PRIVACY STATEMENT

PRIVACY STATEMENT

Data protection declaration

In the following, we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

1 Responsible for data processing

Responsible according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is INFORM Institut für Operations Research und Management GmbH, Pascalstraße 35, 52076 Aachen, info[at]inform-software.com (see our imprint/legal).

2 Contact option of the data protection officer

You can contact our data protection officer at datenschutz@inform-software.com or at our postal address with the addition "the data protection officer".

3 Your rights

You have the following rights towards us with regard to personal data concerning you:

3.1 General rights

You have a right of access, rectification, cancellation, restriction of processing, objection to processing and data transferability. If processing is based on your consent, you have the right to revoke this consent with effect for the future.

3.2 Rights in data processing according to legitimate interest

Pursuant to Art. 21 para.1 GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para.1 lit. e) GDPR (data processing in the public interest) or Article 6 para.1 lit. f) GDPR (data processing to safeguard a legitimate interest) for reasons arising from your particular situation; this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

3.3 Rights in direct advertising

If we process your personal data for direct advertising purposes, you have the right pursuant to Art. 21 para. 2 GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising, this also applies to profiling insofar as it is associated with such direct advertising.

In the event of your objection to processing for direct advertising purposes, we will no longer process your personal data for these purposes.

3.4 Right of appeal to a supervisory authority

You also have the right to complain to a competent data protection supervisory authority about our processing of your personal data.

4 Collection of personal data when you visit our website

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted in each case, website from which the request comes, browser, operating system, and its interface, language and version of the browser software.

The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

5 Contact via e-mail, contact form or newsletter

5.1 Your contact via e-mail and contact form

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. If we use our contact form to request information that is not required to establish contact, we have always marked it as optional. These details serve us to concretize your inquiry and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para.1 lit.a) GDPR. If this involves information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request. Of course, you can revoke this consent at any time in the future.

Cookies

The contact components (e.g. forms) integrated into our website use so-called “cookies”, which are stored on the user’s computer and enable us to analyze the use of the website. You can read about the specific cookies used by the providers and their purpose and characteristics here: https://docs.microsoft.com/de-de/dynamics365/marketing/cookies.

The setting of cookies and the subsequent processing of your data are carried out subject to the express consent of the user, on the basis of a user-friendly mailing system that serves both, our business interests in direct advertising and in building and maintaining our customer relationship as well as meeting the expectations of users.

General information about the different types of cookies on our website, their scope and how they work can also be found in our Cookie Policy.

E-mail and newsletter sent by INFORM

We send newsletters and automated mailings ("mailings") only with your consent or on the basis of a legal permission. If the contents of the mailings (i.e. the advertised goods and services) are specifically described in the registration, they are decisive for the scope of the consent. Otherwise, our mailings contain information about our products, offers, promotions and/or our company.

Note on legal bases

Mailings are sent on the basis of the recipients' consent pursuant to Art. 6 1 lit. a) GDPR, or, if consent is not required, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in direct advertising, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising, and in building and maintaining our customer relationships.

You can revoke your consent to receive our mailings at any time, in particular by unsubscribing. You will find an unsubscribe link to exercise this right at the end of each e-mail. We delete the data accruing in this context after storage is no longer necessary or restrict processing in case statutory retention obligations exist.

Double-opt-in-process

Insofar as you have not provided us with your contact details in person, registration takes place by means of the so-called double-opt-in process, i.e. after your registration you will receive an e-mail in which you will be asked to confirm your registration in order to prevent misuse of your e-mail address. We log the registration for our mailings in order to be able to prove the process in accordance with legal requirements and, if necessary, to prevent or clarify any misuse of your personal data. The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR in the operation of a user-friendly and secure mailing system and to be able to prove the registration process and the consent given at a later date.

Analysis and performance measurement

Our mailings contain so-called tracking pixels (web bugs), which enable us to recognize whether and when an e-mail was opened and which links in the e-mail were followed by the personalized recipient. This information is used to technically improve our mailings based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The evaluations are also used to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

For individual e-mail campaigns, we also select the recipient group on the basis of data and information determined and qualified by us (such as your expressed interest in individual topics, your address/region, etc.) in order to be able to offer you targeted goods and services that match your interest. You will then only be sent advertising that is potentially relevant and of interest to you.

The evaluation and performance measurement of the mailings as well as the selection of the group of recipients are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly and secure mailing system that serves both our business interests in direct marketing and in establishing and maintaining our customer relationship and also meets the expectations of the users.

