Data protection

Privacy notice

I. Name and address of Controller

The Controller within the meaning of the relevant data protection legislation is:

CANCOM SE
Erika-Mann-Str. 69
D-80363 Munich (headquarters)
Tel.: +49 89 540 540
Email: info@cancom.de

together with the affiliated companies listed below:

CANCOM a+d IT Solutions GmbH

CANCOM Financial Services GmbH

CANCOM GmbH

CANCOM ICT Service GmbH

CANCOM ICP

CANCOM Leipzig Hansa Computer

CANCOM on line BVBA

CANCOM on line GmbH

CANCOM physical infrastructure GmbH

CANCOM SCS GmbH.

CANCOM Communications & Collaboration

CANCOM Software Group

CANCOM Managed Services GmbH

– Below they are referred to jointly as “CANCOM”, the “Undertaking” or “We” –

II. Name and address of data protection officer

CANCOM’s data protection officer is:

Markus Ost
Messerschmittstraße 20
89343 Jettingen-Scheppach
Germany
Tel.: +49 8225 996-1379
E-Mail: datenschutz@cancom.de

III. General information on data processing

1. Scope of personal data processing
As a general rule, We only process personal data about our users where We need to do so in order to provide a functioning website, our content and services and where We are permitted to do so by law.

2. Legal basis for the processing of personal data
Where We obtain the consent of the data subject to process personal data, the legal basis for processing is Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR).
Where We process personal data for the performance of a contract to which the data subject is party, the legal basis for processing is Article 6 (1) (b) GDPR. This is also the case where We process data in order to take steps prior to entering into a contract.
Where We process personal data in order to comply with a legal obligation to which We are subject, the legal basis for processing is Article 6 (1) (c) GDPR.
Where We process personal data in order to protect the vital interests of the data subject or another natural person, the legal basis for processing is Article 6 (1) (d) GDPR.
Where We process personal data for the purposes of the legitimate interests pursued by our Undertaking or a third-party and these interests do not override the interests, fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6 (1) (f) GDPR.

3. Data erasure, retention period
DWe block or erase personal data about data subjects as soon as there ceases to be a need to retain it. We may also retain data where provided for by European or national legislators in EU regulations, laws or other rules to which We, the Controller, are subject. We block or erase data when a retention period stipulated in one of the aforementioned regulations, laws or other rules expires, except where We need to retain the data for longer in connection with the conclusion or performance of a contract.

IV. Provision of website and creation of log files

1. Description and scope of data processing
When you view our website, our system automatically collects data and information from the computer system on the computer you are using. During this process We gather the following data:

(1) information about the browser type and version used
(2) the user’s operating system
(3) the user’s internet Service Provider
(4) the user’s IP address
(5) the date and time of access
(6) websites from which the user’s system accessed our website
(7) websites accessed by the user’s system via our website.

The data is also stored in our system’s log files. This data is not stored together with other personal data about the user.

2. Legal basis for data processing
The legal basis for the temporary storage of this data and the log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing
The system needs to store the IP address to deliver the website to the user’s computer. This means We need to retain the user’s IP address for the length of the session.

We store data in log files to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our information technology systems. We do not evaluate the data for marketing purposes as part of this process.

These purposes constitute the legitimate interests in data processing pursued by our Undertaking under Article 6 (1) (f) GDPR.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. When We collect data in order to provide the website, We no longer need it once a particular session has ended.

When we store data in log files, We generally erase it after no more than seven days. In certain circumstances We may retain it for a longer period, in which case users’ IP addresses are erased or masked so that that they can no longer be connected to the retrieving client.

5. Right to object, right of removal
The collection of data to provide the website and the storage of the data in log files is essential to our operation of the website. As a result, the user has no right to object to it.

V. Use of Cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after a page change (technically necessary cookies).

The following data is stored and transmitted in the cookies:

  • language settings
  • Article in a shopping cart
  • Log-in information

In addition, we use cookies on our website that allow an analysis of users’ browsing behavior (technically unnecessary cookies).

In this way, the following data can be transmitted:

  • Entered search terms
  • Frequency of page views
  • Use of website features
  • Anonymized usage data for generating statistics

When you visit our website, you are informed about the use of cookies and your consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f. DSGVO.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. 1 lit. a GDPR.

3. Purpose of data processing
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these it is necessary that the user is recognized by an ID even after a page break. We require cookies for the following applications:

  • Transfer of language settings
  • Remember searchterms
  • shopping cart

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents for the user. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer and the user experience.

