Privacy
Privacy information
This privacy policy informs you about our handling of your data. In order to make the processing of your data comprehensible to you, we would like to provide you with an overview of this processing with the following information. To ensure fair processing, this privacy statement contains general information about our handling of your data as well as information about your rights under the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
I. General information
II. Data processing on our website
III. Data processing on our social media pages
IV. Further data processing
Responsible for data processing is cimt ag (hereinafter referred to as “we” or “us”).
I. General information
1. Contact
If you have any questions or suggestions regarding this information, or if you would like to contact us about asserting your rights, please send your request to
cimt ag
Danske Hus
Meßberg 4
20095 Hamburg
Tel.: +49 40 53302-0
Fax: +49 40 53302-22
E-Mail: info@cimt-ag.de
2. Legal basis
The term “personal data” under data protection law refers to all information that relates to an identified or identifiable individual.
We process personal data in compliance with the relevant data protection regulations, particularly the DSGVO and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data
- only with your consent (Art. 6 Abs. 1 Buchst. a) DSGVO),
- in order to perform a contract to which you are a party or, at your request, in order to carry out pre-contractual measures (Art. 6 Abs. 1 letter. b) DSGVO),
- to fulfill a legal obligation (Art. 6 Abs.1 letter. c) DSGVO)
- or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data override (Art. 6 Abs. 1 letter. f) DSGVO).
3. Duration of storage
Unless otherwise stated in the following notes, we store data only as long as it is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations.
4. Categories of recipients of the data
We use order processors in the context of processing your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, marketing measures or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the data controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection.
In addition, we may transfer your personal data to bodies such as postal and delivery services, the company’s bank, tax advisors/auditors or the tax authorities.
If your data is transferred to other recipients, we will inform you under the respective processing procedure.
5. Data transfer to third countries
Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is warranted in such third country. In the absence of such an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if appropriate safeguards are in place pursuant to Article 46 of the GDPR or if one of the conditions of Article 49 of the GDPR is met.
Unless there is an adequacy decision and nothing else is stated below, we use the EU standard data protection clauses as suitable safeguards for the transfer of personal data in third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact.
6. Processing when exercising your rights pursuant to Art. 15 to 22 DSGVO.
If you exercise your rights pursuant to Art. 15 to 22 DSGVO, we process the transmitted personal data for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.
These processing operations are based on the legal basis of Art. 6 para. 1 lit. c) DSGVO in conjunction with. Art. 15 to 22 DSGVO and Section 34 (2) BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 DSGVO and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data relating to you or not.
- You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
- You have the right, in accordance with Art. 17 DSGVO and § 35 BDSG, to demand that we delete your personal data.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
- You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
- If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Article 7 (3) DSGVO. Such a revocation will not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
- If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right of objection
In accordance with Art. 21(1) DSGVO, you have the right to object to processing based on the legal basis of Art. 6(1)(e) or (f) DSGVO on grounds relating to your particular situation.
If personal data about you is processed by us for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 (2) and (3) DSGVO.
9. Data protection officer
You can reach our data protection officer at the following contact details:
II. Data processing on our website
When you use the website, we collect information provided by you. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. Processing of server log files
During the purely informative use of our website, general information that your browser transmits to our server is stored automatically at first (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f) DSGVO. This processing is for technical administration, website security and internal analysis purposes. The stored data is deleted after seven days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject on the basis of the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11(2) of the GDPR, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.
2. Newsletter
a. Subscription and unsubscription
We offer the possibility to subscribe to our newsletter. After registration, we will inform you regularly about the latest news on our offers. A valid e-mail address is required to register for the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and name based on the consent you have given. The processing is based on the legal basis of Art. 6 (1) a) DSGVO. You can revoke the consent given at any time with effect for the future, for example via the “unsubscribe” link in the newsletter or by contacting us via the channels mentioned above. The legality of the data processing operations already carried out remains unaffected by the revocation. When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 lit. c) in conjunction with. Art. 7 para. 1 DSGVO).
b. Newsletter analysis
We also analyze the reading behavior and opening rates of our newsletter. For this purpose, pseudonymized usage data is collected and processed by us, which we do not merge with your email address or your IP address. The legal basis for the analysis of our newsletter is Art. 6 (1) f) DSGVO and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the contact channels mentioned above.