5.3 Services used and service providers

In this respect, the provider acts as our processor and processes the data exclusively in accordance with our instructions. Insofar as data is transferred to the USA, so-called Standard Contractual Clauses pursuant to Art. 46 GDPR have been concluded with the provider as appropriate safeguards.

6 Comment function in the blog on the website

We offer users the opportunity to leave individual comments on individual blog posts on blogs that are located on our website. A blog is a portal on a website, usually open to the public, in which one or more people who are called bloggers or web bloggers can post articles or write down thoughts in so-called blog posts. The blog posts can usually be commented by third parties.

If a person leaves a comment in the blog published on this website, not only the comments left by the person concerned, but also information about the time of entering the comment and the user name (pseudonym) chosen by the person concerned will be stored and published. Furthermore, the IP address assigned to the person concerned by the Internet service provider (ISP) is logged. This data is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content by submitting a comment. This personal data is stored in accordance with Art. 6 para. 1 lit. f) GDPR, so that the latter could exculpate itself in the event of a violation of the law. The personal data collected will not be disclosed to third parties, unless such disclosure is required by law or serves the legal defense of the data controller.

7 Participation in lotteries

When you participate in sweepstakes, we collect the data necessary to conduct the sweepstake. These are usually an individual competition entry (e.g. a comment or a photo), as well as name and contact details. We may pass on your data to our lottery partners, e.g. to send you the prize. The processing and transfer of data may vary depending on the lottery and is therefore described in detail in the respective conditions of participation. Participation in the lottery and the related data collection is of course voluntary. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Your data will be deleted after the end of the lottery.

8 Applications

You can apply online to our company via our application portal. Your online application will be forwarded directly to the HR department via an encrypted connection and will of course be treated confidentially. We will of course use your details exclusively for processing your application and will not pass them on to third parties. Click here for more information on how your personal data is processed during the application process.

9 Registration for participation in events

If you register online for an event organised by us, we process personal data required for the organisation and planning of the event (e.g., company name, first name, surname, e-mail address, etc.). Further information may be available in the form of preferred hotels, arrival day, and departure day, should you wish to obtain overnight accommodation through our pre-booked partner hotels. For this purpose, information about the type of journey is also required in order to provide parking spaces if necessary. Your personal data will be transmitted to the hotels selected by you. We will delete your personal data after the event has taken place. Your personal data will be processed for the fulfilment of the contract. The legal basis for this is Art. 6 para. 1 lit. b) GDPR.

10 Registration on the customer portal or the e-learning platform

If you register and log in to one of our customer portals, we process personal data that is required for user and session administration as well as for the provision of the services and offers (your e-mail address, name, telephone number, employer, if applicable). The legal basis for this is Art. 6 para. 1 lit. b) GDPR.

Insofar as we request input during registration that is not required for registration and user administration, we have always marked this as optional. This information is used to specify and improve the offers made to you and the user experience. A communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para.1 lit. a GDPR. Insofar as this involves information about communication channels (for example, e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to answer your concerns or to transmit offers. You can, of course, revoke this consent at any time for the future.

We will delete the data accruing in this context after storage is no longer necessary, or restrict processing if there are legal obligations to retain data.

11 Participation in online trainings

When you participate in our online training courses, we process personal data that is required for the implementation and processing of the online training courses (name, address, contact details, user name, account information, training status). If a chat is set up as part of the online training, you have the opportunity to exchange information with the trainer and other participants and to post questions and contributions. The questions and contributions posted in the chat are visible to all participants and can be commented on. The legal basis for this is Art. 6 para. 1 lit. b) GDPR.

Questions and contributions are stored with details of the time and user name and published as part of the online training. In addition, the IP address assigned by the Internet service provider (ISP) of the data subject will also be logged. This data is stored for security reasons and in the event that the data subject infringes the rights of third parties or posts unlawful content through a contribution entered. The storage of this personal data takes place in accordance with Art. 6 para. 1 lit. f) GDPR, so that the latter could exculpate itself in the event of an infringement, if necessary. There is no disclosure of this collected personal data to third parties, unless such disclosure is required by law or serves the legal defense and prosecution of the controller.

12 Whistleblowing System

Purpose
We provide an internal whistleblowing system to receive, process and manage information about potential misconduct, violations of the law and other misconduct within the company in a secure and confidential manner.

Whistleblower
Our internal whistleblowing system is available to employees and former employees of our company and third parties (e.g. customers, business partners, suppliers, employees of affiliated companies).

