Privacy policy

Preface

We’re delighted that you’re interested in our company and the information we provide here. Data protection is very important to us – not least because we see ourselves as helping our customers on their journey to a digital future. So we’d like to inform you about how we process personal data withregard to the use of our website.

You’ll find the following information:

• 1. Data controller
• 2. Personal data processed
• 3. Purposes of personal data processing
• 4. Optional information
• 5. Recipients/sharing of data
• 6. Data processing outside the European Union
• 7. Deleting data
• 8. Data protection officer
• 9. Your rights as a data subject
• 10. Consents
• 11. Your right to lodge a complaint with a supervisory authority
• 12. Changes and updates to this privacy policy

The data controller responsible for this website is

synaigy GmbH
Im Mediapark 5
50670 Cologne
Germany

You can find more information about our company on our Legal Information page.

Here you will find information about the different areas of our website that are relevant to data protection:

• 2.1. General information about the operation of our web pages
• 2.2. Newsletter
• 2.3. Contact form
• 2.4. Forms to request information, demos, etc.
• 2.5. Cookies and web analytics
• 2.6. Map view and route planner
• 2.7. Automated decision-making and profiling

The processing of personal data is always subject to data protection law. Personal data is all the information relating to an identified or identifiable natural person (a real person rather than a company, for example). Identifiable means that the data can be assigned to a specific person, regardless of whether their name or similar identifier is known. Just an identification number, an online ID (such as a username) or pieces of data that, when put together, allow you to identify a person uniquely (such as location data or IP address and time, i.e. the person who sat on the kitchen chair at 3.03 p.m. yesterday, or the user with a particular IP address who visited our website at 8.17 a.m. today) are enough to be considered personal data processing.

Personal data is processed when you visit any website. Your device’s IP address will always need to be processed, so that web pages can be sent to your internet browser for you to view, and additional information about the browser you are using is collected to ensure that the pages are displayed properly. We are also obliged under data protection law to ensure the confidentiality and integrity of personal data that is processed by our IT systems.

For this purpose we keep a log of:

• IP address of the computer accessing our site (for a maximum of seven days)
• The computer’s operating system
• Browser version
• Name of the file or page accessed
• Date and time the file or page was accessed
• Amount of data transferred
• Referring URL

The IP address is deleted from all systems connected with the operation of this website after seven days at the latest. After that time we can no longer link the remaining data to a person. The data is also used to correct errors on the website, ensure that it is secure and automatically optimize our pages for your browser and operating system.

In addition, we use SSL/TLS and Cloudflare’s IT security service to protect both you and our website. We have concluded a data processing agreement with Cloudflare for that purpose.

You can find out more about our IT security service provider here:

Cloudflare:

• Service provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, California 94107, USA
• Website: https://www.cloudflare.com
• Privacy policy: https://www.cloudflare.com/privacypolicy/
• The legal basis for appointing a service provider for IT security is Article 6(1)(f) GDPR, based on our legitimate interest in protecting and safeguarding our website.

Our website is hosted by Amazon Webservices (AWS) in Frankfurt. We have concluded a data processing agreement and EU standard contractual clauses with AWS.

We also use Cloudflare as an IT security service provider and have concluded a data processing agreement, plus EU standard contractual clauses, with the company.

The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest within the meaning of Article 6(1)(f) GDPR is to operate the website, optimize how our services are presented and meet the aims of safeguarding the confidentiality, integrity and availability of the data.

We use the monitoring service from Elastic. This enables us to transfer data, in particular IP addresses and user activities, to an AWS server and store it there. You can prevent your personal data from being collected, transferred (in particular your IP address) and processed by deactivating JavaScript on your browser or installing a tool such as ‘NoScript’. Our interest in using Elastic is to continually optimize the website’s content and technology, which constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. You can find more information about Elastic at https://www.elastic.co and in the Elastic privacy policy.

Elastic:

• Service provider: Elastic Inc.
• Website: https://www.elastic.co
• Privacy policy: https://www.elastic.co/legal/privacy-statement
• The legal basis for appointing a service provider for IT security is Article 6(1)(f) GDPR, based on our legitimate interest in continually optimizing the content and technology of our website.

In addition, we use Cloudflare as an IT security provider and Elastic as a monitoring service. We have also concluded a data processing agreement, plus EU standard contractual clauses, with Cloudflare and Elastic.

You can also subscribe to our newsletter on our website. We’ll need your email for that. We use double opt-in to make sure it’s not someone else using your email address to subscribe. When you register, we’ll send an email containing a unique link to the email address you registered with. The email address will not be activated for receiving newsletters until you click on the link. If no-one clicks on the link, the email address will be deleted from our system after 14 days.