On the other hand, we also evaluate the data generated when you retrieve and use these e-mails (time of opening, hyperlinks clicked on, documents downloaded) as well as movement data on downstream websites on a personal basis in connection with your e-mail address in order to send you individualised information in the future on this basis as well, which take your interests and needs into account in the best possible way. We use the anonymous and personal data collected to provide you with personalised content and individualised information in our promotional e-mails and downstream websites. The legal basis for data processing in the context of e-mails is Art. 6 (1) a) DSGVO. You can revoke your consent at any time with effect for the future, for example via the “unsubscribe” link in the newsletter or by contacting us via the above-mentioned channels.
c. Service provider
We use the Pardot service of salesforce.com, inc. (USA) for the administration of subscribers, the dispatch of the newsletter and the analysis. Your email address is therefore transmitted by us to Salesforce. The processing is carried out on our behalf and is based on the legal basis of Art. 6 letter f DSGVO and serves our legitimate interest in optimising and economically sending our newsletter. If you do not want your data to be processed by Salesforce, you should not subscribe to or unsubscribe from the newsletter.
We use Salesforce’s Processor Binding Corporate Rules for the Processing of Personal Data as appropriate safeguards for transfers to third countries: https://c1.sfdcstatic.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf.
For more information on Salesforce’s privacy policy, users should refer to Salesforce’s privacy notice: https://www.salesforce.com/company/privacy/
3. Whitepaper
a. Whitepaper Download
We offer a whitepaper on our website that you will receive from us if you allow us to contact you for marketing purposes from now on. To receive the whitepaper, you must provide a valid email address. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). We process your e-mail address for promotional purposes on the basis of the consent you have given. The processing is based on the legal basis of Art. 6 (1) a) DSGVO. You can revoke your consent at any time with effect for the future, for example via the link provided for this purpose at the end of every message from us or by contacting us in any other way. The legality of the data processing operations already carried out remains unaffected by the revocation.
b. Service provider
We use the Pardot service of salesforce.com, inc. (USA) to send the white paper. Your e-mail address as a mandatory field and optionally name, position, company, telephone number are therefore transmitted by us to Pardot of salesforce.com, inc. (USA).
The processing is carried out on our behalf and is based on the legal basis of Art. 6 lit. f) DSGVO and serves our legitimate interest in customer acquisition as well as customer retention. If you do not want your data to be processed by Pardot of salesforce.com, inc. (USA), you should not request a whitepaper or unsubscribe.
We use Salesforce’s Processor Binding Corporate Rules for the Processing of Personal Data as appropriate safeguards for transfers to third countries: https://c1.sfdcstatic.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf.
For more information on Salesforce’s privacy policy, users should refer to Salesforce’s privacy notice: https://www.salesforce.com/company/privacy/
4. Webinars
We organise online webinars for our customers and interested parties. Registration requires the processing of personal data (name, e-mail address and, if applicable, employer), which you provide to us via the input mask. The processing of the data provided is for the purpose of providing the service and is based on the legal basis of Art. 6 para. 1 letter b DSGVO.
To conduct the webinar, we use Teams, a service provided by Microsoft Ireland Operations Limited. (Ireland, EU). Before entering the webinar room, you will be asked to enter your name. Please note that this name may be noted by the other webinar participants. If you do not wish to do this, you may enter your initials only instead.
By registering for the webinar, you agree to be contacted by our sales team afterwards. We offer you participation in our webinar in return for your contact details and your consent to receive further information about our services. This processing is carried out on the legal basis of Art. 6 para. 1 letter a DSGVO. You have the option to revoke your consent at any time by clicking on the unsubscribe link in the email or by contacting us at the above-mentioned contact address.
To manage your data, we use salesforce, a service of salesforce.com, inc. (USA). We use Salesforce’s Processor Binding Corporate Rules for the Processing of Personal Data as appropriate safeguards for transfers to third countries: https://c1.sfdcstatic.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
5. Cookies
We use cookies and similar technologies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server. We use so-called “session cookies”, which are deleted when the browser session is closed. Other cookies (“persistent cookies”) are automatically deleted after a specified period of time, which may vary depending on the cookie.
The use of cookies is partly technically necessary for the operation of our website. We also use cookies and comparable technologies to measure analytics about the reach of our website and to analyze the use of our website. We additionally use cookies and comparable technologies to track user behavior across websites and devices.
Cookies are stored on the user’s computer. Therefore, you as a user also have full control over the use of cookies. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or for specific cases. Further information on this is provided by the Federal Office for Information Security at https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Updates-Browser-Open-Source-Software/Der-Browser/JavaScript-Cookies-Fingerprints/javascript-cookies-fingerprints_node.html.
Information on how cookies and comparable technologies are used by us can be found below in each case under the description of the specific processing activity. Further information on the cookies used on our website can also be found on our consent banner.
You can also change your cookie settings here:
6. Consent management via borlabs
This website uses Borlabs. The Borlabs consent banner allows users of our website to give consent to certain data processing operations or to withdraw consent they have given. In addition, Borlabs helps us to be able to provide proof of the declaration of consent. For this purpose, Borlabs processes information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.
The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 lit. c) in conjunction with. Art. 7 para. 1 DSGVO).
7. Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Ireland, EU) on our website.
Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of users on our website. Google Analytics allows us to measure interaction data from different devices and from different sessions. This allows us to put individual user actions into context and analyse long-term relationships.
Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. It also processes personal data in the form of IP addresses, device identifiers and information about interaction with our website. Some of this data is information that is stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used.
Google will process the data collected in this way on our behalf for the purpose of evaluating the use of our website by users, compiling reports on website activity and providing other services relating to website activity and internet usage.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the service is Art. 6 para. 1 letter a DSGVO. You can revoke this consent via our Consent Management Tool at any time with effect for the future.
We only use Google Analytics with IP anonymisation activated. This means that the IP address transmitted by the user’s browser is shortened by Google. The transmitted IP address is not merged with other data. The IP address is shortened on servers in the EU.
The data on user actions are stored for a period of 2 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.
Further information on how data from websites or apps in the Google network is used for advertising purposes can be found in Google’s notices at: www.google.com/policies/technologies/ads/.
8. Cloudflare
We use the Cloudflare service of Cloudflare Inc (USA) on our website to display content. For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser.
The processing of your data is based on Art. 6 para. 1 lit. f DSGVO and is based on our legitimate interest in the optimisation and economic operation of our website.
When using the service, a transmission of your data to the USA cannot be excluded. Please note the information in the section “Data transfer to third countries”. For further information on data protection at Cloudflare, please refer to Cloudflare’s data protection information at https://www.cloudflare.com/privacypolicy/.
9. Integrated services and contents of third parties
On our website we use services and content (hereinafter collectively referred to as “content”) provided by third-party providers. When integrating them, we use a two-click solution. When using the two-click solution, no connection is established to the third-party provider, but a placeholder is loaded from our own server. This can be a preview image of the embedded maps or videos. A contact to the “third-party server” is only established after another click on the respective placeholder. The transmission of the IP address thus only takes place when you confirm this with your click.
The data processing is carried out with your consent and is based on Art. 6 (1) a) DSGVO.
We have integrated content from the following services provided by third-party providers into our website:
- „YouTube“ provided by YouTube LLC (USA) for the display of videos.
