With this notice, we inform visitors and users of the website about the type, scope and purpose of the processing of personal data when visiting the website or using the services provided on it. We also provide information about the rights to which data subjects are entitled on the basis of data processing.
It is possible to visit the website without personal data being collected. However, for the use of some services offered on the website, it may be necessary to process personal data. The processing is carried out either on the basis of a legal permission norm or, in the event that a legal permission norm does not exist, on the basis of consent that has been obtained from the data subject in advance.
These notes and explanations are based on the terms used in the General Data Protection Regulation (GDPR):
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as the collection, recording, organisation, processing, storage or retrieval of such data.
personal data, such as collection, recording, organisation, filing, storage, adaptation or
storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission
(a) the processing of personal data by a third party; or (b) the processing of personal data by a third party; or (c) the processing of personal data by a third party; or (d) the processing of personal data by a third party.
2.3 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic age, health, personal preferences, interests, reliability, behaviour, location or change of location.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
2.6 Controller or data controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
the data controller.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
2.9 Third party
A third party is a natural or legal person, public authority, agency or other body other than the visitor to the website, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent is any freely given and specific, informed and unambiguous indication of intention in the form of a statement or other unambiguous affirmative act by which the person concerned signifies his or her agreement to the processing of his or her personal data.
3. person responsible for data protection
The following entity is responsible for data protection:
HUMANSTARSapp GmbH, Steinacher Straße 6-12, 90427 Nuremberg, Germany.
External data protection officer: Sepire GmbH, Am Felsenkeller 12, 90530 Wendelstein, Germany.
4.1 General information
So-called cookies are used on the website. Cookies are text files that are stored on the computer system. Many cookies contain a unique identifier consisting of a string of characters by which users can be recognised by the system. This is used to adapt the internet offer individually and user-friendly to the respective visitor.
There are different types of cookies. Most cookies are deleted from the hard disk at the end of the browser session (so-called session cookies). Other cookies remain on the computer and make it possible to recognise the computer on the next visit (so-called permanent cookies). These cookies are used, for example, to greet you with your individual user name and make it unnecessary to re-enter user names and passwords or fill out forms.
4.2 Consent and functioning of the cookie banner
In addition, a cookie banner has been set up on the website, which appears each time a new visit is made to the website. Via the cookie banner, consent can be limited to the use of technically necessary cookies or extended to technically unnecessary cookies. Consent can also be given for individual cookies only.
5. collection of data and information
When the website is accessed, general data and information is collected and stored in log files on the server.
This includes data on the type and version of browser used, the operating system used to access the website, the website from which the visitor accessed the website, the subpages accessed by the visitor, the date and time of access, the IP address, the Internet service provider and other similar data and information that serve to avert risks in the event of attacks on the IT system.
information that serve to avert danger in the event of attacks on the IT system.
In no case will conclusions be drawn about the person of the visitor. The
The information is required so that the contents of the website can be displayed correctly. The data is also collected in order to have the information available that is required for prosecution by the competent law enforcement authorities in the event of a cyber attack.
In any case, the data is collected anonymously and stored separately from other personal data that may be collected elsewhere in compliance with legal data protection requirements.
6. possibility of registration
On the website, it may be possible for visitors and users to register.
The type, scope and content of the data that is collected in this process can be seen from the input mask. The data collected will in any case be collected and stored exclusively for our own purposes, in order to be able to carry out processing operations initiated by the visitor.
to be able to carry out processing procedures initiated by the visitor.
During registration, the IP address, the date and the time of registration are stored. This is done in order to prevent misuse of the services provided and, if necessary, to be able to clarify any criminal offences. The data will not be passed on to third parties. Data will only be passed on if there is a legal obligation to pass it on or if it serves the purpose of criminal prosecution.
Insofar as information can be provided voluntarily during registration, this information will only be used for the purpose of offering the visitor to the site content or services that can only be offered to registered users. The data collected during registration can be changed or completed at any time. The data can also be deleted at any time.
Registered users have the right at any time to send a request to the operator of the website to obtain information about what data is stored about them. Registered users also have the right to request the correction or deletion of their data at any time. In the event that the data must be retained due to legal regulations, the data will be blocked until the retention obligation expires, so that data processing can no longer take place and the data can only be processed for the purpose due to which the retention obligation exists.
