DATA PROTECTION
DATA PROTECTION DECLARATION (as of 07/2024)
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you.
This privacy policy explains what information we collect and what we use it for and for what purpose.
We would like to point out that data transmission over the internet can have security gaps. It is not possible to provide complete protection of data against access by third parties.
1. GENERAL INFORMATION AND MANDATORY INFORMATION
NAME AND ADDRESS OF THE RESPONSIBLE PARTY:
SpanSet GmbH & Co. KG
Jülicher Straße 49-51
52531 Übach-Palenberg
E-Mail: info@spanset.de
How do we collect your data?
Some data are collected automatically or with consent by the IT systems when you visit the website. This is technical data (internet browser, time of page view, etc.), which is automatically collected when you visit the website.
Other data is collected when you provide it to us, for example by filling out the contact form.
What do we use your data for?
We collect and use your personal data mainly to ensure that the website is provided without errors. Some data may also be used to analyze your user behavior.
What rights do you have?
You have the right to request information about the origin, recipient and purpose of your stored personal data at any time. You also have the right to have this data corrected or deleted. If you have given your consent to data processing, you can revoke it at any time. You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract delivered to you or to a third party in a standard, machine-readable format. You also have the right to appeal to the relevant regulatory authority.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA, WHICH INCLUDES PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING IS PROVIDED IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING THAT ARE WORTHY OF PROTECTION AND THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 DSGVO). IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 SECT. 2 GDPR).
Right to lodge a complaint with a supervisory authority
In the event of violations of the GDPR, data subjects are entitled to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists regardless of any other administrative or judicial remedies.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Information, correction and deletion
Within the scope of the applicable legal provisions, you have the right to request information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct or delete this data. You can contact us at any time if you have further questions about personal data. Right to restriction of processing You have the right to request that the processing of your personal data be restricted. You can contact us at any time regarding this. The right to restriction of processing applies in the following cases:
If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have objected to processing pursuant to Article 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or
legal person or for reasons of an important public interest of the European Union or a Member State.
HOSTING
We host the contents of our website with the following provider: OVH GmbH St. Johanner Str. 41-43 66111 Saarbrücken
External hosting
This website is hosted externally. The personal data collected on this website are stored on the servers of the hoster(s). These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site. External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) point a GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. Our hoster(s) will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions with regard to this data.
We use the following hoster(s): OVH GmbH St. Johanner Str. 41-43 66111 Saarbrücken
We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law that ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.
STORAGE PERIOD
If no specific storage period has been specified, we will store your personal data with us until the purpose for processing no longer applies. Should you demand the justified deletion of your data, or revoke your consent, your data will be deleted, provided that there are no other legally permissible reasons for storing your personal data.
SSL ENCRYPTION
For security reasons and to protect the transmission of confidential content, this site uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of your browser changes from http:// to https://, as well as by the lock symbol in the browser line.
OBJECTION TO ADVERTISING E-MAILS
We hereby object to the use of the contact data published in accordance with the imprint obligation to send unsolicited advertising and information material. The site operators reserve the right to take legal action in the event of unsolicited advertising information being sent.
DATA PROTECTION OFFICER
If you have any questions regarding the processing of your personal data, or your rights in relation to data protection, please contact: ITU Innovative Technologie und Unternehmensberatung GmbH & Co. KG Mr. Michael Errens Zechenring 10
41836 Hückelhoven Telephone 0 24 33 – 80 50 20 E-mail: info@itu-beratung.de
2. DATA COLLECTION ON OUR WEBSITE
COOKIES
Our website uses so-called cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.
You can adjust the settings on your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies in certain cases or generally exclude them and activate the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be limited.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the
shopping cart function) or for optimizing the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f DSGVO, unless another legal basis is given. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services.
If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); the consent can be revoked at any time. You can adjust your browser settings so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for specific cases or generally exclude them, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. This data protection declaration explains which cookies and services are used on this website.
SERVER-LOG-FILES
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of server request
IP address
These data cannot be assigned to specific individuals. These data are not combined with data from other sources. We reserve the right to check these data retrospectively if we become aware of specific indications of unlawful use.
This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error free depiction and the optimization of the operator's website.
