Data privacy

Privacy policy

Our company attaches great importance to the protection of personal data. In the following, we inform you about the collection of personal data when using our website and our web store. If you have any further questions regarding the handling of your personal data, please contact our data protection officer.

 

Responsible body

cbs Corporate Business Solutions Unternehmensberatung GmbH
Rudolf-Diesel-Straße 9
69115 Heidelberg – Germany

Phone: +49 6221 3304-0
E-Mail: kontakt@cbs-consulting.de

 

Contact data protection officer:

You can reach our data protection officer at

Personal/confidential To the data protection officer
cbs Corporate Business Solutions Unternehmensberatung GmbH
Rudolf-Diesel-Straße 9
69115 Heidelberg – Germany
E-Mail: datenschutz@cbs-consulting.de

 

Purposes and legal bases of data processing

The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to answer your inquiries regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. lit. f GDPR. Insofar as the processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 lit. c GDPR.

Information on the relevant legal bases and purposes in each individual case is provided in the following paragraphs:

 

Data processing when accessing the website

If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via a contact form), we collect the following technical information (log file data):

  • Operating system of the device you use to visit our website
  • Browser (type, version & language settings)
  • the amount of data retrieved
  • the current IP address of the device you are using to visit our website
  • Date and time of access
  • the URL of the previously visited website (referrer)
  • the URL of the (sub)page that you access on the website
  • the Internet service provider of the accessing system

The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our service provider) regularly do not know who is behind an IP address. We do not combine the data listed above with other data.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Since the collection of data for the provision of the website and the storage in log files is absolutely necessary for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point

 

Cookies and third-party services

Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognize preferences and target content according to areas of interest.

The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 2 TTDSG. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 lit. f) GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionalities and, with your consent, to measure reach and to tailor our services to preferred areas of interest.

 

You can find more information about the cookies used here (LINK: Cookie-Tool)

 

You can find out which services are used on this website in this privacy policy.

Usercentrics

Usercentrics is a consent management platform that enables websites to protect user privacy and comply with the GDPR when it comes to cookies and tracking. "Usercentrics" is an offer from the provider Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, hereinafter referred to as "Usercentrics".       
Through the "Usercentrics" function, we inform our website visitors about the use of cookies on our website and enable them to make a decision.
about their use.

The following personal data is processed automatically:

  • Opt-in and opt-out data
  • Referrer URL
  • User Agent
  • User settings
  • Consent ID
  • Time of consent
  • Consent type
  • Template version
  • Banner language
  • IP address
  • Geographical location
 

Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. This cookie is automatically deleted after 12 months. 

The legal basis for the storage of the data is Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR, as Usercentrics is used to fulfill requirements under the TTDSG.

The user can prevent or terminate the installation of cookies and their storage, and thus their cookie consent, at any time by changing their browser settings.

Further information on Usercentrics can be found at:
https://usercentrics.com/de/datenschutzerklaerung/

 

Registration and customer account

You have the option of registering on our websites and creating a customer account. Personal data that must be provided is marked as a mandatory field in the respective registration form; any additional information is voluntary.

We use the so-called double opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If you do not confirm your registration, it will be automatically deleted from our database. Once you have registered, you will receive personal, password-protected access and can view and manage the data you have stored. Registration is voluntary, but may be a prerequisite for using certain of our services.

We store your data required for the fulfillment of the contract, including information on the method of payment, until you finally delete your account. Furthermore, we store the additional data you provide for the duration of your use of the customer/user account, unless you delete it beforehand. You can manage and change all details in the protected customer area.

You can delete your customer account at any time. If the account is deleted, all personal data that is not subject to a statutory retention obligation or Article 17 (3) GDPR will be deleted.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR for your mandatory information and Art. 6 para. 1 lit. a GDPR for further voluntary information provided by you.

 

Processing of your data in the online store

When you place an online order on our website, we collect the data required to conclude the contract. The data is stored for the duration of the contract and in accordance with legal obligations. If necessary for processing the order, we will forward your address data to a shipping service provider. The legal basis is the conclusion and execution of a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

For payment processing, we use the payment service provider described below, which is always identified and accepts your entries. This provider is therefore the recipient of your personal data collected in connection with the payment process. The legal basis for the involvement of payment service providers is also contract processing in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

We currently use the following payment services:

PayPal

When paying via PayPal, your payment data will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of the payment processing. If you select this payment method, your required payment data (e.g. name, payment amount, account details, credit card number) will be transmitted to PayPal for the purpose of payment processing. The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract).

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

For information on data protection law, including the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

 

Storage period and data transfer to third parties

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us for as long as is necessary to fulfill our legal and contractual obligations. If storage of the data is no longer necessary for the fulfillment of contractual or legal obligations, your data will be deleted, provided that we have no other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

Your data will not be transferred to third parties unless we are legally obliged to do so. If external service providers come into contact with your personal data, we have taken legal, technical and organizational measures and carried out regular checks to ensure that they comply with the provisions of the data protection laws. In addition, these service providers may only use your data in accordance with our instructions.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company can subject itself.

 

Your rights

We will be happy to provide you with information as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements.

 

What rights do you have in the event of data processing based on your legitimate or public interest?

In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e) GDPR (data processing in the public interest) or on Art. 6 para. 1 sentence 1 lit. f) GDPR (data processing to safeguard a legitimate interest).

You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).

Status 02.2024