4. Retention period, Right to object, right of removal
Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

VI. Newsletter

1. Description and scope of data processing
Users are able to subscribe to our free newsletter. When they sign up, the following data from the sign-up form is sent to us:

  • Title
  • Surname
  • E-Mail-Adress

We also collect the following data during the sign-up process:

(1) the IP address of the computer from which the site is being viewed
(2) the date and time of registration.

On the sign-up form We ask for your consent to process the data. The sign-up form also contains a reference to this privacy notice.

The service providers We use to help provide our services may have access to your data. They are primarily service providers We engage to help provide the newsletter and the software we use to do so (Software-as-a-Service, ASP service). We allow them access to your data only in so far as is necessary to provide their services and for the necessary period. They undertake to use only people who have signed a confidentiality undertaking or are subject to an appropriate statutory duty of confidentiality to provide their services.
The processing of data on behalf of other parties is governed by data processing agreements as stipulated in Article 28 GDPR.

We disclose data to third parties (Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich) in connection with the processing of data for the mailing out of newsletters. This data is used exclusively to mail out the newsletter.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for processing data after he or she has signed up to the newsletter is Article 6 (1) (a) GDPR.

The legal basis for mailing out newsletters following the purchase of goods and services is section 7 (3) of the German Law Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb, UWG].

3. Purpose of data processing
We collect the user’s title, surname and email address so that We can personalise the newsletter.

We collect other personal data during the sign-up process in order to prevent any abuse of the services and the email address used.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. As a result, we store the user’s email address for as long as his or her newsletter subscription remains active.

Other personal data collected during the sign-up process is generally erased after a period of seven days.

5. Right to object, right of removal
Users can cancel their newsletter subscription at any time. Each newsletter contains a specific link for this purpose.

This link also allows you can withdraw your consent for us to store personal data collected during the sign-up process.

VII. Kontaktformular und E-Mail-Kontakt

1. Description and scope of data processing
Our website contains forms for contacting us, registering for events and advertising and forms for feedback and processing support requests. They can be used to contact us electronically. When a user completes one of these forms, the data entered into the form is sent to us and stored.
The data entered is as follows:

  • Title
  • Name
  • E-Mail
  • Telephone number
  • Company
  • Reason for making contact
  • Consent to store data
  • Address (location, post code)

As the message is sent, the following data is also stored:

(1) the user’s IP address
(2) the time and date of registration.

We ask for your consent to process this data during the sending process and provide a reference to this privacy notice with the necessary duties of information.

Alternatively, you can contact us using the email address provided. If you do this, We store the personal data about you sent with the email.

We do not pass the data collected during this process on to third parties. It is used for the stated purpose only.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for data processing is Article 6 (1) (a) GDPR.

The legal basis for processing data provided when an email is sent is Article 6 (1) (f) GDPR. Where email contact leads to the conclusion of a contract, Article 6 (1) (b) GDPR provides another legal basis for processing.

3. Purpose of data processing
We only use personal data collected from contact forms to process the contact request. If you contact us by email, this in itself constitutes our legitimate interest in processing the data.

Other personal data collected during the sending process is used to prevent any misuse of the contact form and ensure the security of our information technology systems.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. This means that we erase personal data entered in a contact form or sent by email once the conversation with the user has finished. The conversation is deemed to have finished when the circumstances indicate that the matter at issue has been resolved.

Other personal data collected during the sending process is erased after a period of no more than seven days.

5. Right to object, right of removal
Users can withdraw their consent for us to process personal data at any time. If a user contacts us by email, he or she can object to the storage of his or her personal data at any time. Where this is the case, however, it is impossible to continue the conversation.

To object to the storage of your personal data, simply send a message to widerspruch@cancom.de

In this case, all the personal data stored when you made contact will be erased.

VIII. Use of Tracking/Pixel Tools

GOOGLE ANALYTICS

1. Description and scope of data processing
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”. Cookies are text files that are stored on your computer and allow us to analyse how you use our website. Information on how you use the website generated by the cookie, including:

  • browser type/version,
  • operating system used,
  • referrer URL (page previously visited),
  • host name of the accessing computer (IP address),
  • time of the server request,

is generally transmitted to a Google server in the USA, where it is stored. Google does not combine the IP address transmitted by your browser via Google Analytics with any other data. In addition to Google Analytics, we have also installed “anonymizeIP” on this website. This masks your IP address so that all data is collected anonymously. If, in exceptional circumstances, the full IP address is sent to a Google server in the USA, it is abbreviated.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for data processing is Article 6 (1) (a) GDPR.