In addition to your email address, we save the time you registered and confirmed your email address, as well as your IP address, as proof of consent. This data is saved for up to three years after registration for that sole purpose, based on our interest in defending ourselves against unfounded claims. We reserve the right to save email addresses in a blacklist so we can respect requests not to receive advertising in the long term.

We use HubSpot as a service provider for our newsletter and contact form. The transferred data is processed by HubSpot in the US. To ensure the security of your data we have concluded a data processing agreement with HubSpot, which also includes EU standard contractual clauses.

The legal basis for registering newsletter subscriptions and sending newsletters is Article 6(1)(a) GDPR, in other words your consent, which is documented by your registration and confirmation using the double opt-in link. You can unsubscribe from our newsletter at any time, using the link at the end of every newsletter we send.

The newsletters contain tracking pixels, which we use to measure the open rate. Opening the newsletter calls up a file on our service provider’s server. This triggers the transfer of the IP address, time that the email was opened and technical information about the system used.

If you have not given explicit consent as per Article 6(1)(a) GDPR, the legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest is to optimize the content and technical aspects of our newsletter based on technical data, target groups and the reading habits of subscribers, and to send it at times that suit recipients, with the aim of using a secure and user-friendly newsletter system that meets your expectations and our business interests.

This data could technically be used to identify individual subscribers, but monitoring specific recipients is neither our aim, nor that of our service provider.

Consent for us to use data to gauge performance cannot be revoked separately. If you want to revoke permission for these analytics, you will unfortunately need to cancel your newsletter subscription entirely.

We use HubSpot as a service provider. The transferred data is processed by HubSpot in the US. To ensure the security of your data we have concluded a data processing agreement with HubSpot, which also includes EU standard contractual clauses.

All information about our service provider for contact forms and newsletters can be found here:

HubSpot:

• Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA
• Website: https://www.hubspot.com
• Privacy policy: https://legal.hubspot.com/privacy-policy

The legal basis for appointing a service provider to create and send messages is Article 6(1)(f) GDPR, based on our legitimate interest in providing an efficient and secure newsletter registration process and dispatch service.

Our website includes a contact form that you can use to get in touch with us. We need the following information from you so we can process your message:

• Name
• Email address

We need this information so we can process your request, address you correctly and send you a response.

Requests that we receive via the contact form on our website are usually saved in our CRM system. The CRM system is checked regularly to see if data can be deleted. If data related to a customer or prospect relationship is no longer required, or if an opposing interest on the customer side takes precedence, we will delete the data in question, provided that there are no statutory retention requirements for this data.

We use HubSpot as a service provider for our contact form. The transferred data is processed by HubSpot in the US. To ensure the security of your data we have concluded a data processing agreement with HubSpot, which also includes EU standard contractual clauses.

The legal basis for data processing in the context of the contact form is Article 6(1)(f) GDPR. Our legitimate interest within the meaning of Article 6(1)(f) GDPR is to be able to answer your request, i.e. generally communicate with customers and prospects.

If you are requesting a quote, establishing a business relationship or asking questions in that context, the legal basis for this data processing is Article 6(1)(b) GDPR, and we will process your data to fulfil a contract with you or to take pre-contractual measures that arise as a result of your request.

In addition, you can leave us your telephone number so we can contact you more quickly. If you leave your number, it will be stored in our CRM system along with your request. Sharing your telephone number is optional.

The legal basis for your consent, which you can withdraw at any time (see below), is Article 6(1)(a) GDPR. If you withdraw your consent, we will remove your telephone number from our CRM system.

We use HubSpot as a service provider. The transferred data is processed by HubSpot in the US. To ensure the security of your data we have concluded a data processing agreement with HubSpot, which also includes EU standard contractual clauses.

All information about our service provider for contact forms and newsletters can be found here:

HubSpot:

• Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA
• Website: https://www.hubspot.com
• Privacy policy: https://legal.hubspot.com/privacy-policy

From time to time we publish event-based forms on our website, which you can use to request information and demos relating to our services. These forms require you to enter the following information:

• Last name
• First name
• Telephone
• Email address

We need this information so we can process your request, address you correctly and send you a response, clarify the details of your request or make an appointment.

Requests that we receive via request forms on our website are usually saved in our CRM system. The CRM system is checked regularly to see if data can be deleted. If data related to a customer or prospect relationship is no longer required, or if an opposing interest on the customer side takes precedence, we will delete the data in question, provided that there are no statutory retention requirements for this data.

