Data Privacy Notice

This is where you can find out what personal data we collect from you when you visit our website, what the website does with it, and how we protect your data. We will also inform you about the rights you have when it comes to protecting your data.

1. Who is responsible for this website?

The responsible party under the General Data Protection Regulation (GDPR) is:

Cleyond AG

Alpenstr. 70

87700 Memmingen

Germany

Tel. +49 8331 / 96 667-0

E-Mail: info@cleyond.de

(subsequently also referred to as “we”).

2. What’s it about?

When we process your personal data, this means that we collect, store, transmit, delete, or use it in another form. By personal data we mean information on individuals, for example on

– visitors to our website,

– visitors we reach via our newsletter,

– all other persons who are in contact with us, e.g. employees of our business partners or our service providers.

3. How we process your data when you visit our website?

  1. Information we need to display the website to you and to ensure its stability and security

When using the website for information purposes only, we process the following data that is technically necessary to display the website to you and to guarantee its stability and security:

– IP address of the accessing computer

– name of the retrieved file

– date and time of retrieval

– amount of data transferred

– notification of successful retrieval

– browser type and version as well as the operating system you are using

– referrer URL

– requesting provider

– screen resolution

The data mentioned above is processed on the basis of a balancing of interests in accordance with article 6, paragraph 1, sentence 1, point (f) of the GDPR.

  1. Use of cookies and analysis services

This website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on your end device. The cookie contains a string of characters that enables the unique identification of your system when you return to the website. The cookies are transferred to your browser either from our server or a third-party server.

  1. a) Purpose and scope of data processing

Technically required cookies:

We use technically required cookies to make the use of this website safer and more user-friendly. Among other things, these cookies can ensure the availability of content and prevent the repeated loading of content. Some elements of this website also require that the requesting browser can be identified even after a page change. The data collected from you using these technically necessary cookies will not be used to create user profiles. The following data is stored and transmitted in the cookies:

– current session ID

– use of certain website content, e.g. frequency or extent of use

– taking note of certain website contents, e.g. product information

– language settings

Most of the technically required cookies we use are so-called “session cookies.” The data stored and transmitted in it will be automatically deleted at the end of your visit. Other cookies (“persistent cookies”) are usually stored on your end device until you delete them.

Analytical cookies:

We also use cookies on this website to analyze your surfing behavior for advertising purposes and to measure reach. Your data collected in this way will be pseudonymized through technical measures. The data will not be stored together with other personal data that we collect from you. Below you will find further information about the analysis cookies we use:

Google Analytics

This website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA (“Google”).

Google Analytics also uses cookies which are stored on your end device and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there on the basis of a data processing agreement that we have concluded with Google according to article 28 GDPR.

However, as part of the IP anonymization activated for this website, your IP address will be shortened by Google within member states of the European Union or in other signatories to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to analyze your use of the website, to compile reports on website activity, and to provide us with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in abbreviated form so that they cannot be linked to a particular individual. Insofar as the data collected about you is personally identifiable, it will be excluded immediately and the personally identifiable data will be promptly deleted.

We use Google Analytics to analyze and improve the use of this website on a regular basis. Using the statistics we acquire, we can improve our service to you and make it more interesting for you as a user. In the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

The information for the provider of Google Analytics can be found here: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Fax: +353 (1) 436 1001. You can view the terms of service here:

https://www.google.com/analytics/terms/us.html.

Information on data protection can be found in the overview of data protection at http://www.google.com/analytics/learn/privacy.html and in the privacy policy at http://www.google.de/policies/privacy.

Opting out:

You can prevent Google from collecting the data related to your use of the website generated by the cookie (including your IP address) and Google’s processing of this data by downloading and installing the browser plug-in available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=en

You can also prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will then be set to prevent future collection of your data when you visit this website:

https://tools.google.com/dlpage/gaoptout/eula.html

  1. b) Legal framework, ways to opt out, and removal options

The processing of data by means of cookies is based on a balance of interests that always also takes your interests into account (article 6, paragraph 1, sentence 1, point (f) of the GDPR). Our legitimate interest in the processing lies in the aforementioned purposes of the use of the respective cookies.

Information on specific ways to opt out of the use of analytic cookies can be found above in the corresponding description of the cookie. You can also usually set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. You can delete cookies that have already been saved at any time. When cookies are deactivated, the functionality of this website may be limited.