3. Purpose of data processing
On behalf of the provider of this website, Google uses this information to assess how you use our website, to compile reports on website activity and to provide the website provider with other services connected with website and internet use.

4. Retention period
Data sent by us which is linked to cookies, login details (e.g. a user ID) or advertising IDs is erased automatically after 26 months. Data which has reached its storage limit is erased automatically once a month.

5. Right to object, right of removal
You can set your browser software to block the installation of cookies. If you do this, however, you may be unable to use all the functions of our website fully. You can also prevent Google from collecting and processing data generated by cookies relating to your use of the website (including your IP address) by downloading and installing the browser-add-on Opt-out cookies stop your data being collected when you visit a website in the future. Click here to install the opt-out cookie: deactivate Google Analytics

6. Further information
You will find further information on our terms of use and data protection at:

https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de

 

FACEBOOK PIXEL

1. Description and Scope of Data Processing

On its websites, CANCOM uses Facebook Pixel, a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as “Facebook”).

Facebook Pixel enables Facebook to display our Facebook ads only to Facebook users who have visited our website, especially those who have shown interest in our online content or certain topics or products. Facebook Pixel makes it possible to check whether a user was redirected to our website after clicking on our Facebook ads. Facebook Pixel uses cookies, which are small text files that are stored locally in the cache of your web browser on your end device.

If you are logged into Facebook with your user account, your visit to our online offerings is recorded in your user account. The data collected about you is anonymous to us and therefore does not give us any information about the identity of users. However, Facebook may link this data to your Facebook user account. We have no control over the extent and further use of data collected by Facebook through the use of Facebook Pixel. To the best of our knowledge, Facebook receives information that you have visited the relevant part of our website or clicked on an ad from us. If you have a Facebook user account and are registered with Facebook, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, Facebook may collect and store your IP address and other identifiers.

2. Purpose of Data Processing

CANCOM uses Facebook Pixel for marketing and optimization purposes, in particular to place relevant and interesting ads on Facebook and thus improve our content, make it more interesting for you as a user, and avoid annoying ads. This also includes our legitimate interest in the processing of the above data by the third-party provider. The legal basis is article 6, paragraph 1, sentence 1, point (f),of the GDPR.

3. Objection and Possibility of Removal

You may object to the collection of data by Facebook Pixel as described above and to the use of your information to display Facebook ads. You can adjust settings about what types of advertisements you see within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads. Please note that this setting will be deleted if you delete your cookies. In addition, you can deactivate cookies used for measuring reach and advertising purposes via the following websites:

Please note that this setting will also be deleted if you delete your cookies.

Facebook has also signed and certified a privacy shield agreement between the European Union and the United States. This commits Facebook to comply with the standards and regulations of European data protection law. More information can be found at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Third-party information: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

4. More Information

For more information from the third-party provider about privacy, please visit the following Facebook website: https://www.facebook.com/about/privacy. Information about Facebook Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616.

 

FACEBOOK CONVERSION TRACKING

Description and Scope of Data Processing

On our website, CANCOM uses the “conversion pixel” from Facebook. This makes it possible to track the behavior of users after they are redirected to the provider’s website by clicking on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help to optimize future advertising measures.

The data collected does not allow us to draw any conclusions about the identity of the users. However, Facebook stores and processes the information so that it can be linked to the user’s profile and Facebook can use the information for its own promotional purposes in accordance with the Facebook Data Policy.

 

OUTBRAIN

1. Description and Scope of Data Processing

On its website, CANCOM uses Outbrain Conversion Tracking from Outbrain UK Ltd, 5 New Bridge Street, London, EC4V 6JA, United Kingdom. The conversion tracking pixel is set when a user connects with an ad placed by Outbrain. The ads integrated by Outbrain are determined based on the content you have read so far. The content is technically controlled and automatically delivered by Outbrain. Outbrain pixels do not contain any information allowing users to be personally identified. Personal data is not be stored. To select suitable content, the pixel uses information about the device source, browser type, and your IP address, which is completely anonymized by removing the last octet.

2. Legal Basis for Data Processing

The processing is carried out on the basis of article 6, paragraph 1, point (f), of the GDPR out of the legitimate interest in targeting advertising and analyzing the effect and efficiency of this advertising.

