Privacy Policy
Cofinity-X appreciates your visit to our website and your interest in our company. Cofinity-X is a Catena-X operating company, and we take data protection seriously.
This privacy policy describes:
- the personal data we collect when you visit our website
- the purposes for which we use this data
- the legal basis for the processing of personal data
- the recipients of this personal data
- the period for which this personal data is to be stored
- whether you are obliged to provide personal data
Furthermore, we would like to inform you about:
- the existence of your rights in relation to the processing of your personal data
- the data processing controller within the meaning of the data protection laws and, if applicable, our data protection officer(s)
1. Visit of our website
When you visit our website without contacting us or logging in, your browser automatically transmits the following information to our server:
- IP address of your device
- Information about your browser (e.g., main language, user agent, version)
- the website you were on directly before visiting our website
- the URL or requested file, title of the displayed page
- the URL of the page you were on directly before visiting our website
- link clicks on external domains
- date and time of your visit
- location of the user
- screen resolution
- volume of the transmitted data
- status information, e.g. error messages, page generation time
We use this data:
- to send the requested content to your browser. In doing so, we only store the full IP address to the extent necessary to deliver the requested content to you;
- to send your IP address to a service provider to map your public IP address with company and industry related information (not personal information). This company and industry-related information is processed in our web measurement system. At no point in this process step is your IP address stored with our service provider or in our system;
- to protect us from attacks and to ensure the proper operation of our website.
We store the IP address of your device after we remove the last octet of the IP address, i.e., in anonymous form, for web audience measurement, which enables us to improve our website. We remove the last octet of the IP address immediately after collection. For this reason, we do not collect any personal data about your use of our website.
The storage of the aforementioned data is temporary and with restricted access for a maximum period of 180 days. This period may be extended if and to the extent necessary for the prosecution of attacks and incidents.
This data is processed in the interest of a secure, fast and efficient provision of our website as well as the defense against and prosecution of unlawful attacks. The legal basis for the processing is Article 6 (1) para. 1 lit. f of the General Data Protection Regulation (“GDPR”).
2. Contact us
When you contact us by email or via the contact form on our website, we receive the following information:
- your name
- your email address and other information you provide via email or contact form
- date and time of your message
We store this data to the extent necessary to respond to and fulfil your request or until we receive a request from you to delete your personal data. Please note that if you ask us to delete your personal data, we may not be able to respond to and fulfil your request. Please also note that in some cases we may need to send messages containing personal data to protect our rights.
The legal basis for the processing is Article 6 (1) sentence 1 lit. b GDPR. In the event that we need to store the transmitted data to protect our rights, the legal basis for the processing is still Article 6 (1) sentence 1 lit. f GDPR.
3. Newsletter
When you subscribe to our newsletter, we store the email address you provide and other information you submit via the form in order to send you our newsletter.
The system Emarsys (An SAP Company), Emarsys Interactive Services GmbH, Willi-Schwabe-Straße 1, 12489 Berlin, Germany, is used for sending newsletters.
Further information on data protection at Emarsys can be found at
https://help.emarsys.com/hc/de/articles/360005211473-DSGVO-und-Datenschutz-%C3%9Cberblick-
The legal basis for the processing of personal data is your consent pursuant to Article 6 (1) para. 1 lit. a GDPR, which is declared when you subscribe to our newsletter and which you can revoke at any time. The data will be stored until you unsubscribe from the newsletter.
4. Use of cookies
Our website uses so-called cookies from time to time. Cookies are small text files that are stored on your device and saved by your browser. Cookies do not cause any damage to your device and do not contain viruses. Cookies can be used to make our website more user-friendly, effective and secure (“functional cookies”). Furthermore, cookies can also be used for marketing or analysis purposes (“analytics cookies” or “marketing cookies”).
You can disable or delete such cookies in your browser settings. Please note that by deactivating functional cookies, not all functionalities of our website may be accessible to you.
The cookies we use are:
- Essential cookies
- Functional cookies
- Analytics cookies
- Marketing cookies
We inform you about the use of tracking/analytics or marketing cookies in our cookie banner when you first visit our website and whenever you visit our website without giving your consent to cookie tracking. If you do not consent to the use of cookies via our cookie banner, we will not place tracking/analytics or marketing cookies on your device.