Insofar as the website offers the option of subscribing to a newsletter, personal data is collected. The type, content and scope of the data can be found in the relevant registration mask.
In order to avoid the use of third party data during the registration process, a confirmation email is first sent to the specified email address, which contains a link with which the recipient confirms the registration to receive the newsletter. This sends us a message that the registration for the newsletter has been confirmed. Only then will newsletter messages be sent to the registered e-mail address.
When registering for the newsletter, the IP address and the date and time of registration are stored. The collection therefore serves both to prevent misuse and for legal protection.
The personal data collected when registering for the newsletter is used exclusively for sending newsletters. The data will not be passed on to third parties.
Registration for the newsletter can be cancelled at any time. For this purpose, each newsletter contains a link with which the cancellation of the registration is transmitted to our system.
8. contact via the website
Due to legal regulations, the website contains information that enables a quick electronic contact or direct communication with the operator of the website.
In the event of contact being made, e.g. by e-mail or via a contact form, the personal data transmitted will be stored automatically.
In any case, the data will only be processed for the purpose resulting from the contact and will not be passed on to third parties, unless the transfer is necessary for processing the contact.
9 Routine deletion and blocking of personal data
Personal data will only be stored for as long as is necessary for the respective purpose of the processing or due to legal requirements.
Once the purpose has been achieved or the legally prescribed retention period has expired, the personal data is routinely deleted in accordance with the statutory provisions. If the intended purpose of the processing has been achieved, but the data may not yet be deleted due to legal requirements, the data will be blocked.
10 Legal basis of the processing
10.1 The data processing is based on Art. 6 (1) DS-GVO. Accordingly, the
data processing is permissible if this
- takes place with the consent of the person concerned;
- is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures;
- is necessary for the fulfilment of a legal obligation;
- is necessary to protect the vital interests of the website visitor or another natural person;
- is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the website visitor which require the protection of personal data, in particular where the visitor is a child.
10.2 Insofar as the data processing cannot be based on any other legal basis, the data processing shall only be carried out with the consent of the data subject, which shall be obtained and documented by the data subject prior to the start of the processing.
10.3 Insofar as the data processing is based on a legitimate interest, an additional weighing with the interests of the data subject is required prior to the start of the processing, which may nevertheless exclude data processing, even if the data processing appears to be expedient for business purposes. In this case, expediency is usually not sufficient. Rather, it is necessary that significant interests of the company, its employees or shareholders or owners are directly affected by the data processing.
11 Right to information and correction
Individuals whose data is processed have a legal right to access, rectify and erase their data. The rights can be exercised at any time by the data subject submitting a request to the data protection officer or the management.
In the case of the request for information, information shall be provided on the following contents:
- Processing purposes;
- Categories of personal data processed;
- Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- Existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing;
- Existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from the data subject:All available information on the origin of the data;
- Existence of automated decision-making including and 4 GDPR and - at least in these cases - profiling pursuant to Article 22(1) meaningful information about the logic involved and the scope and intended effects of such processing for the data subject; transfer of data to a third country or to an international organisation and about the appropriate safeguards in connection with the transfer.
In the event of a request for rectification, inaccurate data shall be rectified or
12. right to erasure
In the event of a request for deletion, the personal data concerned shall be deleted without delay,
- if the personal data have been collected or otherwise processed for purposes for which they are no longer needed;
- the data was collected solely on the basis of the data subject's consent, which the data subject has revoked;
- the data subject objects to the processing pursuant to Art. 21 DSGVO and, in the event of revocation pursuant to Art. 21 (1) DSGVO, there are no overriding legitimate grounds for the processing;
- the personal data have been processed unlawfully;
- the deletion is required by law.
In the event that the data to be erased has been made public, appropriate measures shall be taken in accordance with Article 17(1) of the GDPR, taking into account the available technology and the costs of implementation, to inform third parties processing the published personal data of the erasure request.