3. Objection and Possibility of Removal

For reasons relating to your particular situation, you have the right at any time to object to this processing of your personal data based on article 6, paragraph 1, point (f), of the GDPR. You may opt out of tracking to view interest-based recommendations at any time by clicking the Opt Out button under Outbrain’s Privacy Policy, available at https://www.outbrain.com/de/legal/privacy You can find more information about Outbrain’s privacy policies at https://www.outbrain.com/de/legal/privacy.

 

PLISTA

1. Description and Scope of Data Processing

CANCOM’s websites use plista. This service is offered by plista GmbH, Torstrasse 33–35, 10119 Berlin, Germany (e-mail: info@plista.com, Telephone: +49-30-4737-5370, Fax: +49-30-484-984-411). More information about this provider and the processing of personal data by this company can be found at https://www.plista.com/de and https://www.plista.com/de/about/privacy/.

Based on users’ individual surfing behavior, plista delivers personalized recommendations of editorial content and ads on thousands of websites of its partner network of users. plista compares the reading behavior (e.g. clicks, visits) of different users to find similarities and similar interests among them. You can currently find more information in addition to that provided under paragraph 1 at https://www.plista.com/de/about/opt-out/.

2. Purpose of Data Processing

plista currently collects anonymous usage data. This is anonymous information about website views and clicks of a reader without reference to any person. This data is used by plista for an optimal delivery of recommendations and advertisements according to the interests of the reader. plista can collect information, for example, about your browser choice (e.g. Firefox or Internet Explorer), operating system (e.g. Macintosh or Windows), Internet provider (e.g. Telekom or 1&1), and whether you respond to advertising. In order to provide relevant advertising, the provider may collect information regarding device type, model and version, operating system, user ID, and information that is limited to the browser selected and the applications used. You can currently find more information in addition to that provided under paragraph 1 at https://www.plista.com/de/about/opt-out/.

3. Objection and Possibility of Removal

If you as a user do not wish for your data to be processed by plista in the form described above, please note the following: Simply use the opt-out button. This allows you to delete the plista identification cookie at any time with one click, making you no longer identifiable for plista. Opting out does not prevent any ads or popups on your computer, but only the delivery of adaptive ads from plista. plista widgets, recommendations and ads will thus continue to be displayed on the website. Only targeting, i.e. the matching of recommendations and ads to your personal interests, is no longer provided if you deactivate your cookie by opting out. Please note: in order for plista to recognize you as a user who has decided to opt out, you have to allow cookies to be placed in your browser. Unless you have explicitly deactivated cookies, this is usually already the case. The setting of the opt-out cookie is necessary to prevent plista from again placing its identification cookie the next time a partner accesses the site. If you delete cookies in your browser, you must also repeat the opt-out process. If you are using multiple computers or web browsers, you must opt-out on each one separately. You can currently find more information in addition to that provided under paragraph 1 at https://www.plista.com/de/about/opt-out/.

4. More Information

As an alternative to the opt-out option under paragraph 4, you may also use the preference management system of the EDAA (European Interactive Digital Advertising Alliance) www.youronlinechoices.com. plista is a member of the EDAA and, as part of our membership, complies with the provisions of the IAB Europe EU Framework for Online Behavioral Advertising in the markets to which these self-regulatory provisions apply. In order to receive information about interest-based advertising and the options available to you, and to opt-out of the placement of interest-based third-party advertising by us and other participating EDAA member companies using cookies, please click here: www.youronlinechoices.com.

 

TABOOLA

1. Description and Scope of Data Processing

Taboola, Inc., 1115 Broadway, 7th Floor, New York, NY 10010, USA (“Taboola”). Taboola uses cookies/pixels to determine which content you use and which of our pages you visit. The cookie/pixel enables us to create pseudonymous user profiles by collecting device-related data and log data and to recommend and make available to you, the user, content that matches your personal interests. This allows us to individually tailor our offerings for you. These user profiles do not allow any conclusions to be drawn about your person.

The pseudonymous user profile contains the following data: the user’s operating system, web pages/content accessed on our web pages, referrer/link via which you came to our website, time and number of web page accesses, accesses to error pages, location information (city and state) and IP address in truncated form.

2. Objection and Possibility of Removal

Further information on data processing by Taboola and the option to deactivate the Taboola cookie can be found here (opt-out information can be found under “2.4 Interest-Based Advertising”).