  1. Integrated content and use by other providers

Social Media Plugins

Our website uses so-called social media plugins (“plugins”) for Facebook, Twitter, Instagram and LinkedIn.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins/

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). An overview of the Twitter buttons and their appearance can be found here:

https://dev.twitter.com/web/overview

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (“LinkedIn”). An overview of LinkedIn plugins and their appearance can be found here: https://developer.linkedin.com/legal/plugin-terms-of-use.

Instagram is operated by Instagram LLC, represented by Kevin Systrom and Mike Krieger, 1601 Willow Rd, Menlo Park CA 94025, USA (“Instagram”).

The aforementioned companies are subsequently also referred to as “providers.”

In order to increase the protection of your data when you visit our website, the plugins are integrated into the site using the so-called “2-click solution” from Heise Online. This integration ensures that no connection to the servers of the respective providers is established when a subpage of our website containing such plugins is retrieved. Only when you activate the plugins, and in doing so give your consent to data transmission, will your browser establish a direct connection to the servers of the activated providers. The content of the respective plugin is then transmitted from the corresponding provider directly to your browser and integrated into the page. By integrating the plugins, the providers receive information that your browser has retrieved the corresponding subpage of our website, even if you do not have a profile with the corresponding provider or are not currently logged in to the service of the respective provider. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider, possibly in the USA, and stored there.

If you are logged in to one of the services of the providers, the providers can directly assign the visit to our website to your profile/account with the respective provider. If you interact with the plugins, for example clicking the “Like” button or the “Twitter” button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information is also published on the social network or on your social media account and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights and the privacy protection setting options can be found in the providers’ data protection notices:

Facebook: https://www.facebook.com/policy.php

Twitter: https://twitter.com/de/privacy

LinkedIn: http://www.linkedin.com/legal/privacy-policy

Instagram: https://instagram.com/about/legal/terms/

If you do not want the providers to assign the data collected via our website directly to your profile/account in the respective service, you must log out before activating the plugins on the corresponding service.

Your data will be processed on the basis of a balance of interests that always takes your interests into account (article 6, paragraph 1, sentence 1, point (f) of the GDPR).

YouTube

For video inclusion our website uses YouTube operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC. Usually, when you visit an embedded video page, your IP address will be sent to YouTube and cookies will be installed on your machine. However, we have included our YouTube videos with the enhanced privacy mode (in which case, YouTube will still contact the Google DoubleClick service, but personal data will not be evaluated according to Google’s Privacy Policy). As a result, YouTube does not store any information about visitors unless they watch the video. If you click the video, your IP address will be sent to YouTube, and YouTube will know that you’ve watched the video. If you are logged in to YouTube, this information will also be associated with your user account (you can prevent this by logging out of YouTube before watching the video). We are not aware of the possible collection and use of your data by YouTube.

For more information, see the YouTube privacy policy at www.google.com/intl/en/policies/privacy/. In addition, we refer you to the general handling and deactivation of cookies as mentioned above in our data privacy notice.

  1. Content Delivery Networks

Amazon Web Services

We use Amazon Web Services a Content Delivery Network of Amazon Web Services, Inc. (“AWS”), 410 Terry Avenue North, Seattle WA 98109, USA,  for hosting and cloud services. The data is stored exclusively in a German data center (Frankfurt/Main), which is certified to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. We have very limited access rights and the data is automatically encrypted. The AWS services we use are for the purpose of providing infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate this online service. Your data will be processed on the basis of our legitimate interests in an efficient and secure provision of this online offer according to article 6 paragraph 1 point (f) GDPR in conjunction with article 28 GDPR (conclusion of a data processing agreement).

AWS and its US parent company Amazon.com, Inc. are certified under the EU-US Privacy Shield. Further information on AWS and data protection can be found in their privacy policy: https://aws.amazon.com/de/privacy/.

Cloudflare

We use on our website features and services provided by CloudFlare. Provider is CloudFlare, Inc. 665 3rd St. # 200, San Francisco, CA 94107, USA. CloudFlare offers a so-called worldwide distributed Content Delivery Network with DNS. Technically, the transfer of information between your browser and our website is managed through the CloudFlare network. CloudFlare is thus able to analyze the traffic between users and our website, for example, to detect and ward off attacks (especially so called DDoS-attacks /distributed denial of service attacks) on our services. In addition, CloudFlare may store cookies on your computer for optimization and analysis. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our offer pursuant to article 6 paragraph 1 sentence 1 point (f) GDPR in conjunction with article 28 GDPR (conclusion of a data processing agreement).