13 Right to restriction of processing
The data subject has a legal right to request the restriction of the processing of his or her data if he or she disputes the accuracy of the personal data or has lodged an objection pursuant to Article 21(1) of the GDPR. In this case, the processing shall be restricted for a period of time necessary to verify the accuracy of the personal data or to establish whether there are grounds for processing the data that override the interest of the data subject. However, if the processing is then unlawful and the data subject refuses the erasure of his or her data, he or she may also request the restriction of the processing of his or her data instead.
The processing of the data must also be restricted if it is no longer needed for the purpose for which the data was collected, but the data must still be retained for the assertion, exercise or defence of legal claims.
The aforementioned rights may be exercised at any time by the data subject submitting a request to the data protection officer or the management.
14 Right to data portability
Persons whose data are processed have a legal right to have the data transferred in a structured, common and machine-readable format or transmitted to a third party without hindrance if the processing is based on consent pursuant to Art. 6 para. 1 letter a DS-GVO or Art. 9 para. 2(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The rights may be exercised at any time by the data subject by sending a request to the data protection officer or the management.
15 Right to object
Data subjects have a legal right to object to data processing at any time.
In the event of an objection, the data will no longer be processed unless there are demonstrably compelling legitimate grounds for continuing to process the data which override the interests, rights and freedoms of the visitor to the website, or the processing serves to assert, exercise or defend legal claims.
In the event of an objection to processing for advertising purposes, the objection shall in principle take precedence. The data will then no longer be used for advertising purposes.
The rights can be exercised at any time by the data subject submitting a request to the data protection officer or the management.
16. automated decisions in individual cases, including profiling.
Data subjects have a legal right not to be subject to a decision which produces legal effects concerning them and which is based solely on automated processing or similarly significantly affects them. This does not apply to decisions which are necessary for the conclusion or performance of a contract with the data subject, or where this is permitted by law and appropriate measures are included to safeguard the rights and freedoms and legitimate interests of the website visitor, or where this is done with the explicit consent of the website visitor.
Where the decision is necessary for the conclusion or performance of a contract, or where the automated decision is made with the explicit consent of the data subject, reasonable steps will be taken to safeguard the rights and freedoms as well as the legitimate interests of the website visitor, such as measures allowing the data subject to have an influence on the procedure, to intervene and to express his or her point of view.
If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.
The rights may be exercised at any time by the data subject by sending a request to the data protection officer or the management.
Notwithstanding the above, automated decision-making in individual cases and profiling do not take place at this time.
17. right to revoke consent granted under data protection law
Data subjects may revoke a given consent to data processing at any time.
The rights can be exercised at any time by the data subject submitting a request to the data protection officer or the management.
18. use of analysis tools and other services
18.1 General information
Components of various third-party companies may be used on the website, with which information on visitors to the website and their surfing behaviour can be recorded and analysed, in some cases in real time. In doing so, interactions are statistically recorded and processed in order to obtain an overview of the online activities of the visitors and users of the website.
The use of these components serves, on the one hand, the purpose of tailoring the marketing for the internet offer to the visitors and users and thus increasing the advertising effectiveness of the internet pages. On the other hand, this serves the purpose of being able to detect and rectify errors of a technical or other nature.
The components are software components from third-party companies. Insofar as such components are used, the type, content and scope as well as the purpose of the data processing is explained and pointed out below.
In addition, provider companies frequently provide the option of centrally objecting to the collection of data by their components. Insofar as this is possible, this is also explained below.
18.2 Data transfer to the USA
Through the use of tools from providers based in the USA, data is also transmitted to the provider in the USA, even if the contract for the use of the tool is concluded with a subsidiary of the provider whose registered office is within the European Union (e.g. Ireland).
The legal basis for the transfer of data through the use of the tool is in each case consent related to the individual case in accordance with Art. 49 (1) a) DSGVO.
In this context, it is pointed out that no adequacy decision of the EU Commission exists for the USA. In this respect, there is a risk for the data subject that government agencies in the USA may access the transmitted data without any specific reason, without any possibility of seeking effective legal protection against this being guaranteed.
18.2.1 Use of Google services
Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which a data subject has accessed a website (so-called referrers), which sub-pages of the website have been accessed or how often and for how long a sub-page has been viewed. A web analysis is mainly used for the optimisation of a website and for the cost-benefit analysis of internet advertising.