 

MATOMO

1. Description and Scope of Data Processing

This website uses Matomo (formerly Piwik), an open-source software to statistically evaluate visitor access. Matomo uses cookies, which are text files that are placed on your computer and enable an analysis of your use of the website.

The information generated by the cookie about your use of the website will be stored on a Microsoft Azure server in Western Europe.

2. Objection and Possibility of Removal

Your IP address is anonymized immediately after processing and before it is stored. You have the option of preventing the installation of cookies by changing the settings of your browser software. We would like to point out that if you accordingly change the settings, all functions of this website may no longer be available.

You can decide whether a unique web analysis cookie may be stored in your browser in order to enable the website operator to collect and analyze various statistical data.

 

LINKEDIN MATCHED AUDIENCES/REMARKETING

1. Description and Scope of Data Processing

CANCOM uses the LinkedIn Matched Audiences function of the business network of LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland; “LinkedIn”) for advertising purposes. This enables us to show you, as a user of our website, targeted ads in the future on the websites of the LinkedIn network about our website and our offers that are relevant to your interests.

For this purpose, we use cookies/pixels on our websites, which record the fact that you have visited our website. These cookies enable LinkedIn to recognize you as a user of our website within the LinkedIn network.

2. Objection and Possibility of Removal

You may prevent the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

In addition, you may opt out of LinkedIn’s advertising based on your usage patterns at any time by opting out of LinkedIn’s advertising cookie here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

3. More Information

LinkedIn’s Privacy Policy can be found here: https://www.linkedin.com/legal/privacy-policy.

LinkedIn has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transfers to certified US companies. The EU Commission has confirmed the adequacy of the guaranteed data protection level according to the EU-U.S. Privacy Shield Agreement in a decision made July 12, 2016 (Reference C(2016) 4176).

You can read the decision of the EU Commission here: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of LinkedIn’s certification according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0.

4. Legal Basis for Data Processing

The processing of your data takes place on the legal basis of article 6 paragraph 1, point (f) GDPR (balancing of interests) and is in our interest in order to be able to show you advertising about us and our offers based on your interests.

IX. Video Plug-Ins

1. YouTube
Our website also includes videos that we (or third parties) have posted on the platform of the social network and video portal “YouTube.” Plug-ins from the websites youtube.de and youtube.com are used to display the videos. The service YouTube is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. YouTube LLC is an affiliate of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

Cookie selection pop-up appears upon accessing our websites. Only when the users allows all cookies or explicitly loads a video is a connection to YouTube’s servers automatically established and the integrated video displayed on the website by a transmission to your browser.

YouTube uses cookies to tell the YouTube server which pages of our website you have visited and what actions you have taken (e.g. clicking/starting a video or sending a comment). If you are logged into YouTube as a member, YouTube will also assign this information to your personal YouTube user account. According to YouTube, you can prevent this information from being assigned to your user account if you have logged out of YouTube with the YouTube plug-in before accessing the website.

We would like to point out that we are not aware of the content of the transmitted data and its use by YouTube and that we are not responsible for the collection and processing of data by YouTube. Information on the collection and use of data by YouTube can be found in the YouTube’s Privacy Policy at www.youtube.de/t/privacy.

 

2. Vimeo
Our websites integrate plug-ins from the video portal Vimeo provided by Vimeo, LLC (555 West 18th Street, New York, NY 10011, USA).

Cookie selection pop-up upon accessing our websites. Only when the users allows all cookies or explicitly loads a video is a connection to Vimeo’s servers automatically established and the integrated video displayed on the website by a transmission to your browser.

Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the United States. In the process, information about your visit and your IP address is stored there. By interacting with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there.

If you have a Vimeo user account and do not want Vimeo to collect information about you and link it to your Vimeo member information through this website, you must log out of Vimeo before visiting this website.