Type of Reports
In the case of an anonymous report, our whistleblowing system does not collect and process any personal data of the whistleblower.
In the case of a confidential report, only the external operator of our whistleblowing system Compliance.One has the contact details of the whistleblower, but these are not disclosed to us. In the case of a confidential report, we have the option of communicating directly with the whistleblower, e.g., to confirm receipt of the report, to ask questions about the facts, and to inform the whistleblower about the measures taken. However, we do not receive any information about the identity of the whistleblower. The external operator of our whistleblowing system Compliance.One acts as an "anonymization layer" between us and the whistleblowers.
In the case of a transparent report, the contact person responsible for handling reports in our company is given access to the data on the identity of the whistleblower and can communicate directly with the whistleblower. In accordance with the EU Whistleblower Directive, we are obliged to maintain the confidentiality of the identity of the whistleblower, i.e. only the employee(s) who handle the respective report know the identity of the whistleblower, no one else in the company.

Personal Data Processed
When a report is provided via the whistleblowing system, the following personal data is processed by us:

  • Name and contact details of the whistleblower, if provided in the case of a transparent report; in the case of a confidential report, the external operator of our whistleblowing system Compliance.One will not disclose the whistleblower's personal data to us; in the case of an anonymous report, no personal data of the whistleblower will be processed at all
  • The IP address of the whistleblower is not stored for processing a message within the application. To ensure the availability, confidentiality and integrity of the server and the applications and interfaces connected to the server, accesses to the server are logged in order to be able to detect and deal with potential security breaches. Accesses that cannot be associated with any security breach are deleted after one calendar month at the latest due to maintenance intervals.
  • Company affiliation or function are processed if provided in a report
  • Personal data of persons named in a report are processed for the investigation or treatment of a report

Communication between the computer of the whistleblower and the whistleblowing system takes place via an encrypted connection (SSL). To maintain the connection between the computer and the whistleblowing system, a cookie is stored on the computer that only contains the session ID (so-called zero cookie). The cookie is only valid until the end of the respective session and is deleted when the browser is closed.

Confidential Treatment of Reports and Disclosure
Incoming reports are received and processed by a small number of authorized employees. These employees are expressly obliged to treat all reports confidentially at all times. These responsible employees examine the report and, if necessary, carry out further case-related investigations of the facts.
As part of the investigations of the facts and, if necessary, the subsequent initiation of measures, it may be necessary to pass on information to other employees of the company. This is done exclusively within the scope of what is necessary for the investigations or initiation of measures, and we always ensure that the relevant data protection provisions are complied with when passing on information.
In certain cases, there is an obligation under data protection law to inform the accused person of the allegations made against him or her. This is required by law if it is objectively determined that providing information to the accused person cannot (any longer) impair the specific investigation of the report. In this context, the identity of the whistleblower is not disclosed, insofar as this is legally possible, and it is ensured that no conclusions can be drawn about the identity of the whistleblower.
When knowingly providing false reports with the aim of discrediting a person (denunciation), the confidentiality of the whistleblower's identity cannot be guaranteed.
In the event of a legal obligation or data protection law requirement for the investigation of reports, further categories of possible recipients are law enforcement authorities, antitrust authorities, other administrative authorities, courts, and law firms and auditing firms commissioned by us.

Setting Up an Account
Whistleblowers set up an account for their report. The account can be accessed via a QR code and/or an individual link. The account can be used for communication between the employees entrusted with handling the report and the whistleblower. No additional personal data is collected when creating and using the account. The use of the whistleblowing system can be tracked anonymously, but no conclusions can be drawn about individual users.
Individual reports are uniquely identified by an identification number. The identification number is in no way used to identify the whistleblower, but merely to logically separate different reports and whistleblowers from one another.
The personal data entered in the whistleblowing system can be viewed by the whistleblower in the account at any time. The whistleblowing system does not store any personal data other than the personal data specified in the account.
All data entered by the whistleblower is stored individually encrypted in a database.

Legal Basis
The processing of personal data within the whistleblowing system is based on the fulfillment of legal obligations and our overriding legitimate interest in the detection and prevention of wrongdoing and the associated prevention of damage and liability risks for the company. Accordingly, the legal basis is Art. 6 para. 1 lit. c) GDPR in conjunction with § 10 HinSchG and Art. 6 para. 1 lit. f) GDPR.  A further legal basis may be consent pursuant to Art. 6 par. 1 lit. a) GDPR.If a report relates to one of our employees, the processing also serves to prevent and detect criminal offenses or other legal violations that are related to the employment relationship. In these cases, processing is additionally based on § 26 para. 1 BDSG.