The IP address of the Internet connection of the visitor to the website is shortened and anonymised by Google if the website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics sets a cookie on the system of the visitor to the website in order to enable an analysis of the use of the website. When the website is accessed, data is transmitted to Google for the purpose of online analysis. Within the framework of this technical procedure, Google obtains knowledge of personal data, such as the IP address of the visitor to the website, which Google uses, among other things, to trace the origin of the visitors and clicks and subsequently to enable commission settlements.
By means of the cookie, personal information, such as the time of access, the location from which access originated and the frequency of visits to our website by the person concerned, is stored. Each time the website is visited, this personal data, including the IP address of the internet connection used by the visitor to the website, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
18.2.3 Use of Google AdWords
Google AdWords is an internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and taking into account the previously defined keywords.
The purpose of Google AdWords is to advertise the website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and to display third-party advertising on our website.
If a visitor arrives on the website via a Google advertisement, a so-called conversion cookie is stored on his or her system. A conversion cookie loses its validity after thirty days and is not used to identify the visitor to the website. Provided the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, for example the shopping basket of an online shop system, have been called up on the website, to be able to track whether the visitor has completed or cancelled the purchase of goods.
The data and information collected through the use of the conversion cookie are used by Google to compile visit statistics for the website, to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. It is not possible to identify the visitor to the site.
By means of the conversion cookie, personal data, including the IP address of the internet connection used, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
In addition to the options already described for preventing the setting of cookies, visitors to the website also have the option of objecting to interest-based advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.
18.2.4 Use of Google Web Fonts
Google Web Fonts is a service used to embed fonts on a website. When visiting the website on which Google Web Fonts is integrated, the browser downloads the font. In this way, Google Web Fonts learns which pages are visited.
18.2.5 Use of DoubleClick
Google DoubleClick is a service through which digital advertising is offered on websites. For this purpose, the service collects information on the frequency of page views in order to track how often, how long and which parts of the website are used by the same user.
18.3 Use of LinkedIn Analytics
The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The provider is a subsidiary of a company based in the USA. It cannot therefore be ruled out that data may be transferred to the USA. Reference is made to the above information in section 18.2.
LinkedIn is an internet-based social network for business contacts.
When visiting the website that contains the LinkedIn plug-in, the browser downloads a representation of the LinkedIn component. In this way, LinkedIn receives information about which pages are visited.
If the user activates one of the integrated buttons, the transmitted data and information are assigned to the personal LinkedIn user account of the website visitor and stored and processed by LinkedIn.
LinkedIn also always receives the information about the visit to the website if the visitor to the website is logged in to LinkedIn at the same time. This applies regardless of whether the button is clicked. To prevent this, the user must log out of the account during this time.
LinkedIn offers an additional option at https://www.linkedin.com/psettings/guest-controls to unsubscribe from e-mail messages, SMS messages and advertisements and to manage advertisement settings. LinkedIn also uses
Partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy.
18.4 Use of Cloudflare services
The operating company of the Cloudflare services is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107 USA. Further information and the applicable data protection provisions of Google can be found at https://www.cloudflare.com/de-de/gdpr/introduction/.
The provider's service is a so-called Content Delivery Network (CDN) for integrating external content on the website. When the page is called up, there is always the possibility that data will be collected and transmitted to the provider of the service. According to the provider, however, the provider does not make use of this possibility. Accordingly, no data is collected and not transmitted to the provider. Details on this can be found under the link https://www.cloudflare.com/de-de/privacy-andcompliance/.
18.5 Use of Hotjar
18.6 We analyse our visitor data with the help of an external service provider. For this purpose, we share the data obtained from the use of IP research with Pulserio AG, Schellenrainstrasse 13, 6210 Sursee, Switzerland, https://leadrebel.io/imprint.
Categories of data subjects are website visitors and users of our web services. The purpose of the processing is the evaluation of the data obtained from IP research for lead generation.
If visitors to our site are asked for consent, the legal basis for the processing of the data is consent within the meaning of art. 6 para. 1 lit. a DSGVO. Otherwise, the data is processed on the basis of our legitimate interest within the meaning of art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in generating leads by analysing the data obtained with the help of the IP search. On this page: https://leadrebel.io/optout you have an opt-out option. In the event of an opt-out, your data will no longer be collected by LeadRebel.