5. Google Analytics
Data processing
In order to analyse the use of our website and to regularly improve our services, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Website: https://marketingplatform.google.com.
Google Analytics uses so-called cookies, which are text files stored on your device, to enable the website to analyse the usage of our website. The information generated by the cookies is usually transferred to a Google server located in the USA and stored there. If the anonymization of IP addresses is activated on this website, Google will, however, shorten and thus anonymize your IP address within the member states of the European Union or within the various signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. The IP address transmitted by Google Analytics will not be merged with other Google data.
The Google Analytics cookies are not stored on your device unless you agree to the cookies via our cookie banner. You can also refuse the use of cookies by selecting the appropriate settings on your browser. Please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting data generated by the cookies about your use of the website (including your IP address) and from processing this data through Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Purposes and legal basis
The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. a GDPR. You give your consent via the cookie banner.
Personal data is stored by Google Analytics for a maximum of 14 months.
Insofar as Google also processes your personal data in the USA, a third country without adequate data protection, the standard contractual clauses updated by the European Commission will apply in this respect, which can be accessed at
https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
Further information
Further information on data protection at Google can be found at:
https://marketingplatform.google.com/about/analytics/terms/us/ (Terms of Use);
http://www.google.com/intl/de/analytics/learn/privacy.html (Overview of data protection);
https://policies.google.com/privacy?hl=en-US (Privacy policy).
6. Social media, plugins and tools
6.1 YouTube Plugin
We have integrated YouTube videos into our online offer, which are stored on the YouTube platform and can be played directly from our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). The videos are all embedded in the so-called “2-click solution”. This means that no data about you as a user will be transmitted to Google if you do not activate the video function. Before the video function is activated, only a preview image loaded from our own web server is displayed.
Data is only transferred to Google if you activate such video functions. Once activated, we have no influence on this data transmission. The data transfer takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account.
Purposes and legal basis
We use YouTube videos on our website to present them in a simple way.
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give this consent by activating the video function. If activated, your personal data will be transferred to Google as described above.
During the data transfer to Google, your personal data will be transferred to Google servers, which may also be located in the USA. The US is a country without a level of data protection equivalent to that of the EU. This means in particular that the US authorities can access personal data in a simplified way and that there are only limited rights to such measures. When you activate the YouTube video function, you expressly consent to the transfer of data to Google and to the transfer of your personal data to servers in the USA.
If you have given your consent, you have the right to revoke it at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Further information
Further information on data processing, in particular on the legal basis and the storage period of Google, can be found in the privacy policy of the provider (https://policies.google.com/privacy?hl=en-US) and in the privacy settings on the YouTube platform (https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/) There you will also find further information on your rights and setting options to protect your privacy.
Google may also process your personal data in the USA, a third country without adequate data protection. In this respect, the standard contractual clauses updated by the European Commission apply, which can be accessed at
https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
6.2 Google Ads and Conversion Tracking
Data processing
The use of marketing cookies and tracking mechanisms enables us and our partners to show you interest-based offers based on an analysis of your usage behavior.
We use Google Ads (formerly Google AdWords) to draw attention to our attractive offers by placing ads on external websites. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website https://marketingplatform.google.com. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We use this tool to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
Furthermore, we measure the conversion of the ads (“conversion tracking”). However, we only get information on the anonymous total number of users who clicked on our ad and were redirected to a page marked with a so-called “conversion tracking tag”. However, we ourselves do not receive any information with which users can be identified.
These advertisements are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your device. These cookies usually expire after 90 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of a Google Ads customer’s website and the cookie stored on their device has not yet expired, Google and the customer can recognize that the user has clicked on the ad and been redirected to that page. A different cookie is assigned to each Google Ads customer. Cookies can therefore not be tracked via the website of Google Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify the users on the basis of this information.
Purposes and legal basis
The legal basis for the processing of your personal data in the context of the use of the “Google Ads and Conversion Tracking” offer is your declared consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. Your personal data will be deleted as soon as you revoke your declaration of consent or your personal data are no longer required to achieve the purpose of their processing. As a rule, the corresponding cookies are deleted after 90 days.