CONTACT FORM
Should you send us questions via the contact form, we will collect the data entered on the form, including the
contact data provided there for the purpose of processing the request and stored in case of follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
We use the CRM, registration and marketing automation system “HubSpot”, provided by HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with offices in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Am Postbahnhof 17, 10243 Berlin) on the basis of our legitimate interests (efficient and fast processing of user requests, applications and optimization of our online services).
Since HubSpot may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection provided by the GDPR. For the USA, the EU Commission has issued an adequacy decision in accordance with Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses are also agreed in accordance with Art. 46 (2) (c) GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on HubSpot's privacy policy can be found here: https://legal.hubspot.com/de/dpa and https://legal.hubspot.com/de/privacy-policy
The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists. This shall be without prejudice to any mandatory legal provisions – in particular retention periods.
INQUIRY BY E-MAIL, TELEPHONE OR TELEFAX
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not share this information without your consent.
This data is processed on the basis of Art. 6 Sect. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested; the consent is revocable at any time.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have finished processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
NEWSLETTER
Newsletter data
If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered into the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the members area) remains unaffected.
HUBSPOT
This website uses HubSpot to send newsletters. The provider of this service is HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
HubSpot is a service which organizes and analyzes the distribution of newsletters. The data you provide (e.g. your e-mail address) to subscribe to our newsletter will be stored on HubSpot's servers.
In doing so, so-called “web beacons” are used and “cookies” are set, which are stored on your computer and which enable us to analyze your use of the Internet address.
The information collected:
IP address
geographic location
type of browser
duration of the visit and pages viewed
are evaluated by HubSpot on behalf of SpanSet GmbH & Co. KG to generate reports about the visit and the pages visited. They can be used by us to get in touch with visitors to our website and to determine which of our company's services are of interest to them.
The newsletters we send out with HubSpot enable us to analyze the behavior of newsletter recipients. Among other things, we can see how many recipients have opened the newsletter message and how often which link in the newsletter has been clicked. With the help of so-called conversion tracking, we can also analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter.
The data processing is carried out on the basis of your consent (Art. 6 (1) (a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal.
If you do not want your use of the newsletter to be analyzed by HubSpot, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of HubSpot after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the members area) remains unaffected.
For more information, please refer to the HubSpot privacy policy at: https://legal.hubspot.com/de/dpa and https://legal.hubspot.com/de/privacy-policy
We have entered into a contract data processing agreement with HubSpot and fully implement the strict requirements of the German data protection authorities when using HubSpot.
EVENTS / SEMINARS
When registering for an event/seminar, we collect the following mandatory information:
First name and surname
company data
Position in the company
telephone
email address
The processing of the mandatory information is carried out in order to be able to identify you as a participant in the event/seminar, to check the data entered for plausibility, to reserve the place of participation and to establish or implement the contract for participation with you. In addition, we need your data in order to create name tags and lists of participants for the other participants if necessary and to provide you with information about the event/seminar before, during and after it. This is done to enable you to participate optimally and to enable us to plan and ensure that everything runs smoothly.
The data processing is carried out at your request and is necessary for the fulfillment of the participant contract and for the implementation of pre-contractual measures in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for the purposes mentioned.
We will only use your e-mail address to inform you about similar events in the future if you have expressly consented to such use or if we have informed you of this separately when collecting your e-mail address and have pointed out your right to object to such use at any time. Insofar as this use is not based on consent, the processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO. We have a legitimate interest in also informing our participants about further events/seminars that we offer. The personal data collected by us for the event/seminar will be stored in principle until the expiry of the regular limitation period of 3 years after the end of the year in which the event/seminar took place and then deleted. Storage beyond the specified period will only take place if:
we are obliged to store the data for a longer period of time in accordance with Article 6 (1) sentence 1 lit. c GDPR due to legal storage and documentation obligations (in particular § 147 AO). In this case, the data will only be stored to the extent required by the storage obligation.
you have consented to further storage in accordance with Art. 6 (1) 1 lit. a GDPR.
we use your e-mail address under the conditions of § 7 (3) of the German Act Against Unfair Competition (UWG) to inform you about future events by e-mail. In this case, we store your e-mail address and your first and last name until you object to processing for this purpose.
In addition, for technical reasons, certain personal data is transmitted to the provider HubSpot when you interact with the Hubspot form (your IP address and other technical data such as the http referrer, date and time of the request, file accessed, etc.). In connection with the processing of your registration, the above personal data is transferred to the USA; the recipient of the data is HubSpot (HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA). Further information on data protection at Hubspot can be found at: https://legal.hubspot.com/de/privacy-policy. Since HubSpot may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection provided by the GDPR.
For the USA, the EU Commission has issued an adequacy decision pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses are also agreed in accordance with Art. 46 (2) point c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
3. ANALYSIS TOOLS AND ADVERTISING
GOOGLE MAPS
This website uses the mapping service Google Maps to present geographical information in visual form. When Google Maps is used, Google collects, processes and uses data about the use of the Maps function. You can find detailed information about data processing by Google in Google's privacy policy: https://policies.google.com/privacy?hl=de
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6 Sect. 1 lit. f GDPR. If a corresponding agreement has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the agreement includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The agreement can be revoked at any time.
GOOGLE ANALYTICS
We use Google Analytics to analyze website usage. The data obtained is used to optimize our website and advertising efforts.
Google Analytics is a web analytics service operated and provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, United States). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the confidentiality of the processed data.
During your visit to our website, the following data, among other things, is recorded:
Pages viewed
The achievement of “website goals”
Your behavior on the pages (dwell time, clicks, scrolling behavior, etc.)
Your approximate location (country and city)
Your IP address (in abbreviated form, so that no clear assignment is possible)
Technical information such as browser, internet provider, end device and screen resolution
Source of your visit (i.e. via which website or via which advertising medium you came to us)
This data is transferred to Google servers in the United States. We would like to point out that the same level of data protection as in the EU cannot be guaranteed in the United States.
Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that allows you to be recognized on future visits to the site.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles.
If you do not agree to the collection, you can prevent it by installing the browser add-on to deactivate Google Analytics once or by rejecting it in our cookie information banner.
The legal basis for the processing of personal data described here is Art. 6 (1) point f GDPR. Our legitimate interest in this lies in the great benefit that the functions described above have for our offer. In particular, the statistical evaluation of user behavior enables us to optimize our offer and to react in a way that is appropriate to users' interests.
GOOGLE REMARKETING
This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g. clicking on certain products) in order to classify you into specific advertising target groups and then to send you suitable advertising messages when you visit other online offers (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Remarketing can be linked to the cross-device functions of Google. This way, interest-based, personalized advertising messages that have been customized based on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).
If you have a Google account, you can opt out of personalized advertising by clicking on the following link: https://www.google.com/settings/ads/onweb/.
This service is used on the basis of your consent in accordance with Art. 6 Sect. 1 lit. a GDPR and § 25 Sect. 1 TTDSG. This consent may be revoked at any time.
Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de
GOOGLE TAG MANAGER
We use the Google Tag Manager.
With the Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA), we can manage so-called website tags via an interface. The Tag Manager tool itself, which implements the tags, is a cookie-less domain and does not collect any personal data. The tool causes other tags to be activated which may, for their part, collect data. The Google Tag Manager system does not access this data. If disabled at the domain or cookie level, it remains disabled for all tracking tags implemented with Google Tag Manager. The privacy policy can be found at: https://policies.google.com/privacy. Further information: https://privacy.google.com/businesses/adsservices
The use of Google Tag Manager is based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on its website. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
4. PLUG-INS, TOOLS AND SOCIAL MEDIA
LINKEDIN
Our website uses a function of the LinkedIn network. The provider of this feature is LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA; hereinafter: LinkedIn).
If you click on the LinkedIn button (plug-in), you will be redirected to our LinkedIn page in a separate browser window. This will establish a direct connection between your browser and the LinkedIn server. LinkedIn will receive information that you have visited our site from your IP address.
If you click the “LinkedIn” button while logged into your own LinkedIn account, you can link the contents of our website to your user account. This enables LinkedIn to associate your visit to our website with your user account. Please note that we do not receive any information about the content of the transmitted data or its use by LinkedIn. For more information, please refer to the LinkedIn privacy policy (http://www.linkedin.com/legal/privacy-policy).
LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).
If you do not want LinkedIn to be able to assign your visit to our website, please log out of your LinkedIn user account.
The use of LinkedIn Insight is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in effective advertising measures, including social media. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
YOUTUBE
On the basis of consent in accordance with Art. 6 (1) (1) (f) GDPR, we use components (videos) from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”).
In doing so, we use the option provided by YouTube for “extended data protection mode”.
When you access a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by notifying your browser.
According to the information provided by YouTube, in “extended data protection mode” your data – in particular which of our websites you have visited and device-specific information including the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.
If you are logged into YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your account before visiting our website.
Google complies with the data protection provisions of the “US Privacy Shield” and is registered with the US Department of Commerce's “US Privacy Shield” program.
YouTube is used in the interest of making our online services more appealing. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. This consent can be withdrawn at any time.
FACEBOOK
Our website uses social plugins (“plugins”) from the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. You can find an overview of Facebook plugins here: http://developers.facebook.com/docs/plugins/. When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit to our site with your user account. Please note that, as the provider of this site, we have no knowledge of the content of the data transmitted or how Facebook uses these data. If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account. For more information, please see Facebook's privacy policy at https://de-de.facebook.com/policy.php
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified
company is committed to complying with these data protection standards. For more information, please contact the provider at the following link: Data Privacy Framework
This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Art. 25 (1) TTDSG. This consent may be revoked at any time.
INSTAGRAM
Functions of the Instagram service have been integrated into this website. These features are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. If the social media element is active, a direct connection will be established between your device and the Instagram server. This means that Instagram receives information about your visit to this website. If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Instagram. This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Art. 25 (1) TTDSG. Consent can be revoked at any time. Insofar as personal data is collected on our website using the tools described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the data has been forwarded is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum https://privacycenter.instagram.com/policy/ https://de-de.facebook.com/help/566994660333381
For more information, see the Instagram Privacy Policy: https://privacycenter.instagram.com/policy/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards. For more information, please contact the provider at the following link: Data Privacy Framework
This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Art. 25 (1) TTDSG. This consent may be revoked at any time.
GOOGLE FONTS
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache to display text and fonts correctly. To do this, the browser you use must connect to Google's servers. This enables Google to know that your website has been accessed via your IP address.
Google Fonts are used on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in a uniform presentation of the fonts on the operator's website. If a corresponding agreement has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) DSGVO and Section 25 (1) TTDSG, insofar as the agreement includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The agreement can be revoked at any time.
If your browser does not support Google Fonts, a default font will be used by your computer.
Further information about Google Fonts can be found at https://developers.google.com/fonts/faq https://policies.google.com/privacy?hl=de
GOOGLE APIS AND/OR HOSTED LIBRARIES
We use Google Hosted Libraries on our website. Google Hosted Libraries is a service provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We use Google Hosted Libraries to integrate various open source JavaScript libraries. The corresponding libraries are provided by Google and loaded onto our website by a corresponding command so that our website can use the library. Google loads the library via a so-called Content Delivery Network (CDN), i.e. via a network of data centers that distributes the content.
In particular, we use the following libraries provided by Google:
jQuery
jQuery UI
The libraries are integrated via an interface (“API”) to the Google services. By integrating the libraries, Google may collect and process information (including personal data). It cannot be ruled out that Google may also transfer the information to a server in a third country.
In particular, the following personal data is processed by Google Hosted Libraries:
Log data (in particular the IP address)
Location-based information
Unique application numbers
cookies and similar technologies
Information on Google's existing Privacy Shield certification and other relevant data on data processing by Google in the context of the use of Google services can be found in this privacy policy under the section “6) Information on Google services”.
Google's involvement in the data processing is limited to loading the library onto our site. After the library(ies) have been loaded by Google onto our site and possibly stored in the cache, no further processing by Google takes place in relation to the libraries beyond the aforementioned data. Such data, which you enter when using the libraries (e.g. when integrating the library into forms), is processed exclusively by us and is not forwarded to Google.
Detailed information can be found at https://www.google.com/intl/de/policies/privacy/index.html
in the section “Data we receive based on your use of our services”.
Details of the Google Hosted Libraries terms can be found at: https://developers.google.com/speed/libraries/terms
Technical information about Google Hosted Libraries can be found at: https://developers.google.com/speed/libraries/
Google may place cookies on your device for the use of Google Hosted Libraries. Google states that it uses these cookies only for security and fraud prevention purposes.
By integrating Google Hosted Libraries, we pursue the purpose of integrating the libraries needed for the optimal functioning of the site.
The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. f) GDPR. Our necessary legitimate interest lies in the great benefit of integrating the Google Hosted Libraries. By integrating the libraries via Google, we reduce our maintenance effort as well as the loading effort of the website and the server and traffic load. Google also has a legitimate interest in the collected (personal) data in order to improve its own services.