X. Social Plugins

On our website we offer the chance to use so-called social media buttons. To protect your data we have chosen to use the Shariff plug-in. This means that the buttons simply appear on the website as icons which contain a link to the relevant button provider. Clicking on an icon takes you to the services offered by the relevant provider and it is only at this point that your data is sent to the provider. If choose not to click on the icon, no data will be exchanged between you and the social media button providers. You can find how social networks collect and use your data in the terms of use published by the various providers.
Our website features social media buttons for the following providers:

XING button, XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
You can find XING’s privacy notice at: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn button, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
You can find LinkedIn’s privacy notice at: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Twitter button, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”)
You can find Twitter’s privacy notice at: https://twitter.com/privacy

Youtube button, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Youtube”)
You can find Google’s privacy notice at: http://www.google.com/intl/de/+/policy/+1button.html

Facebook button, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”)
You can find Facebook’s privacy notice at:
http://www.facebook.com/policy.php

Google+ button, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You can find Google’s US data protection notice at: http://www.google.com/intl/de/+/policy/+1button.html

Vimeo button, Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA
You can find Vimeo’s privacy notice at: https://vimeo.com/privacy

Instagram button, Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”)
You can find Instagram’s privacy notice at: https://help.instagram.com/155833707900388/

XI. Data security

We safeguard our website and other systems against the loss, destruction, access, alteration or dissemination of your data by unauthorised persons by technical and organisational measures. In particular, your personal data is transmitted in encrypted form. On our website we use standard SSL (Secure Socket Layer) technology. Unfortunately, however, the transmission of information via the Internet is never completely safe. For this reason, We are unable to guarantee the security of data transmitted to our Website via the Internet.

 

XII. Disclosure of data

We do not pass on your personal data to third parties unless you have given your consent for us to do so or We are permitted or obliged to do so by statutory provisions and/or an administrative or court order. This may include, in particular, the provision of information for the purposes of law enforcement, protection against security threats and the enforcement of intellectual property rights.

 

XIII. Data protection and third-party websites

Our website may contain hyperlinks to and from third-party websites. Please note that if you follow a hyperlink to a third-party website, We cannot accept any liability or responsibility for third-party content or privacy notices. Please check the relevant privacy notices before sending personal data to these websites.

XIV. Rights of data subjects

Whenever your personal data is processed, you are a Data Subject within the meaning of the GDPR. This gives you the following rights in respect of the Controller:

1. Right of access
Under Article 15 GDPR, you have the right to access any personal data about you that We process. In particular, you have the right to obtain information about the purposes of the processing; about the categories of personal data concerned; about the categories of recipients to whom the data has been or will be disclosed; about the planned retention period; about your right to the rectification or erasure of personal data, to the restriction of processing of personal data and to object to such processing; about the source of data where it was not collected by us; about the existence of automated decision-making including profiling; and, where appropriate, to access detailed and meaningful information on these issues.

2. Right to rectification
Under Article 16 GDPR, you have the right to obtain from the Controller the rectification and/or completion of processed personal data about you that is inaccurate or incomplete. The Controller shall carry out such rectification without undue delay.

3. Right to erasure
Under Article 17 GDPR, you have the right to obtain the erasure of your data where its processing is not necessary to the exercise of the right of freedom of expression and information, to compliance with a legal obligation, for reasons of public interest or to the establishment, exercise or defence of legal claims.

4. Right to restriction of processing
Under Article 18 GDPR, you have the right to obtain restriction of the processing of your personal data where you dispute the accuracy of the data, where the processing is unlawful but you refuse the erasure of the data and where We no longer need the data but you need it for the establishment, exercise or defence of legal claims or where you have objected to the processing under Article 21 GDPR.

5. Right to data portability
Under Article 20 GDPR, you have the right to receive any personal data you have provided to us in a structured, common and machine-readable format or transmit it to another Controller.

6. Right to withdraw consent
Under Article 7 Abs. 3 GDPR, you have the right to withdraw the consent you have given us at any time. Once you have withdrawn your consent, We must cease processing based on this consent for the future.
To exercise your right to withdraw consent, send an email to:
widerspruch@cancom.de
In addition, in each newsletter you will find a link that allows you to unsubscribe from further newsletters.

7. Right to object
Where your personal data is being processed on the basis of legitimate interest under Article 6 (1) sentence 1 (f) GDPR, Article 21 GDPR gives you the right to object to this processing on grounds relating to your particular situation or where the objection is against direct marketing.
In the case of direct marketing, you have a general right to object which can be exercised without indicating a particular situation.
To exercise your right to object to processing, send an email to: widerspruch@cancom.de

8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data about you breaches the GDPR.
The supervisory authority with which the complaint has been lodged will inform you about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Address:
Promenade 18
91522 Ansbach, Germany

Mailing address:
P.O. Box 1349
91504 Ansbach, Germany

Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de

XV. Version

This privacy notice was last updated on 01 July 2019. CANCOM reserves the right to update this privacy notice from time to time. (Version: 01 July 2019)