Privacy Policy
With this Privacy Policy, we inform you about the scope of the processing of your personal data (hereinafter referred to as "data") when using our website, web portal and the apps we provide there.
1. Controller for data processing
The controller for data processing in accordance with the provisions of the General Data Protection Regulation (GDPR) is:
Cofinity-X GmbH
Breslauer Platz 4
50668 Cologne
Germany
Web: www.cofinity-x.com
2. Contact details of our data protection officer
Matthias Rosa
RMPrivacy GmbH
Große Langgasse 1A, 55116 Mainz
Web: www.rmprivacy.de
E-Mail: privacy@cofinity-x.com
3. General information on data processing
We process data as part of our business and website operations.
This also includes disclosure by transmission to third parties and, if applicable, to so-called third countries outside the European Union ("EU") and the European Economic Area ("EEA"). Insofar as we transfer data outside the EU or the EEA, we have marked this accordingly below.
4. Data processing
The individual data concerned, processing purposes, legal bases, recipients and, if applicable, transfers to third countries are listed below:
a) Log file when visiting the website:
We log your website visit. In doing so, we process
• Name(s) of our accessed website(s),
• Date and time of retrieval,
• the amount of data transferred,
• the browser type and version,
• the operating system you are using,
• the referrer URL (the previously visited website),
• Your IP address,
• the requesting provider.
The legal basis for data processing is our overriding legitimate interest in the continuous provision and security of our website in accordance with Art. 6 (1) f) GDPR.
The log file is erased after three years unless it is required to prove or clarify specific legal violations that have become known within the retention period.
b) Hosting via Webflow
To provide our online presence, we use the services of web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.
The legal basis for data processing is our overriding legitimate interest in the provision of our website in accordance with Art. 6 (1) f) GDPR.
For our hosting, we use the Webflow service. It is possible that data may also be transferred to Webflow in the USA. Webflow is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
c) Contacting us
If you contact us, we process the following data from you for the purposes of the processing and handling of your request: Name, contact details - if provided by you - and your message.
The legal basis for data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations pursuant to Art. 6 (1) b) GDPR and/or our overriding legitimate interest in processing your request pursuant to Art. 6 (1) f) GDPR.
d) Intercom
We use Intercom, a messaging and communication platform, on our website. The service provider is the American company Intercom, Inc, 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA.
The legal basis for data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations pursuant to Art. 6 (1) b) GDPR and/or our overriding legitimate interest in processing your request pursuant to Art. 6 (1) f) GDPR.
Intercom also processes your data in the USA, among other places. Intercom is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
Intercom also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Through the EU-US Data Privacy Framework and the standard contractual clauses, Intercom undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. The Intercom Data Processing Terms (Data Protection Agreement), which corresponds to the Standard Contractual Clauses, can be found at https://www.intercom.com/de/legal/data-processing-agreement.
e) Microsoft Bookings
You can easily book appointments with our employees yourself via the booking platform MS Bookings. When you make an online appointment booking on our website, we use the Microsoft Bookings service provided by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
When you book an appointment online, we process the personal data contained in the booking form. This includes: Title, name, telephone number, email address and, if applicable, the company and additional notes or messages.
The legal basis for data processing is our overriding legitimate interest in providing a simple appointment booking system in accordance with Art. 6 (1) f) GDPR.
Microsoft Ireland Operations Limited is a subsidiary of the Microsoft Group with headquarters in the USA. Data may therefore be forwarded to Microsoft Online Inc. based in the USA and processed there. Microsoft is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
f) User account
In connection with the opening and use of an account, we process your surname, first name, your company e-mail address and your location. This serves the purpose of identifying you as a user. The recording of your location is necessary as the use of our portal from the territory of the Federative Republic of Brazil is not permitted. We use the Keycloak service to manage your sign-on.
The legal basis for this data processing is our obligation to fulfill the contract and to fulfill our pre-contractual obligations in accordance with Art. 6 (1) b) GDPR.
g) Newsletter
When you subscribe to our newsletter, we store the email address you provide and other information you submit via the form in order to send you our newsletter. The legal basis for the processing of personal data is your consent pursuant to Article 6 (1) a) GDPR, which is declared when you subscribe to our newsletter and which you can revoke at any time. The data will be stored until you unsubscribe from the newsletter.
For our Newsletter we use the services of Hubspot. It is possible that data may also be transferred to Hubspot Inc, 25 First Street, 2nd floor, Cambridge, MA 02141, in the USA. Hubspot is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
h) Contract processing
We process your order data to handle the contractual relationship between you and us.
The legal basis for data processing is the fulfillment of our contractual obligations in accordance with Art. 6 (1) b) GDPR and, in individual cases, the fulfillment of our legal obligations in accordance with Art. 6 (1) c) GDPR.
i) Marketplace
If you submit a subscription request to an app or service provider via our marketplace, we will transmit your name and email address to them to enable them to contact you. The legal basis for data processing is the fulfillment of our contractual obligations in accordance with Art. 6 (1) b) GDPR.
j) Cofinity-X apps on the marketplace
We provide you with apps on our marketplace, for which we are also controller under data protection law. The legal basis for data processing is the fulfillment of our contractual obligations in accordance with Art. 6 (1) b) GDPR.
The information in this Privacy Policy also applies in full when you use this app. Please note that we also offer you offers from third party app or service providers on our marketplace, for which we are not controller under data protection law. In this case, please note the information under i) Marketplace, and observe the supplementary data protection notices of the respective providers.
k) Customer support (ticket system)
We process your data via our ticket system in order to respond to support requests. We process all data that you provide to us via a request, in particular your surname, first name, email address and the content of the request.
Jira (Atlassian)
As part of our customer support, we use the Jira ticket system from Atlassian, Inc. 350 Bush Street, Level 13, San Francisco, California 94104, USA.