Here, too, the legal basis for data processing is Article 6(1)(f) GDPR, or Article 6(1)(b) GDPR if the processing relates to precontractual or contractual measures taken at your request. Our legitimate interest within the meaning of Article 6(1)(f) GDPR is to answer your request, i.e. generally communicate with customers and prospects.

We also use HubSpot as a service provider. The transferred data is processed by HubSpot in the US. To ensure the security of your data we have concluded a data processing agreement with HubSpot, which also includes EU standard contractual clauses.

All information about our service provider for contact forms and newsletters can be found here:

HubSpot:

• Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA
• Website: https://www.hubspot.com
• Privacy policy: https://legal.hubspot.com/privacy-policy

Cookies are small files that are saved on the system you use to visit a website. Cookies can store a wide range of information, for instance your login status, the contents of your shopping basket or how much of a video you have already watched. In the context of tracking, they are used to create user profiles, so users can be shown specific services that are of interest to them, for instance.

We use technical and performance cookies on our website. Neither performance cookies nor analytics services will be activated unless you have given your consent. At most, technically required cookies will be active (although we do our best to avoid those, too).

The technical cookies we set have two purposes: to store information about whether and how you have consented to cookies set by us, and to support IT security measures we take to protect ourselves and you.

We use performance cookies to analyse the use of our website, identify errors, support IT security, help us optimize our content based on how it’s used by website visitors, and segment our visitors by demographic criteria.

User profiles are created and stored in a file (the cookie), or a similar procedure is used to store the relevant information about your website visit. This can include information about content viewed, pages visited, online networks used and communication partners, as well as technical data, such as browser or system used and time spent on the site.

Visitors’ IP addresses are also stored, but we use IP masking procedures to protect visitors (pseudonymization by truncating the IP address). We do not store any identifiable visitor data (e.g. email address or name) in the context of performance analytics, but use pseudonyms instead if necessary. This means that neither we nor the appointed analytics provider knows a user’s identity, only the information stored in their profiles or cookies.

This information may later be used on other websites that use the same web analytics provider and analysed for displaying content, supplemented with other data and stored in the web analytics provider’s systems. In terms of data protection law, the web analytics provider will be the data controller for this continued use.

In general, we only receive access to summarized information about how well our web pages are performing. However, conversion analytics can help us identify which of our offerings has led to a conversion, in other words to a contract with us. Conversion analytics is only used to analyse the success of our marketing measures and campaigns.

The legal basis for setting cookies and analytics functions, for which we ask your consent, is Article 6(1)(a) GDPR. Other than that, visitor data is processed on the basis of Article 6(1)(f) GDPR, where our legitimate interest is to provide efficient, cost-effective and recipient-friendly services. Web analytics also allows us to identify and fix errors on the website, e.g. defective links.

Please refer to the privacy policy of the analytics provider in question and the opt-out options for them. If the provider does not mention a specific way to opt out, you can deactivate cookies in your browser settings. However, this may restrict the functionality of our website and others.

Therefore, we also recommend the following opt-out options, which cover different regions:

• a) Europe: https://www.youronlinechoices.eu
• b) Canada: https://www.youradchoices.ca/choices
• c) US: https://www.aboutads.info/choices
• d) Trans-regional: http://optout.aboutads.info

We use Google Tag Manager to manage the analytics functions. The Tag Manager itself doesn’t process anything except for the IP address when the website is accessed. Instead, it controls how the configured analytics services are presented and accessed.

We use Google Analytics for web analytics. We are responsible for collecting the data and transferring it to Google. Google is responsible for further processing as defined by data protection law. We also use the Google Analytics option to segment by demographics.

The data generated about your use of this website is usually transferred to a Google server in the US and stored there. As we have activated IP anonymization on this website and concluded a data processing agreement with Google, your IP address is first truncated by Google while still within

member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and truncated there.

You can find additional information about the web analytics services we use and about their own processing with these details:

Google Tag Manager:

• Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Website: https://marketingplatform.google.com
• Privacy policy: https://policies.google.com/privacy

Google Analytics:

• Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Website: https://marketingplatform.google.com/intl/en/about/analytics/
• Privacy policy: https://policies.google.com/privacy
• Browser add-on to opt out: https://tools.google.com/dlpage/gaoptout?hl=en
• Settings for displaying ads: https://adssettings.google.com/authenticated

Our website includes an interactive map you can use to find our location and plan your route to us. The map is embedded in such a way that the map provider’s content will not load until you click on the map preview. By clicking, you consent to using to the map functionality and to related further data processing by the provider.

