Data protection declaration

The controller within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

 

DEPRAG SCHULZ GMBH u. CO. KG
Carl-Schulz-Platz 1 | 92224 Amberg
Tel: +49 9621 371-0
Fax +49 9621 371-120

E-mail: info@deprag.de

Managing Director:
Dr. Erik Hallmann / Dr.-Ing. Rolf Pfeiffer

 

Your rights as a data subject

You can exercise the following rights at any time using the contact details provided for our data protection officer:

  • Information about your data stored by us and its processing,
  • Correction of incorrect personal data,
  • deletion of your data stored by us,
  • Restriction of data processing if we are not yet permitted to delete your data due to legal obligations,
  • objection to the processing of your data by us and
  • data portability if you have consented to data processing or have concluded a contract with us.

 

If you have given us your consent, you can revoke it at any time with effect for the future.

 

You can contact the supervisory authority responsible for you at any time with a complaint. Your competent supervisory authority depends on the federal state of your place of residence, your work or the alleged infringement. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_node.html

 

Purposes of data processing by the controller and third parties

We only process your personal data for the purposes stated in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those stated. We only pass on your personal data to third parties if

  • You have given your express consent to this,
  • the processing is necessary for the performance of a contract with you
  • the processing is necessary for compliance with a legal obligation
  • the processing is necessary to safeguard legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in your data not being passed on.

 

Deletion or blocking of data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the various storage periods stipulated by law. Once the respective purpose no longer applies or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

 

1. collection of general information when you visit our website

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the website content you have requested and is mandatory when using the Internet. It is processed for the following purposes in particular:

  • Ensuring a smooth connection to the website,
  • Ensuring the smooth use of our website,
  • evaluating system security and stability and
  • for other administrative purposes.

The processing of your personal data is based on our legitimate interest in the aforementioned purposes for data collection. We do not use your data to draw conclusions about your person. Recipients of the data are only the controller and, if applicable, processors.

Anonymous information of this kind may be statistically evaluated by us in order to optimize our website and the technology behind it.

 

2. Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred from a website server to your hard disk. This automatically provides us with certain data such as IP address, browser used, operating system and your connection to the Internet.

Cookies cannot be used to launch programs or transfer viruses to a computer. Using the information contained in cookies, we can make navigation easier for you and enable our web pages to be displayed correctly.

Under no circumstances will the data we collect be passed on to third parties or a link with personal data be established without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

 

3. SSL encryption

To protect the safety of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

 

4. Newsletter

On the basis of your express consent, we will regularly send you our newsletter or comparable information by e-mail to the e-mail address you have provided.

To receive the newsletter, it is sufficient to provide your e-mail address. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed by e-mail about circumstances that are relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).

We require a valid e-mail address for effective registration. We use the "double opt-in" procedure to verify that a registration is actually made by the owner of an email address. For this purpose, we log the newsletter order, the sending of a confirmation email and the input of the requested response. No further data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.

You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. There is a corresponding link in every newsletter. You can also unsubscribe directly on this website at any time or inform us of your wish to do so using the contact option provided at the end of this privacy policy.

 

5. Contact form

If you contact us with questions of any kind by e-mail or contact form, you give us your voluntary consent for the purpose of contacting you. This requires you to provide a valid e-mail address, your first name and surname and your zip code. This is used to assign the request and subsequently answer it. The provision of further data is optional. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. Personal data will be automatically deleted after your request has been processed.

 

6. Use of Matomo

This website uses the open source web analysis service Matomo. With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also collect various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

 

IP anonymization

We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.

 

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

 

7. Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our powers.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to US providers that are certified under the Privacy Shield, we would like to point out that they thereby undertake to comply with the data protection standards of the EU.

Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from the usage behavior and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information from the providers.

In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

 

Facebook

The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452

 

X (formerly Twitter)

The provider is the parent company X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the data processing of persons living outside the USA.

You can adjust your X privacy settings yourself in your user account. To do this, click on the following link and log in: https://x.com/settings/account/personalization

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://gdpr.x.com/en/controller-to-controller-transfers.html

Details can be found in the privacy policy of X (formerly Twitter): https://x.com/de/privacy

 

Instagram

The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Details on how they handle your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452

 

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to deactivate LinkedIn advertising cookies, please use the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs

Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448

 

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

 

8. Analysis tools

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

Google Tag Manager is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent is requested by our cookie manager and can be revoked at any time.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

LinkedIn Insight tag

We use the conversion tracking tool LinkedIn Insight Tag on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible for data protection aspects in the European Economic Area (EEA), the EU and Switzerland.

