. This allows the providers to track your user behavior and evaluate it for their own marketing purposes (user tracking). To prevent this, we use Shariff, which only allows a connection to be established to the network’s server when you click on the symbol.
Shariff is provided by the computer magazine c’t and heise online in the form of open source software. More information is available on the heise website: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
Art. 6 (1) (f) GDPR forms the legal basis for the use of social media sharing plug-ins.
Detailed information about the plug-ins:
By clicking on the Facebook button, your Facebook profile will show that you like a post. A direct connection will only be established between Facebook and you when you click on the button. A connection is established to the Facebook server, and data such as your computer’s IP address, the website you accessed and the date and time of access is transmitted to Facebook. If you are logged into Facebook, Facebook will assign the data to your Facebook profile and your newsfeed will show that you liked a post.
Facebook is a service provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook Ireland Ltd. is certified under the EU-US Privacy Shield, a treaty that guarantees compliance with the data privacy regulations that apply throughout the EU.
Our website uses functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages that contains LinkedIn functions is called up, a connection is established to LinkedIn servers. LinkedIn then receives the information that you have visited our website under your IP address. If you click on the LinkedIn “recommend” button while you are still logged into your LinkedIn account, LinkedIn can assign your visit to our website to you and your user account. We should point out that we, as operator of this website, do not receive any information about the contents of the transmitted data or the use of such by LinkedIn.
Art. 6 (1) (f) GDPR forms the legal basis for the use of the LinkedIn plug-in. The website operator has a legitimate interest in attaining maximum visibility on social media.
Our website uses functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Each time one of our pages that contains XING functions is called up, a connection is established to XING servers. As far as we know, no personal data is stored at this stage. In particular, no IP addresses are stored or user behavior evaluated.
Art. 6 (1) (f) GDPR forms the legal basis for the use of the XING plug-in. The website operator has a legitimate interest in attaining maximum visibility on social media.
If you call up the website using a mobile device, you can share posts on WhatsApp. By tapping the WhatsApp symbol, you can send a message containing the link to the post to your WhatsApp contacts. The contents of the message and the accessed website will only be transmitted to WhatsApp when you tap the button.