Retention and Deletion
Personal data will be retained for as long as is necessary for the internal investigations and the final assessment of a report, or if there is a legitimate interest on the part of the company, or if this is required by law.
Afterwards, the data is deleted in accordance with the legal requirements. The duration of storage depends in particular on the severity of the suspicion and the reported possible breach of duty.
The data collected is generally deleted within two months of the conclusion of the internal investigation.
If criminal, disciplinary or civil court proceedings are initiated as a result of misconduct within the meaning of this Policy or misuse of the whistleblowing system, the storage period may be extended until the respective proceedings have been finally concluded.
Personal data that is obviously not relevant for the processing of a specific report will not be collected or will be deleted immediately if it was collected unintentionally.

Service Provider
Our whistleblowing system is provided by the service provider Compliance.One GmbH, Ledererstraße 19, 80331 Munich on the basis of a data processing agreement pursuant to Art. 28 GDPR.

13 Use of cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

This website uses the following types of cookies, the scope and functionality of which are explained below:

13.1 Transient cookies

These cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

13.2 Persistent Cookies

These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

13.3 Flash Cookies

The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.

13.4 Prevention of cookies

You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. Please note that you may not be able to use all functions of this website.

13.5 Legal bases and storage period

The legal bases for possible processing of personal data and their storage duration vary and are described in the following sections.

14 Website analysis

For the purpose of analyzing and optimizing our websites we use various services, which are described below. For example, we can analyze how many users visit our site, which information is most in demand or how users find the offer. Among other things, we collect data about the website from which a person has accessed a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This helps us to design and improve our offers in a user-friendly way. The data collected is not used to personally identify individual users. Anonymous or at most pseudonymous data is collected. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

14.1 Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The use includes the Universal Analytics mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is § 15 para. 3 TMG and Art. 6 para. 1 f DSGVO. The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 50 months. Data whose retention period has been reached is automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=en

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the https://tools.google.com/dlpage/gaoptout?hl=en. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie is set: Disable data collection by Google Analytics for this website

14.2 wiredminds

We use products of wiredminds GmbH (www.wiredminds.de) for marketing and optimization purposes. These products collect and process your personal data and use it to create usage profiles under a pseudonym. These usage profiles are fully anonymized where possible and appropriate. We and wiredminds employ cookies and/or Web beacons (also known as tracking pixels) on this website. We transfer the data we collect about you, which may also include personal data, to wiredminds or wiredminds gathers this data directly. wiredminds is entitled to use information that you leave behind by visiting our Web sites to create anonymized usage profiles. The data collected shall not be used to personally identify visitors to this website without the express permission of the party affected and shall not be merged with personal data about the bearer of the pseudonym. Any IP addresses recorded are anonymized immediately by deleting the last number block. Permission to collect and store data in the future may be revoked at any time.

Exclude from tracking.

15 Surveys with SurveyMonkey

We occasionally use the services of SurveyMonkey (SurveyMonkey Europe UC, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) to conduct surveys. SurveyMonkey is a web service for creating and evaluating online surveys. Participation is on a voluntary basis. We have taken technical and organizational measures to ensure the anonymity of the survey, e.g. we use the SurveyMonkey option of activating "Anonymous Responses".

We generally conduct surveys without collecting personally identifiable information such as names and addresses. However, SurveyMonkey collects data such as IP address or server log files to ensure the survey tool functions properly. We have no control over this. You can find details about the data collected by Survey Monkey in their privacy policy (Privacy Notice | SurveyMonkey).

If we obtain consent for certain surveys, the legal basis is your consent pursuant to Art. 6 (1) a of the DSGVO. Otherwise, we process personal data of participants on the basis of our legitimate interests in conducting an objective survey for the further development of our software products and services. The legal basis is then Art. 6 para. 1 lit. f DSGVO.

The data is not transmitted to third parties. SurveyMonkey Europe UC is a subsidiary of SurveyMonkey Inc. based in the USA. Insofar as data is transferred to the USA, so-called standard contractual clauses pursuant to Art. 46 DSGVO have been concluded with SurveyMonkey as suitable guarantees. In addition, an order processing agreement has been concluded with SurveyMonkey. This and further data protection information from SurveyMonkey can be found at https://www.surveymonkey.com/mp/policy/privacy-policy/.

16 Google Maps

This website uses Google Maps API to display geographical information visually. When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors. You can find more information about Google's data processing in the Google Privacy Policy. There you can also change your personal data protection settings in the Data Protection Center.

Detailed instructions for managing your own data in connection with Google products can be found here.

The legal basis for the use of this service is Art. 6 para. 1 f DSGVO.

17 Google reCAPTCHA

In order to ensure sufficient data security during the transmission of forms, we use the reCAPTCHA service of Google Inc. in certain cases, primarily to distinguish whether the input is made by a natural person or abusively through mechanical and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For more information about Google Inc.'s privacy policy, please visit http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/

The legal basis for the use of this service is Art. 6 para. 1 f DSGVO.

18 YouTube

We use YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

On some of our websites we use plugins from YouTube. When you access the websites on our website that are provided with such a plugin - for example our media library - a connection to the YouTube servers is established and the plugin is displayed. This transmits to the YouTube server which of our Internet pages you have visited. If you are logged in as a YouTube member, YouTube assigns this information to your personal user account. When using the plugin, e.g. clicking the start button of a video, this information is also assigned to your user account.

You can prevent this assignment by logging out of your YouTube account and other user accounts of YouTube LLC and Google Inc. and deleting the corresponding cookies of the companies before using our website.

Further information on data processing and privacy protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.

19 Vimeo

For the integration of videos we use the provider Vimeo. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011.

On some of our websites we use plugins from the provider Vimeo. When you access the websites of our website provided with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. This will transmit to the Vimeo server which of our web pages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the plugin, e.g. clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo account and deleting the corresponding Vimeo cookies before using our website.

For more information on Vimeo's data processing and privacy policy, please visit https://vimeo.com/privacy.

The legal basis for the use of this service is Art. 6 para. 1 lit. f) GDPR.

20 Online scheduling

 We use online scheduling tools on our website. When you make an appointment with us online, the data you enter for this purpose is stored on the servers of the respective provider.  These are in particular name and e-mail address, further details are not required and are voluntary or optional. In addition, other data necessary for the provision of the service (e.g. IP-address) is processed. In this respect, the providers act as our processors and process the data only in accordance with our instructions. If data is transferred to the U.S. and the provider is certified under the Privacy Framework, the data is transferred on the basis of this adequacy finding. In addition, so-called Standard Contractual Clauses pursuant to Art. 46 GDPR have been concluded with the providers as appropriate safeguards.

In addition, the respective providers may process data for their own purposes. The privacy policy of the respective provider applies to the processing of data by the respective provider.

We use the following tools:

  • meetergo: The provider is meetergo GmbH, Hansaring 61, 50670 Cologne. For more information about this provider’s data protection click here: Datenschutz | meetergo - Conversion Platform
  • Microsoft Bookings: Bookings is part of Microsoft 365 of Microsoft Ireland Operations Limited One Microsoft place, South County Business Park, Leopardstown, Dublin 18, Ireland. For more information about this provider click here: Datenschutzerklärung von Microsoft – Microsoft-Datenschutz.
  • The use of online scheduling tools is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in making it as uncomplicated as possible to make appointments. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a) GDPR; the consent can be revoked at any time

21 Advertising

We use cookies for marketing purposes, in order to address our users with interest-fair advertisement. In addition, we use cookies to limit the likelihood of an advertisement being played and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 para. 1 a and f DSGVO. Direct marketing has a legitimate interest in the purposes pursued by data processing. You have the right to object at any time to the processing of your data for the purpose of such advertising. In the following, we provide you with opt-out options for the respective services. Alternatively, you can prevent cookies from being set in your browser settings.

21.1 Google AdWords

In order to draw attention to our services, we place Google Adwords ads and use Google Conversion Tracking for the purpose of personalized, interest- and location-related online advertising. The option to anonymize IP addresses is controlled by the Google Tag Manager via an internal setting that is not visible in the source of this page. This internal setting is set so that the anonymization of the IP addresses required by the Federal Data Protection Act is achieved.

Ads appear after searches on Google Network web pages. We have the possibility to combine our ads with certain search terms. Cookies enable us to serve ads based on a user's previous visits to our website.

When you click on an ad, Google sets a cookie on your computer. Further information on the cookie technology used can also be found in Google's notes on website statistics and in the data protection regulations.

With the help of this technology, Google and we as customers receive information that a user has clicked on an ad and has been redirected to our websites. The information obtained in this way is used exclusively for statistical evaluation for ad optimization. We do not receive any information that personally identifies visitors. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were forwarded to a page of our website with a conversion tag. On the basis of these statistics we can trace the search terms for which our advertisement was clicked particularly often and which advertisements lead to contact by the user via the contact form.