Further information
Google may also process your personal data in the USA, a third country without adequate data protection. In this respect, the standard contractual clauses updated by the European Commission apply, which can be accessed at
https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
Further information on data protection at Google can be found at:
https://business.safety.google/intl/en/adsprocessorterms/ (Data processing conditions for Google Ads)
https://policies.google.com/privacy?hl=en (Privacy policy)
https://business.safety.google/intl/en/adsservices/ (types of processing and data processed)
https://business.safety.google/intl/en/adscontrollerterms/ (Data processing conditions between data controllers)
6.3 Hubspot
We use HubSpot on our website to support our marketing activities. HubSpot is a software company based in the USA, with a branch office located at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
This comprehensive software solution assists us in managing various marketing and customer service processes. These include email marketing for sending newsletters and automated emails, publishing and analyzing social media content, contact management including user segmentation and CRM, and creating landing pages and contact forms.
HubSpot employs cookies, which are small text files stored locally in your browser’s cache on your device. These cookies enable us to analyze the usage of our website. The collected data (such as IP address, geographic location, browser type, duration of visit, and pages viewed) is evaluated by HubSpot on our behalf to generate reports about website visits and pages viewed.
The information collected by HubSpot and the contents of our website are stored on servers by HubSpot’s service providers. If you have given us your consent according to Art. 6 Para. 1 S. 1 lit. a GDPR, the processing of data on this website is for the purpose of website analysis.
Since HubSpot may transfer personal data to affiliated companies and subcontractors in countries outside the EU and EEA, additional protective measures are required to ensure the data protection level of the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 Para. 1 GDPR for companies certified under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified under this framework and is committed to adhering to appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and EEA, for which there is no adequacy decision by the EU Commission, standard data protection clauses according to Art. 46 Para. 2 lit. c GDPR are agreed upon. These clauses oblige the recipient of the data in the third country to process the data in accordance with the European level of protection.
The data will be deleted as soon as it is no longer required for the purpose of its collection.
You can permanently object to the collection of data by HubSpot and the setting of cookies by adjusting your browser settings accordingly. You can also withdraw your consent to the processing of your personal data at any time with effect for the future.
6.4 Intercom
We use Intercom, a messaging and communication platform, on our website. The service provider is the American company Intercom, Inc, 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA.
Intercom also processes your data in the USA, among other places. Intercom is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Intercom also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Through the EU-US Data Privacy Framework and the standard contractual clauses, Intercom undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. The Intercom Data Processing Terms (Data Protection Agreement), which corresponds to the Standard Contractual Clauses, can be found at https://www.intercom.com/de/legal/data-processing-agreement. You can find out more about the data processed through the use of Intercom in the Privacy Policy at https://www.intercom.com/legal/privacy
6.5 Appointment booking MS Bookings
You can easily book appointments with our employees yourself via the booking platform MS Bookings. When you make an online appointment booking on our website, we use the Microsoft Bookings service provided by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
When you book an appointment online, we process the personal data contained in the booking form. This includes: Title, name, telephone number, email address and, if applicable, the company and additional notes or messages. The legal basis for data processing is our overriding legitimate interest in providing a simple appointment booking system in accordance with Art. 6 para. 1 f) GDPR.
Microsoft Ireland Operations Limited is a subsidiary of the Microsoft Group with headquarters in the USA. Data may therefore be forwarded to Microsoft Online Inc. based in the USA and processed there. Microsoft is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
6.6 Hotjar
In order to optimise the functionality and user-friendliness of our website, we use the web analysis service Hotjar, of Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Silema SLM 1640, Malta, Europe (“Hotjar”). Hotjar works with cookies and other technologies to collect statistical information about the behaviour of our users and their end devices. Hotjar processes the following data: User behaviour (clicks, mouse movements, scroll heights, etc.), IP address of your device, (collection and storage in an anonymised format), name and email address (if provided), screen size of the device, device type and browser functions and geographical location (country) to determine the preferred language when displaying the website. This data is transmitted to Hotjar’s servers. Hotjar stores this information in a pseudonymised user profile. The information is not used by Hotjar or by us to identify individual users or merged with other data about individual users.
The legal basis for data processing is your prior consent in accordance with Art. 6 (1) a) GDPR. You can revoke your consent at any time with effect for the future by adjusting the settings options under our cookie settings. Alternatively, you can revoke your consent to data collection at any time with effect for the future by clicking on the following link and pressing the “deactivate hotjar” button: https://www.hotjar.com/opt-out. Further information on data protection at Hotjar can be found at https://www.hotjar.com/legal/policies/privacy
6.7 The services of web hosting
To provide our online presence, we use the services of web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.