By embedding the tracking tool, data can be sent to LinkedIn, stored and processed there. In this privacy policy, we want to inform you what data is involved, how the network uses this data and how you can manage or prevent data storage.

When you click on a LinkedIn ad, a cookie may be stored on your computer or mobile device. LinkedIn processes data using cookies and server-side functions. When an action is completed on our website, LinkedIn recognizes the cookie as a conversion. While you are browsing our site, we and LinkedIn recognize that you have reached us via the LinkedIn ad. The cookie is read and the conversion data is sent back to LinkedIn. Other cookies may also be used to measure conversions. In addition to your IP address, the URL, referrer URL, device and browser properties as well as the timestamp are stored, whereby the IP address is shortened or hashed by LinkedIn.

Conversions occur when you take an action after clicking on our ad, e.g. visit our website or purchase a product. The LinkedIn conversion tracking tool allows us to track post-click behavior, e.g. purchases, services or newsletter sign-ups. Demographic data from your LinkedIn profile, such as profession, geographical location and industry, can also be processed. LinkedIn provides us with a statistical report that shows information about the total number of clicks and the success of various advertising measures.

If you have consented to the use of the LinkedIn Insight tag, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when the LinkedIn Insight tag is collected. Consent is requested by our cookie manager and can be revoked at any time.

LinkedIn also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and safety of data processing.

LinkedIn uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, LinkedIn undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at LinkedIn at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs

The company is also certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000L0UZAA0&status=Active

You can find out more about LinkedIn Insight Tag at https://www.linkedin.com/help/linkedin/answer/a427660

You can also find out more about the data processed through the use of LinkedIn Insight Tag in the privacy policy at https://de.linkedin.com/legal/privacy-policy

 

Meta Pixel (formerly Facebook Pixel)

This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (de-de.facebook.com/about/privacy/). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

We use the advanced matching function within the meta pixel.

Advanced matching allows us to transmit various types of data (e.g. place of residence, federal state, zip code, hashed email addresses, names, gender, date of birth or telephone number) of our customers and interested parties that we collect via our website to Meta (Facebook). This Activation enables us to tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, the extended matching improves the allocation of website conversions and expands Custom Audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner that is safe under data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/

You can also deactivate https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.the remarketing function "Custom Audiences" in the Settings for advertisements at  You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

 

9. Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google fonts are installed locally. There is no connection to Google servers.

 

10. use of Google Maps

This website uses Google Maps API to display geographical information visually. When Google Maps is used, Google also collects, processes and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google privacy policy (www.google.com/privacypolicy.html). You can also change your personal data protection settings there in the data protection center.

Detailed instructions on managing your own data in connection with Google products can be found here: http://www.dataliberation.org/

 

11. Embedded YouTube videos

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

When a YouTube video is started, the provider uses cookies that collect information about user behavior.

If you have deactivated the storage of cookies for the Google Ad program, you will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at "Youtube" can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

 

12. data protection information for online meetings and other forms of digital collaboration via Microsoft Teams and other "Microsoft Office 365" applications

The data controller uses Microsoft Teams and other cloud-based services of the "Microsoft Office 365" program library to conduct telephone conferences, online meetings, video conferences and/or webinars as well as online training and online consultations and to enable digital collaboration (hereinafter: online meetings or digital collaboration).

Microsoft Teams and Microsoft Office 365

Microsoft Teams and Microsoft Office 365 are services of Microsoft Corp, One Microsoft Way in Redmond, WA 98052-6399.

Below you will find Microsoft's data protection information.

The use of Microsoft Teams and Microsoft Office 365 is based on Art. 6 para. 1 sentence 1 lit. f GDPR (lawfulness of processing).

The controller for data processing that is directly related to the implementation of "online meetings or digital collaboration" is DEPRAG SCHULZ GMBH u. CO. KG

The use of Microsoft is dependent on the use of the respective "Microsoft Office 365" service. For Microsoft Teams, it is only necessary to download the app. For other "Microsoft Office 365" services (with the exception of Microsoft Forms), an additional login and use of online apps in the browser is required.