If you do not wish to do so, you can prevent the storage of the cookies required for these technologies, for example via the settings of your browser. In this case, your visit is not included in the user statistics.

You can also use the ad settings to select Google ad types or disable interest-based ads on Google. Alternatively, you can disable the use of cookies by third parties by using the Network Advertising Initiative's disabling tool.

However, we and Google continue to receive statistical information on how many users visited this page and when. If you do not want to be included in these statistics either, you can prevent this by using additional programs for your browser (for example, the Ghostery add-on).

21.2 Meta Pixel

We use the Meta Pixel service of Meta Platform Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5 Ireland:

This tool allows us to track users' actions after they have redirected to a provider's website after they clicked on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The collected data remains anonymous. This means that we cannot see the personal data of an individual user. However, the information collected is stored and processed by Meta. We will inform you according to our information. Meta is able to link the data to your Facebook account and use the data for its own promotional purposes, in accordance with Meta’s privacy policy at: https://www.facebook.com/about/privacy/.

Meta Pixel enables Meta to show you ads on and off Facebook and other Meta products. If you give your consent, a cookie will be stored on your computer for these purposes.

You can revoke your consent here, for example: https://www.facebook.com/ads/settings.

21.3 LinkedIn Conversion Tracking

On our website we use the analysis and conversion tracking technology of the LinkedIn platform. With the aforementioned LinkedIn technology, you can see more relevant advertising based on your interests.

Conversion cookies are stored on the basis of Art. 6 para. 1 lit. f) GDPR.

LinkedIn also provides us with aggregated and anonymous reports of ad activity and information about how you interact with our website. Further information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy#choices-oblig.

You can object to the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations ("Opt-Out"); click on the field "Reject on LinkedIn" (for LinkedIn members) or "Reject" (for other users) under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

22 Social Media

Within our website, we link to our social media pages on social networks such as YouTube, Xing, LinkedIn, Facebook, X (formerly Twitter), Instagram and TikTok.

When you click on the appropriate icon, your user information will be transmitted to that provider. If you are logged in to that provider’s social network with your user account, and if that provider’s cookies are stored on your device, your visit to our website will be associated with your personal user account.

We are represented on the following social networks and process personal data in this context in order to publish information about us and to communicate with active users of the social media platforms:

Unless expressly stated otherwise, we process your data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR in order to present our company and the offers you have requested on your preferred channels and to be able to respond quickly to your messages and inquiries. We also have a legitimate interest in analyzing the reach and use of social media pages in order to achieve appropriate design and continuous improvement. If you wish to enter into a contractual relationship with INFORM with your request, the legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. 
If we intend to process your personal data for purposes other than those mentioned above, we will inform you before processing.
In particular, we process the following types of personal information through our social networks:

  • User names on the applicable platform, as well as your comments and messages posted by you on our applicable social media page;
  • Your activity on our social media via the respective platform operator, e.g. (generally anonymized or aggregated) analysis of visits to the social media page, interactions, visits and average duration of video views, geodata (origin of visitors) and statistics on our visitors’ relationships;
  • Other information necessary to respond to your requests or to uniquely identify you in our systems, if necessary.

If you visit one of our social media pages, the platform providers may also process additional information about you and create user profiles in order to display interest-based advertising.

In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media platform, but we would like to point out that these rights can be asserted most effectively against the respective provider. Only the provider has access to the user’s data and can take appropriate measures and provide information directly.

The data collected directly by us through the social media page will be deleted from our systems as soon as the purpose for which it was stored no longer applies, you lawfully request its deletion or you revoke your consent to its storage. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no control over the length of time your data is stored by the social media platform operators for their own purposes.

23 Data transmission

A transfer of your data to third parties does not take place, unless we are legally obliged to do so, or the transfer of data is necessary for the execution of the contractual relationship, or you have previously expressly consented to the transfer of your data.

External service providers and partner companies such as online payment providers or the shipping company commissioned with the delivery will only receive your data if this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the required minimum. As far as our service providers come into contact with your personal data, we ensure within the scope of the order processing according to Art. 28 DSGVO that these comply with the regulations of the data protection laws in the same way. Please also note the respective data protection information of the providers. The respective service provider is responsible for the content of external services, whereby we check the compliance of the services with the legal requirements within the scope of reasonableness.

It is important to us to process your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection is established at the recipient prior to the transfer of your personal data. This means that a data protection level comparable to the standards within the EU is achieved via EU standard contracts or an adequacy decision.

24 Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

 

(Status August 2024)