The legal basis for data processing is our predominant legitimate interest in the provision of our website in accordance with Art. 6 para. 1 f) GDPR.
It is possible that data may also be transferred to the USA. Webflow is certified under the EU-US Data Privacy Framework and is covered by the EU adequacy decision for the USA.
7. Disclosure of your personal data
Your personal data will only be passed on to third parties to the extent described in this data protection declaration.
A transfer of your personal data to third parties for purposes other than those mentioned above only takes place in individual cases in the following cases:
- You have given your express consent to this in accordance with Art. 6 (1) sentence 1 lit. a GDPR;
- the transfer is necessary for the processing of contractual relationships with you in accordance with Art. 6 (1) sentence 1 lit. b GDPR;
- there is a legal obligation to pass on the data according to Art. 6 (1) sentence 1 lit. c GDPR; or
- the disclosure is necessary pursuant to Art. 6 (1) sentence 1 lit. f GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
8. Automated individual decision making
The personal data collected and processed through this website is not subject to automated individual decision making by us.
9. Data transfer to third countries
Unless explicitly stated otherwise in this privacy policy, personal data will not be transferred to third countries outside the European Union.
10. Obligation to provide personal data
There is no contractual or legal obligation to provide your personal data. Please note that if you do not provide the personal data we require, we may not be able to provide all the features of this website.
11. Your rights
You have certain rights under the GDPR:
- Right to information: You have the right to receive information free of charge at any time about your personal data stored, its origin and recipient as well as the purpose of the data processing;
- Right to correct: If your personal data is inaccurate or incomplete, you have the right to rectify your personal data;
- Right to erasure: this right is also known as “the right to be forgotten” and allows you to request the deletion or removal of your personal data if there is no compelling reason for us to continue using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue to use your personal data where such use is necessary for the performance of our legal obligations or for the establishment, exercise or defense of legal claims;
- Right to restrict our use of your data: the right to suspend the use of your personal data or to restrict the way in which we can use it. Please note that this right is restricted in certain situations: if we process the personal data we have collected with your consent, you can only request a restriction in the following cases: (a) if you dispute the accuracy of the personal data; (b) if our processing is unlawful and you do not want your personal data to be erased; (c) if you need the data for legal proceedings; or (d) if you have objected to the processing and it is not yet determined whether your legitimate grounds override our legitimate interests. If processing is restricted, we may still store the data but may not use it further. We maintain lists of individuals who have requested a restriction on the use of their personal data to ensure that the restriction is complied with;
- Right to data portability: the right to request that we provide your personal data that you have provided to us in a structured, commonly used and machine-readable format in order to transfer this data to another controller without hindrance from us;
- Right to object: the right to object to our use of your personal data;
- Right to information: The right to receive clear, transparent and easy to understand information about how we use your personal data;
- Right to withdraw consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time (however, if you do so, this does not mean that anything we have done with your personal data with your consent up to that point is unlawful). Exercising these rights is free of charge for you, but you are required to provide proof of your identity.
To make any enquiries or to exercise any of your rights set out in this Privacy Policy and/or to lodge a complaint, please contact us by email or letter. Contact details can be found at the end of this Privacy Policy.
12. Complaints
You have the right to lodge a complaint with us (see below for contact details) or with a supervisory authority, in particular in the Member State where you have your habitual residence or place of work or where the alleged infringement took place.
If we receive formal written complaints, we will contact the person who made the complaint to investigate the complaint. We will work with the relevant authorities, including the local data protection authority, to resolve any complaints that we are unable to resolve directly.
The locally competent data protection authority is:
The State Commissioner for Data Protection and Freedom of Information Nordrhein-Westfalen Kavalleriestr. 2-4 40213 Düsseldorf https://www.ldi.nrw.de/
13. Responsible person and data protection officer
The provider and operator of this website and therefore the responsible person in the sense of the GDPR is:
Cofinity-X GmbH
Breslauer Platz 4
50668 Cologne
Germany
The data protection officer of Cofinity-X GmbH is:
RMPrivacy GmbH
Matthias Rosa and Moritz Kolb
Große Langgasse 1a
D- 55116 Mainz