When using Google services, a transmission of processed data to the US-based Google LLC (USA) by us cannot be excluded.
Please note the information in the section “Data transfer to third countries”.
10. Pardot Marketing Automation System
We use the Pardot Marketing Automation System (“Pardot MAS”) of salesforce.com, Inc. (USA) on our website. Pardot MAS is a special software for recording and evaluating the use of a website by website visitors. When you visit our website, Pardot MAS records your click path and uses it to create an individual usage profile using a pseudonym. As far as Pardot MAS processes personal data, the processing is carried out exclusively on our behalf and according to our instructions.
The processing of your data is based on your consent according to Art. 6 para. 1 lit. a) DSGVO.
Cookies are set on your terminal device to integrate the service. The setting of cookies as well as access to information stored in the terminal device you are using is done with your consent pursuant to Section 25 (1) TDDDG. which you can revoke at any time with future effect via our Consent Management Tool. When using the service, a transfer of your data to the USA cannot be excluded. We use Salesforce’s Processor Binding Corporate Rules for the Processing of Personal Data as appropriate safeguards for transfers to third countries: https://c1.sfdcstatic.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf. For more information about Salesforce’s privacy practices, please see Salesforce’s privacy notice at https://www.salesforce.com/company/privacy/.
III. Visit of our social media pages
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:
- Facebook of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter “Meta”;
- Instagram of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter “Meta”;
- LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter “LinkedIn”;
- XING of NEW WORK SE, (Germany, EU), hereinafter “XING”;
- Twitter of Twitter International Company (Ireland, EU), hereinafter “Twitter”.
When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information about it is often automatically collected, which may also constitute personal data.
1. Visit of a social media page
When you visit our social media site, through which we present our company or individual products from our range, certain information about you is processed. The operators of the social media platforms are the controller for this processing of personal data. You can find further information about the processing of personal data in their data protection declarations, which we link to below:
- Meta (https://www.facebook.com/privacy/explanation). Meta offers the option to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads;
- LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy);
- XING (https://privacy.xing.com/de/datenschutzerklaerung/druckversion);
- Twitter (https://twitter.com/de/privacy).
Some operators of social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymized form, which help us gain insights into the types of actions that people take on our page (so-called “page insights”). These page insights are created based on certain information about individuals who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Art. 6 (1) f DSGVO.
We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have entered into joint controller agreements with the operators of the social media platforms, which specify the distribution of data protection obligations between us and the operators. Details about the processing of personal data to create page insights and the agreement concluded between us and the operators can be found at the following links:
- Meta (https://www.facebook.com/legal/terms/information_about_page_insights_data);
- LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum;
- XING (https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit).
You also have the possibility to assert your rights against the operators. You can find more information about this under the following links:
- Meta (https://www.facebook.com/privacy/explanation);
- LinkedIn (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de);
- XING (https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen).
We have agreed with Meta and LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
2. Communication via social media sites
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole responsible party. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 (1) f GDPR. Further data processing may take place if you have consented (Art. 6 (1) a GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6 (1) c GDPR).
IV. Further data processing
1. Contact by e-mail
If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your inquiry.
We process this data based on our legitimate interest to get in touch with inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f) DSGVO.
2. Contractual relationship
For the establishment or implementation of the contractual relationship with our customers, suppliers and business partners, the processing of personal data provided to us, such as the name and contact details of the respective contact person, is regularly required. The legal basis for this processing is Art. 6 (1) (f) DSGVO and we base this processing on our legitimate interest. Further data processing may take place if you have consented (Art. 6 para. 1 letter a) DSGVO) or if this serves the fulfillment of a legal obligation (Art. 6 para. 1 letter c) DSGVO).
3. Applications
If you apply to our company, we process your application data exclusively for purposes related to your interest in a current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have provided for up to six months after any rejection for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. The legal basis for data processing is Section 26 (1) sentence 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Article 7 (3) DSGVO. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.