Using the map always requires the provider to process your IP address because without it no content can be sent to your browser, so your IP address is needed to display and use the map. We do our best to only use content from providers who use the IP address solely to deliver their content.

Providers may also use their own pixel tags (invisible graphics, known as web beacons) for statistical or marketing purposes. They can be used to analyse information such as visitor traffic and use of the provider’s content. Pseudonymized information may also be stored in a provider’s own cookies on the user’s device. These can contain technical information about the browser and operating system, referring websites and visit times, plus other information relating to use, which can be connected with such information from other sources.

In accordance with an ECJ ruling, we, as the operator of the website, are responsible for collecting and transferring the IP address, and location data if used, to the provider. The provider is responsible for further processing and any collection of additional information related to using the functions.

The legal basis for processing by us is Article 6(1)(a) GDPR. You give your consent when you activate the functionality by clicking on the placeholder image.

You can get further information from the provider with these details:

Google Maps:

• Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Website: https://maps.google.com
• Privacy policy: https://policies.google.com/privacy
• Browser add-on to opt out: https://tools.google.com/dlpage/gaoptout?hl=en
• Settings for displaying ads: https://adssettings.google.com/authenticated

We do not use automated decision-making on our website. Profiling on our website is restricted to the purposes and procedures described under ‘Newsletter’ and ‘Cookies and web analytics’.

We process the aforementioned data to operate and optimize our website, run our marketing campaigns and fulfil contractual obligations with regard to our customers. If you send us a request that is not part of an active customer relationship, we will process your data for sales and marketing purposes or to initiate a contract. You can object to us using your personal data for marketing purposes at any time.

We process data that you give us voluntarily, e.g. in forms, and which is not required to fulfil our contractual obligations, based on the assumption that processing and using this data is in your interest.

We do not share the data you give us with third parties. In particular, we will not share your data with third parties for their marketing purposes.

However, we may use service providers to operate our website or for additional products, and it is possible that one of them will receive your personal data. We choose our service providers carefully – especially with regard to data protection and data security – and take all measures required by data protection law to ensure we process data legally.

We may also share data collected in the context of your request with other members of the TIMETOACT GROUP, which we, as a company, also belong to, on the basis of Article 6(1)(f) GDPR. Our legitimate interest here is to draw on the resources and expertise of the TIMETOACT GROUP to fulfil your requests as effectively and as efficiently as possible.

Personal data you have shared with us is processed outside the European Union (in a third country) due to our use of Cloudflare, Google and HubSpot. We ensure that your data is protected by concluding the necessary data processing agreements and EU standard contractual clauses.

We delete data we have processed in line with statutory requirements as soon as

• a) you, as data subject, withdraw the consent that was necessary for processing, or
• b) an additional legal basis no longer applies, e.g. because the purpose for processing is no longer applicable, or the data is no longer required for the purpose.

Data that is still required for other legally admissible purposes will not be deleted, but its processing will be restricted to those purposes. This means that the data will be locked and not used for other purposes.

This applies, for instance, to data that has to be retained for commercial or tax law reasons (e.g. documents or business correspondence) or that must be stored for the purpose of establishing, exercising or defending against legal claims or protecting the rights of another natural person or legal entity.

You can find more detailed information about deleting personal data in the relevant sections on different types of processing.

Our data protection officer is Hanno Kortmann (c/o synaigy GmbH, Im Mediapark 5, 50670 Cologne, Germany). You can contact him regarding any data protection questions related to us and to report any data breaches at [email protected].

You have the right to be informed about the personal data relating to you. You can request this information from our data protection officer at any time, or you can contact us directly. If you do not make a request for information in writing, please be aware that we may ask you to provide proof that you are the person you say you are.

You also have the right to have your data rectified or deleted, or restrict its processing, as far as you are legally entitled to do so. The law also gives you the right to object to its processing and the right to data portability.

Please feel free to contact us by email at [email protected].

Insofar as we are processing your personal data with your consent, you have the right to withdraw that consent at any time without affecting the legality of the processing that took place based on your consent up to the point when you withdrew it.

You have the right to lodge a complaint about our processing of your personal data with one of the supervisory authorities for data protection.

For instance, you can contact the supervisory authority responsible for us:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Postfach 20 04 44
40102 Düsseldorf,
Germany

https://www.ldi.nrw.de/

You can find the contact details of the various supervisory authorities on the website of the German Federal Commissioner for Data Protection and Freedom of Information at: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

We revise our privacy policy following changes to this website, or on other occasions when an update becomes necessary. You will always find the most up-to-date version at www.synaigy.com/datenschutz