1.  name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is
CONCEDUS GmbH
Schlehenstraße 6
90542 Eckental
Eckental, Germany
+49 9126 206 393 0
info@concedus.com
concedus.com

2. contact details of the data protection officer

The data protection officer of the controller is
Audit GmbH Karlsruhe Stuttgart
Auditing company
Heilbronner Street 41
70191 Stuttgart
Germany

datenschutz@concedus.com

3. general information on data processing

Scope of the processing of personal data
We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the consent of the user concerned. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. 

Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4. rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

Right to information: You can request confirmation as to whether personal data concerning you is being processed. If this is the case, you have the right to information about: the purpose of the processing, the categories of data stored, the duration of storage or the criteria for determining this duration, your right to rectification or erasure, restriction of processing or objection, the existence of a right of appeal to a supervisory authority.

Since no automated decision-making or profiling takes place on our website and no data is transferred to third countries or international organizations, no such information is provided.  

Right to erasure

a) Obligation to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the following grounds applies: The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR. The personal data concerning you has been processed unlawfully. The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

b) Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions
The right to erasure does not exist if the processing is necessary

5. right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will then no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

6. provision of the website and creation of log files
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

o Information about the browser type and version used

o The user's operating system

o The IP address of the user

o Date and time of access

o Websites from which the user's system accesses our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the user.

Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website or its content to the user's computer at . For this purpose, the user's IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and § 25 para. 2 no. 2 TDDDG, as the storage is technically necessary to provide the telemedia service expressly requested by the user

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Objection and removal options
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

7. use of cookies

Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user.

Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

We need cookies for the following applications:

o Transfer of language settings

The user data collected by technically necessary cookies is not used to create user profiles.

Legal basis for data processing
Data processing and access to these cookies for the purposes described above are therefore based on Section 25 (2) No. 2 TDDDG. Any subsequent data processing in this context is based on Art. 6 para. 1 sentence 1 lit. f) GDPR.

Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

If you use a Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

8. use of a cookie consent technology

Scope of the processing of personal data
We use the Squarespace Consent Management Platform from Squarespace Ireland Limited, Ship Street Great, Dublin 8 (hereinafter referred to as Squarespace). Squarespace enables us to obtain and manage users' consent to data processing and to document it in a legally compliant manner. Squarespace places cookies on the user's device for this purpose.

The data is processed geographically within the European Union.

Further information on the processing of data by Usercentrics can be found here:

https://support.squarespace.com/hc/de/articles/360001264507-Über-die-von-Squarespace-verwendeten-Cookies

Purpose of the data processing
The processing of personal data serves to comply with the legal obligations of the GDPR and the BDSG while at the same time offering a functional website.

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data in connection with Squarespace is Art. 6 para. 1 sentence 1 lit. c GDPR (legal obligation) and Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the purposes mentioned under 2.

Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy, as long as consent to storage has been withdrawn or as required by law.

Possibility of objection and removal
You can prevent the collection and processing of your personal data by Squarespace by preventing the storage of third-party cookies on your computer, by using the "Do Not Track" function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser .

You can find further information on objection and removal options vis-à-vis Squarespace at:

https://de.squarespace.com/datenschutz

9. use of other cookies

Furthermore, cookies are used on the one hand to facilitate the operation of the website for the user and on the other hand they are necessary for the smooth operation of some functions offered on the website (functional cookies).

In addition, we use cookies for analysis purposes, e.g. to display personalized content (marketing cookies).

We only use functional and marketing cookies with the consent of the user in the context of Squarespace on the basis of Art. 6 para. 1 lit. a GDPR.

10. email contact

Description and scope of data processing
It is possible to contact us via the email address provided on our website. In this case, the user's personal data transmitted with the email will be stored.

The data is used exclusively for processing the conversation.

Purpose of data processing
If you contact us by email, the purpose of the data processing is to fulfill or respond to the request associated with the transmission of the email.

Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Possibility of objection and removal
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation is form-free and should be addressed to:

datenschutz@concedus.com

All personal data stored in the course of contacting us will be deleted in this case.

11. contact form

Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is stored at the time the message is sent:

o Email address

o Name

o First name

o Company and/or company name, if applicable

o Telephone / mobile phone number

o IP address of the calling computer

o Date and time of contact

o Content of the contact form completed by the user (subject/request and free text field)

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

The data is used exclusively for processing the conversation. The transmission is SSL-encrypted.

Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Possibility of objection and removal
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation is form-free and should be addressed to:

datenschutz@concedus.com

All personal data stored in the course of contacting us will be deleted in this case.

12. use of company presences in professional networks

Scope of data processing
We use the option of company presences on professional networks. We maintain a company presence on the following professional networks:

LinkedIn:

LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

On our website we provide information and offer users the opportunity to communicate.

The company website is used for applications, information/PR and active sourcing.

We have no information on the processing of your personal data by the companies jointly responsible for the company's website. Further information can be found in the privacy policy of:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public.

Legal basis for data processing
The legal basis for the processing of your data in connection with the use of our company website is Art. 6 para. 1 sentence 1 lit. f GDPR.

Purpose of data processing
The purpose of our company website is to inform users about our services. Every user is free to publish personal data through activities.

Duration of storage
We store your activities and personal data published via our company website until you withdraw your consent. In addition, we comply with the statutory retention periods.

Right of objection and removal
You can object to the processing of your personal data that we collect in the context of your use of our company website at any time and assert your data subject rights mentioned under IV. of this privacy policy. To do so, send us an informal email to the email address stated in this privacy policy.

Further information on objection and removal options can be found here:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

13. hosting

The website is hosted on squarespace servers.

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is

o Browser type and browser version

o Operating system used

o Referrer URL

o Host name of the accessing computer

o Date and time of the server request

o IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

The website server is geographically located in Germany.

14. plugins used

We use plugins for various purposes. The plugins used are listed below:

Use of Google ReCaptcha

Scope of the processing of personal data
We use Google ReCaptcha from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland. The purpose of this tool is to check whether a data entry is compliant and has not been made by a bot. For this purpose, Google ReCaptcha analyzes and authenticates the behavior of an online presence visitor with regard to various characteristics. This allows personal data to be stored and evaluated, in particular the user's activity (especially mouse movements and which elements have been clicked on) and device and browser information (especially time, IP address and operating system).

The data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

Further information on the processing of data by Google can be found here:

https://policies.google.com/privacy?gl=DE&hl=de

Purpose of data processing
The use of Google ReCaptcha serves to protect our online presence from misuse.

Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

Revocation and removal option
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can use the following link to deactivate the use of your personal data by Google:

https://adssettings.google.de

Further information on objection and removal options vis-à-vis Google can be found at

https://policies.google.com/privacy?gl=DE&hl=de

This privacy policy was created with the support of Audit GmbH Karlsruhe Stuttgart Wirtschaftsprüfungsgesellschaft.