In the exceptional cases in which personal data is transferred to the USA, CloudFlare has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

For more information, see the CloudFlare privacy policy: https://www.cloudflare.com/privacypolicy/. In addition, we refer you to the general handling and deactivation of cookies as mentioned above in our data privacy notice.

  1. Newsletter – MailChimp

You can subscribe to our newsletter via this website. We use it to inform you about news and offers. We will only send the newsletter with your consent or on the basis of a legal permission.

We use the so-called double opt-in procedure to register for the newsletter. This means that after you register, we send an email to the email address you gave us in which we ask you to confirm your registration. If you do not confirm your registration within the period specified in the email, your information will be automatically deleted. If you confirm your registration within the specified time, your email address will be stored for the purpose of sending you the newsletter.

In addition, we store your IP address and the time of registration and confirmation. The purpose of this practice is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

You can object to the use of your email address for sending the newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from our newsletter at the end of each newsletter.

The legal basis for the data processing is article 6, paragraph 1, sentence 1, point (a) and (f), article 7 of the GDPR in conjunction with section 7 paragraph 2 no. 3 and paragraph 3 of the Act Against Unfair Competition (UWG).

We may save the submitted email addresses for up to three years before we delete them based on our legitimate interest to prove your prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.

The newsletter will be sent by MailChimp, a newsletter-mailing service provider of Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA. The privacy policy of MailChimp can be found here: https://mailchimp.com/legal/privacy/.

The Rocket Science Group LLC is certified under the EU-US Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.

The use of MailChimp is based on our legitimate interests according to article 6 paragraph 1 point (f) GDPR and a data processing agreement with MailChimp according to article 28 paragraph 3 sentence 1 GDPR.

MailChimp may use the data of our newsletter-recipients in a pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of mailings and the presentation of newsletters or for statistical purposes. However, MailChimp itself does not use the data of our newsletter recipients to contact them or to pass the data on to third parties.

  1. How we process your data when you contact us?

When you contact us (e.g. by contact form, e-mail, telephone or via social media) the information provided is used by us to process your contact request in accordance with article 6 paragraph 1 point (b) GDPR. Your user information can be stored in a Customer Relationship Management System („CRM System“) or a comparable request organization system used by us.

We delete the requests, if they are no longer required. We check the necessity every two years. Furthermore, the legal archiving obligations apply.

  1. Who receives your data?

We only pass on information about your visit to our website if this is permitted by law or if you have given your consent.

Service providers used by us may also receive such data if they meet our special confidentiality requirements. These could especially be companies in the categories of IT services and consulting.

  1. When will your data be deleted?

If we no longer need the data mentioned in this notice for its original purpose, it will be deleted. Anything to the contrary shall only apply if its – limited – further processing is necessary for other purposes.

VII. Will your data be transferred to a third country or an international organization?

If we process data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of article 44 ff. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called „standard contractual clauses“).

VIII. What rights do you have when it comes to processing your data?

You have the following rights with us regarding your personal data:

– right to information,

– right to correction or deletion,

– right to limitation of processing,

– right to data transfer,

– Right to revoke consent given.

  1. Information about your right of objection in accordance with article 21 of the GDPR
  2. Right to objection on a case-by-case basis

You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation, which is based on article 6, paragraph 1, sentence 1, point (e) of the GDPR (data processing in the public interest) and article 6, paragraph 1, sentence 1, point (f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision in accordance with article 4, no. 4 GDPR.

If you object, your personal data will no longer be processed by us unless we can prove compelling reasons for the processing that are worthy of protection and which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

  1. Objection to the processing of your data for our direct marketing purposes

In particular cases we will process your personal data for direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.

If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.

The objection is not subject to form requirements and should be addressed to:

Cleyond AG

Alpenstr. 70

87700 Memmingen

Germany

E-Mail: info@cleyond.de

In connection with the processing of your personal data, you also have a right of appeal to the supervisory authority responsible for us with regard to the protection of personal data.

  1. Will your data be used for automated decision-making or profile building?

Data from visits to this website will not be used for automated decision-making in accordance with article 22 of the GDPR.