With Microsoft Teams, you can participate in the conferences in the app using the link, integrated calendar in Teams or in the respective chats or Teams channels. If you do not want to or cannot use the "Microsoft Teams" app, the basic functions can also be used via a browser version, which you can also find on the Microsoft Office 365 website. Various types of data are processed when you use Microsoft Teams or Microsoft Office 365. The scope of the data also depends on the data you provide before or during participation in an online meeting.

The following personal data is processed: User details: first name, surname, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional); online metadata: Subject, description (optional), participant IP addresses, device/hardware information; For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat; When dialing in by phone: details of the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device may be stored; text, audio and video data: You may have the option of using the chat, question or survey functions in an online meeting as well as other functions for uploading and downloading files such as images, sound, video or Office data. In this respect, the data provided by you is processed in order to display it in the online meeting and to make it accessible to other participants during the meeting or afterwards and, if necessary, to log it.

In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications. To take part in an "online meeting" or to enter the meeting room, you must at least enter your name.

The controller uses Microsoft Teams to conduct online meetings and Microsoft Office 365 to provide other Microsoft cloud services for digital collaboration. If online meetings are to be recorded, you will be informed transparently in advance and - if necessary - asked for your consent. The fact that you are being recorded will also be displayed in Microsoft Teams. If it is necessary for the purposes of logging the results of an online meeting, chat content will be logged by the processors. However, this will not usually be the case. In the case of webinars, the questions asked by webinar participants may also be processed for the purposes of recording and following up webinars.

If you are registered with Microsoft as a user or participate in a conference as a guest, reports on online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored in the corresponding Microsoft services until the end of the meeting or the respective educational measure plus one month beyond that.

Personal data collected in connection with participation in online meetings or digital collaboration in Microsoft Teams and in "Microsoft Office 365" provided by DEPRAG SCHULZ GMBH u. CO. KG will not be passed on to third parties unless they are specifically intended to be passed on. Please note that content from online meetings or digital collaboration as well as face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. The provider of Microsoft Office 365 (MS Teams) necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with Microsoft.

Microsoft Teams and Microsoft Office 365 are services provided by a provider from the USA. The controller has concluded an order processing contract with the provider that meets the requirements of Art. 28 GDPR. According to Microsoft Corporation, personal data is processed exclusively on servers within the European Union. An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses with Microsoft Corporation.

 

13. data protection provisions about the application and use of MS Forms

The controller regularly uses Microsoft Forms as part of Microsoft Office 365 for online surveys for the purpose of quality assurance of events. The surveys can be addressed in different ways (via hyperlink, QR code, embedding in website or e-mail dispatch). Participation in surveys is voluntary and possible without user registration with Microsoft. The processor uses the survey results to carry out anonymous evaluations that have no reference to the person surveyed. If personal data is specifically collected and further processed via surveys, we will inform you of this separately in advance and - if necessary - ask for your consent.

 

14. Data protection provisions about the application and use of Zammad

We use the e-mail ticket system of Zammad GmbH, Marienstraße 11, 10117 Berlin ("Zammad") to process customer inquiries. If users of our website submit contact requests by email, these are stored and organized in the ticket system to enable chronological processing and improve the service experience. Users can always view the current status of the processing of their request via the individually assigned ticket number.

Personal data is collected, stored in the Zammad software and read out exclusively for the organization of the requests and their processing, as far as provided in the request, but in any case surname, first name and e-mail address. We ensure that internally only those persons who absolutely need access to this information are given access to it. We treat personal data confidentially and do not make it available to the general public. This data is also not used for marketing or profiling within the meaning of the GDPR.

The legal basis for the processing of this data is our legitimate interest in the efficient design of our customer service, the fastest possible response to your request and the optimization of our service offer in accordance with Art. 6 para. 1 lit. f GDPR.

Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

Further information on data protection at Zammad can be found at https://zammad.com/de/unternehmen/datenschutz

 

Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our powers in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

 

Questions for the data protection officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization directly:

 

Bastian Blank
Carl-Schulz-Platz 1 | 92224 Amberg
Phone: +49 9621 371-208

E-mail: datenschutz@deprag.de