However, we only use data centers that are located within the European Union.
If you have entered into a pre-contractual relationship or contractual relationship with us, the legal basis for data processing is the effective performance of the contract pursuant to Art. 6 (1) b) GDPR.
In the context of the use of Atlassian, third country transfers to the USA may occur. In addition, Atlassian is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
l) Use of cookies
We use so-called cookies on our website. Cookies are small text files that are stored on your end device (PC, smartphone, tablet, etc.) and saved by your browser.
Information about the specific cookies we use, their providers and purposes can be found in our consent Banner . There you can give your consent to the respective services as required under Section 25 (1) of the German Data Protection Act (TTDSG), withdraw this consent or subsequently adapt your settings.
Our consent banner
We use a consent banner to document your selection of certain data processing procedures and to fulfill our data protection obligations. When you visit our website, your cookie preferences are consulted via a banner. We then set a cookie in which data on consents given or withdrawn is stored. The data processing is carried out to fulfill our legal obligations in accordance with Art. 6 para. 1 c) GDPR.
Google Analytics, Google Ads and Google Conversion Tracking
In order to analyse the use of our website and to regularly improve our services, we use Google Analytics. We also use Google Ads (formerly Google AdWords) to draw attention to our attractive offers by placing ads on external websites. Furthermore, we measure the conversion of the ads (“conversion tracking”). However, we only get information on the anonymous total number of users who clicked on our ad and were redirected to a page marked with a so-called “conversion tracking tag”. However, we ourselves do not receive any information with which users can be identified.
These services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The legal basis for the use of these tools is Art. 6 (1) a) GDPR. You give your consent for some or all these services via the cookie banner.
Personal data is stored by Google Analytics for a maximum of 14 months.
Google is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA. Insofar as Google also processes your data in a third country without adequate data protection, the standard contractual clauses updated by the European Commission will apply in this respect, which can be accessed at https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/.
Hubspot
We use HubSpot on our website to support our marketing activities. HubSpot is a software company based in the USA, with a branch office located at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
This comprehensive software solution assists us in managing various marketing and customer service processes. These include email marketing for sending newsletters and automated emails, publishing and analyzing social media content, contact management including user segmentation and CRM, and creating landing pages and contact forms. The legal basis for the use of these tools is Art. 6 (1) a) GDPR. You give your consent via the cookie banner.
Hubspot is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA. For potential transfers to other third countries outside the EU and EEA, for which there is no adequacy decision by the EU Commission, standard data protection clauses according to Art. 46 Para. 2 lit. c GDPR are agreed upon. These clauses oblige the recipient of the data in the third country to process the data in accordance with the European level of protection.
Hotjar
In order to optimize the functionality and user-friendliness of our website, we use the web analysis service Hotjar, of Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Silema SLM 1640, Malta, Europe ("Hotjar").
Hotjar works with cookies and other technologies to collect statistical information about the behavior of our users and their end devices. Hotjar processes the following data: User behavior (clicks, mouse movements, scroll heights, etc.), IP address of your device, (collection and storage in an anonymized format), name and email address (if provided), screen size of the device, device type and browser functions and geographical location (country) to determine the preferred language when displaying the website. This data is transmitted to Hotjar's servers. Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or by us to identify individual users or merged with other data about individual users.
The legal basis for data processing is your prior consent in accordance with Art. 6 para. 1 a) GDPR.
You can withdraw your consent at any time with effect for the future by adapting the settings in our cookie settings.
m) External content
We use dynamic content ("content") from third parties to optimize the presentation and offer of our website. When you visit the website, a request is automatically sent to the server of the respective content provider via an interface, during which certain log data (e.g. the user's IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.
We use external content in connection with the following functionalities:
Integration of YouTube videos
We have integrated videos from the "YouTube" portal of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our website. Google does not store any cookies in your browser.
The legal basis for processing is your prior consent in accordance with Art. 6 (1) a) GDPR.
It cannot be ruled out that data will be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google is certified under the EU-US Data Privacy Framework and is therefore subject to the EU adequacy decision for the USA.
5. Duration of data storage
We only store personal data for as long as is necessary for the purposes for which it is processed or if you have withdrawn your consent. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, regardless of the processing purposes.
6. Your rights as a data subject
a) Information
You can request information about all personal data that we have stored about you free of charge at any time.
b) Rectification, erasure, restriction of processing (blocking), objection
If you no longer consent to the storage of your personal data or if it has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under applicable law) upon receipt of a corresponding instruction. The same applies if we are only to process data with restrictions in the future. You have the right to object in particular in cases where your data is required for the performance of a task carried out in the public interest or where the data processing is based on our legitimate interest, as well as profiling based on this. You also have such a right to object in the case of data processing for the purpose of direct marketing.
c) Right to withdraw consent with effect for the future
You can withdraw your consent at any time with effect for the future. Your withdrawal will not affect the lawfulness of the processing up to the time of withdrawal.
d) Data portability
If data processing is based on a contract, pre-contractual negotiations, consent or automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transfer the data to another controller if you wish.
e) Restriction of processing
Data for which we are not able to identify the data subject, e.g. if it has been anonymized for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another enterprise may be possible with regard to this data if you provide us with additional information that allows us to identify you.
f) Exercising your rights as a data subject and right to lodge a complaint
If you have any questions regarding the processing of your personal data, information, rectification, blocking, objection or deletion of data or if you wish to transfer the data to another enterprise, please contact privacy@cofinity-x.com.
You also have the option of complaining to a supervisory authority about your rights as a data subject, in particular in the Member State where you have your habitual residence or place of work or where the alleged infringement took place.
Our local authority is
The State Commissioner for Data Protection and Freedom of Information Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf