3. Personal data
Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to reveal any personal data to visit our website. In some cases we require your name and address as well as other information in order to provide you with requested services.
The same applies in case we supply you with requested information material or when we reply to your inquiry. In these cases we are always going to point this out to you. In addition, we only store data you transfered to us automatically or voluntarily.
When you use one of our services, we generally only gather data necessary to provide you our service. Potentially we will ask you for further information on a voluntary basis. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial goals.
5. Automatically saved data
When you visit our website, our web server saves the IP address assigned to you by your internet service provider, the website you have visited us from, the pages you have visited on our site as well as the date and duration of you visit, by default. This information is mandatory for the technical transfer of the web pages and for a safe operation of the server. A personalized analysis of this data does not occur.
6. Server log files
The provider of the website collects information and automatically saves it in so-called server log files, which your browser transmits to us automatically. This includes
- Date and time of the request
- Name of the requested file
- Page, from which the file was requested
- Access status (file transfered, file not found, etc.)
- Browser and operating system used
- Complete IP address of the requesting computer
- Transfered data volume
This data is not merged with other data sources. The processing takes place in accordance with Art. 6 (1) f GDPR, based on our legitimate interest in the improvement of the stability and functionality of our website.
For reasons of technical security, especially to defend against attempts to hack into our web server, this data is stored by us for a short time. It is not possible for us to identify individual people on the basis of this data. After no more than seven days, the data is anonymized by shortening the IP address at a domain level so that it is no longer possible to establish a connection to an individual user. In an anonymized form, the data is also processed for statistical purposes; it is not compared with other data sets or passed on to third parties, even in part.
Only the IP address is stored here – no other personal information. This information that is stored in the cookies allows us to automatically recognize you on your next visit to our website, which makes it easier for you to use our website.
Cybot relies on the following subcontractors:
- Microsoft Ireland Operations Ltd, Dublin, Ireland (main contractor for the operation of the main infrastructure)
- E-conomic International A/S, Copenhagen, Denmark (accounting for Cybot A/S)
- Fujitsu A / S, Ballerup, Denmark (hosting of the accounting system of E-conomic International A/S)
No data is forwarded to other third parties.
You can find additional information on data privacy at Cybot here: https://www.cookiebot.com/en/privacy-policy/
We use the service "Cloudflare". The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").
We have signed a Data Protection Addendum with Cloudflare.
We base the use of Cloudflare on our legitimate interest in providing our website error-free and secure (Art. 6 (1) f GDPR).
You may find further information on the subject security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.
7.5 Matomo Analytics
On our website we use a so-called on-premise installation of the web analytics software Matomo Analytics ("Matomo") (matomo.org), a software by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo generates a visitor ID based on your operating system, browser, browser plugins, browser language and IP address in order to differentiate between simultaneously occuring sessions. Sessions older than 30 minutes are not used for comparison. Recognition at a later date does not occur.
When viewing pages on our website the following data is stored:
- IP address of the user, shortened by the last two bytes (anonymized)
- pages viewed and time of the view
- the website the user came from when visiting our website (referrer)
- browser name, browser plugins, operating system and display resolution of the user
- time on website
- pages that were opened from other pages on our website.
The data collected by Matomo is stored on our own servers. Transfer of data to third parties does not occur. We use the data to anaylize the browsing behavior of our users and gather information about the use of particular components of our website. This enables us to continuously improve the usability of our website. Our legitimate interests according to Art. 6 (1) f GDPR are based on these purposes. By anonymizing the IP address we provide for our users' interest in the protection of their personal data. At no time the data is used to identifiy the users of our website personally or merged with other data. The data is deleted as soon as it is no longer required for our purposes.
You can enter an objection at any time: At the end of this section you find an option to opt out. For this purpose remove the check mark in front of "You are not opted out. Uncheck this box to opt-out." This results in Matomo not registering your visits any longer. Your decision is stored in a cookie with an expiration time of two years. After this expiration time your visits are going to be registered again. Keep in mind that this cookie will be deleted, if you delete all cookies in your browser.
As an additional service we offer our newsletter. We use the United States-based provider The Rocket Science Group LLC d/b/a Mailchimp ("Mailchimp") for the distribution of our newsletter.
The data collected during registration is transfered to and stored by Mailchimp within the framework of an agreement for comissioned data processing. Mailchimp uses these sub-processors for their services. Data entered during registration is not transfered to other third parties. Mailchimp offers various possibilities for analysis about how the sent newsletters are opened and used, e.g. how many users the e-mail was sent to, whether e-mails were rejected or users have unsubscribed from the list.
You may find further information about privacy protection on Mailchimp's site: https://www.intuit.com/privacy/statement/
You may withdraw your consent to the storage of your data and their use for the newsletter at any time. You may send your revocation via e-mail to [email protected] or rather via clicking the link contained in every newsletter at any time.
7.7 YouTube in advanced data protection mode
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and the service providers who work for us are committed to the valid data protection laws.
Whenever we collect and process personal data, this is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy policies are constantly being revised. Please ensure that you have the latest version.
9. Data subject rights
At any time, you have a right of access and a right to rectification, to erasure or to restriction of the processing regarding your saved data, as well as a right to object to the processing, a right to data portability and a right to lodge a complaint, in accordance with the conditions of data protection law.
9.3 Right to erasure
You may demand that we delete your data if we are processing it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons opposing an immediate erasure, e.g. in the event of statutory storage obligations.
Independently of you exercising your right to erasure, we will delete your data immediately and in full if there is no contractual or statutory storage obligation that contradicts this.
9.4 Right to restriction of processing
You may demand from us a restriction of the processing of your data if
- you are disputing the accuracy of the data, for a period which allows us to verify the accuracy of the data;
- the processing of the data is unlawful and you refuse a deletion, instead demanding a restriction of the use of the data;
- we no longer require the data for the intended purpose, but you still require this data for the assertion or defence of legal claims, or
- you have objected to the processing of the data.
9.5 Right to data portability
You may demand that we make your data, which you provided to us, available to you in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that
- we process this data on the basis of revocable consent granted by you or for the performance of a contract between us, and
- this processing is carried out by automated means.
Where technically feasible, you may demand that your data be transmitted directly from us to another controller.
9.6 Right to object
If we are processing your data on the basis of a legitimate interest, you may object to this processing at any time; this would also apply to profiling based on these provisions. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. You can object to the processing of your data for direct marketing at any time without providing reasons.
9.7 Right to lodge a complaint
If you believe that we are infringing German or European data protection law in the processing of your data, please get in touch with us to resolve matters. You also, of course, have the right to contact the competent supervisory authority, the relevant state office for data protection supervision.
If you want to assert one of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.