GOOGLE ADS CONVERSION TRACKING This website uses the online advertising program “Google Ads” and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use the Google Ads service to draw attention to our attractive offers with the help of advertising material (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In doing so, we pursue the aim of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred. The conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your end device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Every Google Ads customer receives a different cookie. This means that cookies cannot be tracked across the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are told the total number of users who
have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. When using Google Ads, personal data may also be transmitted to the servers of Google LLC. in the USA. Details on the processing triggered by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites.
All the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the “Cookie Consent Tool” provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may only be available to a limited extent if you have disabled the use of cookies. Google's privacy policy can be viewed here: https://www.google.de/policies/privacy/
HUBSPOT
We use HubSpot for marketing activities on our website. HubSpot is a software company from the USA with a branch office, HubSpot Ireland Limited, at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
We use this integrated software solution for our own marketing. This includes, among other things, e-mail marketing, which regulates the sending of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms.
HubSpot uses so-called web beacons and cookies, small text files that are stored on your computer and that enable us to analyze your use of the Internet address.
The information collected:
IP address
geographic location
type of browser
duration of the visit and pages viewed
is evaluated by HubSpot on behalf of SpanSet GmbH & Co. KG to generate reports about the visit and the pages visited. We can use this information to get in touch with visitors to our website and to determine which of our company's services are of interest to them.
Information collected by HubSpot and the contents of our website are stored on the servers of HubSpot's service providers.
Legal basis: Insofar as you have given your consent in accordance with Art. 6 (1) 1 lit. a GDPR, the processing on this website is carried out for the purpose of website analysis. We use all the information collected solely to optimize our marketing efforts.
Since HubSpot may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection provided by the GDPR. For the USA, the EU Commission has issued an adequacy decision pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses are also agreed in accordance with Art. 46 (2) point c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings. You can object to the processing of your personal data at any time with effect for the future.
5. ONLINE SHOP
ORDER PROCESS
All data entered by customers as part of an order process is stored. This includes:
First name, last name
Address
Payment data
email address
telephone number
password
VAT registration number
The data that is absolutely necessary for delivery or order processing is passed on to third-party service providers. The processed data is only stored for as long as is necessary for the intended purpose or as required by law.
The legal basis for this is Art. 6 (1) (b) GDPR.
PAYMENT DATA
As part of the ordering process, payment data is collected. For orders on our site, you have the option to choose between different payment methods.
CREDIT CARD
We offer the option of processing the payment transaction through the payment service provider Stripe, ℅ Legal Process, 510 Townsend St., San Francisco, CA 94103 (Stripe).
This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we pass on the following data to Stripe, insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit b. DSGVO).
Name of the cardholder
E-mail address
Customer number
Order number
Bank details
Credit card details
Expiration date of the credit card
Credit card security code (CVC)
Date and time of the transaction
Transaction amount
Name of the provider
Place
The processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot make a payment via Stripe. You have the option to choose a different payment method.
Stripe has a dual role as controller and processor for data processing activities. As a controller, Stripe uses the data you provide to fulfill regulatory obligations.
This corresponds to Stripe's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR).
We have no influence on this process.
Stripe acts as a processor to complete transactions within the payment networks. As part of the processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses (SCCs).
Further information on objection and removal options vis-à-vis Stripe can be found at: https://stripe.com/privacy-center/legal
Your data will be stored by us until the payment process is complete. This also includes the period of time required for processing refunds, claims management and fraud prevention.
The legal basis for this is Art. 6 para. 1 lit b) GDPR.
Kalender.digital: Our website uses the online calendar application Kalender.digital to inform you about our upcoming events.
When using Kalender.digital, information about the use of our website, including your anonymized IP address and the data you entered at Kalender.digital, is stored on the Kalender.digital server.
However, you can prevent such data transfer if you disable “Javascript” in your browser. In this case, however, no appointments can be displayed.
For more information about how Kalender.digital uses your data, please visit: https://kalender.digital/privacy
The legal basis is Article 6 paragraph 1 sentence 1 f) of the General Data Protection Regulation, because the processing of the data serves to protect our legitimate interest in improving the user experience and in advertising and presenting our services.
For requests of this kind, please contact disagree@spanset.de. Please note that for such requests, we must ensure that the request is actually from the data subject.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority.
Automated decision-making does not take place on our website.